New and Changed Information

The following table provides an overview of the significant changes to this article up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

Table 1. New Features and Changed Behavior in Cisco APIC Configuration Zones
Cisco APIC Release Version

New Feature

Description

Release 3.2(1)

Graphical display of configuration zones

In GUI topology diagrams, configuration zones can be displayed with color coding.

Release 2.0(2f)

Initial release

This article was released.

Configuration Zones

Configuration zones divide the ACI fabric into different zones that can be updated with configuration changes at different times. This limits the risk of deploying a faulty fabric-wide configuration that might disrupt traffic or even bring the fabric down. An administrator can deploy a configuration to a non-critical zone, and then deploy it to critical zones when satisfied that it is suitable.

The following policies specify configuration zone actions:

  • infrazone:ZoneP is automatically created upon system upgrade. It cannot be deleted or modified.

  • infrazone:Zone contains one or more pod groups (PodGrp) or one or more node groups (NodeGrp).

    Note
    You can only choose PodGrp or NodeGrp; both cannot be chosen.

    A node can be part of only one zone (infrazone:Zone). NodeGrp has two properties: name, and deployment mode. The deployment mode property can be:

    • enabled - Pending updates are sent immediately.

    • disabled - New updates are postponed.

      Note

      • Do not upgrade, downgrade, commission, or decommission nodes in a disabled configuration zone.

      • Do not do a clean reload or an uplink/downlink port conversion reload of nodes in a disabled configuration zone.

    • triggered - pending updates are sent immediately, and the deployment mode is automatically reset to the value it had before the change to triggered.

When a policy on a given set of nodes is created, modified, or deleted, updates are sent to each node where the policy is deployed. Based on policy class and infrazone configuration the following happens:.

  • For policies that do not follow infrazone configuration, the APIC sends updates immediately to all the fabric nodes.

  • For policies that follow infrazone configuration, the update proceeds according to the infrazone configuration:

    • If a node is part of an infrazone:Zone, the update is sent immediately if the deployment mode of the zone is set to enabled; otherwise the update is postponed.

    • If a node is not part of aninfrazone:Zone, the update is done immediately, which is the ACI fabric default behavior.

Creating Configuration Zones Using the GUI

This procedure explains how to create a configuration zone using the GUI.

Before you begin

You must have access to the APIC GUI.

Procedure

Step 1

From the Systems tab, click Config Zones.

The Config Zones window appears.

Step 2

From the Select Zone drop-down list, choose Create Zone.

The Create Zone dialog appears.
Step 3

Enter the appropriate values in the Create Zone dialog fields as described in the Create Zone Dialog Fields table below then continue to Step 4.

Table 2. Create Zone Dialog Fields

Field

Description

Name Enter a name for your zone.
Description (Optional) Enter a description.
Deployment Mode Choose from the following options:
  • Open—(Default) Pending updates are sent immediately.
  • Locked—New updates are postponed.
Note 
The Deployment Mode can be changed from the Config Zones window in Step 5.
Step 4

Click Submit.

You return to the Config Zones window.
Step 5

From the Deployment Mode field, choose from the following:

  • Open—(Default) Pending updates are sent immediately.
  • Locked—New updates are postponed.
Step 6

Choose either Pods or Leaf Switches for your zone.

Note 
You can only choose Pods or Leaf Switches; both cannot be chosen for a config zone.
  • If choosing Pods for your config zone:
    1. From the Pods table, click the + (plus) symbol. The Create Pod Block dialog appears.
    2. Enter a single pod ID or a range of pod IDs.
    3. Click Submit.
  • If choosing Leaf Switches for your config zone:
    1. From the Leaf Switches table, click the + (plus) symbol. The Create Node Block dialog appears.
    2. Enter a single switch ID or a range of switch IDs.
    3. Click Submit.
Step 7

The Pending Changes table lists policies that are pending on the nodes within the selected zone and provides the following options:

  • Deploy Now – Click to deploy pending policy changes to all the nodes within the selected zone.
  • Refresh – Click to refresh the list of policies.
Note 
We now support polices that can be configured in the following GUI locations:
  • Fabric > Access Polices
  • Fabric > Fabric Policies
Also see Configuration Zone Supported Policies.

