Fabrics
This section contains the following topics:
VXLAN BGP EVPN Fabrics Provisioning
In DCNM 11.0(1), fabric creation is enhanced to provision VXLAN BGP EVPN underlay network parameters to the fabric switches. The concept of Multi-Site Domain (MSD) fabrics was introduced.
In the DCNM 11.1(1) release, further enhancements are made. For the LAN Fabric deployment type, fabric template support is introduced for Cisco Nexus 3000 Series switches, in addition to the existing support for Cisco Nexus 9000 Series switches.
Support of simplified CLIs for VXLAN EVPN fabrics is not supported in either greenfield or brownfield deployments.
The DCNM GUI functions for creating, deploying, and migrating VXLAN fabrics are as follows
Control > Fabric Builder menu option (under the Fabrics sub menu).
Create, edit, and delete a fabric:
-
Create new VXLAN, MSD and external VXLAN fabrics.
-
View the VXLAN and MSD fabric topologies, including connections between fabrics.
-
Update fabric settings.
-
Save and deploy updated changes.
-
Delete a fabric (if devices are removed).
Fabric Membership changes
-
Transition existing VXLAN fabric management to DCNM (through the Preserve Config = Yes option).
-
Deploy new fabrics or add new devices to an existing fabric (through the bootstrap or Preserve Config = No options).
-
Move fabrics into or out of an MSD.
Device discovery and provisioning start-up configurations on new switches:
-
Add switch instances to the fabric.
-
Provision start-up configurations and an IP address to a new switch through POAP configuration.
-
Update switch policies, save and deploy updated changes.
-
Create intra-fabric and inter-fabric links (also called Inter-Fabric Connections [IFCs]).
Transitioning VXLAN fabric management to DCNM
In DCNM 11.1(1) release, transitioning existing VXLAN fabric management to DCNM is introduced.
Control > Interfaces menu option (under the Fabrics sub menu).
Underlay provisioning:
-
Create, deploy, view, edit and delete a port-channel, vPC switch pair, straight through FEX, AA FEX, loopback, and subinterface.
-
Create breakout and unbreakout ports.
-
Shut down and bring up interfaces.
-
Rediscover ports and view interface configuration history.
-
Designate a switch interface as a routed port, trunk port, OSPF interface, and so on.
Note
vPC support is added for BGWs in the DCNM 11.1(1) release.
Control > Networks & VRFs menu option (under the Fabrics sub menu).
Overlay network provisioning.
-
Create new overlay networks and VRFs (from the range specified in fabric creation).
-
Provision the overlay networks and VRFs on the switches of the fabric.
-
Undeploy the networks and VRFs from the switches.
-
Remove the provisioning from the fabric in DCNM.
This chapter mostly covers standalone fabric-related configurations. MSD fabric documentation is available in a separate chapter. The deployment of networks and VRFs is covered under the Creating and Deploying Networks and VRFs section. Step by step configuration:
Creating a New VXLAN BGP EVPN Fabric
This procedure shows how to create a new VXLAN BGP EVPN fabric.
-
Choose Control > Fabric Builder.
The Fabric Builder screen appears. When you log in for the first time, the Fabrics section has no entries. After you create a fabric, it is displayed on the Fabric Builder screen, wherein a rectangular box represents each fabric.
A standalone or member fabric contains Switch_Fabric (in the Type field), the AS number (in the ASN field), and mode of replication (in the Replication Mode field).
-
Click Create Fabric. The Add Fabric screen appears.
The fields are explained:
Fabric Name - Enter the name of the fabric.
Fabric Template - From the drop-down menu, choose the Easy_Fabric_11_1 fabric template. The fabric settings for creating a standalone fabric comes up.
The tabs and their fields in the screen are explained in the subsequent points. The overlay and underlay network parameters are included in these tabs.
Note
If you are creating a standalone fabric as a potential member fabric of an MSD fabric (used for provisioning overlay networks for fabrics that are connected through EVPN Multi-Site technology), then browse through the Multi-Site Domain for VXLAN BGP EVPN Fabrics topic before member fabric creation.
-
The General tab is displayed by default. The fields in this tab are:
BGP ASN: Enter the BGP AS number the fabric is associated with.
Fabric Interface Numbering : Specifies whether you want to use point-to-point (p2p) or unnumbered networks.
Underlay Subnet IP Mask - Specifies the subnet mask for the fabric interface IP addresses.
Link-State Routing Protocol : The IGP used in the fabric, OSPF, or IS-IS.
Route-Reflectors – The number of spine switches that are used as route reflectors for transporting BGP traffic. Choose 2 or 4 from the drop down box. The default value is 2.
To deploy spine devices as RRs, DCNM sorts the spine devices based on their serial numbers, and designates two or four spine devices as RRs. If you add more spine devices, existing RR configuration will not change.
Increasing the count - You can increase the route reflectors from two to four at any point in time. Configurations are automatically generated on the other 2 spine devices designated as RRs.
Decreasing the count - When you reduce four route reflectors to two, you must remove the unneeded route reflector devices from the fabric. Follow these steps to reduce the count from 4 to 2.
-
Change the value in the drop-down box to 2.
-
Identify the spine switches designated as route reflectors.
An instance of the rr_state policy is applied on the spine switch if it is a route reflector. To find out if the policy is applied on the switch, right-click the switch, and choose View/edit policies. In the View/Edit Policies screen, search rr_state in the Template field. It is displayed on the screen.
-
Delete the unneeded spine devices from the fabric (right-click the spine switch icon and choose Discovery > Remove from fabric).
If you delete existing RR devices, the next available spine switch is selected as the replacement RR.
-
Click Save and Deploy at the top right part of the fabric topology screen.
You can preselect RRs and RPs before performing the first Save & Deploy operation. For more information, see Preselecting Switches as Route-Reflectors and Rendezvous-Points..
Anycast Gateway MAC : Specifies the anycast gateway MAC address.
NX-OS Software Image Version : Select an image from the list.
If you upload Cisco NX-OS software images through the image upload option, the uploaded images are listed in this field. If you select an image, the system checks if the switch has the selected version. If not, an error message is displayed. You can resolve the error by clicking on Resolve. The image management screen comes up and you can proceed with the ISSU option. Alternatively, you can delete the release number and save it later.
If you specify an image in this field, all switches in the fabric should run that image. If some devices do not run the image, a warning is prompted to perform an In-Service Software Upgrade (ISSU) to the specified image. Till all devices run the specified image, the deployment process will be incomplete.
If you want to deploy more than one type of software image on the fabric switches, don’t specify any image. If an image is specified, delete it
-
-
Click the Replication tab. Most of the fields are auto generated. You can update the fields if needed.
Replication Mode : The mode of replication that is used in the fabric, Ingress Replication, or Multicast.
When you choose Ingress replication, the multicast replication fields get disabled.
In the DCNM 11.1(1) release, you can change the fabric setting from one mode to the other, if no overlay profile exists for the fabric.
You can change the fabric setting from one mode to the other, if no overlay profile exists for the fabric.
Multicast Group Subnet : IP address prefix used for multicast communication. An unique IP address is allocated from this group for each overlay network.
In the DCNM 11.0(1) release, the replication mode change is not allowed if a policy template instance is created for the current mode. For example, if a multicast related policy is created and deployed, you cannot change the mode to Ingress.
Enable Tenant Routed Multicast (TRM) – Select the checkbox to enable Tenant Routed Multicast (TRM) as the fabric overlay multicast protocol.
Rendezvous-Points - Enter the number of spine switches acting as rendezvous points.
RP mode – Choose from the two supported multicast modes of replication, ASM (for Any-Source Multicast [ASM]) or BiDir (for Bidirectional PIM [BIDIR-PIM]).
When you choose ASM, the BiDir related fields are not enabled. When you choose BiDir, the BiDir related fields are enabled.
Note
BIDIR-PIM is supported on Cisco's Cloud Scale Family platforms 9300-EX and 9300-FX/FX2, and software release 9.2(1) onwards.
Underlay RP Loopback ID – The loopback ID used for the rendezvous point (RP), for multicast protocol peering purposes in the fabric underlay.
The next two fields are enabled if you choose BIDIR-PIM as the multicast mode of replication.
Underlay Primary RP Loopback ID – The primary loopback ID used for the phantom RP, for multicast protocol peering purposes in the fabric underlay.
Underlay Backup RP Loopback ID – The secondary loopback ID used for the phantom RP, for multicast protocol peering purposes in the fabric underlay.
Underlay Second Backup RP Loopback Id and Underlay Third Backup RP Loopback Id: Used for the second and third fallback Bidir-PIM Phantom RP.
-
Click the vPC tab. Most of the fields are auto generated. You can update the fields if needed.
vPC Peer Link VLAN – VLAN used for the vPC peer link SVI.
vPC Peer Keep Alive option – Choose the management or loopback option. If you want to use IP addresses assigned to the management port and the management VRF, choose management. If you use IP addresses assigned to loopback interfaces (and a non-management VRF), choose loopback.
If you use IPv6 addresses, you must use loopback IDs.
vPC Auto Recovery Time - Specifies the vPC auto recovery time-out period in seconds.
vPC Delay Restore Time - Specifies the vPC delay restore period in seconds.
vPC IPv6 ND Synchronize – Enables IPv6 Neighbor Discovery synchronization between vPC switches. The check box is enabled by default. Clear the check box to disable the function.
vPC advertise-pip - Select the check box to enable the Advertise PIP feature.
-
Click the Advanced tab. Most of the fields are auto generated. You can update the fields if needed.
VRF Template and VRF Extension Template: Specifies the VRF template for creating VRFs, and the VRF extension template for enabling VRF extension to other fabrics.
Network Template and Network Extension Template: Specifies the network template for creating networks, and the network extension template for extending networks to other fabrics.
Site ID - The ID for this fabric if you are moving this fabric within an MSD. The site ID is mandatory for a member fabric to be a part of an MSD. Each member fabric of an MSD has a unique site ID for identification.
Underlay Routing Loopback Id - The loopback interface ID is populated as 0 since loopback0 is usually used for fabric underlay IGP peering purposes.
Underlay VTEP Loopback Id - The loopback interface ID is populated as 1 since loopback1 is usually used for the VTEP peering purposes.
Link-State Routing Protocol Tag - The tag defining the type of network.
OSPF Area ID – The OSPF area ID, if OSPF is used as the IGP within the fabric.
Power Supply Mode - Choose the appropriate power supply mode.
CoPP Profile - Choose the appropriate Control Plane Policing (CoPP) profile policy for the fabric. By default, the strict option is populated.
Enable VXLAN OAM - Enables the VXLAM OAM function for existing switches.
This is enabled by default. Clear the check box to disable VXLAN OAM function.
If you want to enable the VXLAN OAM function on specific switches and disable on other switches in the fabric, you can use freeform configurations to enable OAM and disable OAM in the fabric settings.
Note
The VXLAN OAM feature in Cisco DCNM is only supported on a single fabric or site.
Greenfield Cleanup Option – Enable the switch cleanup option for greenfield switches without a switch reload. This option is typically recommended only for the data center environments with the Cisco Nexus 9000v Switches.
iBGP Peer-Template Config – Add iBGP peer template configurations on the leaf switches to establish an iBGP session between the leaf switch and route reflector.
Freeform CLIs - Fabric level freeform CLIs can be added while creating or editing a fabric. They are applicable to switches across the fabric. You must add the configurations as displayed in the running configuration, without indentation. Switch level freeform configurations such as VLAN, SVI, and interface configurations should only be added on the switch. Refer the Freeform Configurations on Fabric Switches topic for a detailed explanation and examples.
Leaf Freeform Config - Add CLIs that should be added to switches that have the Leaf, Border, and Border Gateway roles.
Spine Freeform Config - Add CLIs that should be added to switches with a Spine, Border Spine, and Border Gateway Spine roles.
-
Click the Resources tab.
Static Underlay IP Address Allocation – Do not select this check box if you are transitioning your VXLAN fabric management to DCNM.
-
By default, DCNM allocates the underlay IP address resources (for loopbacks, fabric interfaces, etc) dynamically from the defined pools. If you select the check box, the allocation scheme switches to static, and some of the dynamic IP address range fields are disabled.
-
For static allocation, the underlay IP address resources must be populated into the Resource Manager (RM) using REST APIs.
Refer the Cisco DCNM REST API Reference Guide, Release 11.1(1) for more details. The REST APIs must be invoked after the switches are added to the fabric, and before you use the Save & Deploy option.
-
The Underlay RP Loopback IP Range field stays enabled if BIDIR-PIM function is chosen for multicast replication.
-
Changing from static to dynamic allocation keeps the current IP resource usage intact. Only future IP address allocation requests are taken from dynamic pools.
Underlay Routing Loopback IP Range - Specifies loopback IP addresses for the protocol peering.
Underlay VTEP Loopback IP Range - Specifies loopback IP addresses for VTEPs.
Underlay RP Loopback IP Range - Specifies the anycast or phantom RP IP address range.
Underlay Subnet IP Range - IP addresses for underlay P2P routing traffic between interfaces.
Layer 2 VXLAN VNI Range and Layer 3 VXLAN VNI Range - Specifies the VXLAN VNI IDs for the fabric.
Network VLAN Range and VRF VLAN Range - VLAN ranges for the Layer 3 VRF and overlay network.
Subinterface Dot1q Range - Specifies the subinterface range when L3 sub interfaces are used.
VRF Lite Deployment - Specify the VRF Lite method for extending inter fabric connections.
If you select Manual, the VRF Lite subnet details are required so that the resource manager can reserve the address space.
If you select Back2BackOnly, ToExternalOnly, or Both, then the VRF Lite subnet fields are enabled.
VRF Lite Subnet IP Range and VRF Lite Subnet Mask – These fields are populated with the DCI subnet details. Update the fields as needed.
The values shown in your screen are automatically generated. If you want to update the IP address ranges, VXLAN Layer 2/Layer 3 network ID ranges or the VRF/Network VLAN ranges, ensure the following:
Note
When you update a range of values, ensure that it does not overlap with other ranges. You should only update one range of values at a time. If you want to update more than one range of values, do it in separate instances. For example, if you want to update L2 and L3 ranges, you should do the following.
-
Update the L2 range and click Save.
-
Click the Edit Fabric option again, update the L3 range and click Save.
-
-
Click the Manageability tab.
The fields in this tab are:
DNS Server IP - Specifies the IP address of the DNS server, if you use a DNS server.
DNS Server VRF - Specifies the VRF to be used to contact the DNS server IP address.
Second DNS Server IP - Specifies the IP address of the second DNS server, if you use a second DNS server.
Second DNS Server VRF - Specifies the VRF to be used to contact the second DNS server IP address.
NTP Server IP - Specifies the IP address of the NTP server, if you use an NTP server.
NTP Server VRF - Specifies the VRF to be used to contact the NTP server IP address.
Second NTP Server IP - Specifies the IP address of the second NTP server, if you use a second NTP server.
Second NTP Server VRF - Specifies the VRF to be used to contact the second NTP server IP address.
AAA Server Type - Specifies the AAA server type. By default, no type is populated. You can select a radius or TACACS server.
AAA Server IP - Specifies the IP address of the AAA server, if you use a AAA server.
AAA Shared Secret - Specifies the shared secret of the AAA server, if used.
Note
After fabric creation and discovery of switches, you must update the AAA server password on each fabric switch.
Second AAA Server IP - Specifies the IP address of the second AAA server, if you use a second AAA server.
Second AAA Shared Secret - Specifies the shared secret of the second AAA server, if used.
AAA Server VRF - Specifies the VRF to be used to contact the AAA server IP address.
Syslog Server IP – IP address of the syslog server, if used.
Syslog Server Severity – Severity level of the syslog server. To specify a higher severity, enter a higher number.
Syslog Server VRF – The default or management VRF that the syslog server IP address is assigned to.
Second Syslog Server IP – IP address of the second syslog server, if used.
Second Syslog Server Severity – Severity level of the second syslog server. To specify a higher severity, enter a higher number.
Second Syslog Server VRF – The default or management VRF that the second syslog server’s IP address is assigned to.
- Click the Bootstrap tab.
Enable DHCP - Click this check box to initiate enabling of automatic IP address assignment through DHCP. When you click the check box, the other fields become editable. They are:
DHCP Scope Start Address and DHCP Scope End Address - Specifies the first and last IP addresses of the IP address range to be used for the switch out of band POAP.
Switch Management Default Gateway - Specifies the default gateway for the management VRF on the switch.
Switch Management Subnet Prefix - Specifies the prefix for the Mgmt0 interface on the switch. The prefix should be between 8 and 30.
DHCP scope and management default gateway IP address specification - If you specify the management default gateway IP address 10.0.1.1 and subnet mask 24, ensure that the DHCP scope is within the specified subnet, between 10.0.1.2 and 10.0.1.254.
Bootstrap Freeform Config - (Optional) Enter additional commands as needed. For example, if you are using AAA or remote authentication related configurations, you need to add these configurations in this field to save the intent. After the devices boot up, they contain the intent defined in the Bootstrap Freeform Config field.
Copy-paste the running-config to a freeform config field with correct indentation, as seen in the running configuration on the NX-OS switches. The freeform config must match the running config. For more information, see Resolving Freeform Config Errors in Switches.
-
Click the Configuration Backup tab. The fields on this tab are:
Hourly Fabric Backup: Select the check box to enable an hourly backup of fabric configurations and the intent. The backup process is initiated only when you click Save and Deploy, and the subsequent configuration compliance activity is successfully completed.
You can enable an hourly backup for fresh fabric configurations and the intent as well. If there is a configuration push in the previous hour, DCNM takes a backup.
Intent refers to configurations that are saved in DCNM but yet to be provisioned on the switches.
Scheduled Fabric Backup: Check the check box to enable a daily backup. This backup tracks changes in running configurations on the fabric devices that are not tracked by configuration compliance.
Scheduled Time: Specify the scheduled backup time in a 24-hour format. This field is enabled if you check the Scheduled Fabric Backup check box.
Select both the check boxes to enable both back up processes. If you update settings, execute the Save & Deploy option on the fabric topology screen (click within the fabric box to access the fabric topology screen).
The backup configuration files are stored in the following path in DCNM: /usr/local/cisco/dcm/dcnm/data/archive
The number of archived files that can be retained is set in the # Number of archived files per device to be retained: field in the Server Properties window.
