Day 0 Operations Overview
This section describes an end to end day 0 operations. Follow the sections in order.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
This section describes an end to end day 0 operations. Follow the sections in order.
When configuring your Cisco ACI Multi-Site environment, keep in mind that the following ports are used by the Cisco ACI Multi-Site Orchestrator for network communications within the Cisco ACI Multi-Site environment.
Ports required for network communications between the Cisco ACI Multi-Site Orchestrator and Cisco APICs (Sites):
TCP Port 80/443 for APIC REST Configuration Deployment
Ports required for network communications between the Cisco ACI Multi-Site Orchestrator nodes:
TCP port 2377 for Cluster Management Communications
TCP and UDP port 7946 for Inter-Manager Communication
UDP port 4789 for Docker Overlay Network Traffic
All control-plane and data-plane traffic between Cisco ACI Multi-Site Orchestrator nodes is encrypted with IPSec's Encapsulating Security Payload (ESP) using IP protocol number 50 to provide security and allow the cluster deployments over a round-trip time distance of up to 150ms. If there is firewall between any Orchestrator nodes, proper rules must be added to allow this traffic.
Before connecting a Cisco APIC cluster (fabric) in a Cisco ACI Multi-Site topology, you must configure the Dataplane Tunnel Endpoint (TEP) in the Fabric Ext Connection Policy for each fabric.
The Create Intrasite/Intersite Profile panel in the Cisco APIC GUI is used to add connection details for APIC multipod, remote leaf switches connecting to the ACI fabric, and APIC sites managed by Cisco ACI Multi-Site. When the Multi-Site infrastructure has been configured, the Multi-Site system adds the Intersite Dataplane TEP to this APIC policy.
To configure the Dataplane TEP in the Fabric Ext Connection Policy for each APIC site to be managed by Multi-Site, perform the following steps:
Step 1 |
On the menu bar, click . |
Step 2 |
On the navigation pane (prior to Cisco APIC, Release 3.1), expand Networking and Protocol Policies. |
Step 3 |
On the navigation pane (in APIC, Release 3.1 and later), expand Policies and Protocol. |
Step 4 |
Right-click Fabric Ext Connection Policies and choose Create Intrasite/Intersite Profile. |
Step 5 |
Click the + symbol on Pod Connection Profile. |
Step 6 |
Choose the Pod ID from the list. |
Step 7 |
Enter the IP address for dataplane traffic to this pod. |
Step 8 |
Click Update and Submit. |
This section describes how to add sites using the Multi-Site GUI.
Step 1 |
Log in to the Multi-Site GUI, in the Main menu, click Sites. If you are logging in for the first time, the default log in is admin and password is we1come!. Then you are forced to change the password upon initial log in. The new password requirements are:
|
Step 2 |
In the Sites List page, click ADD SITES. |
Step 3 |
In the Sites Details page, perform the following actions: |
Step 4 |
Repeat these steps to add additional sites. |
This section describes how to register sites and configure fabric connectivity infra for the sites using the Multi-Site GUI.
Ensure you have at least 2 sites.
For more information, see Adding Sites Using the Multi-Site GUI.
In APIC, you need to have the Multipod dataplane TEP configured on the POD connection profile.
For more information, see Defining the Dataplane TEP For APIC Sites Using the APIC GUI.
In APIC, you need to have one POD profile and it must contains a POD policy group. If it does not have a POD policy group you need to create one. To check if the POD profile contains a POD policy group, go to the APIC GUI, Policy Groups and click Create Pod Policy Group. Enter the appropriate information and click Submit. Assign the new pod policy group to the POD Profile default, go to the APIC GUI, . Click on the default, choose the new pod policy group and click Update.
. To create a POD policy group, go to the APIC GUI, , right-clickAny infrastructure changes such as adding, removing spines or spine node ID changes would require a Multi-Site fabric connectivity site refresh.
Step 1 |
Log in to the Multi-Site GUI, in the Main menu, click Sites. |
||
Step 2 |
In the Sites List area, click CONFIGURE INFRA. |
||
Step 3 |
In the Fabric Connectivity Infra page, perform the following actions: |
||
Step 4 |
In the Property Pane, in the OSPF area, perform the following actions: |
||
Step 5 |
In the Master list, choose a site from the SITE SETTINGS. |
||
Step 6 |
(Optional) If you are running release 1.2(1) or later: If decide to use the same Data Plane Unicast TEP for Multi-Site. |
||
Step 7 |
Click APPLY.
|
This section describes how to add tenants using the Multi-Site GUI.
To enable configuring tenants, the APIC administrative user account (with complete read/write privileges) must be available.
Before tenant administrators can configure their tenants, you must create the tenant user accounts in APIC (with read/write privileges limited to their tenant policies). For more information about creating local site user accounts, see the User Access, Authentication, and Accounting chapter in Cisco APIC Basic Configuration Guide, Release 3.x.
Step 1 |
Log in to the Multi-Site GUI, in the Main menu, click Tenants. |
Step 2 |
In the Tenants List area, click ADD TENANTS. |
Step 3 |
In the Tenant Details pane, perform the following actions: |
This section describes how to add schemas using the Multi-Site GUI.
Step 1 |
Log in to the Multi-Site GUI, in the Main menu, click Schemas. |
Step 2 |
In the Schemas List area, click ADD SCHEMA. |
Step 3 |
In the Untitled Schema pane, perform the following actions: |