Automating Networking Policies for Cisco UCS Devices with Cisco ACI
Beginning with Cisco Cisco Application Policy Infrastructure Controller (APIC) Release 4.1(1), you can automate networking policies on Cisco Unified Computing System (UCS) devices. To do so, you integrate Cisco UCS Manager (UCSM) into the Cisco Application Centric Infrastructure (ACI) fabric.
Cisco APIC takes hypervisor NIC information from the Cisco UCSM and a virtual machine manager (VMM) to automate VLAN programming. The automation applies to all the devices that the Cisco UCSM manages: Cisco UCS Fabric Interconnects and Cisco UCS B-Series Blade Chassis with UCS Blade Switches and Virtual Interface Card (VIC) Interfaces.
After you fulfill the prerequisites, you must perform two tasks in Cisco Application Policy Infrastructure Controller (APIC) to integrate Cisco UCSM into Cisco ACI:
-
Create an integration group, which is the basis for your security domain.
Integration groups allow you to tie various types of integrations into the Cisco ACI fabric. Integration groups also allow a specific set of users to access the integrations with that group.
For example, you may have multiple pods in your fabric and have administrators who are assigned to different pods. You can create an integrations group for each pod and add the integrations that reside within specific pods. You can then assign the security domain to the group for the administrators who oversee the pod.
-
Create an integration of the type UCSM, which allows the Cisco APIC to manage the networking portion of the Cisco UCSM.
You can perform these tasks in the Cisco APIC GUI under the Integrations tab, by using REST API, or the NX-OS style CLI.
You may also need to associate a switch manager with the virtual machine manager:
-
If you use Cisco AVS or Microsoft SCVMM, you must associate a switch manager with the virtual machine manager.
-
If you use Cisco ACI Virtual Edge or VMware vSphere Distributed Switch (VDS), you must associate a switch manager with the virtual machine if one of the following is true:
-
LLPD or CDP is not enabled in the VMM domain vSwitch policy.
-
The ESXi management port (vmknic) is bound to a portgroup managed by Cisco ACI.
-
Cisco APIC is used only to manage the networking component of Cisco UCS devices. The Cisco UCS data management engine (DME) performs its usual functions. These include managing the databases of all physical elements, the logical configuration data for profile, policies, pools, vNIC and vHBA templates, and networking-related configuration details. DME also monitors the health and state of components.
Note |
A VMware distributed virtual switch (DVS) domain with EDM UCSM integration may fail. The domain fails if you configure microsegmentation or enable intra-EPG isolation on the endpoint group (EPG) attached to the domain and you use UCSM Mini 6324, which does not support private VLANs. |
The section assumes that you are familiar with Cisco UCS and Cisco UCSM. For more information, see the Cisco UCS documentation and Cisco UCSM documentation on Cisco.com.