Note
Hourly and scheduled backup processes happen only during the next periodic configuration compliance activity, and there can be a delay of up to an hour. To trigger an immediate backup, do the following:
-
Choose Control > Fabric Builder. The Fabric Builder screen comes up.
-
Click within the specific fabric box. The fabric topology screen comes up.
-
From the Actions pane at the left part of the screen, click Re-Sync Fabric.
You can also initiate the fabric backup in the fabric topology window. Click Backup Now in the Actions pane.
-
-
Click Save after filling and updating relevant information. A note appears briefly at the bottom right part of the screen, indicating that the fabric is created. When a fabric is created, the fabric page comes up. The fabric name appears at the top left part of the screen.
(At the same time, the newly created fabric instance appears on the Fabric Builder screen. To go to the Fabric Builder screen, click the left arrow (←) button above the Actions pane [to the left of the screen]).
The Actions pane allows you to perform various functions. One of them is the Add switches option to add switches to the fabric. After you create a fabric, you should add fabric devices. The options are explained:
-
Tabular View - By default, the switches are displayed in the topology view. Use this option to view switches in the tabular view.
-
Refresh topology - Allows you to refresh the topology.
-
Save Layout – Saves a custom view of the topology. You can create a specific view in the topology and save it for ease of use.
-
Delete saved layout – Deletes the custom view of the topology
-
Topology views - You can choose between Hierarchical, Random and Custom saved layout display options.
-
Hierarchical - Provides an architectural view of your topology. Various Switch Roles can be defined that draws the nodes on how you configure your CLOS topology.
-
Random - Nodes are placed randomly on the window. DCNM tries to make a guess and intelligently place nodes that belong together in close proximity.
-
Custom saved layout - You can drag nodes around to your liking. Once you have the positions as how you like, you can click Save Layout to remember the positions. Next time you come to the topology, DCNM will draw the nodes based on your last saved layout positions.
-
-
Restore Fabric – Allows you to restore the fabric to a prior DCNM configuration state (one month back, two months back, and so on). For more information, see the Restore Fabric section.
-
Resync Fabric - Use this option to resynchronize DCNM state when there is a large scale out-of-band change, or if configuration changes do not register in the DCNM properly. The resync operation does a full CC run for the fabric switches and recollects “show run” and “show run all” commands from the switches. When you initiate the re-sync process, a progress message is displayed on the window. During the re-sync, the running configuration is taken from the switches. Then, the Out-of-Sync/In-Sync status for the switch is recalculated based on the intent or expected configuration defined in DCNM versus the current running configuration that was taken from the switches.
-
Add Switches – Allows you to add switch instances to the fabric.
-
Fabric Settings – Allows you to view or edit fabric settings.
-
SCOPE - You can toggle between fabrics by using the SCOPE drop-down box at the top right. The current fabric is highlighted. An MSD and its member fabrics are distinctly displayed, wherein the member fabrics are indented, under the MSD fabric.
Adding Switches to a Fabric
Networks and VRFs can be extended (and hence can be common) across fabrics. However, switches in each fabric are unique, and hence, each switch can only be added to one fabric.
Click the Add Switches option from the Actions panel to add switches to the fabric created in DCNM. The Inventory Management screen comes up. The screen contains two tabs, one for discovering existing switches and the other for discovering new switches. Both options are explained.
Discovering Existing Switches
-
Use the Discover Existing Switches tab to add an existing switch. In this case, a switch with known credentials is added to the standalone fabric. The IP address (Seed IP), administrator username, and password (Username and Password fields) of the switch are keyed.
-
Click Start discovery. The Scan Details window comes up shortly. Since the Max Hops field was populated with 2, the switch with the specified IP address (leaf-91) and switches two hops from it are populated in the Scan Details window.
-
Check the check box next to the concerned switch and click Import into fabric.
Though this example describes the discovery of one switch, it is a best practice to discover multiple switches at once. The switches must be properly cabled and connected to the DCNM server and the switch status must be manageable.
The switch discovery process is initiated. The Progress column displays progress for all the selected switches. It displays done for each switch on completion.
Note
You must not close the screen (and try to add switches again) until all selected switches are imported or an error message comes up.
If an error message comes up, close the screen. The fabric topology screen comes up. The error messages are displayed at the top right part of the screen. Resolve the errors wherever applicable and initiate the import process again by clicking Add Switches in the Actions panel.
After DCNM discovers all the switches, and the Progress column displays done for all switches, close the screen. The Standalone fabric topology screen comes up again. The switch icons of the added switches are displayed in it.
Note
You will encounter the following errors during switch discovery sometimes.Discovery error - The switch discovery process might fail for a few switches, and the Discovery Error message displayed. However, such switches are displayed in the fabric topology. You must remove such switches from the fabric (right-click the switch icon and click Discovery > Remove from fabric), and import them again.
Device connectivity issue: Before proceeding further, wait for ten minutes for the switch-internal processes to complete. Else, you might encounter a device connectivity failure message at a later stage.
-
Click Refresh topology to view the latest topology view.
When all switches are added and roles assigned to them, the fabric topology contains the switches and connections between them.
-
After discovering the switches, assign the fabric role to each switch. Since each switch is assigned the leaf role by default, assign other roles as needed. Right click the switch, and use the Set role option to set the appropriate role.
Note
-
Starting from DCNM 11.1(1), switch roles can be changed if there are no overlays on the switches, but only as per the list of allowed switch role changes given at Switch Operations.
-
After you upgrade to Cisco DCNM Release 11.1(1) with an existing fabric with the Easy_Fabric template, you cannot set the Border Spine or Border Gateway Spine roles to switches, because these roles are not supported with the Easy_Fabric template. You need to use the Easy_fabric_11_1 template to set these roles for switches in a fabric.
If you choose the Hierarchical layout for display (in the Actions panel), the topology automatically gets aligned as per role assignment, with the leaf switches at the bottom, the spine switches connected on top of them, and the border switches at the top.
Note
To connect fabrics using the EVPN Multi-Site feature, you must change the role of the designated BGW to Border Gateway or Border Gateway Spine. To connect fabrics using the VRF Lite feature, you must change the role of the border leaf switch to Border or Border Spine. If you want to deploy VRF Lite and EVPN Multi-Site features in a fabric, you must set the device role to Border Gateway or Border Gateway Spine and provision VRF Lite and Multi-Site features. If you do not update border device roles correctly at this stage, then you will have to remove the device from the fabric and discover it again through DCNM using the POAP bootstrap option and reprovision the configurations for the device.
Assign vPC switch role - To designate a pair of switches as a vPC switch pair, right-click the switch and choose the vPC peer switch from the list of switches.
Note
vPC support is added for BGWs in the DCNM 11.1(1) release.
AAA server password - During fabric creation, if you have entered AAA server information (in the Manageability tab), you must update the AAA server password on each switch. Else, switch discovery fails.
-
-
Click Save & Deploy at the top right part of the screen.
The template and interface configurations form the underlay network configuration on the switches. Also, freeform CLIs that were entered as part of fabric settings (leaf and spine switch freeform configurations entered in the Advanced tab) are deployed. For more details on freeform configurations, refer Enabling Freeform Configurations on Fabric Switches.
Configuration Compliance: If the provisioned configurations and switch configurations do not match, the Status column displays out-of-sync. For example, if you enable a function on the switch manually through a CLI, then it results in a configuration mismatch.
To ensure configurations provisioned from DCNM to the fabric are accurate or to detect any deviations (such as out-of-band changes), DCNM’s Configuration Compliance engine reports and provides necessary remediation configurations.
When you click Save & Deploy, the Config Deployment window appears.
If the status is out-of-sync, it suggests that there is inconsistency between the DCNM and configuration on the device.
The Re-sync button is displayed for each switch in the Re-sync column. Use this option to resynchronize DCNM state when there is a large scale out-of-band change, or if configuration changes do not register in the DCNM properly. The re-sync operation does a full CC run for the switch and recollects “show run” and “show run all” commands from the switch. When you initiate the re-sync process, a progress message is displayed on the screen. During the re-sync, the running configuration is taken from the switch. Then, the Out-of-Sync/In-Sync status for the switch is recalculated based on the intent or expected configuration defined in DCNM versus the current running configuration that was taken from the switch.
Click the Preview Config column entry (updated with a specific number of lines). The Config Preview screen comes up.
The Pending Config tab displays the pending configurations for successful deployment. The Expected Config and Current Config tabs display the expected and current configurations on the switch.
The Side-by-side Comparison tab displays the current configurations and expected configurations together. Common configurations appear next to each other and are not highlighted. In the Expected config column within this tab, the additional configurations are highlighted in green. In the Running config column within this tab, the additional configurations of the running config are highlighted in a distinct color.
Note that multi-line banner configuration support is available in Cisco DCNM Release 11.1(1).
In DCNM 11.0, Configuration Compliance only supports single-line banner motd configuration. In DCNM 11.1, multi-line banner motd configuration is supported. Multi-line banner motd configuration can be configured in DCNM with freeform configuration policy, either per switch using switch_freeform_config, or per fabric using leaf/spine freeform configuration. Note that after the multi-line banner motd is configured, deploy the policy by executing the Save & Deploy option in the (top right part of the) fabric topology screen. Else, the policy may not be deployed properly on the switch. The banner policy is only to configure single-line banner configuration. Also, you can only create one banner related freeform configuration/policy. Multiple policies for configuring banner motd is not supported.
-
Close the screen.
In the Configuration Deployment screen, click Deploy Config at the bottom part of the screen to initiate pending configuration onto the switch. The Status column displays FAILED or SUCCESS state. For a FAILED status, investigate the reason for failure to address the issue.
After successful configuration provisioning (when all switches display a progress of 100%), close the screen.
The fabric topology is displayed. The switch icons turn green to indicate successful configuration.
If a switch icon is in red color, it indicates that the switch and DCNM configurations are not in sync. When deployment is pending on a switch, the switch is displayed in blue color.
Note
If there are any warning or errors in the CLI execution, a notification will appear in the Fabric builder window. Warnings or errors that are auto-resolvable have the Resolve option.
You can right click the switch icon and update switch related settings.
SCOPE: You can toggle between fabrics by using the SCOPE drop-down list at the top right part of the screen. By default, the current fabric is highlighted. An MSD and its member fabrics are distinctly displayed, wherein the member fabrics are indented under the MSD fabric.
You can use Save & Deploy for single and multiple switches. Add switches and then click Save & Deploy to ensure configuration compliance. Whether discovering multiple switches at once or one by one, as a best practice, use Save & Deploy and not the Deploy Config option (accessible after right-clicking the switch icon).
When a leaf switch boots up after a switch reload or RMA operation, DCNM provisions configurations for the switch and FEX devices connected to it. Occasionally, FEX connectivity comes up after DCNM provisions FEX (host interface) configurations, resulting in a configuration mismatch. To resolve the mismatch, click Save & Deploy again in the fabric topology screen.
An example of the Deploy Config option usage is for switch-level freeform configurations. Refer Enabling Freeform Configurations on Fabric Switches for details.
The Configuration Compliance function and principles are applicable for discovering existing and new switches. New switch discovery in DCNM (through a simplified POAP process) is explained next.
Discovering New Switches
-
Power on the new switch in the external fabric after ensuring that it is cabled to the DCNM server. Boot the Cisco NX-OS and setup switch credentials.
-
Execute the write erase and reload commands on the switch.
Choose Yes to both the CLI commands that prompt you to choose Yes or No.
-
Set the boot variable to the image that you want to POAP. DCNM uses this image to POAP. Also, DCNM injects an information script into the switch to collect the device onboarding information.
-
In the DCNM GUI, go to a standalone fabric (Click Control > Fabric Builder and click a standalone fabric). The fabric topology is displayed.
Note
If you want to POAP with DHCP, make sure that DHCP is enabled on the fabric settings. Click Fabric Settings and edit the DHCP information in the Bootstrap tab.
-
Go to the fabric topology window and click the Add switches option from the Actions panel. The Inventory Management window comes up.
-
Click the POAP tab.
In an earlier step, the reload command was executed on the switch. When the switch restarts to reboot, DCNM retrieves the serial number, model number, and version from the switch and displays them on the Inventory Management along window. Also, an option to add the IP address, hostname, and password are made available. If the switch information is not retrieved, refresh the window.
Note
-
Before initiating POAP, make sure that password for the device should contain characters from at least three of the following classes: lower case letters, upper case letters, digits, and special characters.
If a switch password is changed, then the nfm_switch_user PTI has to be updated with encrypted password, that is, copy and paste from the switch. This PTI update is apart from the device and LAN credentials update. The device-config is updated immediately if you click Save & Deploy in Fabric Builder.
-
At the top left part of the window, export and import options are provided to export and import the .csv file that contains the switch information. You can pre-provision devices using the import option as well.
Select the checkbox next to the switch and add switch credentials: IP address and host name.
-
-
Click Bootstrap at the top right part of the screen.
DCNM provisions the management IP address and other credentials to the switch. In this simplified POAP process, all ports are opened up.
-
Click Refresh Topology to get updated information. The added switch goes through the POAP cycle. Monitor and check the switch for POAP completion.
-
After the added switch completes POAP, the fabric builder topology page is refreshed with the added switch with some physical connections. However, the switch icon is in red color indicating that the fabric is Out-Of-Sync and you must click Save & Deploy on the fabric builder topology to deploy pending configurations (such as template and interface configurations) onto the switches.
Note
For any changes on the fabric that results in the Out-of-Sync, then you must deploy the changes. The process is the same as explained in the Discovering Existing Switches section.
During fabric creation, if you have entered AAA server information (in the Manageability tab), you must update the AAA server password on each switch. Else, switch discovery fails.
-
After the pending configurations are deployed, the Progress column displays 100% for all switches.
-
Click Close to return to the fabric builder topology.
-
Click Refresh Topology to view the update. All switches must be in green color indicating that they are functional.
-
The switch and the link are discovered in DCNM. Configurations are built based on various policies (such as fabric, topology, and switch generated policies). The switch image (and other required) configurations are enabled on the switch.
-
In the DCNM GUI, the discovered switches can be seen in the Standalone fabric topology. Up to this step, the POAP is completed with basic settings. All the interfaces are set to trunk ports. You must setup interfaces through the Control > Interfaces option for any additional configurations, but not limited to the following:
-
vPC pairing.
-
Breakout interfaces.
-
Port channels, and adding members to ports.
-
Note |
|
You can right-click the switch to view various options:
-
Set Role - Assign a role to the switch (Spine, Border Gateway, and so on).
Note
-
Changing of the switch role is allowed only before executing Save & Deploy.
-
Starting from DCNM 11.1(1), switch roles can be changed if there are no overlays on the switches, but only as per the list of allowed switch role changes given at Switch Operations.
-
After you upgrade to Cisco DCNM Release 11.1(1) with an existing fabric with the Easy_Fabric template, you cannot set the Border Spine or Border Gateway Spine roles to switches, because these roles are not supported with the Easy_Fabric template. You need to use the Easy_fabric_11_1 template to set these roles for switches in a fabric.
-
-
Modes - Maintenance and Active/Operational modes.
-
vPC Pairing - Select a switch for vPC and then select its peer.
-
Manage Interfaces - Deploy configurations on the switch interfaces.
-
View/Edit Policies - See switch policies and edit them as required.
-
History - View per switch deployment history.
-
Deploy Config - Deploy per switch configurations.
-
Discovery - You can use this option to update the credentials of the switch, reload the switch, rediscover the switch, and remove the switch from the fabric.
The new fabric is created, the fabric switches are discovered in DCNM, the underlay networks provisioned on those switches, and the configurations between DCNM and the switches are synced. The remaining tasks are:
-
Provision interface configurations such as vPCs, loopback interface, and subinterface configurations. [Refer Interfaces].
-
Create overlay networks and VRFs and deploy them on the switches. [Refer Creating and Deploying Networks and VRFs].
Switch Operations
You can right-click the switch to view various options:
-
Set Role - Assign a role to the switch. You can assign any one of the following roles to a switch:
-
Spine
-
Leaf (Default role)
-
Border
-
Border Spine
-
Border Gateway
-
Border Gateway Spine
-
Note |
|
Starting from DCNM 11.1(1), you can change switch roles if there are no overlays on the switches. The updated configuration is then generated after you click Save and Deploy. The following switch role changes are allowed:
-
Leaf to Border
-
Border to Leaf
-
Leaf to Border Gateway
-
Border Gateway to Leaf
-
Border to Border Gateway
-
Border Gateway to Border
-
Spine to Border Spine
-
Border Spine to Spine
-
Spine to Border Gateway Spine
-
Border Gateway Spine to Spine
-
Border Spine to Border Gateway Spine
-
Border Gateway Spine to Border Spine
You cannot change the switch role from any Leaf role to any Spine role and from any Spine role to any Leaf role.
Switch[<serial-number>]: Role change from <switch-role> to <switch-role> is not permitted.
You can then change the switch role to the role that was set earlier, or set a new role, and configure the fabric.
If you have not created any policy template instances before clicking Save and Deploy, and there are no overlays, you can change the role of a switch to any other required role.
Switches role should be the same for VPC pairing. peer1 <serial-number>: [<switch-role>], peer2 <serial-number>: [<switch-role>]
To prevent this scenario, change the switch roles of both the switches in the vPC pair to the same role.
Fabric Multi Switch Operations
In the fabric topology screen, click Tabular view option in the Actions panel, at the left part of the screen. The Switches | Links screen comes up.
The Switches tab is for managing switch operations and the Links tab is for adding and updating fabric links. Each row represents a switch in the fabric, and displays switch details, including its serial number.
The buttons at the top of the table are explained, from left to right direction. Some options are also available when you right-click the switch icon. However, the Switches tab enables you to provision configurations on multiple switches (for example, adding and deploying policies) simultaneously.
-
Add switches to the fabric. This option is also available in the topology page (Add switches option in Actions panel).
-
Initiate the switch discovery process by DCNM afresh.
-
Update device credentials such as authentication protocol, username and password.
-
Reload the switch.
-
View/Edit Policies: Add, update and delete a policy. The policies are template instances of templates in the template library. After creating a policy, you should deploy it on the switches using the Deploy option available in the View/edit Policies screen.