Viewing Configuration Zones Using the GUI

In an APIC GUI page where a topology diagram displays pods or switches, you can enable a color-coded overlay indicating which components belong to configuration zones. Each zone is represented by a distinct color, and a table of configuration zones and their colors is displayed.

This procedure explains how to view configuration zones in the Fabric Inventory topology diagram. The procedure is similar for other topology diagrams throughout the APIC GUI.

Before you begin

You must have access to the APIC GUI.


Note

This feature is available in Cisco APIC Release 3.2(1) and later releases.

Procedure

Step 1

On the menu bar, choose Fabric > Inventory.

Step 2

In the Navigation pane, click Topology.

Step 3

In the Work pane, click the Topology tab.

The current topology diagram displays.
Step 4

In the upper right corner of the topology diagram, locate the Configuration Zones switch.

Step 5

Slide the Configuration Zones switch from Hide to Show.

If configuration zones are configured, a colored outline appears on components that are members of a configuration zone, and a color-keyed zones table appears beneath the Configuration Zones switch.

Creating Configuration Zones Using the NX-OS Style CLI

This procedure explains how to create or delete a configuration zone using the NX-OS style CLI.

Procedure

Create or delete a configuration zone using the NX-OS style CLI as shown in the leaf switch or pod examples below.

Example:

Creating a Config Zone with Leaf Switches

apic1# configure
apic1(config)# zones
apic1(config-zones)# zone testZone
apic1(config-zone)# description testZone-Description
apic1(config-zone)# deployment-mode enabled
apic1(config-zone)# switch 101-102 , 103
apic1(config-zone)# exit
apic1(config-zones)# exit
apic1(config)# exit

Example:

Creating a Config Zone with Pods

apic1# configure
apic1(config)# zones
apic1(config-zones)# zone testZone
apic1(config-zone)# description testZone-Description
apic1(config-zone)# deployment-mode enabled
apic1(config-zone)# pod 101-102 , 103
apic1(config-zone)# exit
apic1(config-zones)# exit
apic1(config)# exit

Example:

Deleting a Config Zone

apic1# configure
apic1(config)# zones
apic1(config-zones)# no zone testZone
apic1(config-zone)# exit
apic1(config-zones)# exit
apic1(config)# exit

Creating Configuration Zones Using the REST API

Before you begin

This procedure explains how to create a configuration zone using the REST API.

Procedure

Create a configuration zone using the REST API leaf switch or pod examples below.

Example:

Creating a Config Zone with Leaf Switches

<infraInfra>
<infrazoneZoneP name="default">
<infrazoneZone name="Group1" deplMode="disabled">
<infrazoneNodeGrp name="nodeGroup">
<infraNodeBlk name="nodeblk1" from_=101 to_=101/>
<infraNodeBlk name="nodeblk2" from_=103 to_=103/>
</infrazoneNodeGrp>
</infrazoneZone>
<infrazoneZone name="Group2" deplMode="enabled">
<infrazoneNodeGrp name="nodeGroup2">
<infraNodeBlk name="nodeblk" from_=102 to_=102/> 
</infrazoneNodeGrp>
</infrazoneZone>
</infrazoneZoneP>
</infraInfra>

Example:

Creating a Config Zone with Pods

<infraInfra>
    <infrazoneZoneP name="default">
        <infrazoneZone name="testZone" descr="testZone-Description" deplMode="enabled">
            <infrazonePodGrp name="podGroup1">
                <infraPodBlk name="group1" from_=101 to_=101/>
                <infraPodBlk name="group2" from_=103 to_=103/>
            </infrazonePodGrp>
            <infrazonePodGrp name="podGroup2">
                <infraPodBlk name="group" from_=102 to_=102/>
            </infrazonePodGrp>
        </infrazoneZone>
    </infrazoneZoneP>
</infraInfra>

