New and Changed Information

The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

Table 1. New Features and Changed Behavior in Cisco APIC

Cisco APIC Release Version

Feature

Description

Release 3.1(1)

Red Hat Virtualization

Integration of Red Hat Virtualization into the Cisco Application Centric Infrastructure (ACI) is supported.

Cisco ACI with Red Hat Virtualization

The Application Policy Infrastructure Controller (APIC) integrates with Red Hat Virtualization (formerly Red Hat Enterprise Virtualization) and enhances the network management capabilities of the platform.

Red Hat Virtualization includes the following elements that integrate with the Cisco Application Centric Infrastructure (ACI):

  • Red Hat Virtualization Host—This is based on Red Hat Enterprise Linux (RHEL 7 operating system). It is built on the Kernel-based Virtual Machine (KVM) hypervisor technology native to Red Hat Enterprise Linux.

  • Red Hat Enterprise Virtualization Manager—This is a centralized virtualization management engine based on RHEL and JBoss.

Key Red Hat concepts include Cluster—a collection of hosts—and Data Center—a collection of clusters. A host may have multiple virtual machines (VMs). Clusters are a migration domain: VMs can be migrated to any host within a cluster but not to other clusters.

Logical networks are defined at the Data Center Level. A logical network in Red Hat Virtualization is implemented using a bridge. The bridge may be a Linux bridge or Open vSwitch (OVS) bridge.

The concept of endpoint groups (EPGs) in Cisco ACI maps to Logical Network in Red Hat Virtualization.


Note
Cisco Application Policy Infrastructure Controller (APIC) requires an account to access the Red Hat Virtualization Manager. See the section Red Hat Administrator Access Requirements in this guide for the minimum required privileges.

Software Compatibility

Cisco APIC 3.1(1) and later releases support Red Hat Virtualization. Always check the Cisco APIC Release Notes on Cisco.com for compatibility information.

We recommend that you use Red Hat Virtualization Manager 4.1.6 and later with Cisco APIC.

Cisco ACI and Red Hat Terminology

Some terminology differs between Cisco ACI and Red Hat. The following table lists differences to be aware of.

Cisco ACI Terms

Red Hat Terms

VM controller

Red Hat Virtualization Manager

Endpoint group (EPG)

Logical Network

Workflow for Red Hat Virtualization Installation

To install Red Hat Virtualization for use in the Cisco ACI, perform a series of steps on Cisco APIC and the Red Hat Virtualization Manager.

  1. Perform the following tasks on Red Hat Virtualization Manager:

    1. Create a data center.

    2. Create storage domains.

    3. Create clusters.

    4. Attach Red Hat Virtualization hosts to the clusters.

  2. Perform the following tasks on Cisco APIC:

    1. Create a Red Hat Virtualization domain and associate it with a VLAN pool and Red Hat Virtualization Manager credentials.

      See the Cisco APIC GUI, NX-OS style CLI, and REST API procedures for creating a Red Hat VMM domain in this guide.

    2. Create a Red Hat controller with a name and IP address and data center name, and then associate credentials to the controller.

      See the Cisco APIC GUI, NX-OS style CLI, and REST API procedures for creating a Red Hat VMM domain in this guide.

      Cisco APIC now connects to the Red Hat Virtualization Manager and pulls information from it. The information consists of all the inventory of the data center associated with the domain, clusters, hosts, and VMs in the data center.

    3. Create the following:

      • An attachable entity profile.

      • Interface and switch profiles as well as interface policy groups.

        We recommend Link Aggregation Control Protocol (LACP) policy for link redundancy to the RHV servers.

      • A tenant and an application profile for the tenant

        See the Cisco APIC Basic Configuration Guide for information about tenant configuration.

      • EPGs, associating them to a bridge domain

        See the Cisco APIC Basic Configuration Guide for information about EPG configuration.

    4. Associate the configured AEP with the policy group used for interfaces connecting RHV hosts and with the RHV VMM domain.

    5. Associate the EPGs to a Red Hat domain with resolution immediacy as pre-provision.

      See the section VMM Domain Profile Creation in this guide.