Note
If you select multiple switches and deploy a policy instance, then it will be deployed on all the selected switches.
-
Manage Interfaces: Deploy configurations on the switch interfaces.
-
History - View per switch deployment history.
-
Deploy: Deploy switch configurations.
Changing Fabric Interface Numbering
Procedure
Step 1 |
Select an existing fabric from the Fabric Builder window. |
Step 2 |
Click Tabular view in the Actions menu. |
Step 3 |
Click the Links tab. |
Step 4 |
Select the link connecting a Spine and a Leaf, and click the Update Link icon. |
Step 5 |
In the Link Template field, select int_intra_fabric_unnum_link_11_1. |
Step 6 |
Click Save and close the Link Management - Edit Link window. |
Step 7 |
Repeat this procedure for the all the links connecting a Spine and a Leaf. |
Step 8 |
Navigate back to the fabric, and click the Fabric Settings in the Actions menu. |
Step 9 |
Under the General tab, select unnumbered from the Fabric Interface Numbering drop-down list. |
Step 10 |
Click Save and close the window. |
Step 11 |
Click Save & Deploy to deploy the updated configuration. |
Viewing and Editing Policies
Cisco DCNM provides the ability to group a set of switches, and allows you to push a set of underlay configurations to the group. This release enables you to create a policy template, and apply it to multiple selected switches.
To view, add, deploy, or edit a policy, perform the following steps:
Procedure
Step 1 |
Choose Control > Fabric Builder. |
Step 2 |
Select any available fabric, and then click Tabular view. |
Step 3 |
Select multiple switches in switches tab, and click View/Edit Policies. |
Viewing Policies
Procedure
Step 1 |
Choose Control > Fabric Builder. |
Step 2 |
Select any available fabric, and then click Tabular view. |
Step 3 |
Select multiple switches in the switches tab and click View/Edit Policies. Policies are listed in view or edit policies table for multiple switches. |
Step 4 |
Select a policy and click the View button to view its configs. |
Adding a Policy
Procedure
Step 1 |
Choose Control > Fabric Builder. |
Step 2 |
Select any available fabric, and then click Tabular view. |
Step 3 |
Select a single or multiple switches in the Switches tab, and click the View/Edit Policies button. |
Step 4 |
Click the Add icon. |
Step 5 |
Select a policy template and enter the mandatory parameters data and click Save. PTI is added per each device based on n-number of devices selection. Policy: Select a policy from this drop-down list. Priority: Specify a priority for the policy. The applicable values are from 1 to 1000. The default value is 500. The lower number in the Priority field means that there is a higher priority for the generated configuration and POAP startup-configuration. For example, features are 50, route-maps are 100, and vpc-domain is 200. |
Deploying Policies
Procedure
Step 1 |
Choose Control > Fabric Builder. |
Step 2 |
Select any available fabric, and then click Tabular view. |
Step 3 |
Select multiple switches in the switches tab, and click the View/Edit Policies button. |
Step 4 |
Select multiple polices, and then click Deploy. The selected PTI’s configs are pushed to the group of switches. |
Editing a Policy
Note |
Multiple policy editing is not supported. |
Procedure
Step 1 |
Choose Control > Fabric Builder. |
Step 2 |
Select any available fabric, and then click Tabular view. |
Step 3 |
Select multiple switches in the switches tab, and click the View/Edit Policies button. |
Step 4 |
Select a PTI, click Edit to modify the required data, and then click Save to save the PTI. |
Step 5 |
Select a PTI, click Edit to modify the required data, and then click Deploy to push the policy config to the device. |
Current Switch Configuration
Procedure
Step 1 |
Choose Control > Fabric Builder. |
||
Step 2 |
Select any available fabric, and then click Tabular view. |
||
Step 3 |
Select multiple switches in the switches tab, and click View/Edit Policies. |
||
Step 4 |
Click Current Switch Config. The current switch configuration appears in the Running Config dialog box.
|
Fabric Links
You can add links between border switches of different fabrics (inter-fabric links) or between switches in the same fabric (intra-fabric links). You can only create an inter-fabric connection (IFC) for a switch that is managed by DCNM.
There are scenarios where you might want to define links between switches before connecting them physically. The links could be inter-fabric or intra-fabric links. Doing so, you can express and represent your intent to add links. The links with intent are displayed in a different colour till they are actually converted to functional links. Once you physically connect the links, they are displayed as connected.
Management links might show up in the fabric topology as red colored links. To remove such links, right-click the link and click Delete Link.
From Cisco DCNM Release 11.1(1), the Border Spine and Border Gateway Spine roles are added to switch roles for border switches.
Creating Intra-Fabric Links
-
Click Control > Fabric Builder to go to the Fabric Builder screen.
-
Click within the rectangular box that represents the fabric. The fabric topology screen comes up.
-
Click Tabular view in the Actions panel that is displayed at the left part of the screen.
A screen with the tabs Switches and Links appears. They list the fabric switches and links in a table.
-
Click the Links tab. You can see a list of links.
The list is empty when you are yet to create a link.
-
Click the Add (+) button at the top left part of the screen to add a link.
The Add Link screen comes up. By default, the Intra-Fabric option is chosen as the link type.
The fields are:
Link Type – Choose Intra-Fabric to create a link between two switches in a fabric.
Link Sub-Type – This field populates Fabric indicating that this is a link within the fabric.
Link Template: You can choose any of the following link templates.
-
int_intra_fabric_num_link_11_1: If the link is between two ethernet interfaces assigned with IP addresses, choose int_intra_fabric_num_link_11_1.
-
int_intra_fabric_unnum_link_11_1: If the link is between two IP unnumbered interfaces, choose int_intra_fabric_unnum_link_11_1.
-
int_intra_vpc_peer_keep_alive_link_11_1: If the link is a vPC peer keep-alive link, choose int_intra_vpc_peer_keep_alive_link_11_1.
Correspondingly, the Link Profile section fields is updated.
Source Fabric – The fabric name populates this field since the source fabric is known.
Destination Fabric – Choose the destination fabric. For an intra-fabric link, source and destination fabrics are the same.
Source Device and Source Interface – Choose the source device and interface.
Destination Device and Destination Interface – Choose the destination device and interface.
General tab in the Link Profile section
Interface VRF – Name of a non-default VRF for this interface.
Source IP and Destination IP – Specify the source and destination IP addresses of the source and destination interfaces, respectively.
Note
The Source IP and Destination IP fields do not appear if you choose template.
Interface Admin State – Check or uncheck the check box to enable or disable the admin sate of the interface.
MTU – Specify the maximum transmission unit (MTU) through the two interfaces.
Advanced tab.
Source Interface Description and Destination Interface Description – Describe the links for later use. For example, if the link is between a leaf switch and a route reflector device, you can enter the information in these fields (Link from leaf switch to RR 1 and Link from RR 1 to leaf switch). This description will converted into a config, but will not be pushed into the switch. After Save & Deploy, it will reflect in the running configuration.
Source Interface Freeform CLIs and Destination Interface Freeform CLIs: Enter the freeform configurations specific to the source and destination interfaces. You should add the configurations as displayed in the running configuration of the switch, without indentation. For more information, refer Enabling Freeform Configurations on Fabric Switches.
-
-
Click Save at the bottom right part of the screen.
The new link appears in the Links tab.
-
Click Save & Deploy to deploy the link configurations on the switches.
The Config Deployment screen comes up. It displays the configuration status on the switches. You can also view the pending configurations by clicking the respective link in the Preview Config column. When you click a link in the Preview Config column, the Config Preview window comes up. It lists the pending configurations on the switch. The Side-by-side Comparison tab displays the running configuration and expected configuration side-by-side.
-
Close the preview screen and click Deploy Config. The pending configurations are deployed.
-
After ensuring that the progress is 100% in all the rows, click Close at the bottom part of the screen. The Links screen comes up again.
Click <- at the top left part of the screen to go to the fabric topology. In the fabric topology, you can see that the link between the two devices is displayed.
Creating Inter-Fabric Links
-
Click the Links tab in the Switches | Links page. The list of previously created links are displayed. The list contains intra-fabric links (between switches in a fabric), and inter-fabric links (between BGWs or border leaf/spine switches of different fabrics).
-
Click the Add (+) button at the top left part of the screen to add a link. The Add Link screen comes up.
By default, the Intra-Fabric option is chosen as the link type.
-
From the Link Type drop-down box, choose Inter-Fabric since you are creating an IFC. The screen changes correspondingly.
The fields for inter-fabric link creation are explained:
Link Type – Choose Inter-Fabric to create an inter-fabric connection between two fabrics, via their border switches.
Link Sub-Type – This field populates the IFC type. Choose VRF_LITE, MULTISITE_UNDERLAY, or MULTISITE_OVERLAY from the drop-down list.
The Multi-Site options are explained in the Multi-Site use case.
Link Template: The link template is populated.
The templates are autopopulated with corresponding pre-packaged default templates that are based on your selection.
Note
You can add, edit, or delete user-defined templates. See Template Library section in the Control chapter for more details.
Source Fabric - This field is prepopulated with the source fabric name.
Destination Fabric - Choose the destination fabric from this drop-down box.
Source Device and Source Interface - Choose the source device and Ethernet interface that connects to the destination device.
Destination Device and Destination Interface—Choose the destination device and Ethernet interface that connects to the source device.
Based on the selection of the source device and source interface, the destination information is autopopulated based on Cisco Discovery Protocol information, if available. There is an extra validation performed to ensure that the destination external device is indeed part of the destination fabric.
General tab in the Link Profile section.
Local BGP AS# - In this field, the AS number of the source fabric is autopopulated.
IP_MASK—Fill up this field with the IP address of the source interface that connects to the destination device.
NEIGHBOR_IP—Fill up this field with the IP address of the destination interface.
NEIGHBOR_ASN—In this field, the AS number of the destination device is autopopulated.
After filling up the Add Link screen, it looks like this:
-
Click Save at the bottom right part of the screen.
The Switches|Links screen comes up again. You can see that the IFC is created and displayed in the list of links.
-
Click on Save & Deploy to deploy the link configurations on the switches.
The Config Deployment screen comes up. It displays the configuration status on the switches. You can also view the pending configurations by clicking the respective link in the Preview Config column. When you click a link in the Preview Config column, the Config Preview window comes up. It lists the pending configurations on the switch. The Side-by-side Comparison tab displays the running configuration and expected configuration side-by-side.
-
Close the preview screen and click Deploy Config. The pending configurations are deployed.
-
After ensuring that the progress is 100% in all the rows, click Close at the bottom part of the screen. The Links screen comes up again.
-
Click <- at the top left part of the screen to go to the fabric topology. In the fabric topology, you can see that the link between the two devices is displayed.
If the two fabrics are member fabric of an MSD, then you can see the link in the MSD topology too.
When you enable the VRF Lite function using the ToExternalOnly method or Multisite function via MSD fabric, IFCs are automatically created between the (VXLAN fabric) border/BGW device and connected (external fabric) edge router/core device. When you remove the ER/core/border/BGW device, the corresponding IFCs (link PTIs) to/from that switch are deleted on DCNM. Subsequently, DCNM removes the corresponding IFC configurations, if any, from the remaining devices on the next Save & Deploy operation. Also, if you want to remove a device that has an IFCs and overlay extensions over those IFCs, you should undeploy all overlay extensions corresponding to those IFCs for switch delete to be possible.
To undeploy VRF extensions, click Control > Networks & VRFs, select the VXLAN fabric and the extended VRFs, and undeploy the VRFs in the VRF deployment screen.
To delete the IFCs, click Control > Fabric Builder, go to the fabric topology screen, click Tabular view, and delete the IFCs from the Links tab.
Ensure that the fabric switch names are unique. If you deploy VRF extensions on switches with the same name, it leads to erroneous configuration.
The new fabric is created, the fabric switches are discovered in DCNM, the underlay networks provisioned on those switches, and the configurations between DCNM and the switches are synced. The remaining tasks are:
-
Provision interface configurations such as vPCs, loopback interface, and subinterface configurations. Refer Interfaces.
-
Create overlay networks and VRFs and deploy them on the switches. Refer Creating and Deploying Networks and VRFs.
Restore Fabric
Cisco DCNM supports configuration restore at fabric level. Take a backup of the configuration to restore it.
Procedure
Step 1 |
Choose Control > Fabrics > Fabric Builder and select a fabric. |
||
Step 2 |
Select Restore Fabric from the Actions menu. Restore Fabric window appears. |
||
Step 3 |
Choose the time for which you want to restore the configuration. Valid values are 1m, 3m, 6m, YTD, 1y, and All. You can zoom into the graph. By default 1m, which is one month, backup information will be displayed. You can also select a custom date range. The backup information includes the backup date, total number of devices, number of devices in sync, and the number of devices out of sync. |
||
Step 4 |
Click View Backup Summary to see the selected backup information of the devices in sync. The switch name, switch serial number, IP address, status, and the configuration details of the devices appear.
|
||
Step 5 |
Click Get Config to preview the configuration details. Config Preview window appears, which has two tabs.
|
||
Step 6 |
Go back to View Backup Summary window. |
||
Step 7 |
Click Restore Intent to proceed with the restoring. Restore Status window appears. You can view the status of Validating Backup, Restoring fabric intent, Restoring underlay intent, Restoring interface intent, and Restoring overlay intent. The valid values for the status of any action will be In Progress, Pending, or Failed.
|
||
Step 8 |
Click Next after the intent is restored. Configuration Preview window appears. You can view the details of the switch name, IP address, switch serial number, preview configuration, status, and the progress in this window. |
||
Step 9 |
Click Deploy to deploy the restored configuration. Configuration Deployment Status window appears. You can view the details of the switch name, IP address, status, status description, and the progress. |
||
Step 10 |
Click Close after the restoring process is complete. |
Deleting a VXLAN BGP EVPN Fabric
Choose Control > Fabric Builder. On the Fabric Builder page, click X on the rectangular box that represents the fabric. Ensure the following before deleting a fabric.
-
Fabric devices should not be in transition such as migration into or out of the fabric, ongoing network or VRF provisioning, and so on. Delete a fabric after the transition is complete.
-
Remove devices that are still attached to the fabric. Remove non-Cisco Nexus 9000 Series switches first and then remove the 9000 Series switches.
Return Material Authorization (RMA)
This section describes how to replace a physical switch in a Fabric when using Cisco DCNM Easy Fabric mode.
Prerequisites
-
Fabric is assumed to be up and running, and minimal disruption is desired when replacing the switch. Also, the switch must be replaced with a switch of the same model (ASIC type) and physical port configuration.
-
To use the POAP RMA flow, you must configure the fabric for bootstrap (POAP).
-
To copy the FEX configurations for the RMA of switches which have FEX deployed, you may need to perform the Save and Deploy operation one or two times.
Guidelines and Limitations
-
The switch must be replaced with a switch of the same model (ASIC type) and physical port configuration. If not, the old switch must be removed and a new switch (replacement) added as a new switch into the fabric.
POAP RMA Flow
Procedure
Step 1 |
Choose Control > Fabric Builder. |
Step 2 |
Click the Fabric where you want to perform RMA. |
Step 3 |
Move the device into maintenance mode. To move a device into maintenance mode, right-click on the device, and then choose Modes > Maintenance Mode. |
Step 4 |
Physically replace the device in the network. Physical connections should be made in the same place on the replacement switch as they existed on the original switch. |
Step 5 |
Provision RMA flow and select the replacement device. |
Step 6 |
The Provision RMA UI will show the replacement device 5-10 minutes after it is powered on. |
Step 7 |
Select the correct replacement device and click Swap Switch. This begins POAP with the full “expected” configuration for that device. Total POAP time is generally around 10-15 minutes. |
Manual RMA Flow
Use this flow when “Bootstrap” is not possible (or not desired), including cases that are IPv6 only for the initial Cisco DCNM 11.0(1) release.
Procedure
Step 1 |
Place the device in maintenance mode (optional). |
Step 2 |
Physically replace the device in the network. |
Step 3 |
Log in through Console and set the Management IP and credentials. |
Step 4 |
The Cisco DCNM rediscovers the new device (or you can manually choose Discovery > Rediscover). |
Step 5 |
Deploy the expected configuration using Deploy. |
Step 6 |
Depending on the configuration, if breakout ports or FEX ports are in use, you have to deploy again to completely restore the configuration. |
Step 7 |
After a successful deployment, and the device is “In-Sync,” you must move the device back to Normal Mode. |
RMA for User with Local Authentication
Note |
This task is only applicable to non-POAP switches. |
Use the following steps to perform RMA for a user with local authentication:
Procedure
Step 1 |
After the new switch comes online, SSH into the switch and reset the local user passwords with the cleartext password using the “username” command. Reset the local user passwords to resync the SNMP password. The password is stored in the configuration file in a nontransferable form. |
Step 2 |
Wait for the RMA to complete. |
Step 3 |
Update Cisco DCNM switch_snmp_user policy for the switch with the new SNMP MD5 key from the switch. |
Interfaces
The Interfaces option displays all the interfaces that are discovered for the switch, Virtual Port Channels (vPCs), and intended interfaces missing on the device.
You can use the following functions:
-
Create, deploy, view, edit and delete a port channel, vPC, Straight-through FEX, Active-Active FEX, loopback, and subinterface.
-
Create breakout and unbreakout ports.
-
Shut down and bring up interfaces.
-
Rediscover ports and view interface configuration history.
-
Apply host policies on interfaces and vPCs. For example, int_trunk_host_11_1, int_access_host_11_1, and so on.
-
View interface information such as its admin status, operation status, reason, policy, speed, MTU, mode, VLANs, IP/Prefix, VRF, port channel, and the neighbor of the interface.
Note
-
The Neighbor column provides details of connected switches that are discovered, intent links, and Virtual Machine Manager (VMM) connectivity. You can navigate to the Switch dashboard of the corresponding switch by clicking it. However, intent links and VMM links are not hyperlinked and you cannot navigate to the corresponding dashboard.
-
Click the graph icon in the Name column to view the interface performance chart for the last 24 hours. However, note that performance data for VLAN interfaces that are associated with overlay networks is not displayed in this chart.
The Status column displays the following statuses of an interface:
-
Blue: Pending
-
Green: In Sync/Success
-
Red: Out-of-Sync/Failed
-
Yellow: In Progress
-
Grey: Unknown/NA
-
You can filter and view information for any of the given fields (such as Device Name). The following table describes the buttons that appear on this page.
