Adding and Deleting Sites

Cisco NDO and APIC Interoperability Support

Cisco Nexus Dashboard Orchestrator (NDO) does not require a specific version of APIC to be running in all sites. The APIC clusters in each site as well as the NDO itself can be upgraded independently of each other and run in mixed operation mode as long as the fabric can be on-boarded to the Nexus Dashboard where the Nexus Dashboard Orchestrator service is installed. As such, we recommend that you always upgrade to the latest release of the Nexus Dashboard Orchestrator.

However, keep in mind that if you upgrade the NDO before upgrading the APIC clusters in one or more sites, some of the new NDO features may not yet be supported by an earlier APIC release. In that case a check is performed on each template to ensure that every configured option is supported by the target sites.

The check is performed when you save a template or deploy a template. If the template is already assigned to a site, any unsupported configuration options will not be saved; if the template is not yet assigned, you will be able to assign it to a site, but not be able to save or deploy the schema if it contains configuration unsupported by that site.

In case an unsupported configuration is detected, an error message will show, for example: This APIC site version <site-version> is not supported by NDO. The minimum version required for this <feature> is <required-version> or above.

The following table lists the features and the minimum required APIC release for each one:


Note


While some of the following features are supported on earlier Cisco APIC releases, Release 4.2(4) is the earliest release that can be on-boarded to the Nexus Dashboard and managed by this release of Nexus Dashboard Orchestrator.


Feature

Minimum APIC Version

ACI Multi-Pod Support

Release 4.2(4)

Service Graphs (L4-L7 Services)

Release 4.2(4)

External EPGs

Release 4.2(4)

ACI Virtual Edge VMM Support

Release 4.2(4)

DHCP Support

Release 4.2(4)

Consistency Checker

Release 4.2(4)

vzAny

Release 4.2(4)

Host Based Routing

Release 4.2(4)

CloudSec Encryption

Release 4.2(4)

Layer 3 Multicast

Release 4.2(4)

MD5 Authentication for OSPF

Release 4.2(4)

EPG Preferred Group

Release 4.2(4)

Intersite L3Out

Release 4.2(4)

EPG QoS Priority

Release 4.2(4)

Contract QoS Priority

Release 4.2(4)

Single Sign-On (SSO)

Release 5.0(1)

Multicast Rendezvous Point (RP) Support

Release 5.0(1)

Transit Gateway (TGW) support for AWS and Azure Sites

Release 5.0(1)

SR-MPLS Support

Release 5.0(1)

Cloud LoadBalancer High Availability Port

Release 5.0(1)

Service Graphs (L4-L7 Services) with UDR

Release 5.0(2)

3rd Party Device Support in Cloud

Release 5.0(2)

Cloud Loadbalancer Target Attach Mode Feature

Release 5.1(1)

Support security and service insertion in Azure for non-ACI networks reachable through Express Route

Release 5.1(1)

CSR Private IP Support

Release 5.1(1)

Extend ACI policy model and automation for Cloud native services in Azure

Release 5.1(1)

Flexible segmentation through multiple VRF support within a single VNET for Azure

Release 5.1(1)

Private Link automation for Azure PaaS and third-party services

Release 5.1(1)

Openshift 4.3 IPI on Azure with ACI-CNI

Release 5.1(1)

Cloud Site Underlay Configuration

Release 5.2(1)

Adding Cisco ACI Sites

This section describes how to add a Cisco APIC or Cloud Network Controller site using the Nexus Dashboard GUI and then enable that site to be managed by Nexus Dashboard Orchestrator.

Before you begin

  • If you are adding on-premises ACI site, you must have completed the site-specific configurations in each site's APIC, as described in previous sections in this chapter.

  • You must ensure that the site(s) you are adding are running Release 4.2(4) or later.

Procedure


Step 1

Log in to your Nexus Dashboard and open the Admin Console.

Step 2

From the left navigation menu, choose Sites and click Add Site..

Step 3

Provide site information.

  1. For Site Type, select ACI or Cloud Network Controller depending on the type of ACI fabric you are adding.

  2. Provide the controller information.

    • You need to provide the Host Name/IP Address, User Name, and Password. for the APIC controller currently managing your ACI fabrics.

      Note

       

      For APIC fabrics, if you will use the site with Nexus Dashboard Orchestrator service only, you can provide either the in-band or out-of-band IP address of the APIC. If you will use the site with Nexus Dashboard Insights as well, you must provide the in-band IP address.

    • For on-premises ACI sites managed by Cisco APIC, if you plan to use this site with Day-2 Operations applications such as Nexus Insights, you must also provide the In-Band EPG name used to connect the Nexus Dashboard to the fabric you are adding. Otherwise, if you will use this site with Nexus Dashboard Orchestrator only, you can leave this field blank.