Configuration Zone Supported Policies

The following policies are supported for configuration zones:

analytics:CfgSrv
bgp:InstPol
callhome:Group
callhome:InvP
callhome:QueryGroup
cdp:IfPol
cdp:InstPol
comm:Pol
comp:DomP
coop:Pol
datetime:Pol
dbgexp:CoreP
dbgexp:TechSupP
dhcp:NodeGrp
dhcp:PodGrp
edr:ErrDisRecoverPol
ep:ControlP
ep:LoopProtectP
eqptdiagp:TsOdFabP
eqptdiagp:TsOdLeafP
fabric:AutoGEp
fabric:ExplicitGEp
fabric:FuncP
fabric:HIfPol
fabric:L1IfPol
fabric:L2IfPol
fabric:L2InstPol
fabric:L2PortSecurityPol
fabric:LeCardP
fabric:LeCardPGrp
fabric:LeCardS
fabric:LeNodePGrp
fabric:LePortP
fabric:LePortPGrp
fabric:LFPortS
fabric:NodeControl
fabric:OLeafS
fabric:OSpineS
fabric:PodPGrp
fabric:PortBlk
fabric:ProtGEp
fabric:ProtPol
fabric:SFPortS
fabric:SpCardP
fabric:SpCardPGrp
fabric:SpCardS
fabric:SpNodePGrp
fabric:SpPortP
fabric:SpPortPGrp
fc:DomP
fc:FabricPol
fc:IfPol
fc:InstPol
file:RemotePath
fvns:McastAddrInstP
fvns:VlanInstP
fvns:VsanInstP
fvns:VxlanInstP
infra:AccBaseGrp
infra:AccBndlGrp
infra:AccBndlPolGrp
infra:AccBndlSubgrp
infra:AccCardP
infra:AccCardPGrp
infra:AccNodePGrp
infra:AccPortGrp
infra:AccPortP
infra:AttEntityP
infra:CardS
infra:ConnFexBlk
infra:ConnFexS
infra:ConnNodeS
infra:DomP
infra:FexBlk
infra:FexBndlGrp
infra:FexGrp
infra:FexP
infra:FuncP
infra:HConnPortS
infra:HPathS
infra:HPortS
infra:LeafS
infra:NodeBlk
infra:NodeGrp
infra:NodeP
infra:OLeafS
infra:OSpineS
infra:PodBlk
infra:PodGrp
infra:PodP
infra:PodS
infra:PolGrp
infra:PortBlk
infra:PortP
infra:PortS
infra:PortTrackPol
infra:Profile
infra:SHPathS
infra:SHPortS
infra:SpAccGrp
infra:SpAccPortGrp
infra:SpAccPortP
infra:SpineP
infra:SpineS
isis:DomPol
l2ext:DomP
l2:IfPol
l2:InstPol
l2:PortSecurityPol
l3ext:DomP
lacp:IfPol
lacp:LagPol
lldp:IfPol
lldp:InstPol
mcp:IfPol
mcp:InstPol
mgmt:NodeGrp
mgmt:PodGrp
mon:FabricPol
mon:InfraPol
phys:DomP
psu:InstPol
qos:DppPol
snmp:Pol
span:Dest
span:DestGrp
span:SpanProv
span:SrcGrp
span:SrcTargetShadow
span:SrcTargetShadowBD
span:SrcTargetShadowCtx
span:TaskParam
span:VDest
span:VDestGrp
span:VSpanProv
span:VSrcGrp
stormctrl:IfPol
stp:IfPol
stp:InstPol
stp:MstDomPol
stp:MstRegionPol
trig:SchedP
vmm:DomP
vpc:InstPol
vpc:KAPol