Note |
|
Field |
Description |
---|---|
Add |
Allows you to add a logical interface such as a port channel, vPC, Straight-through FEX, Active-Active FEX, loopback and subinterface. |
Breakout, Unbreakout |
Allows you to breakout an interface or unbreakout interfaces that are in breakout state. |
Edit |
Allows you to edit and change policies that are associated with an interface. |
Delete |
Allows you to delete a logical interface that is created from the Interfaces screen. An interface having a policy that is attached from an overlay and underlay cannot be deleted. |
No Shutdown |
Allows you to enable an interface (no shutdown or admin up). |
Shutdown |
Allows you to shut down the interface. |
Show |
Allows you to display the interface show commands. A show command requires show templates in the template library. |
Rediscover |
Allows you to rediscover or recalculate the compliance status on the selected interfaces. |
Interface History |
Allows you to display the interface deployment history details. |
Deploy |
Allows you to deploy or redeploy saved interface configurations. |
This section contains the following:
Adding Interfaces
Procedure
Step 1 |
Choose Control > Interfaces. You see the Scope option at the top right. If you want to view interfaces for a specific fabric, select the fabric window from the list. |
Step 2 |
Click Add to add a logical interface. The Add Interface window appears. |
Step 3 |
In the Type drop-down list, choose the type of the interface.
|
Step 4 |
In the Select a Device field, choose the device. Devices are listed based on the fabric and interface type. External fabric devices aren’t listed for ST FEX and AA FEX. In the case of vPC or Active to Active FEX, select the vPC switch pair. |
Step 5 |
Enter the ID value in the respective interface ID field (Port-channel ID, vPC ID, Loopback ID and Subinterface ID) that is displayed, based on the selected interface. You can override this value. The new value is used only if it’s available in the Resource Manager pool. Else, it results in an error. |
Step 6 |
In the Policy field, you can select the policy to be applied on an interface. The field only lists the Interface Python Policy with tag interface_edit_policy and filtered based on the interface type. You must not create a _upg interface policy. For example, you shouldn’t create a policy using the vpc_trunk_host_upg, port_channel_aa_fex_upg, port_channel_trunk_host_upg, and trunk_host_upg options. |
Step 7 |
Click Save to save the configurations. Only saved configurations are pushed to the device. While adding the interface, you can only modify the policy attribute after the first save. If you try to use an ID that is already used, you encounter the Resource could not be allocated error. |
Step 8 |
(Optional) Click the Preview option to preview the configurations to be deployed. |
Step 9 |
Click Deploy to deploy the specified logical interface. The newly added interface appears in the screen. Breakout or Unbreakout: You can break out and unbreakout an interface by using the breakout option at the top left. |
Editing Interfaces
To edit the interfaces from the Cisco DCNM Web UI, perform the following steps:
Note |
The Edit Interface allows you to change the policy and add or remove an interface from a port channel or vPC. |
Procedure
Step 1 |
Choose Control > Interfaces. You can break out and unbreak out an interface by using the breakout option at the top left part of the screen. |
Step 2 |
Select the interface check box to edit an interface or vPC. Select corresponding check boxes for editing multiple interfaces. You cannot edit multiple port channels and vPC. You cannot edit interfaces of different types at the same time. |
Step 3 |
Click Edit to edit an interface. The variables that are shown in the Edit Configuration window are based on the template and its policy. Select the appropriate policy. Preview the policy, save it and deploy the same. This window lists only Interface Python Policy with the tag interface_edit_policy and filtered based on the interface type. In a vPC setup, the two switches are in the order the switch names are displayed in the edit window. For example, if Switch Name is displayed as LEAF1:LEAF2, then Leaf1 is peer switch one and Leaf2 is peer switch two. During overlay network deployment on switches, the network can be associated with trunk interfaces. The trunk interface to network association is reflected in the Interfaces screen. You can update such interfaces. For interface policies that are not created from the Control > Interfaces screen, you can edit some configurations but not change the policy itself. The policy and fields that cannot be edited are grayed out. The following are some examples of policies that cannot be edited:
|
Editing Interfaces Associated with Links
There are two types of links, namely intra-fabric links and inter-fabric links. As the name implies, intra-fabric links are set up between devices within the same Easy fabric and are typically used for spine-leaf connectivity. Inter-fabric links are set up between the Easy fabric, and typically other external or Easy fabrics. They are used for external WAN and/or DCI connectivity. A policy is associated with each link that effectively states the configuration that is applied to both ends of the link. In other words, the link policy becomes the parent of the individual child interface policies that are associated with the two interfaces that form the link. In this scenario, you must edit the link policy to edit the interface policy fields such as description, IP address, and any per interface freeform config. The following procedure shows how to edit the interfaces associated with links:
Procedure
Step 1 |
Choose Control > Fabric Builder, and select the fabric containing the link. |
Step 2 |
Click Tabular view in the Actions panel. A window with the Switches and Links tabs appears. |
Step 3 |
Click the Links tab. |
Step 4 |
Select the link that you want to edit and click the Update Link icon. Update the link based on your requirements and click Save. |
Deleting Interfaces
To delete the interfaces from the Cisco DCNM Web UI, perform the following steps:
Note |
This option allows you to delete only logical ports, port channels, and vPCs. You can delete the interface if it does not have overlay or underlay policy attached. When a port channel or vPC is removed, the corresponding member ports get the default policy associated. The Default Policy can be configured in server.properties file. |
Procedure
Step 1 |
Choose Control > Interfaces. |
Step 2 |
Select the interfaces. |
Step 3 |
Click Delete to delete the interface. You cannot delete logical interfaces created in the fabric underlay. |
Shutting Down and Bringing Up Interfaces
Procedure
Step 1 |
Choose Control > Interfaces. |
Step 2 |
Select the interfaces that you want to shut down or bring up. |
Step 3 |
Click Shutdown to disable the selected interfaces. For example, you may want to isolate a host from the network or a host that is not active in the network. |
Step 4 |
Click No Shutdown to bring up the selected interfaces. |
Viewing Interface Configuration
Procedure
Step 1 |
Choose Control > Interfaces. Select the interface whose configurations you want to view. |
Step 2 |
In the Interface Show Commands window, select the action from the Show drop-down box and click Execute. The interface configurations are displayed in the Output section, at the right of the screen. For Show commands, you must have corresponding show templates for interface or interface sub types like port channel or vPC, defined in the Template Library. |
Rediscovering Interfaces
Procedure
Step 1 |
Choose Control > Interfaces. |
Step 2 |
Select the interfaces that you want to rediscover. |
Step 3 |
Click Rediscover to rediscover the selected interfaces. For example, after you edit or enable an interface, you can rediscover the interface. |
Viewing Interface History
Procedure
Step 1 |
Choose Control > Interfaces. |
Step 2 |
Select the interface. |
Step 3 |
Click Interface History to view the configuration history on the interface. |
Step 4 |
Click Status to view each command that is configured for that configuration instance. |
Deploying Interface Configurations
Procedure
Step 1 |
Choose Control > Interfaces. |
||
Step 2 |
Choose an interface you want to deploy.
|
||
Step 3 |
Click Deploy to deploy or redeploy configurations that are saved for an interface. |
Creating External Fabric Interfaces
You can add and edit port channel, vPC, subinterface, and loopback interfaces for external fabric devices. You cannot add Straight-through FEX and Active-Active FEX functions.
The Breakout port function is only supported for Cisco Nexus 9000 and 3000 series switches in the external fabric.
When you add an interface to an external fabric device, the Resource Manager is not in sync with the device. So, ensure that the value populated in the ID field (Port-channel ID, vPC ID, Loopback ID, etc) is not previously configured on the switch.
When an external fabric is set to Fabric Monitor Mode Only, you cannot deploy configurations on its switches. If you click Save & Deploy in the fabric topology screen, it displays an error message. However, the following settings (available when you right-click the switch icon) are allowed:
vPC pairing - You can designate a vPC switch pair, but it is only for reference.
View/edit policy - You can add a policy but you cannot deploy it on the switch.
Manage interfaces – You can only create intent for adding interfaces. If you try to deploy, edit, or delete interfaces, it results in an error message.
Creating and Deploying Networks and VRFs
The steps for overlay networks and VRFs provisioning are:
-
Create networks and VRFs for the fabric.
-
Deploy the networks and VRFs on the fabric switches.
Note |
The undeployment and deletion of overlay networks and VRFs are explained after the explanation of deployment. Finally, creation of external fabrics and fabric extensions from VXLAN to external fabrics are documented. |
You can navigate to the networks and VRFs window through any of the following options:
-
From the home page: Click the Networks & VRFs button in the Cisco DCNM Web UI landing page.
-
From the Control menu: From the home page of the Cisco DCNM Web UI, choose Control > Fabrics > Networks to navigate to the Networks window. Choose Control > Fabrics > VRFs to navigate to the VRFs window.
You can toggle between the network view and VRF view in both the windows by clicking the VRF View or Network View button.
Creating Networks for the Standalone Fabric
-
Click Control > Networks & VRFs (under Fabrics submenu). The LAN Fabric Provisioning page comes up.
-
Click Continue. The Select a Fabric page is displayed.
-
From the Select a Fabric drop-down list, select the fabric Standalone, and click Continue on the top right part of the screen. The Networks page is displayed. This page lists the networks that are created for the fabric. Initially, this page will not have any entries.
-
Click the + button at the top left part of the screen (under Networks) to add networks to the fabric. The Create Network screen comes up. Most of the fields are autopopulated.
The fields in this screen are:
Network ID and Network Name: Specifies the Layer 2 VNI and name of the network. The network name should not contain any white spaces or special characters except underscore (_) and hyphen (-). The corresponding Layer 3 VNI (or VRF VNI) is generated along with VRF creation.
VRF Name: Allows you to select the Virtual Routing and Forwarding (VRF).
When no VRF is created, this field appears blank. If you want to create a new VRF, click the + button. The VRF name should not contain any white spaces or special characters except underscore (_), hyphen (-), and colon (:).
Layer 2 Only: Specifies whether the network is Layer 2 only.
Network Template: A universal template is autopopulated. This is only applicable for leaf switches.
Network Extension Template: A universal extension template is autopopulated. This allows you to extend this network to another fabric. The methods are VRF Lite, Multi Site, and so on. The template is applicable for border leaf switches and BGWs.
VLAN ID: Specifies the corresponding tenant VLAN ID for the network.
Network Profile section contains the General and Advanced tabs.
General tab
IPv4 Gateway/NetMask: Specifies the IPv4 address with subnet.
Note
If the same IP address is configured in the IPv4 Gateway and IPv4 Secondary GW1 or GW2 fields of the network template, DCNM does not show an error, and you will be able to save this configuration.
However, after the network configuration is pushed to the switch, it would result in a failure as the configuration is not allowed by the switch.
IPv6 Gateway/Prefix: Specifies the IPv6 address with subnet.
Specify the anycast gateway IP address for transporting the L3 traffic from a server belonging to MyNetwork_30000 and a server from another virtual network. By default the anycast gateway IP address is the same for MyNetwork_30000 on all switches of the fabric that have the presence of the network.
VLAN Name - Enter the VLAN name.
Interface Description: Specifies the description for the interface. This interface is a switch virtual interface (SVI).
MTU for the L3 interface - Enter the MTU for Layer 3 interfaces.
IPv4 Secondary GW1 - Enter the gateway IP address for the additional subnet.
IPv4 Secondary GW2 - Enter the gateway IP address for the additional subnet.
Advanced tab: Optionally, specify the advanced profile settings by clicking the Advanced tab:
ARP Suppression – Select the checkbox to enable the ARP Suppression function.
Ingress Replication - The checkbox is selected if the replication mode is Ingress replication.
Note
Ingress Replication is a read-only option in the Advanced tab. Changing the fabric setting updates the field.
Multicast Group Address- The multicast IP address for the network is autopopulated.
DHCPv4 Server 1 - Enter the DHCP relay IP address of the first DHCP server.
DHCPv4 Server 2 - Enter the DHCP relay IP address of the next DHCP server.
DHCPv4 Server VRF- Enter the DHCP server VRF ID.
Routing Tag – The routing tag is autopopulated. This tag is associated with each gateway IP address prefix.
TRM enable – Select the checkbox to enable TRM.
L2 VNI Route-Target Both Enable - Select the check box to enable automatic importing and exporting of route targets for all L2 virtual networks.
Enable L3 Gateway on Border - Select the checkbox to enable a Layer 3 gateway on the border switches.
A sample of the Create Network screen is given below.
-
Click Create Network. A message appears at the bottom right part of the screen indicating that the network is created.
The new network appears on the Networks page that comes up.
The Status is NA since the network is created but not yet deployed on the switches. Now that the network is created, you can create more networks if needed and deploy the networks on the devices in the fabric.
Export and Import Network Information
You can export network information to a .CSV file. The exported file contains information pertaining to each network, including the fabric it belongs to, the associated VRF, the network templates used to create the network, and all other configuration details that you saved during network creation.
In the Networks screen, click the Export icon to export network information as a .CSV file.
You can use the exported .CSV file for reference or use it as a template for creating new networks. To import networks, do the following:
-
Update new records in the .CSV file. Ensure that the networkTemplateConfig field contains the JSON Object. A message at the bottom right part of the screen displays errors and success messages. This screenshot depicts two new networks being imported.
-
In the Networks screen, click the Import icon and import the .CSV file into DCNM.
You can see that the imported networks are displayed in the Networks screen.
Editing Networks for the Standalone Fabric
-
Click Control > Networks & VRFs (under Fabrics submenu). The Networks & VRFs screen comes up.
-
Click Continue. The Select a Fabric screen is displayed.
-
From the Select a Fabric drop-down list, select the fabric Standalone, and click Continue on the top right part of the screen. The Networks page is displayed. This page lists the networks that are created for the fabric.
-
Select the network and click the Edit option at the top left part of the screen.
The Edit Network screen comes up.
-
Update the fields in the General and Advanced tabs of the Network Profile section as needed.
-
Click Save at the bottom right part of the screen to save the updates.
Creating VRFs for the Standalone Fabric
-
From the Networks page, click the VRF View button at the top right part of the screen to create VRFs.
(If you have freshly logged in to DCNM, do the following:
Click Control > Networks & VRFs.
Click Continue in the LAN Fabric Provisioning page.
Choose the fabric (Standalone) from the drop-down list and click Continue to reach the Networks page.
Click VRF View at the top right part of the Networks page).
The VRFs page comes up. The page lists the list of VRFs created for the fabric. Initially, this page has no entries. One VRF is already created for this fabric. Let us create one more VRF.
-
Click the + button to add VRFs to the Standalone fabric. The Create VRF screen comes up. Most of the fields are autopopulated.
The fields in this screen are:
VRF ID and VRF Name: The ID and name of the VRF.
Note
For ease of use, the VRF creation option is also available while you create a network.
VRF Template: This template is applicable for VRF creation, and only applicable for leaf switches.
VRF Extension Template: The template is applicable when you extend the VRF to other fabrics, and is applicable for border devices.
Fill the fields in the VRF Profile section.
General tab – Enter the VLAN ID of the VLAN associated with the VRF, the corresponding Layer 3 virtual interface, and the VRF ID.
Advanced tab – The fields in the tab are autopopulated.
Routing Tag – If a VLAN is associated with multiple subnets, then this tag is associated with the IP prefix of each subnet. Note that this routing tag is associated with overlay network creation too.
Redistribute Direct Route Map – Specifies the route map name for redistribution of routes in the VRF.
Max BGP Paths and Max iBGP Paths – Specifies the maximum BGP and iBGP paths.
TRM Enable – Select the checkbox to enable TRM.
If you enable TRM, then the RP address, the RP loopback ID and the underlay multicast address must be entered.
Is RP External – Enable this checkbox if the RP is external to the fabric.
RP Address and RP Loopback ID – Specifies the loopback ID and IP address of the RP.
Underlay Multicast Address – Specifies the multicast address associated with the VRF. The multicast address is used for transporting multicast traffic in the fabric underlay.
Overlay Multicast Groups – Specifies the multicast address for the VRF, used in the fabric overlay.
Enable IPv6 link-local Option – Enables the IPv6 link-local option under the VRF SVI.
Advertise Host Routes – Enable the checkbox to control advertisement of /32 and /128 routes to Edge Routers.
Advertise Default Route – Enable the checkbox to control advertisement of default routes internally.
To allow inter-subnet communication between end hosts in different VXLAN fabrics, where the subnets are present in both fabrics, you must disable the Advertise Default Route feature (clear the Advertise Default Route checkbox) for the associated VRF. This will result in /32 routes for hosts being seen in both fabrics. For example, Host1 (VNI 30000, VRF 50001) in Fabric1 can send traffic to Host2 (VNI 30001, VRF 50001) in Fabric2 only if the host route is present in both fabrics. When a subnet is present in only one fabric then default route is sufficient for inter-subnet communication.
Sample screenshots of the Create VRF screen:
Advanced tab:
-
Click Create VRF.
The MyVRF_50001 VRF is created and appears on the VRFs page.
Export and Import VRF Information
You can export VRF information to a .CSV file. The exported file contains information pertaining to each VRF, including the fabric it belongs to, the templates used to create the VRF, and all other configuration details that you saved during VRF creation.
In the VRFs screen, click the Export icon to export VRF information as a .CSV file.
You can use the exported .CSV file for reference or use it as a template for creating new VRFs. To import VRFs, do the following:
-
Update new records in the .CSV file. Ensure that the vrfTemplateConfig field contains the JSON Object.
-
In the VRFs screen, click Import icon and import the .CSV file into DCNM.
A message at the bottom right part of the screen displays errors and success messages. This screenshot depicts a new VRF being imported.
You can see that the imported VRF is displayed in the VRFs screen.
Editing VRFs for the Standalone Fabric
-
Choose the correct fabric from SCOPE. When you select a fabric, the VRFs screen refreshes and lists VRFs of the selected fabric.
-
Click Control > Networks & VRFs (under Fabrics submenu). The Networks & VRFs screen comes up.
-
Click Continue. The Select a Fabric screen is displayed.
-
From the Select a Fabric drop-down list, select the fabric Standalone, and click Continue on the top right part of the screen. The Networks page is displayed.
