Configuring Multi-Tier Application with Service Graph

About Multi-Tier Application with Service Graph

The Multi-Tier Application with Service Graph Quick Start dialog provides a consolidated method of configuring service graph components such as bridge domains, EPGs, VRFs, services, and contracts. As opposed to configuring each object in different locations in the Cisco APIC, the Quick Start dialog gathers the necessary configurations and combines them into a simple, organized step-by-step process.

Creating a Multi-Tier Application Profile Using the GUI

Before you begin

Configure the following objects before or, if available, while performing the procedure:

  • Tenants: Configure at least one tenant before performing the procedure.

  • VMM Domain Profile: If you will use virtual service devices, configure a Virtual Machine Manager (VMM) domain profile and a VM in the Layer 4 to Layer 7 device cluster (on which the device is hosted).

  • External Routed Network: If you will connect a service device to an external routed network, configure a Layer 3 outside (L3Out) network.

Procedure


Step 1

Access the Quick Start Multi-Tier Application dialog:

  1. On the menu bar, click Tenant > All Tenants.

  2. In the All Tenants Work pane, double-click the tenant's name.

  3. In the Navigation pane, choose Tenant tenant_name > Quick Start > Multi-tier Application.

  4. In the work pane, click Configure Multi-tier Application.

    The Create Application Profile dialog appears.
  5. Click Start.

Step 2

In the STEP 2 > EPGs dialog, configure the basics of the profile and design your Bridge Domain and EPGs:

  1. In the Application Profile field, enter a unique name for the profile.

  2. (Optional) If one or more devices in this profile are to be virtual, choose a Virtual Machine Manager (VMM) domain profile from the VMM Domain Profile drop-down list.

    Note

     
    A VMM domain profile must be created (Virtual Networking > VMM Domains) prior to attempting this step in order for it to appear and be selected in the VMM Domain Profile drop-down list.
  3. (Optional) If the consumer or provider EPG belongs to an external routed network, choose the network from the drop-down list for the Consumer L3 Outside and/or the Provider L3 Outside field(s).

    Note

     
    An external routed network must be created (Tenants > tenant > Networking > External Routed Networks) prior to attempting this step in order for it to appear and be selected in the L3 Outside drop-down lists.
  4. For the Bridge Domain buttons, determine if the EPG gateway IP address will be a single shared subnet or will be configured per EPG.

    If you chose Shared, the Shared Gateway IP field appears. If you chose Per EPG, continue with step f.
  5. If you chose Shared from the Bridge Domain buttons, enter the IPv4 address of the gateway to be shared by the EPGs in the Shared Gateway IP field.

  6. In the Application Tiers (EPGs) Name field, enter a name for the EPG.

  7. If you chose Per EPG from the Bridge Domain buttons, enter the IPv4 address of the gateway to be used by the EPG. If you chose Shared from the Bridge Domain buttons, the IP address that you entered in the Shared Gateway IP field is displayed.

  8. (Optional) Click + to add another EPG and configure the EPG according to step g. Repeat this step if a third EPG is required.

  9. Click Next.

Step 3

In the STEP 3 > Services dialog, optionally configure the inclusion of services adjacent to your EPGs:

  1. (Optional) Put a check in the Share same device box to share the firewall or load balancer devices across all EPGs.

  2. (Optional) Between each EPG, select the firewall (FW) or load balancer (ADC) device to include in this profile.

  3. (Optional) If you add more than one device between an EPG, click < Toggle > to reposition the devices.

  4. Click Next.

Step 4

(Firewall and Load Balancer) In the STEP 4 > dialog and the Firewall or Load Balancer Configuration section, configure service devices:

  1. For the Device Type buttons, choose Physical or Virtual.

  2. If you chose Physical for the Device Type, choose a domain from the Physical Domain drop-down list. If you chose Virtul for the Device Type, choose a domain from the VMM Domain drop-down list and the virtual machine (VM) on which the device is hosted from the Device 1 VM drop-down list.

  3. For the Node Type buttons, chhoose One-Arm or Two-Arm. This determines if the device has only a consumer connector (one-arm) or consumer and provider connectors (two-arm).

  4. For the View buttons, choose Single Node or HA Node. If you chose HA Node, a second interface (physical devices) or a second VNIC (virtual devices) is included in the connector configuration. for virtual devices, you must also choose a second virtual machine.

Step 5

(Firewall only) In the STEP 4 > dialog and the Consumer and Provider section, configure the firewall consumer and provider connectors:

  1. In the IP field, for a physical device, enter the consumer/provider interface IP address of the Layer 4 to Layer 7 policy based redirect policy for firewall devices. For a virtual device, enter the consumer/provider interface IP address.

  2. In the MAC field, enter MAC address of the LLayer 4 to Layer 7 policy based redirect policy for firewall devices.

  3. In the Gateway IP field, enter the route gateway IP address.

  4. For a physical device, in the Device 1 Interface drop-down list, choose an interface. For a virtual device, in the Device 1 VNIC drop-down list, choose a vNIC. If you chose HA Node for from the View buttons, you must choose a second vNIC in the Device 2 VNIC drop-down list.

  5. (Physical device only) In the Encap field, enter the port encapsulation for the interface.

Step 6

(Load Balancer only) In the STEP 4 > dialog and the Consumer and Provider section, configure load balancer consumer and provider connectors:

  1. In the Gateway IP field, enter the route gateway IP address.

  2. For a physical device, in the Device 1 Interface drop-down list, choose an interface. For a virtual device, in the Device 1 VNIC drop-down list, choose a vNIC. If you chose HA Node for from the View buttons, you must choose a second vNIC in the Device 2 VNIC drop-down list.

  3. (Physical device only) In the Encap field, enter the port encapsulation for the interface.

  4. Leave the check in the L3 Destination (VIP) box to terminate L3 traffic on the connector. Remove the check if the connector is not an L3 destination.

    Note

     
    The default for this parameter is enabled (checked). However, this setting is not considered if policy-based redirect is configured on the interface.

Step 7

If you have any additional devices to configure, click Next and repeat steps 4 through 6 for each device.

Step 8

Click Finish.