      Note
      Only EPGs with pre-provision resolution immediacy can be associated with Red Hat VMM domains.

      Cisco APIC creates networks on Red Hat Virtualization Manager. They have the name of tenant|application profile|epg for a given data center associated with the Red Hat Virtualization domain on APIC. These are pushed to the Red Hat Virtualization host.

  3. Perform the following tasks on Red Hat Virtualization Manager:

    1. When an EPG is mapped to RHV VMM domain, APIC creates a corresponding label on RHV Manager. Associate the label with the physical NICs of the hosts on the RHV clusters.

    2. Attach the vNICs of the VMs on the hosts to the desired logical network. The VM vNIC will appear as an endpoint connected to that EPG on the fabric.

VMM Domain Profile Creation

You can create a VMM domain profile with the Cisco APIC GUI, NX-OS style CLI, or REST API. However, before you create a VMM domain profile, ensure that you understand the workflow and have fulfilled the prerequisites.

Prerequisites for Creating a VMM Domain Profile

To configure a VMM domain profile, you must meet the following prerequisites:

  • All fabric nodes are discovered and configured.

  • Inband (inb) or out-of-band (oob) management has been configured on the Cisco APIC.

  • Red Hat Virtualization Manager is installed, configured, and reachable through the inb/oob management network.

  • You have the administrator/root credentials to Red Hat Virtualization Manager.

  • You have configured a DNS policy for the Cisco APIC if you plan to reference the Red Hat Virtualization Manager by hostname rather than an IP address.

  • You have enough VLAN IDs; if you do not, ports EPGs might report that no encapsulation is available.

Create a Red Hat Domain for Red Hat Virtualization Using the Cisco APIC GUI

Before you can install Red Hat Virtualization, you must create a Red Hat domain for it in Cisco APIC. This section describes how to create a Red Hat domain profile using the Cisco APIC GUI.

Procedure

Step 1

Log in to Cisco APIC.
Step 2

Go to VM Networking > Inventory.

Step 3

In the Inventory navigation pane, expand the VMM Domains folder, right-click the Red Hat folder, and then choose Create Red Hat Domain.

Step 4

In the Create Red Hat Domain dialog box, complete the following steps:

  1. In the Red Hat Domain Name field, enter a name.

  2. In the Delimiter field, complete one of the following steps:

    • If you use Red Hat Virtualization Manager 4.1.6 or later, enter one of the following characters: |, ~, !, @, ^, +, =, or _. This sets a delimiter for EPGs (networks in Red Hat Virtualization Manager). If you do not enter a symbol, the system uses the default | delimiter in EPG (network) names, for example: t1|a1|e1.

    • If you use a version of Red Hat Virtualization Manager earlier than 4.1.6, enter _ for the delimiter. Only the _ character is supported for the delimiter in Red Hat Virtualization Manager versions earlier than 4.1.6.

  3. From the VLAN Pool drop-down list, choose a VLAN pool you created earlier or create a VLAN pool.

  4. In the Red Hat Credentials area, click the + (plus) icon.

  5. In the Create Red Hat Credential dialog box do the following: Enter the Red Hat Virtualization Manager account profile name in the Name field, the Red Hat Virtualization Manager username in the Username field, enter and confirm the Red Hat password, and then click OK.

  6. In the Red Hat area, click the + (plus) icon, and in the Add Red Hat Controller dialog box, do the following: Enter the Red Hat controller name, the Red Hat host name or IP address, the data center name (which must match the data center name configured in Red Hat), select the credentials created in the previous step, and then click OK.

  7. In the Create Red Hat Domain dialog box, click Submit.

    In the Provider - Red Hat work pane, you should see the newly created Red Hat domain. Cisco APIC now connects to the Red Hat Virtualization Manager and pulls all the inventory of the data center associated with the domain. It also pulls all the clusters, hosts, and VMs in that data center from the Red Hat Virtualization Manager.