-
Click the VRF View at the top right part of the screen. The VRFs page appears.
-
Select the VRF and click the Edit option at the top left part of the screen. The Edit VRF screen comes up.
-
Update the fields in the General and Advanced tabs of the VRF Profile section as needed.
-
Click Save at the bottom right part of the screen to save the updates.
Deploying Networks for the Standalone and MSD Fabrics
Before you begin: Ensure that you have created networks for the fabric.
-
Go to the Select a Fabric page.
(To go to the Select a Fabric page do one of the following:
Click Fabric Selection at the top left part of the screen.
OR
From the main menu, click Control > Networks & VRFs and click Continue in the LAN Fabric Provisioning page).
-
Click Standalone from the drop-down list and click Continue on the top right part of the screen.
For an MSD fabric, you can either choose the MSD fabric or the member fabric. If you choose the MSD fabric, you can view all member fabrics in the same topology screen. So, you can provision networks from a single topology screen, one member fabric at a time.
The Networks page comes up.
The list of networks in the fabric are displayed on the page. The network deployment status is NA since the networks have not been deployed on any switch.
Note
You can edit or delete networks from this screen.
-
Select networks that you want to deploy. In this case, select the check boxes next to both the networks and click Continue at the top right part of the screen.
The Network Deployment page appears. On this page, you can see the network topology of the Standalone fabric.
You can deploy networks simultaneously on multiple switches. The selected devices should have the same role (Leaf, Border Gateway, and so on).
Note
In an MSD fabric, all member fabrics are visible from this screen.
At the bottom right part of the screen, the color codes that represent different stages of deployment are displayed. The color of the switch icons changes accordingly. Blue for Pending state, yellow for In Progress when the provisioning is in progress, green when successfully deployed, and so on.
The overlay networks (/VRFs) provisioning status is context-specific. It is a combination of networks that you chose for provisioning and the relevant switches in the topology. In this example, it means that the networks MyNetwork_30000 and MyNetwork_30001 are yet to be deployed on any switch in this fabric.
You can move the topology around the screen by clicking the left mouse button on the screen and moving it in the direction you desire. You can enlarge or shrink the switch icons proportionately by moving the cursor roller. You can also use corresponding alternatives on the touchpad.
-
Double-click a switch to deploy the networks on it. For deployment of networks on multiple switches, click Multi-Select from the panel at the top right part of the screen (the topology freezes to a static state), and drag the cursor across the switches.
Immediately the Network Attachment dialog box appears.
A tab represents each network (the first network is displayed by default) that is being deployed. In each network tab, the switches are displayed. Each row represents a switch.
Click the check box next to the Switch column to select all switches. The network is ready to be provisioned on the switches.
VLAN - Update the VLAN ID if needed.
When you update a VLAN ID and complete the network deployment process, the old VLAN is not automatically removed. To complete the process, you should go to the fabric topology screen (click Control > Fabric Builder and click within the corresponding fabric box to go to the screen) and use the Save and Deploy option.
When updating the VLAN ID for a given network, the original VLAN ID is not automatically removed from the attached trunk interface. In order to remove the old or original VLAN ID, you must perform Save and Deploy + Config Deploy operation from within the fabric in Fabric Builder. For this, go to the fabric topology screen (click Control > Fabric Builder and click within the corresponding fabric box to go to the screen) and execute the Save and Deploy operation. Verify that config compliance is removing the expected config, then execute Deploy Config operation to remove the configs.
Interfaces – Click … in the column to add interfaces associated with the selected network.
VLAN to trunk port mapping – The selected trunk ports include the VLAN as an allowed VLAN on the port.
VLAN to vPC domain mapping - If you want to associate the VLAN to port channels of a vPC domain, add the port channels from the list of interfaces. The vPC port channels include the VLAN as an allowed VLAN.
Freeform configurations – Click Freeform config to enable additional configurations on the switch. After the configurations are saved, the Freeform config button gets highlighted.
-
Select the other network tab and make the same selections.
-
Click Save (at the bottom right part of your screen) to save the configurations.
Note
Addition and removal of interfaces are displayed in the Interfaces column of the Switches Deploy screen. Though the interface-related updates (like addition or removal of trunk ports) are provisioned on the switches, the correct configurations will not reflect in the preview screen. When you add or remove a trunk or access port, the preview shows the addition or removal of configurations for the interface under that network.
The topology window appears again. Click Refresh in the vertical panel at the top right part of the screen. The blue color on the switch icons indicates that the deployment is pending.
-
Preview the configurations by clicking Preview (the eye icon above the Multi-Select option). Since MyNetwork_30000 and MyNetwork_30001 are networks of VRF 50000, the configurations contain VRF configurations followed by the network configurations.
On the preview screen, you can select from the Select a switch and Select a network drop-down boxes at the top of the screen to view other network configurations.
After checking the configurations, close the screen. The Topology screen appears again.
-
Click Deploy on the top right part of the screen. The color of the switch icons changes to yellow and a message appears at the bottom right part of the screen indicating that the deployment is in progress. After the networks' deployment is complete, the color of the switch icons changes to green, indicating successful deployment.
Note
In case you click Deploy and there is no configuration diff that has to be deployed, a pop-up window comes up stating No switches PENDING for deployment.
Note
When you select multiple networks on the Topology View screen and proceed to the deployment screen, the switch color reflects the status of the first network in the selected list of networks. In this example, the switch color turns green when MyNetwork_30000 is provisioned on the switch.
Go to the Networks page to view the individual status for all networks.
Network Deployment for an MSD Fabric
Consider a scenario wherein you are deploying the same networks on different member fabric border devices. You can choose one fabric, deploy networks on its border devices, and then choose the second fabric and deploy networks.
Alternatively, you can choose the MSD fabric, and deploy the networks from a single topology view of all member fabric border devices.
This is a topology view of an MSD fabric wherein the two member fabrics topologies and their connections are depicted. You can deploy networks on the BGWs of the fabrics at once.
Detailed View
You can also use the Detailed View option to deploy networks and VRFs. Click Detailed View at the top right part of the screen. The Detailed View window appears. This lists the networks in a tabular view.
The options:
Edit - Select a network and click the Edit icon at the top left part of the screen.
Note |
If you select one network/switch entry and click on Edit, the Network Attach dialog box appears. To maintain consistency across the Topology View and Detailed View screens, the Network Attach screen displays all networks, and not just the selected network/switch. |
Preview – Click Preview to preview configurations before deployment. You can only preview pending configurations, and not uninitiated or deployed configurations.
Deploy – Click Deploy to provision networks onto the switches.
History – Select a row and click History to view the configuration instances and status. Network and VRF-wise configurations are displayed. Click in the Status column of any instance for more details.
The fields in the table contain the configuration instance in each row, the associated switch and fabric names, the switch role, trunk ports (if any), and the deployment status.
Apply/Save – Selecting a network and clicking Apply/Save will select a switch for the network to be deployed on.
On the Detailed View page, the network profile configuration history is displayed. If you have associated specific trunk interfaces to that network, then the interface configuration is displayed as a separate configuration instance.
Note |
When you upgrade from an earlier release (such as DCNM 10.4[2]) to the DCNM 11.0(1) release, overlay networks and VRFs deployment history information from the earlier DCNM release is not retained. |
Deploying VRFs for the Standalone and MSD Fabrics
-
From the Networks page, click VRF View at the top right part of the screen to deploy VRFs.
(If you have freshly logged in to DCNM, do the following:
Click Control > Networks & VRFs.
Click Continue in the LAN Fabric Provisioning page.
Choose Standalone from the drop-down list and click Continue to reach the Networks page.
Click VRF View at the top right part of the Networks page).
The VRFs page comes up. The list of VRFs created for the Standalone fabric are displayed in this screen.
-
Select check boxes next to the VRFs that you want to deploy and click Continue at the top right part of the screen.
The VRF Deployment screen appears. On this page, you can see the topology of the Standalone fabric. The following example shows you how to deploy the VRFs MyVRF_50000 and MyVRF_50001 on the leaf switch. You can deploy VRFs simultaneously on multiple switches but of the same role (Leaf, Border Gateway, and so on).
At the bottom right part of the screen, the color codes that represent different stages of deployment are displayed. The color of the switch icons changes accordingly. Blue for Pending state, yellow for In Progress state when the provisioning is in progress, red for failure state, green when successfully deployed, and so on.
The overlay networks (or VRFs) provisioning status is context-specific. It is a combination of VRFs that you chose for provisioning and the relevant switches in the topology. In this example, it means that the VRFs are yet to be deployed on any switch in this fabric.
You can move the topology around the screen by clicking the left mouse button on the screen and moving it in the direction you desire. You can enlarge or shrink the switch icons proportionately by moving the cursor roller. You can also use corresponding alternatives on the touchpad.
-
Double-click a switch to deploy VRFs on it. The VRF Attachment screen comes up.
Note
For deployment of VRFs on multiple switches, click the Multi-Select option from the panel at the top right part of the screen (This freezes the topology to a static state), and drag the cursor across the switches.
A tab represents each VRF that is being deployed (the first selected VRF is displayed by default). In each VRF tab, the selected switches are displayed. Each row represents a switch.
VLAN ID - Click within the VLAN column to update the VRF VLAN ID, if needed.
Freeform configurations – Click Freeform config to enable additional configurations on the switch. After you save freeform configurations, the Freeform config button gets highlighted.
Click the checkbox next to the Switch column to select all switches. VRF MyVRF_50000 is ready to be provisioned on the switch
-
Select the other VRF tab and make the same selections.
-
Click Save (at the bottom right part of your screen) to save VRF configurations.
The topology screen comes up again. Click the Refresh button in the vertical panel at the top right part of the screen. The blue color on the switch icons indicates that the deployment is pending.
Preview the configurations by clicking the Preview button (the eye icon above the Multi-Select option).
After checking the configurations, close the screen. The Topology View screen appears.
-
Click the Deploy button on the top right part of the screen. The color of the switch icons changes to yellow and a message appears at the bottom right part of the screen indicating that the deployment is in progress. After the VRF deployment is complete, the color of the switch icons changes to green, indicating successful deployment.
Note
In case you click Deploy and there is no configuration diff that has to be deployed, a pop-up window comes up stating No switches PENDING for deployment.
VRFs Deployment for an MSD Fabric
Consider a scenario wherein you are deploying the same VRFs on different member fabric border devices. You can choose one fabric, deploy VRFs on its border devices, and then choose the second fabric and deploy the VRFs.
Alternatively, you can choose the MSD fabric, and deploy the VRFs from a single topology view of all member fabric border devices at once.
Detailed View
You can also use the Detailed View button to deploy networks and VRFs.
Click Detailed View at the top right part of the screen. The Detailed View screen comes up. This lists the VRFs in a tabular view.
The options:
Edit - Select a VRF and click the Edit icon at the top left part of the screen.
Note |
If you select one VRF/switch entry, the VRF Attach screen comes up. To maintain consistency across the Topology View and Detailed View screens, the VRF Attach screen displays all VRFs, and not just the selected VRF/switch entry. |
Preview – Click Preview to preview configurations before deployment. You can only preview pending configurations, and not uninitiated or deployed configurations.
Deploy – Click Deploy to provision VRFs onto the switches.
History – Select a row and click History to view the configuration instances and status. Network and VRF-wise configurations are displayed. Click in the Status column of any instance for more details.
The fields in the table contain the configuration instance in each row, the associated switch and fabric names, the switch role, and the deployment status.
Apply/Save – Selecting a VRF and clicking Apply/Save will select a switch for the VRF to be deployed on.
Note |
When you upgrade from an earlier release (such as DCNM 10.4[2]) to the DCNM 11.0(1) release, overlay networks and VRFs deployment history information from the earlier DCNM release is not retained. |
Undeploying Networks for the Standalone Fabric
You can undeploy VRFs and networks from the deployment screen. The DCNM screen flow for undeployment is similar to the deployment process flow. Go to the deployment screen (Topology View) to undeploy networks:
-
Choose Control > Networks and VRFs.
-
In the Select a Fabric page, click Continue (at the top right part of the screen). The Networks page comes up.
-
Select the networks that you want to undeploy and click Continue. The topology view comes up.
-
Select the Multi-Select button (if you are undeploying the networks from multiple switches), and drag the cursor across switches with the same role. The Network Attachment screen comes up.
(For a single switch, double-click the switch and the Network Attachment screen comes up).
(For a single switch, double-click the switch and the Switches Deploy screen comes up).
-
In the Network Attachment screen, the Status column for the deployed networks is displayed as DEPLOYED. Clear the check boxes next to the switches, as needed. Ensure that you repeat this on all tabs since each tab represents a network.
-
Click Save (at the bottom right part of the screen) to initiate the undeployment of the networks. The Topology View comes up again.
Note
Alternatively, you can click the Detailed View button to undeploy networks.
-
Refresh the screen, preview configurations if needed and click Deploy to remove the network configurations on the switches. After the switch icons turn green, it indicates successful undeployment.
-
Go to the Networks page to verify if the networks are undeployed.
Undeploying VRFs for the Standalone Fabric
You can undeploy VRFs from the deployment screen. The DCNM screen flow for undeployment is similar to the deployment process flow.
-
Choose Control > Networks and VRFs.
-
In the Select a Fabric page, click Continue (at the top right part of the screen). The Networks page comes up.
-
Click the VRF View button (at the top right part of the screen) to go to the VRFs screen.
-
Select the VRFs that you want to undeploy and click Continue. The Topology View page comes up.
-
Select the Multi-Select option (if you are undeploying the VRFs from multiple switches), and drag the cursor across switches with the same role. The VRF Attachment screen comes up.
(For a single switch, double-click the switch and the VRF Attachment screen comes up).
-
In the Switches Deploy screen, the Status column for the deployed VRFs is displayed as DEPLOYED. Clear the check boxes next to the switches, as needed. Ensure that you repeat this on all tabs since each tab represents a VRF.
-
Click Save (at the bottom right part of the screen) to initiate the undeployment of the VRFs. The topology view comes up again.
Note
Alternatively, you can click the Detailed View button to undeploy VRFs.
-
Refresh the screen, preview configurations if needed and click Deploy to remove the VRF configurations on the switches. After the switch icons turn green, it indicates successful undeployment.
-
Go to the VRFs page to verify if the networks are undeployed.
Deleting Networks and VRFs
If you want to delete networks and corresponding VRFs in the MSD fabric, follow this order:
-
Undeploy the networks, if not already done.
-
Delete the networks.
-
Undeploy the VRFs, if not already done.
-
Delete the VRFs.
Creating an External Fabric
In DCNM 11.1(1) release, you can add switches to the external fabric. Generic pointers:
-
An external fabric is a monitor-only or managed mode fabric.
-
You can import, remove, and delete switches for an external fabric.
-
For Inter-Fabric Connection (IFC) cases, you can choose Cisco 9000, 7000 and 5600 Series switches as destination switches in the external fabric.
-
You can use non-existing switches as destination switches.
-
The template that supports an external fabric is External_Fabric.
-
If an external fabric is an MSD fabric member, then the MSD topology screen displays the external fabric with its devices, along with the member fabrics and their devices.
When viewed from an external fabric topology screen, any connections to non-DCNM managed switches are represented by a cloud icon labeled as Undiscovered.
-
You can set up a Multi-Site or a VRF-lite IFC by manually configuring the links for the border devices in the VXLAN fabric or by using an automatic Deploy Border Gateway Method or VRF Lite IFC Deploy Method. If you are configuring the links manually for the border devices, we recommend using the Core Router role to set up a Multi-Site eBGP underlay from a Border Gateway device to a Core Router and the Edge Router role to set up a VRF-lite Inter-Fabric Connection (IFC) from a Border device to an Edge device.
-
You can connect a Cisco data center to a public cloud using Cisco CSR 1000v. See the Connecting Cisco Data Center and a Public Cloud chapter for a use case.
Creating External Fabric from Fabric Builder
Follow these steps to create an external fabric from Fabric Builder.
-
Click Control > Fabric Builder. The Fabric Builder page comes up.
-
Click the Create Fabric button. The Add Fabric screen comes up. The fields in this screen are:
Fabric Name - Enter the name of the external fabric.
Fabric Template - Choose External_Fabric.
When you choose the fabric template, the fabric creation screen for creating an external fabric comes up.
-
Fill up the General, Advanced, Resources, and DCI tabs as shown below.
General tab
BGP AS # - Enter the BGP AS number.
Fabric Monitor Mode – Clear the checkbox if you want DCNM to manage the fabric. Keep the checkbox selected to enable a monitor only external fabric.
When you create an Inter-Fabric Connection from a VXLAN fabric to this external fabric, the BGP AS number is referenced as the external or neighbor fabric AS Number.
When an external fabric is set to Fabric Monitor Mode Only, you cannot deploy configurations on its switches. If you click Save & Deploy in the fabric topology screen, it displays an error message.
However, the following settings (available when you right-click the switch icon) are allowed:
vPC pairing - You can designate a vPC switch pair, but it is only for reference.
View/edit policy - You can add a policy but you cannot deploy it on the switch.
Manage interfaces – You can only create intent for adding interfaces. If you try to deploy, edit, or delete interfaces, it results in an error message.
BGP Send-Community-Both Option – Select the checkbox to send standard and extended BGP communities to BGP peers. If the checkbox is not selected, only the extended community is sent.
Advanced tab
vPC Peer Link VLAN - The vPC peer link VLAN ID is autopopulated. Update the field to reflect the correct value.
Enable NX-API - Specifies enabling of NX-API on HTTPS. This check box is checked by default.
Enable NX-API on HTTP - Specifies enabling of NX-API on HTTP. Enable this check box and the Enable NX-API check box to use HTTP. This check box is checked by default.
Resources tab
Subinterface Dot1q Range - The subinterface 802.1Q range and the underlay routing loopback IP address range are autopopulated.
Underlay Routing Loopback IP Range - Specifies loopback IP addresses for the protocol peering.
DCI tab – The DCI subnet IP prefix and subnet mask information are populated.
-
Click Save.
After the external fabric is created, the external fabric topology page comes up.
After creating the external fabric, add switches to it.
Add Switches to the External Fabric
-
Click Add switches. The Inventory Management screen comes up.
You can also add switches by clicking Tabular View > Switches > + .
-
Enter the IP address (Seed IP) of the switch.