    • For Cloud Network Controller sites, Enable Proxy if your cloud site is reachable via a proxy.

      Proxy must be already configured in your Nexus Dashboard’s cluster settings. If the proxy is reachable via management network, a static management network route must also be added for the proxy IP address. For more information about proxy and route configuration, see Nexus Dashboard User Guide for your release.

  3. Click Save to finish adding the site.

    At this time, the sites will be available in the Nexus Dashboard, but you still need to enable them for Nexus Dashboard Orchestrator management as described in the following steps.

Step 4

Repeat the previous steps for any additional ACI or Cloud Network Controller sites.

Step 5

From the Nexus Dashboard's Services page, open the Nexus Dashboard Orchestrator service.

You will be automatically logged in using the Nexus Dashboard user's credentials.

Step 6

In the Nexus Dashboard Orchestrator GUI, manage the sites.

  1. From the left navigation menu, select Sites.

  2. In the main pane, change the State from Unmanaged to Managed for each fabric that you want the NDO to manage.

    When managing the sites, you must provide a unique site ID for each site.

Note

 

Ensure that ACI site names are limited to 125 characters or less to avoid any issues when enabling orchestration.


Removing Sites

This section describes how to disable site management for one or more sites using the Nexus Dashboard Orchestrator GUI. The sites will remain present in the Nexus Dashboard.

Before you begin

You must ensure that all templates associated with the site you want to remove are not deployed.

Procedure


Step 1

Open the Nexus Dashboard Orchestrator GUI.

You can open the NDO service from the Nexus Dashboard's Service Catalog. You will be automatically logged in using the Nexus Dashboard user's credentials.

Step 2

Remove the site from all templates.

You must remove the site from all templates with which it is associated before you can unmanaged the site and remove it from your Nexus Dashboard.

  1. Navigate to Application Management > Schemas.

  2. Click a schema that contains one or more templates associated with the site.

  3. From the View dropdown, choose a template that's associated with the site that you want to remove.

  4. From the Actions dropdown, choose Sites Association and uncheck the site you want to remove.

    This will remove configurations that were deployed using this template to this site.

    Note

     

    For non-stretched templates, you can choose to preserve the configurations deployed by the template to the sites by selecting Actions > Dissociate Sites instead. This option will allow you to retain configurations deployed by NDO but no longer manage those objects from NDO.

  5. Repeat this step for all templates associated with the site that you want to unmanage in this and all other schemas.

Step 3

Remove the site's underlay configuration.

  1. From the left navigation menu, select Infrastructure > Site Connectivity.

  2. In the main pane, click Configure.

  3. In the left sidebar, select the site you want to unmanage.

  4. In right sidebar's Inter-Site Connectivity tab, disable the Multi-Site checkbox.

    This disables EVPN peering between this site and other sites.

  5. Click Deploy to deploy the changes to the site.

Step 4

In the Nexus Dashboard Orchestrator GUI, disable the sites.

  1. From the left navigation menu, select Sites.

  2. In the main pane, change the State from Managed to Unmanaged for the site that you want to unmanage.

    Note

     

    If the site is associated with one or more deployed templates, you will not be able to change its state to Unmanaged until you undeploy those templates, as described in the previous step.

Step 5

Delete the site from Nexus Dashboard.

If you no longer want to manage this site or use it with any other applications, you can delete the site from the Nexus Dashboard as well.

Note

 

Note that the site must not be currently in use by any of the services installed in your Nexus Dashboard cluster.

  1. In the top navigation bar, click the Home icon to return to the Nexus Dashboard GUI.

  2. From the left navigation menu of the Nexus Dashboard GUI, select Sites.

  3. Select one or more sites you want to delete.

  4. In the top right of the main pane, select Actions > Delete Site.

  5. Provide the site's login information and click OK.

    The site will be removed from the Nexus Dashboard.


Cross Launch to Fabric Controllers

Nexus Dashboard Orchestrator currently supports a number of configuration options for each type of fabrics. For many additional configuration options, you may need to log in directly into the fabric's controller.

You can cross launch into the specific site controller's GUI from the NDO's Infrastucture > Sites screen by selecting the actions (...) menu next to the site and clicking Open in user interface. Note that cross-launch works with out-of-band (OOB) management IP of the fabric.

If the same user is configured in Nexus Dashboard and the fabric, you will be logged in automatically into the fabric's controller using the same log in information as the Nexus Dashboard user. For consistency, we recommend configuring remote authentication with common users across Nexus Dashboard and the fabrics.