Create a VMM Domain Profile Using the NX-OS Style CLI

Before you can install Red Hat Virtualization, you must create a VMM domain for it in Cisco APIC. This section describes how to create a VMM domain profile using the NX-OS style CLI:

Procedure

Step 1

In the CLI, enter configuration mode:

Example:

apic1# configure
apic1(config)#
Step 2

Create a domain by entering the command rhev-domain domain name delimiter custom delimiter:

Example:

apic1(config)# rhev-domain sample delimiter '_'
 
The string delimiter custom delimiter sets a delimiter for EPGs in Red Hat Virtualization Manager, where EPGs are called networks. Setting a delimiter is optional for Red Hat Virtualization Manager 4.1.6 or later but is required for earlier versions.

If you use Red Hat Virtualization Manager 4.1.6 or later, you can enter one of the following characters: |, ~, !, @, ^, +, =, or _. If you do not enter a symbol, the system uses the default | delimiter in EPG (network) names, for example: t1|a1|e1. If you use a version of Red Hat Virtualization Manager earlier than 4.1.6, only the _ character is supported for the delimiter.

Step 3

Associate a domain with a VLAN pool by entering the command vlan-domain member VLAN pool name:

Example:

apic1(config-redhat)# vlan-domain member vlanPool1
Step 4

Associate a domain with a controller by entering the command rhev controller I.P datacenter datacenter name:

Example:

apic1(config-redhat)# rhev 192.168.100.168 datacenter mininet
Step 5

Provide credentials for the Red Hat controller by entering the command username username:

Example:

apic1(config-redhat-rhev)# username username
Password:
Retype password:
apic1(config-redhat-rhev)#

What to do next

Verify the configuration:

  1. List Red Hat domains:

    apic1# show redhat domain
Faults: Grouped by severity (Critical, Major, Minor, Warning)

Domain                     Encap     EPGs   Faults
-------------------------  --------  -----  ---------------
sample                     unknown   0      0,0,1,0

  2. Display information about a particular Red Hat domain:

    apic1# show redhat domain name <domainName>

e.g.:
Domain Name         : sample
Virtual Switch Mode : rhev
Number of EPGs      : 1
Faults by Severity  : 0, 0, 1, 0

rhev:
Faults: Grouped by severity (Critical, Major, Minor, Warning)
rhev                  Type      Datacenter            Status    ESXs   VMs    Faults
--------------------  --------  --------------------  --------  -----  -----  ---------------
Controller IP         rhev      mininet               online    3      2      0,0,1,0

Create a VMM Domain Profile Using the REST API

Before you can install Red Hat Virtualization, you must create a VMM domain for it in Cisco APIC. This section describes how to create a VMM domain profile using REST API.

Procedure

Step 1

Create a VLAN pool:

Example:

<polUni>
<infraInfra>
    <fvnsVlanInstP name="poolName" allocMode="dynamic" >
       <fvnsEncapBlk name="encapName" from="startRangeValue" to="endRangeValue"/>
    </fvnsVlanInstP>
</infraInfra>
Step 2

Create the Red Hat VMM domain and associate it with the VLAN pool and the Red Hat controller:

Example:

<polUni>
<vmmProvP vendor="Redhat">
   <vmmDomP name=”domainName” mode="rhev">
      <infraRsVlanNs tDn="uni/infra/vlanns-poolName-dynamic"/>
      <vmmUsrAccP
          name=”accPName”
          usr=”username”
          pwd=”password"
       />
      <vmmCtrlrP 
           name="controllerName"
           hostOrIp="hostIp”
           scope="rhev"
           rootContName=”datacenterName” >
           <vmmRsAcc
            tDn="uni/vmmp-Redhat/dom-domainName/usracc-accPName”/>
      </vmmCtrlrP>
  </vmmDomP>
</vmmProvP>
</polUni>

EPG-to-VMM Domain Association

After you create a Red Hat VMM domain and EPGs, you associate the EPGs to the VMM domain. You can do so through the Cisco APIC GUI, the NX-OS style CLI, or REST API.