-
Enter the administrator username and password of the switch.
-
Click Start discovery at the bottom part of the screen. The Scan Details section comes up shortly. Since the Max Hops field was populated with 2, the switch with the specified IP address and switches two hops from it are populated.
-
Select the check boxes next to the concerned switches and click Import into fabric.
You can discover multiple switches at the same time. The switches must be properly cabled and connected to the DCNM server and the switch status must be manageable.
The switch discovery process is initiated. The Progress column displays the progress. After DCNM discovers the switch, the screen closes and the fabric screen comes up again. The switch icons are seen at the centre of the fabric screen.
-
Click Refresh topology to view the latest topology view.
-
External Fabric Switch Settings - The settings for external fabric switches vary from the VXLAN fabric switch settings. Right-click on the switch icon and set or update switch options.
The options are:
Set Role – By default, no role is assigned to an external fabric switch. The allowed roles are Edge Router and Core Router. Assign the Core Router role for a Multi-Site Inter-Fabric Connection (IFC) and the Edge Router role for a VRF Lite IFC between the external fabric and VXLAN fabric border devices.
Note
Changing of switch role is allowed only before executing Save & Deploy.
Modes – Active/Operational mode.
vPC Pairing – Select a switch for vPC and then select its peer.
Manage Interfaces – Deploy configurations on the switch interfaces.
Straight-through FEX, Active/Active FEX, and breakout of interfaces are not supported for external fabric switch interfaces.
View/edit Policies – Add, update, and delete policies on the switch. The policies you add to a switch are template instances of the templates available in the template library. After creating policies, deploy them on the switch using the Deploy option available in the View/edit Policies screen.
History – View per switch deployment history.
Deploy Config – Deploy per switch configurations.
Discovery - You can use this option to update the credentials of the switch, reload the switch, rediscover the switch, and remove the switch from the fabric.
-
Click Save & Deploy at the top right part of the screen. The template and interface configurations form the configuration provisioning on the switches.
When you click Save & Deploy, the Configuration Deployment screen comes up.
-
Click Deploy Config at the bottom part of the screen to initiate pending configuration onto the switch.
-
Close the screen after deployment is complete.
Note
If a switch in an external fabric does not accept default credentials, you should perform one of the following actions:
-
Remove the switch in the external fabric from inventory, and then rediscover.
-
LAN discovery uses both SNMP and SSH, so both passwords need to be the same. You need to change the SSH password to match the SNMP password on the switch. If SNMP authentication fails, discovery is stopped with authentication error. If SNMP authentication passes but SSH authentication fails, DCNM discovery continues, but the switch status shows a warning for the SSH error.
-
Move an External Fabric Under an MSD Fabric
You should go to the MSD fabric page to associate an external fabric as its member.
-
Click Control > Fabric Builder to go to the Fabric Builder screen.
-
Click within the MSD-Parent-Fabric box to go to its topology screen.
-
In the topology screen, go to the Actions panel and click Move Fabrics.
The Move Fabric screen comes up. It contains a list of fabrics. The external fabric is displayed as a standalone fabric.
-
Select the radio button next to the external fabric and click Add.
Now, in the Scope drop-down box at the top right, you can see that the external fabric appears under the MSD fabric.
-
Click ← at the top left part of the screen to go to the Fabric Builder screen. In the MSD fabric box’s Member Fabrics field, the external fabric is displayed.
External Fabric Depiction in an MSD Fabric Topology
The MSD topology screen displays MSD member fabrics and external fabrics together. The external fabric External65000 is displayed as part of the MSD topology.
Note |
When you deploy networks or VRFs for the VXLAN fabric, the deployment page (MSD topology view) shows the VXLAN and external fabrics that are connected to each other. |
External Fabric Switch Operations
In the external fabric topology screen, click Tabular view option in the Actions panel, at the left part of the screen. The Switches | Links screen comes up.
The Switches tab is for managing switch operations and the Links tab is for viewing fabric links. Each row represents a switch in the external fabric, and displays switch details, including its serial number.
The buttons at the top of the table are explained, from left to right direction. Some options are also available when you right-click the switch icon. However, the Switches tab enables you to provision configurations on multiple switches (for adding and deploying policies, and so on) simultaneously.
-
Add switches to the fabric. This option is also available in the topology page (Add switches option in Actions panel).
-
Initiate the switch discovery process by DCNM afresh.
-
Update device credentials such as authentication protocol, username, and password.
-
Reload the switch.
-
Remove the switch from the fabric.
-
View/edit Policies – Add, update, and delete a policy on multiple switches simultaneously. The policies are template instances of templates in the template library. After creating a policy, deploy it on the switches using the Deploy option available in the View/edit Policies screen.
Note
If you select multiple switches and deploy a policy instance, then it will be deployed on all the selected switches.
-
Manage Interfaces – Deploy configurations on the switch interfaces.
-
History – View deployment history on the selected switch.
-
Deploy – Deploy switch configurations.
External Fabric Links
You can only view and delete external fabric links. You cannot create links or edit them.
To delete a link in the external fabric, do the following:
-
Go to the topology screen and click the Tabular view option in the Actions panel, at the left part of the screen.
The Switches | Links screen comes up.
-
Choose one or more checkboxes and click the Delete icon at the top left.
The links are deleted.
Move Neighbor Switch to External Fabric
-
Click Add switches. The Inventory Management screen comes up.
-
Click Move Neighbor Switches tab.
-
Select the switch and click Move Neighbor at the top right part of the screen.
To delete a neighbor, select a switch and click Delete Neighbor at the top right.
Special Configuration CLIs Ignored for Configuration Compliance
The following configuration CLIs are ignored during configuration compliance checks:
-
Any CLI having 'username’ along with ‘password’
-
Any CLI that starts with ‘snmp-server user’
Any CLIs that match the above will not show up in pending diffs and clicking Save & Deploy in the Fabric Builder window will not push such configurations to the switch. These CLIs will not show up in the Side-by-side Comparison window also.
To deploy such configuration CLIs, perform the following procedure:
-
Select Control>Fabric Builder, click Tabular View, and select a switch in the Name column or select Control>Fabric Builder and right-click on the device.
-
Click View/Edit Policies and click on + to add a new policy. The Add Policy window comes up.
-
Add a PTI with the required configuration CLIs using the switch_freeform_config template and click Save.
-
Select the created policy and click Deploy to deploy the configuration to the switch(es).
Multi-Site Domain for VXLAN BGP EVPN Fabrics
A Multi-Site Domain (MSD) is a multifabric container that is created to manage multiple member fabrics. An MSD is a single point of control for definition of overlay networks and VRFs that are shared across member fabrics. When you move fabrics (that are designated to be part of the multifabric overlay network domain) under the MSD as member fabrics, the member fabrics share the networks and VRFs created at the MSD-level. This way, you can consistently provision network and VRFs for different fabrics, at one go. It significantly reduces the time and complexity involving multiple fabric provisionings.
Since server networks and VRFs are shared across the member fabrics (as one stretched network), the new networks and VRFs provisioning function is provided at the MSD fabric level. Any new network and VRF creation is only allowed for the MSD. All member fabrics inherit any new network and VRF created for the MSD.
In DCNM 11.1(1) release, in addition to member fabrics, the topology view for the MSD fabric is introduced. This view displays all member fabrics, and how they are connected to each other, in one view.
Also, a deployment view is introduced for the MSD fabric. You can deploy overlay networks (and VRFs) on member fabrics from a single topology deployment screen, instead of visiting each member fabric deployment screen separately and deploying.
Note |
|
Note |
The VXLAN OAM feature in Cisco DCNM is only supported on a single fabric or site. |
A few fabric-specific terms:
-
Standalone fabric: A fabric that is not part of an MSD is referred as a standalone fabric from the MSD perspective. Before the MSD concept, all fabrics were considered standalone, though two or more such fabrics can be connected with each other.
-
Member fabrics: Fabrics that are part of an MSD are called member fabrics or members. Create a standalone fabric (of the type Easy_Fabric) first and then move it within an MSD as a member fabric.
When a standalone fabric is added to the MSD, the following actions take place:
-
The standalone fabric's relevant attributes and the network and VRF definitions are checked against that of the MSD. If there is a conflict, then the standalone fabric addition to the MSD fails. If there are no conflicts, then the standalone fabric becomes a member fabric for the MSD. If there is a conflict, the exact conflicts are logged in the pending errors log for the MSD fabric. You can remedy the conflicts and then attempt to add the standalone fabric to the MSD again.
-
All the VRFs and networks definitions from the standalone fabric that do not have presence in the MSD are copied over to the MSD and in turn inherited to each of its other existing member fabrics.
-
The VRFs (and their definitions) from the MSD (such as the MSD's VRF, and L2 and L3 VNI parameters that do not have presence in the standalone fabric) are inherited into the standalone fabric that just became a member.
Fabric and Switch Instance Variables
While the MSD provisions a global range of network and VRF values, some parameters are fabric-specific and some parameters are switch-specific. The parameters are called fabric instance and switch instance variables.
Fabric instance values can only be edited or updated in the fabric context from the VRFs and Networks window. The appropriate fabric should be selected in the SCOPE drop-down list to edit the fabric instance values. Some of the examples of fabric instance variables are BGP ASN, Multicast group per network or VRF, etc. For information about editing multicast group address, see Editing Networks in the Member Fabric.
Switch instance values can be edited on deployment of the network on the switch. For example, VLAN ID.
MSD and Member Fabric Process Flow
An MSD has multiple sites (and hence, multiple member fabrics under an MSD). VRFs and networks are created for the MSD and get inherited by the member fabrics. For example, VRF-50000 (and L3 network with ID 50000), and L2 networks with IDs 30000 and 30001 are created for the MSD, in one go.
A high-level flow chart of the MSD and member fabric creation and MSD-to-member fabric inheritance process:
The sample flow explained the inheritance from the MSD to one member. An MSD has multiple sites (and hence, multiple member fabrics under an MSD). A sample flow from an MSD to multiple members:
In this example, VRF-50000 (and L3 network with ID 50000), and L2 networks with IDs 30000 and 30001 are created in one go. Networks and VRFs are deployed on the member fabric switches, one after another, as depicted in the image.
In DCNM 11.1(1), you can provision overlay networks through a single MSD deployment screen.
Note |
If you move a standalone fabric with existing networks and VRFs to an MSD, DCNM does appropriate validation. This is explained in detail in an upcoming section. |
Upcoming sections in the document explain the following:
-
Creation of an MSD fabric.
-
Creation of a standalone fabric (as a potential member) and its movement under the MSD as a member.
-
Creation of networks and VRFs in the MSD and their inheritance to the member fabrics.
-
Deployment of networks and VRFs from the MSD and member fabric topology views.
-
Other scenarios for fabric movement:
-
Standalone fabric with existing networks and VRFs to an MSD fabric.
-
Member fabric from one MSD to another.
-
Creating an MSD Fabric and Associating Member Fabrics to It
The process is explained in two steps:
-
Create an MSD fabric.
-
Create a new standalone fabric and move it under the MSD fabric as a member fabric.
Creating an MSD Fabric
-
Click Control > Fabric Builder.
The Fabric Builder screen comes up. When you view the screen for the first time, the Fabrics section has no entries. After you create a fabric, it is displayed on the Fabric Builder screen, wherein a rectangular box represents each fabric.
A standalone or member fabric contains Switch_Fabric in the Type field, its AS number in the ASN field and mode of replication, Multicast or Ingress Replication, in the Replication Mode field. Since no device or network traffic is associated with an MSD fabric as it is a container, it does not have these fields.
-
Click the Create Fabric button. The Add Fabric screen comes up. The fields are:
Fabric Name - Enter the name of the fabric.
Fabric Template - This field has template options for creating specific types of fabric. Choose MSD_Fabric. The MSD screen comes up.
The fields in the screen are explained:
In the General tab, all fields are autopopulated with data. The fields consist of the Layer 2 and Layer 3 VXLAN segment identifier range, the default network and VRF templates, and the anycast gateway MAC address. Update the relevant fields as needed.
L2 Segment ID Range - Layer 2 VXLAN segment identifier range.
L3 Partition ID Range - Layer 3 VXLAN segment identifier range.
VRF Template - Default VRF template.
Network Template - Default network template.
VRF Extension Template - Default VRF extension template.
Network Extension Template - Default network extension template.
Anycast-Gateway-MAC - Anycast gateway MAC address.
Multisite Routing Loopback Id – The multicast routing loopback ID is populated in this field.
-
Click the DCI tab.
The fields are:
DCI Subnet IP Range and Subnet Target Mask – Specify the Data Center Interconnect (DCI) subnet IP address and mask.
Deploy Border Gateway Method – Choose how you will connect the data centers through the BGW, manually, in a back-to-back fashion or through a route server.
If you choose to connect them through a route server, you should enter the route server details.
MS Route Server List – Specify the IP addresses of the route server. If you specify more than one, separate the IP addresses by a comma.
BGP ASN of Route Server(s) one for each route server – Specify the BGP AS Number of the router server. If you specify more than one route server, separate the AS Numbers by a comma.
-
Click the Resources tab.
MultiSite Routing Loopback IP Range – Specify the Multi-Site loopback IP address range used for the EVPN Multi-Site function.
A unique loopback IP address is assigned from this range to each member fabric because each member site must have a Loopback 100 IP address assigned for overlay network reachability. The per-fabric loopback IP address is assigned on all the BGWs in a specific member fabric.
-
Click Save.
A message appears briefly at the bottom right part of the screen, indicating that you have created a new MSD fabric. After fabric creation, the fabric page comes up. The fabric name MSD-Parent-Fabric appears at the top left part of the screen.
Since the MSD fabric is a container, you cannot add a switch to it. The Add Switches button that is available in the Actions panel for member and standalone fabrics is not available for the MSD fabric.
When a new MSD is created, the newly created MSD fabric instance appears (as a rectangular box) on the Fabric Builder page. To go to the Fabric Builder page, click the ← button at the top left part of the MSD-Parent-Fabric page.
An MSD fabric is displayed as MSD in the Type field, and it contains the member fabric names in the Member Fabrics field. When no member fabric is created, None is displayed.
The steps for creation of an MSD fabric and moving member fabrics under it are:
-
Create an MSD fabric.
-
Create a new standalone fabric and move it under the MSD fabric as a member fabric.
Step 1 is completed. Step 2 is explained in the next section.
Creating and Moving a New Fabric Under the MSD Fabric as a Member
A new fabric is created as a standalone fabric. After you create a new fabric, you can move it under an MSD as a member. As a best practice, when you create a new fabric that is a potential member fabric (of an MSD), do not add networks and VRFs to the fabric. Move the fabric under the MSD and then add networks and VRFs for the MSD. That way, there will not be any need for validation (or conflict resolution) between the member and MSD fabric network and VRF parameters.
New fabric creation is explained in the Easy Fabric creation process. In the MSD document, fabric movement is covered. However, some pointers about a standalone (potential member) fabric:
The values that are displayed in the screen are automatically generated. The VXLAN VNI ID ranges (in the L2 Segment ID Range and L3 Partition ID Range fields) allocated for new network and VRF creation are values from the MSD fabric segment ID range. If you want to update the VXLAN VNI ranges or the VRF and Network VLAN ranges, ensure the following:
-
If you update a range of values, ensure that it does not overlap with other ranges.
-
You must update one range of values at a time. If you want to update more than one range of values, do it in separate instances. For example, if you want to update L2 and L3 ranges, you should do the following:
-
Update the L2 range and click Save.
-
Click the Edit Fabric option again, update the L3 range and click Save.
-
Ensure that the Anycast Gateway MAC, the Network Template and the VRF Template field values are the same as the MSD fabric. Else, member fabric movement to the MSD fail.
Other pointers:
-
Ensure that the Anycast Gateway MAC, the Network Template and the VRF Template field values are the same as the MSD fabric. Else, member fabric movement to the MSD fail.
-
The member fabric should have a Site ID configured and the Site ID must be unique among the members.
-
The BGP AS number should be unique for a member fabric.
-
The underlay subnet range for loopback0 should be unique.
-
The underlay subnet range for loopback1 should be unique.
After you click Save, a note appears at the bottom right part of the screen indicating that the fabric is created. When a fabric is created, the fabric page comes up. The fabric name appears at the top left part of the screen.
Simultaneously, the Fabric Builder page also displays the newly created fabric, Member1.
Simultaneously, the Fabric Builder page also displays the newly created fabric, Member1.
Moving the Member1 Fabric Under MSD-Parent-Fabric
You should go to the MSD fabric page to associate a member fabric under it.
If you are on the Fabric Builder page, click within the MSD-Parent-Fabric box to go to the MSD-Parent-Fabric page.
[If you are in the Member1 fabric page, you should go to the MSD-Parent-Fabrics-Docs fabric page. Click <- above the Actions panel. You will reach the Fabric Builder page. Click within the MSD-Parent-Fabric box].
-
In the MSD-Parent-Fabric page, go to the Actions panel and click Move Fabrics.
The Move Fabric screen comes up. It contains a list of fabrics.
Member fabrics of other MSD container fabrics are not displayed here.
The Member1 fabric is still a standalone fabric. A fabric is considered a member fabric of an MSD fabric only when you associate it with the MSD fabric. Also, each standalone fabric is a candidate for being an MSD fabric member, until you associate it to one of the MSD fabrics.
-
Since Member1 fabric is to be associated with the MSD fabric, select the Member1 radio button. The Add button is enabled.
-
Click Add.
Immediately, a message appears at the top of the screen indicating that the Member1 fabric is now associated with the MSD fabric MSD-Parent-Fabric. Now, the MSD-Parent-Fabric fabric page appears again.
-
Click the Move Fabrics option to check the fabric status. You can see that the fabric status has changed from standalone to member.
-
Close this screen.
-
Click ← above the Actions panel to go to the Fabric Builder page.
You can see that Member1 is now added to MSD fabric and is displayed in the Member Fabrics field.
MSD Fabric Topology View Pointers
-
MSD fabric topology view - Member fabrics and their switches are displayed. A boundary defines each member fabric. All fabric devices of the fabric are confined to the boundary.
All links are displayed, including intra-fabric links and Multi-Site (underlay and overlay), and VRF Lite links to remote fabrics.
-
Member fabric topology view - A member fabric and its switches are displayed. In addition, the connected external fabric is displayed.
Adding and Editing Links
To add a link, right-click anywhere in the topology and use the Add Link option. To edit a link, right-click on the link and use the Edit Link option.
Alternatively, you can use the Tabular view option in the Actions panel.
To know how to add links between border switches of different fabrics (inter-fabric links) or between switches in the same fabric (intra-fabric links), refer the Fabric Links topic.
Creating and Deploying Networks and VRFs in an MSD Fabric
In standalone fabrics, networks and VRFs are created for each fabric. In an MSD fabric, networks and VRFs should be created at the MSD fabric level. The networks and VRFs are inherited by all the member networks. You cannot create or delete networks and VRFs for member fabrics. However, you can edit them.
For example, consider an MSD fabric with two member fabrics. If you create three networks in the MSD fabric, then all three networks will automatically be available for deployment in both the member fabrics.
Though member fabrics inherit the MSD fabric's networks and VRFs, you have to deploy the networks and VRFs distinctly, for each fabric.
In DCNM 11.1(1) release, a deployment view is introduced for the MSD, in addition to the per-fabric deployment view. In this view, you can view and provision overlay networks for all member fabrics within the MSD, at once. However, you still have to apply and save network and VRF configurations distinctly, for each fabric.
Note |
Networks and VRFs are the common identifiers (represented across member fabrics) that servers (or end hosts) are grouped under so that traffic can be sent between the end hosts based on the network and VRF IDs, whether they reside in the same or different fabrics. Since they have common representation across member fabrics, networks and VRFs can be provisioned at one go. As the switches in different fabrics are physically and logically distinct, you have to deploy the same networks and VRFs separately for each fabric. |
For example, if you create networks 30000 and 30001 for an MSD that contains two member fabrics, the networks are automatically created for the member fabrics and are available for deployment.
In DCNM 11.1(1) release, you can deploy 30000 and 30001 on the border devices of all member fabrics through a single (MSD fabric) deployment screen. Prior to this, you had to access the first member fabric deployment screen, deploy 30000 and 300001 on the fabric's border devices, and then access the second member fabric deployment screen and deploy again.
Networks and VRFs are created in the MSD and deployed in the member fabrics. The steps are explained below:
-
Create networks and VRFs in the MSD fabric.
-
Deploy the networks and VRFs in the member fabric devices, one fabric at a time.
Creating Networks in the MSD Fabric
-
Click Control > Networks & VRFs (under Fabrics submenu). The Networks & VRFs page comes up.
-
Click Continue. The Select a Fabric page comes up.
You can click the Select a Fabric drop-down box to see the list of fabrics.
The MSD fabric MSD-Parent-Fabric contains one member fabric, Member1. It is indented to the right, indicating that is a part of the MSD. All other standalone fabrics appear in the same indent level of the MSD.
-
Select MSD-Parent-Fabric from the list and click Continue at the top right part of the screen.
The Networks page comes up. This lists the list of networks created for the MSD fabric. Initially, this screen has no entries.
-
Click the + button at the top left part of the screen (under Networks) to add networks to the MSD fabric. The Create Network screen comes up. Most of the fields are autopopulated.
The fields in this screen are:
Network ID and Network Name - Specifies the Layer 2 VNI and name of the network. The network name should not contain any white spaces or special characters except underscore (_) and hyphen (-).
VRF Name - Allows you to select the Virtual Routing and Forwarding (VRF).
When no VRF is created, this field is blank. If you want to create a new VRF, click the + button. The VRF name should not contain any white spaces or special characters except underscore (_), hyphen (-), and colon (:).
Note
You can also create a VRF by clicking the VRF View button on the Networks page.
Layer 2 Only - Specifies whether the network is Layer 2 only.
Network Template - Allows you to select a network template.
Network Extension Template - This template allows you to extend the network between member fabrics.
VLAN ID - Specifies the corresponding tenant VLAN ID for the network.
Network Profile section contains the General and Advanced tabs, explained below.
General tab
IPv4 Gateway/NetMask - Specifies the IPv4 address with subnet.
IPv6 Gateway/Prefix - Specifies the IPv6 address with subnet.
VLAN Name - Enter the VLAN name.
If the VLAN is mapped to more than one subnet, enter the anycast gateway IP addresses for those subnets.
Interface Description - Specifies the description for the interface.
MTU for the L3 interface - Enter the MTU for Layer 3 interfaces.
IPv4 Secondary GW1 - Enter the gateway IP address for the additional subnet.
IPv4 Secondary GW2 - Enter the gateway IP address for the additional subnet.
Advanced tab - Optionally, specify the advanced profile settings by clicking the Advanced tab. The options are:
-
ARP Suppression
-
DHCPv4 Server 1 and DHCPv4 Server 2 - Enter the DHCP relay IP address of the first and second DHCP servers.
-
DHCPv4 Server VRF - Enter the DHCP server VRF ID.
-
Loopback ID for DHCP Relay interface - Enter the loopback ID of the DHCP relay interface.
-
Routing Tag – The routing tag is autopopulated. This tag is associated with each gateway IP address prefix.
-
TRM enable – Select the checkbox to enable TRM.
-
L2 VNI Route-Target Both Enable - Select the check box to enable automatic importing and exporting of route targets for all L2 virtual networks.
-
Enable L3 Gateway on Border - Select the checkbox to enable the Layer 3 gateway on the border device.
A sample of the Create Network screen:
Advanced tab:
-
-
Click Create Network. A message appears at the bottom right part of the screen indicating that the network is created. The new network (MyNetwork_30000) appears on the Networks page that comes up.
Editing Networks in the MSD Fabric
-
In the Networks screen of the MSD fabric, select the network you want to edit and click the Edit icon at the top left part of the screen.
The Edit Network screen comes up.
You can edit the Network Profile part (General and Advanced tabs) of the MSD fabric network.
-
Click Save at the bottom right part of the screen to save the updates.
Network Inheritance from MSD-Parent-Fabric to Member1
MSD-Parent-Fabric fabric contains one member fabric, Member1. Go to the Select a Fabric page to access the Member1 fabric.
-
From the main menu, click Control > Networks & VRFs and click Continue in the Networks & VRFs page.
-
Click Member1 from the Select a Fabric drop-down box and click Continue on the top right part of the screen. The Networks page comes up. You can see that the network created for the MSD is inherited to its member.
Editing Networks in the Member Fabric
An MSD can contain multiple fabrics. These fabrics forward BUM traffic via Multicast or Ingress replication. Even if all the fabrics use multicast for BUM traffic, the multicast groups within these fabrics need not be the same.
When you create a network in MSD, it is inherited by all the member fabrics. However, the multicast group address is a fabric instance variable. To edit the multicast group address, you need to navigate to the member fabric and edit the network. For more information about the Multicast Group Address field, see Creating Networks for the Standalone Fabric.
-
Select the network and click the Edit option at the top left part of the window. The Edit Network window comes up.
-
Click the Advanced tab in the Network Profile section, update the multicast group address, and click Save.
Note |
The Generate Multicast IP option is only available for member fabric networks and not MSD networks. |
Deleting Networks in the MSD and Member Fabrics
You can only delete networks from the MSD fabric, and not member fabrics. To delete networks and corresponding VRFs in the MSD fabric, follow this order:
-
Undeploy the networks on the respective fabric devices before deletion.
-
Delete the networks from the MSD fabric. To delete networks, use the delete (X) option at the top left part of the Networks screen. You can delete multiple networks at once.
Note
When you delete networks from the MSD fabric, the networks are automatically removed from the member fabrics too.
-
Undeploy the VRFs on the respective fabric devices before deletion.
-
Delete the VRFs from the MSD fabric by using the delete (X) option at the top left part of the screen. You can delete multiple VRF instances at once.
Creating VRFs in the MSD Fabric
-
From the MSD fabric's Networks page, click the VRF View button at the top right part of the screen to create VRFs.
-
Click Control > Networks & VRFs. The Networks & VRFs page comes up.
-
Click Continue. The Select a Fabric page comes up.
-
Choose the MSD fabric (MSD-Parent-Fabric) from the drop-down box and click Continue. The Networks page comes up.
-
Click VRF View at the top right part of the Networks page].
The VRFs page comes up. This lists the list of VRFs created for the MSD fabric. Initially, this screen has no entries.
-
-
Click the + button at the top left part of the screen to add VRFs to the MSD fabric. The Create VRF screen comes up. Most of the fields are autopopulated.
The fields in this screen are:
VRF ID and VRF Name - The ID and name of the VRF.
The VRF ID is the VRF VNI or the L3 VNI of the tenant.
Note
For ease of use, the VRF creation option is also available while you create a network.
VRF Template - This is populated with the Default_VRF template.
VRF Extension Template - This template allows you to extend the VRF between member fabrics.
-
General tab – Enter the VLAN ID of the VLAN associated with the VRF, the corresponding Layer 3 virtual interface, and the VRF ID.
-
Advanced tab
Routing Tag – If a VLAN is associated with multiple subnets, then this tag is associated with the IP prefix of each subnet. Note that this routing tag is associated with overlay network creation too.
Redistribute Direct Route Map – Specifies the route map name for redistribution of routes in the VRF.
Max BGP Paths and Max iBGP Paths – Specifies the maximum BGP and iBGP paths.
TRM Enable – Select the checkbox to enable TRM.
If you enable TRM, then the RP address, the RP loopback ID and the underlay multicast address must be entered.
Is RP external - Select the checkbox if a fabric-external device is designated as RP.
RP Address and RP Loopback ID – Specifies the loopback ID and IP address of the RP.
Underlay Multicast Address – Specifies the multicast address associated with the VRF. The multicast address is used for transporting multicast traffic in the fabric underlay.
Overlay Multicast Groups – Specifies the multicast address for the VRF, used in the fabric overlay.
Enable IPv6 link-local Option - Select the checkbox to enable the IPv6 link-local option.
Advertise Host Routes - Select the checkbox to control advertisement of /32 and /128 routes to Edge Routers.
Advertise Default Route - Select the checkbox to control advertisement of default routes within the fabric.
A sample screenshot:
Advanced tab:
-
Click Create VRF.
The MyVRF_50000 VRF is created and appears on the VRFs page.
Editing VRFs in the MSD Fabric
-
In the VRFs screen of the MSD fabric, select the VRF you want to edit and click the Edit icon at the top left part of the screen.
The Edit VRF screen comes up.
You can edit the VRF Profile part (General and Advanced tabs).
-
Click Save at the bottom right part of the screen to save the updates.
VRF Inheritance from MSD-Parent-Fabric to Member1
MSD-Parent-Fabric contains one member fabric, Member1. Do the following to access the member fabric page.
-
From the main menu, click Control > Networks & VRFs. In the Networks & VRFs page, click Continue.
-
Choose Member1 in the Select a Fabric drop-down box. and click Continue. The Networks page comes up.
-
Click the VRF View button. On the VRFs page, you can see that the VRF created for the MSD is inherited to its member.
Deleting VRFs in the MSD and Member Fabrics
You can only delete networks from the MSD fabric, and not member fabrics. To delete networks and corresponding VRFs in the MSD fabric, follow this order:
-
Undeploy the networks on the respective fabric devices before deletion.
-
Delete the networks from the MSD fabric.
-
Undeploy the VRFs on the respective fabric devices before deletion.
-
Delete the VRFs from the MSD fabric by using the delete (X) option at the top left part of the screen. You can delete multiple VRF instances at once.
Note
When you delete VRFs from the MSD fabric, they are automatically removed from the member fabrics too.
Editing VRFs in the Member Fabric
You cannot edit VRF parameters at the member fabric level. Update VRF settings in the MSD fabric. All member fabrics are automatically updated.
Deleting VRFs in the Member Fabric
You cannot delete VRFs at the member fabric level. Delete VRFs in the MSD fabric. The deleted VRFs are automatically removed from all member fabrics.
Step 1 of the following is explained. Step 2 information is mentioned in the next subsection.
-
Create networks and VRFs in the MSD fabric.
-
Deploy the networks and VRFs in the member fabric devices, one fabric at a time.
Deployment and Undeployment of Networks and VRFs in Member Fabrics
Before you begin, ensure that you have created networks at the MSD fabric level since the member fabric inherits networks and VRFs created for the MSD fabric.
Note |
The deployment (and undeployment) of networks and VRFs in member fabrics are the same as explained for standalone fabrics. Refer Creating and Deploying Networks and VRFs. |
Moving a Standalone Fabric (With Existing Networks and VRFs) to an MSD Fabric
If you move a standalone fabric with existing networks and VRFs to an MSD fabric as a member, ensure that common networks (that is, L2 VNI and L3 VNI information), anycast gateway MAC, and VRF and network templates are the same across the fabric and the MSD. DCNM validates the standalone fabric (network and VRF information) against the (network and VRF information) of the MSD fabric to avoid duplicate entries. An example of duplicate entries is two common network names with a different network ID. After validation for any conflicts, the standalone fabric is moved to the MSD fabric as a member fabric. Details:
-
The MSD fabric inherits the networks and VRFs of the standalone fabric that do not exist in the MSD fabric. These networks and VRFs are in turn inherited by the member fabrics.
-
The newly created member fabric inherits the networks and VRFs of the MSD fabric (that do not exist in the newly created member fabric).
-
If there are conflicts between the standalone and MSD fabrics, validation ensures that an error message is displayed. After the updation, when you move the member fabric to the MSD fabric, the move will be successful. A message comes up at the top of the page indicating that the move is successful.
If you move back a member fabric to standalone status, then the networks and VRFs remain as they are, but they remain relevant as in an independent fabric, outside the purview of an MSD fabric.
Brownfield Deployment-Transitioning VXLAN Fabric Management to DCNM
This document explains Brownfield deployments, wherein you transition your VXLAN BGP EVPN fabric management to DCNM. The transition involves migrating existing networks configurations to DCNM.
Typically, your fabric is created and managed through manual CLI configuration or custom automation scripts. Now, you want to start managing the fabric through DCNM. After the migration, the fabric underlay and overlay networks will be managed by DCNM.
The migration procedure only supports VXLAN BGP EVPN networks that use the best practices mentioned in the Prerequisites section.
Support of simplified CLIs for VXLAN EVPN fabrics is not supported in either Greenfield or brownfield deployments.
For information about the MSD fabric migration, see Migrating an MSD Fabric with Border Gateway Switches.
Note |
The Brownfield deployment section is applicable for the Easy_Fabric_11_1 template. |
Prerequisites
-
DCNM-supported NX-OS software versions. For details, refer Cisco DCNM Release Notes, Release 11.1(1) .
-
Underlay routing protocol is OSPF or IS-IS.
-
The supported underlay is based on the DCNM 10.2(1) POAP template's best practices for the VXLAN fabric (dcnm_ip_vxlan_fabric_templates.10.2.1.ST.1.zip) available on Cisco.com.
-
The following fabric-wide loopback interface IDs must not overlap:
-
Routing loopback interface for IGP/BGP.
-
VTEP loopback ID
-
Underlay rendezvous point loopback ID if ASM is used for multicast replication.
-
-
BGP configuration uses the ‘router-id’, which is the IP address of the routing loopback interface.
-
If the iBGP peer template is configured, then it must be configured on the leaf switches and route reflectors. The template name that needs to be used between leaf and route reflector should be identical.
-
The BGP route reflector and multicast rendezvous point (if applicable) functions are implemented on spine switches. Leaf switches do not support the functions.
-
Install DCNM 11.1(1) release software. Refer the Installation Guide for more details. Log in to DCNM and set the default LAN Credentials when prompted.
-
Familiarity with the DCNM 11.1(1) fabric management and monitoring features before initiating the migration process.
-
Familiarity with VXLAN BGP EVPN fabric concepts and functioning of the fabric from the DCNM perspective.
-
Fabric switch nodes are operationally stable and functional and all fabric links are up.
-
vPC switches and the peer links are up before the migration. Ensure that no configuration updates are in progress or changes pending.
-
Create an inventory list of the switches in the fabric with their IP addresses and credentials. DCNM uses this information to connect to the switches.
-
Shut down any other controller software you are using presently so that no further configuration changes are made to the VXLAN fabric. Alternatively, disconnect the network interfaces from the controller software (if any) so that no changes are allowed on the switches.
-
In the Cisco DCNM Release 11.1(1), a brownfield import captures all the overlay network or VRF configurations found on the switch in the respective overlay freeform config.
These freeform configs will have configs that are already part of the profiles and any extra configurations. This action creates a double intent scenario, that is, the configurations are captured twice in DCNM to avoid any network outages during conversion of regular CLI configuration on NX-OS devices to config-profile based templates for deployed networks.
Similarly, the double intent is created during Brownfield migration if the switches are running Cisco NX-OS Release 7.0(3)I7(6) or lower, and 9.2(3) or lower.
The following workarounds can be used to avoid issues with the double intent:
-
Whenever the overlay parameters are updated, review the updated configurations present in the freeform configs such that they are consistent.
-
We recommend that you contact Cisco Technical Assistance Center (TAC) to help you with removing the double intent via a script. The requirement is that all the switches in the fabric should be running the below versions:
-
Cisco NX-OS Release 7.0(3)I7(6) or higher
-
Cisco NX-OS Release 9.2(3) or higher
-
-
-
All the overlay network and VRF profile parameters such as VLAN name and route map name should be consistent across all devices in the fabric for the brownfield migration to be successful.
Guidelines and Limitations
-
Fabric interfaces can be numbered or unnumbered.
-
Various other interface types are supported.
-
The following features are unsupported.
-
eBGP underlay
-
BIDIR-PIM function
-
TRM
-
Border Spine or Border Gateway Spine
-
Layer 3 port channel
-
Configuration profiles present in the brownfield configurations (the expectation is that the overlays should be configured through regular CLIs).
-
-
Take a backup of the switch configurations and save them before the migration.
-
No configuration changes (unless instructed to do so in this document) must be made to the switches until the migration is completed. Else, significant network issues can occur.
-
Migration to Cisco DCNM is only supported for Cisco Nexus 9000 switches.
-
Multi-line banner configuration on the switch is preserved in the switch_freeform configuration, along with other configurations captured in the switch_freeform configuration, if any.
Procedure
Transitioning VXLAN fabric management to DCNM involves these steps.