Prerequisites for EPG-to-VMM Domain Association

Before you associate an EPG to the VMM domain, you must perform the following tasks:

  • Create a VMM domain.

  • Create at least one EPG.

Associate an EPG with the VMM Domain Using the GUI

Use the Cisco APIC GUI to associate an EPG to the VMM domain.

Procedure

Step 1

Log in to the Cisco APIC.

Step 2

Choose Tenants and then choose the tenant with the EPG you want to associate with the VMM domain.

Step 3

In the left navigation pane, expand the following: The Application Profiles folder, the application profile, the Application EPGs folder, the application EPG that you want to associate with the VMM domain.

Step 4

Right-click Domains (VMs and Bare-Metals) and then choose Add VMM Domain Association.

Step 5

In the Add VMM Domain Association dialog box, from the VMM Domain Profile drop-down list, choose the VMM domain.

Step 6

In the Deploy Immediacy area, accept the default On Demand or Immediate.

You cannot change the value for Resolution Immediacy, which is set to Pre-provision; this is required for EPGs associated with Red Hat VMM domains.

Step 7

(Optional) In the Delimiter field, enter one of the following symbols: |, ~, !, @, ^, +, or = to choose a delimiter for EPGs in the RHVM, where EPGs are called networks.

If you do not enter a symbol, the system uses the default | delimiter in EPG (network) names, for example:t1|a1|e1.

Step 8

In the Port Encap field, Enter a VLAN value that is part of one of the static VLAN blocks associated with the VMM domain.

When you manually configure the Port Encap value on a VMM domain for an EPG, the VLAN ID must belong to a static VLAN block within a dynamic VLAN pool.

Step 9

Click Submit.

Note 
The EPGs that are associated to the Red Hat domain are seen as networks under the label aci_Red Hat domain name in Red Hat Virtualization Manager.
Step 10

Repeat this procedure once for every other EPG that you want to associate with the VMM domain.

Associate an EPG with the VMM Domain Using the NX-OS Style CLI

Use the Cisco APIC GUI to associate an EPG to the VMM domain.

Procedure

Step 1

Associate an EPG with a VMM domain:

Example:

apic1(config)# tenant tenant name
apic1(config-tenant)# application application name
apic1(config-tenant-app)# epg EPG name
immediate  on-demand  pre-provision
apic1(config-tenant-app-epg)# rhev-domain member domain name deploy
immediate  on-demand
Step 2

Verify the association:

Example:

apic1# show redhat domain name domain name epg
e.g.:
Encap: (P):Primary VLAN, (S):Secondary VLAN
Name                            Encap            AllocMode
------------------------------  ---------------  ----------
t1|a1|e1                        vlan-28          dynamic

4) apic1# show redhat domain name <domainName> rhev host IP

Create an EPG and Associate It with the VMM Domain Using REST API

Use REST API to associate an EPG to the VMM domain.

Procedure

Create an EPG and associate it with the Red Hat VMM domain.

Example:

Example:

<polUni>
 <fvTenant
   name="tenantName">
   <fvCtx name="ctxName"/>
   <fvBD name="bridgeDomainName">
       <fvRsCtx tnFvCtxName="ctxName" />
   </fvBD>
   <fvAp name="applicationProfileName">
         <fvAEPg name="epgName" >
           <fvRsBd tnFvBDName="bridgeDomainName" />
           <fvRsDomAtt tDn="uni/vmmp-Redhat/dom-domainName" resImedcy="pre-provision"/>          
        </fvAEPg>
   </fvAp>    
 </fvTenant>
</polUni>

Red Hat Administrator Access Requirements

Cisco APIC need an account to access the Red Hat Virtualization Manager and configure the Red Hat VMM configuration and send API commands. This section lists the minimum privileges that are required for the Cisco APIC account dedicated to Red Hat integration to work.

Login Permissions
Configure > Roles > Edit Role > System > Configure System > Login Permissions
Network Configuration
Configure > Roles > Edit Role > Network > Configure Network:

  • Create

  • Edit Properties

  • Delete

  • Assign Network to Cluster