-
Creating a new VXLAN BGP EVPN fabric in DCNM – This step creates a VXLAN fabric outline.
-
Initiating VXLAN fabric management transition to DCNM – This step adds switch instances to DCNM and initiates the transition.
Creating a New VXLAN BGP EVPN Fabric
First, guidelines for updating the settings are noted. Then each VXLAN fabric settings tab is explained:
-
Some values (BGP AS Number, OSPF, etc) are considered as reference points to your existing fabric, and the values you enter must match the existing fabric values.
-
For some fields (such as IP address range, VXLAN ID range), the values that are auto-populated or entered in the settings are only used for future allocation. The existing fabric values are honored during migration.
-
Some fields relate to new functions that may not exist in your existing fabric (such as advertise-pip). Enable or disable it as per your need.
-
At a later point in time, after the fabric transition is complete, you can update settings if needed.
-
Choose Control > Fabric Builder.
The Fabric Builder screen appears. When you log in for the first time, the Fabrics section has no entries. After you create a fabric, it is displayed on the Fabric Builder screen, wherein a rectangular box represents each fabric.
A standalone or member fabric contains Switch_Fabric (in the Type field), the AS number (in the ASN field), and mode of replication (in the Replication Mode field).
-
Click Create Fabric. The Add Fabric screen appears. The fields are explained:
Fabric Name - Enter the name of the fabric.
Fabric Template - From the drop-down menu, choose the Easy_Fabric_11_1 fabric template. The fabric settings for creating a standalone fabric comes up.
The tabs and their fields in the screen are explained in the subsequent points. The overlay and underlay network parameters are included in these tabs.
Note
If you are creating a standalone fabric as a potential member fabric of an MSD fabric (used for provisioning overlay networks for fabrics that are connected through EVPN Multi-Site technology), then browse through the Multi-Site Domain for VXLAN BGP EVPN Fabrics topic before member fabric creation.
-
Click the Replication tab. Most of the fields are auto generated.
Replication Mode: The mode of replication that is used in the existing fabric, Ingress Replication, or Multicast.
When you choose Ingress replication, the multicast replication fields get disabled.
Multicast Group Subnet - The IP address prefix for multicast communication is used for post-migration allocation. The IP address prefix used in your existing fabric is honored during the transition.
A unique IP address is allocated from this group for each overlay network.
Enable Tenant Routed Multicast – Do not enable the check box. TRM is not supported for transitioning fabric management.
Rendezvous-Points - The RP count is only applicable post-migration. The existing RP configuration is honored when importing into the DCNM setup.
RP mode – Retain asm (for Any-Source Multicast [ASM]) mode. Do not change the selection to bidir since BIDIR-PIM is not supported for fabric migration.
When you choose ASM, the BiDir related fields are not enabled.
Underlay RP Loopback ID – The loopback ID has to match your existing setup's loopback ID. This is the loopback ID used for the rendezvous point (RP), for multicast protocol peering purposes in the fabric underlay.
The other two fields are grayed out.
The next two fields are enabled if Rendezvous-Points is set to 4. However, the fabric can have only 2 RPs for the brownfield migration.
-
Click the vPC tab. Most of the fields are auto generated.
vPC Peer Link VLAN - Enter the VLAN ID used for the vPC peer link SVI in the existing fabric.
vPC Peer Keep Alive option – Choose the management or loopback option, as used in the existing fabric. If you want to use IP addresses assigned to the management port and the management VRF, choose management. If you use IP addresses assigned to loopback interfaces (and a non-management VRF), choose loopback.
If you only use IPv6 addresses on the management interface, you must use the loopback option.
During the transition, the switch configuration is not checked for the following fields in the vPC tab. The switch configurations will get updated if they are different.
vPC Auto Recovery Time - Specify the vPC auto recovery time-out period in seconds, as needed.
vPC Delay Restore Time - Specify the vPC delay restore period in seconds, as needed.
vPC IPv6 ND Synchronize – Enables IPv6 Neighbor Discovery synchronization between vPC switches. The check box is enabled by default. Clear the check box to disable the function as needed.
vPC advertise-pip - Select the check box to enable the Advertise PIP feature.
-
Click the Advanced tab. Most of the fields are auto generated.
VRF Template and VRF Extension Template: Specifies the VRF template for creating VRFs, and the VRF extension template for enabling VRF extension to other fabrics.
Network Template and Network Extension Template: Specifies the network template for creating networks, and the network extension template for extending networks to other fabrics.
You must not change the templates when migrating. Only the Universal templates are supported for overlay migration.
Site ID - The ID for this fabric if you are moving this fabric within an MSD. You can update this field post-migration.
Underlay Routing Loopback Id - The loopback interface ID is populated as 0 since loopback0 is usually used for fabric underlay IGP peering purposes. This must match the existing configuration on the switches. This must be the same across all the switches.
Underlay VTEP Loopback Id - The loopback interface ID is populated as 1 since loopback1 is usually used for the VTEP peering purposes. This must match the existing configuration on the switches. This must be the same across all the switches where VTEPs are present.
Link-State Routing Protocol Tag - Enter the existing fabric’s routing protocol tag in this field to define the type of network.
OSPF Area ID – The OSPF area ID of the existing fabric, if OSPF is used as the IGP within the fabric.
Power Supply Mode - Choose the appropriate power supply mode.
CoPP Profile - Choose the Control Plane Policing (CoPP) profile policy used in the existing fabric. By default, the strict option is populated.
Enable VXLAN OAM - Enables the VXLAM OAM function for existing switches.
This is enabled by default. Clear the check box to disable VXLAN OAM function.
If you want to enable the VXLAN OAM function on specific switches and disable on other switches in the fabric, you can use freeform configurations to enable OAM and disable OAM in the fabric settings.
Note
The VXLAN OAM feature in Cisco DCNM is only supported on a single fabric or site.
Greenfield Cleanup Option – Enable or disable the switch cleanup option for Greenfield switches. This is applicable post-migration when new switches are added.
iBGP Peer-Template Config – Add iBGP peer template configurations on the leaf switches and route reflectors to establish an iBGP session between the leaf switch and route reflector. Set this field based on switch configuration. If this field is blank, it implies that the iBGP peer template is not used. If the iBGP peer template is used, enter the peer template definition as defined on the switch. The peer template name on devices configured with BGP should be the same as defined here.
Leaf Freeform Config and Spine Freeform Config - You can enter these fields after fabric transitioning is complete, as needed.
-
Click the Resources tab.
Static Underlay IP Address Allocation – Do not select this check box if you are transitioning your VXLAN fabric management to DCNM.
Review the ranges and ensure they are consistent with the existing fabric. The migration will honor the existing resources as found on the fabric. The range settings apply to post migration allocation.
Underlay Routing Loopback IP Range - Specifies loopback IP addresses for the protocol peering.
Underlay VTEP Loopback IP Range - Specifies loopback IP addresses for VTEPs.
Underlay RP Loopback IP Range - Specifies the anycast or phantom RP IP address range.
Underlay Subnet IP Range - IP addresses for underlay P2P routing traffic between interfaces.
Layer 2 VXLAN VNI Range and Layer 3 VXLAN VNI Range - Specifies the VXLAN VNI IDs for the fabric.
Network VLAN Range and VRF VLAN Range - VLAN ranges for the Layer 3 VRF and overlay network.
Subinterface Dot1q Range - Specifies the subinterface range when L3 sub interfaces are used.
VRF Lite Deployment - Specify the VRF Lite method for extending inter fabric connections.
If you select Manual, the VRF Lite subnet details are required so that the resource manager can reserve the address space.
If you select Back2BackOnly, ToExternalOnly, or Both, then the VRF Lite subnet fields are enabled.
VRF Lite Subnet IP Range and VRF Lite Subnet Mask – These fields are populated with the DCI subnet details. Update the fields as needed.
The values shown in your screen are automatically generated. If you want to update the IP address ranges, VXLAN Layer 2/Layer 3 network ID ranges or the VRF/Network VLAN ranges, ensure the following:
Note
When you update a range of values, ensure that it does not overlap with other ranges. You should only update one range of values at a time. If you want to update more than one range of values, do it in separate instances. For example, if you want to update L2 and L3 ranges, you should do the following.
-
Update the L2 range and click Save.
-
Click the Edit Fabric option again, update the L3 range and click Save.
The remaining tabs do not require updates. However, their purpose is mentioned.
-
-
Click the Manageability tab - Leave the fields in this tab blank to retain existing DNS, NTP, AAA, and syslog configurations. Policies are created using the source "".
Post transition, for any new device added to the fabric, you must manually enter the configuration in the switch_freeform policy configuration. If the tab has any field filled before or after migration, it will overwrite the corresponding feature configuration on the switch.
-
Click the Bootstrap tab. Update the fields in this tab post transition, when new switches are added to the fabric.
-
Click the Configuration Backup tab. Leave the fields in this tab blank. You can update post transition.
-
Click Save after filling and updating relevant information. A note appears briefly at the bottom right part of the screen, indicating that the fabric is created. When a fabric is created, the fabric page comes up. The fabric name appears at the top left part of the screen.
The Actions panel at the left part of the screen allows you to perform various functions. One of them is the Add switches option to add switches to the fabric. After you create a fabric, you should add fabric devices. The process is explained next:
Adding Switch Instances and Transitioning VXLAN Fabric Management to DCNM
-
In the fabric topology screen, click Add switches. The Inventory Management screen comes up. The Discover Existing Switches tab is displayed by default.
The POAP tab is only used for adding new switches to the fabric. Use the tab only after migrating your existing fabric to DCNM.
-
Enter the IP address (Seed IP), administrator username and password (Username and Password fields) of the switch, and set the Max Hops count for the switch. Ensure that all fabric switches can be added to DCNM at once.
Important - Ensure that the Preserve Config field remains set to yes. Selecting 'no' can cause significant configuration loss and fabric disruption.
-
Click Start discovery, at the bottom part of the screen. The switch with the specified IP address and switches up to two hops away (depending on the setting of Max Hops) from it are populated in the Scan Details section.
-
Select the check box next to the concerned switches and click Import into fabric.
It is a best practice to discover multiple switches at once. The switches must be properly cabled and connected to the DCNM server and the switch status must be manageable.
The switch discovery process is initiated. The Progress column displays progress for all the selected switches. It displays done for each switch on completion.
Note
You must not close the screen (and try to import switches again) till all selected switches are imported or an error message comes up.
If an error message comes up, close the screen. The fabric topology screen comes up. The error messages are displayed at the top right part of the screen. Resolve the errors and initiate the import process again by clicking on Add Switches in the Actions panel.
After DCNM discovers all the switches, and the Progress column displays done for all switches, close the screen. The fabric topology screen comes up again. The switch is in Migration Mode now and the Migration mode label is displayed on the switch icons.
At this point, you must not try to add Greenfield or new switches. Support is not available for adding new switches during the migration process. It might lead to undesirable consequences for your network. However, you can add a new switch after the migration process is complete.
Note
The switch discovery process might fail for a few switches, and the Discovery Error message displayed. However, such switches are still displayed in the fabric topology. You must remove such switches from the fabric (Right-click the switch icon and click Discovery > Remove from fabric), and import them again.
You must not proceed to the next step till all switches in the existing fabric are discovered in DCNM.
-
Each switch’s role and vPC pairing must be set during the fabric migration process.
Right-click the switch icon and use the Set role option (Leaf, Border, etc) to update switch role.
If you choose the Hierarchical layout for display (in the Actions panel), the topology automatically gets aligned as per role assignment, with the leaf switches at the bottom, the spine switches connected on top of them, and the border switches at the top.
vPC Pairing - The vPC pairing must be done for switches where the Layer 3 vPC peer-keep alive is used. The vPC configuration is automatically picked up from the switches when the vPC peer keep alive is established through the management option. This pairing reflects in the GUI only after the migration is complete.
-
Right-click the switch icon and click vPC Pairing to set a vPC switch pair.
The Select vPC peer screen comes up. It lists potential vPC peer switches.
-
Select the appropriate switch and click OK. The fabric topology comes up again. The vPC pair is formed now.
Note
Check if you have added all switches from the current fabric. If you have missed adding switches, add them now. Once you are certain that you have imported all existing switches, move to the next step, the Save and Deploy option.
-
-
Use the Save and Deploy option (at the top right part of the screen) to sync configurations between the switch and DCNM.
The Saving Fabric Configuration message comes up immediately. This indicates that overlay and underlay network migration, and switch and port channel settings migration to DCNM is initiated.
If there are configuration mismatches, error messages are displayed. Update changes in the fabric settings or the switch configuration as needed, and click Save and Deploy again.
After the migration of underlay and overlay networks, the Configuration Deployment screen comes up.
The Preview Config column is updated with entries denoting a specific number of lines.
We strongly recommend that you preview the configuration before proceeding to deploy it on the switches. Click the Preview Config column entry. The Config Preview screen comes up. It lists the pending configurations on the switch.
The Side-by-side Comparison tab displays the running configuration and expected configuration side-by-side.
Close the preview screen.
-
Click Deploy Config at the bottom part of the screen to initiate pending configuration onto the switch. The Status column displays FAILED or SUCCESS state. For a FAILED status, investigate the reason for failure to address the issue.
The progress bar shows 100% for each switch. After correct provisioning and successful configuration compliance, close the screen. In the fabric topology screen that comes up, all imported switch instances are displayed in green color, indicating successful configuration. Also, the Migration Mode label is not displayed on any switch icon.
Post-transitioning of VXLAN fabric management to DCNM - This completes the transitioning process of VXLAN fabric management to DCNM. Now, you can add new switches and provision overlay networks for your fabric. For details, refer the respective section in the Fabrics topic in the configuration guide.
Fabric Options
-
Tabular View - By default, the switches are displayed in the topology view. Use this option to view switches in the tabular view.
-
Refresh topology - Allows you to refresh the topology.
-
Save Layout – Saves a custom view of the topology. You can create a specific view in the topology and save it for ease of use.
-
Delete saved layout – Deletes the custom view of the topology
-
Topology views - You can choose between Hierarchical, Random and Custom saved layout display options.
-
Hierarchical - Provides an architectural view of your topology. Various Switch Roles can be defined that draws the nodes on how you configure your CLOS topology.
-
Random - Nodes are placed randomly on the screen. DCNM tries to make a guess and intelligently place nodes that belong together in close proximity.
-
Custom saved layout - You can drag nodes around to your liking. Once you have the positions as how you like, you can click Save Layout to remember the positions. Next time you come to the topology, DCNM will draw the nodes based on your last saved layout positions.
-
-
Restore Fabric – Allows you to restore the fabric to a prior DCNM configuration state (one month back, two months back, and so on). For more information, see Restore Fabric section.
-
Resync Fabric - Use this option to resynchronize DCNM state when there is a large scale out-of-band change, or if configuration changes do not register in the DCNM properly. The resync operation does a full CC run for the fabric switches and recollects “show run” and “show run all” commands from the switches. When you initiate the re-sync process, a progress message is displayed on the screen. During the re-sync, the running configuration is taken from the switches. Then, the Out-of-Sync/In-Sync status for the switch is recalculated based on the intent or expected configuration defined in DCNM versus the current running configuration that was taken from the switches.
-
Add Switches – Allows you to add switch instances to the fabric.
-
Fabric Settings – Allows you to view or edit fabric settings.
Migrating an MSD Fabric with Border Gateway Switches
When you migrate an existing MSD fabric with a border gateway switch into DCNM, make sure to note the following guidelines:
-
Underlay Multisite peering: The eBGP peering and corresponding routed interfaces for underlay extensions between sites are captured in switch_freeform and routed_inerfaces, and optionally in the interface_freeform configs. This configuration includes all the global configs for multisite. Loopbacks for EVPN multisite are also captured via the appropriate interface templates.
-
Overlay Multisite peering: The eBGP peering is captured as part of switch_freeform as the only relevant config is under router bgp.
-
Overlays containing Networks or VRFs: The corresponding intent is captured with the profiles on the Border Gateways with extension_type = MULTISITE.
This ensures that the brownfield migration will be complete with no CC diff, and there will be no traffic disruption.
Perform the following steps after you migrate the member fabrics into DCNM:
Before you begin, ensure member fabrics have the correct Site ID in the fabric settings.
-
Create an MSD. For more information, see Creating an MSD Fabric.
-
Ensure that the fabric settings for MSD are correct including settings such as profile selection, the multisite loopback ID, and anycast GW MAC.
-
Move the member fabrics into the MSD. For more information, see Moving the Member1 Fabric Under MSD-Parent-Fabric.
Note
The networks or VRFs definitions should be symmetric. Otherwise, you will not be able to deploy Multi-Site. If there are any errors based on conflicting definitions for VRFs or networks, you need to resolve before deployment.
-
Create multisite overlay IFC. For more information, see Configuring Multi-Site Overlay IFCs.
Multisite overlay IFCs need to be created if Multi-Site Overlay IFC Deployment Method is set to Manual under the DCI tab for the MSD fabric settings.
If Multi-Site Overlay IFC Deployment Method is set to Direct_To_BGWS, then overlay IFCs are created after brownfield migration, and associated with appropriate MULTISITE_OVERLAY policy.
The intent generated by this IFC should match what was captured in the freeform for the MULTISITE_IFC for BGP peering.
Repeat the above step for each BGW MULTISITE_OVERLAY IFC and for each member fabric. After the Multi-Site overlay IFCs are successfully created, the intent for the eBGP multisite overlay peering captured in the freeform policy templates for the BGWs can be removed. Otherwise, the intent for the eBGP multisite overlay peering is captured twice.
Note that there is no need to create MULTISITE_UNDERLAY IFCs as they have already been captured in the intent.
-
To verify, you can select networks or VRFs and corresponding BGWs, and see the expected configurations. You can now manage all the networks or VRFs for BGWs by using the regular top-down workflow.
Post DCNM 10.4(2) or 11.0(1) to DCNM 11.1(1) Upgrade for VXLAN BGP EVPN and MSD Fabrics
Note the following guidelines after you upgrade DCNM Release 10.4(2) or 11.0(1) to DCNM 11.1(1):
-
After you upgrade to Cisco DCNM Release 11.1(1) with an existing fabric with the Easy_Fabric template, you cannot set the Border Spine or Border Gateway Spine roles to switches because these roles are not supported with the Easy_Fabric template. You need to use the Easy_fabric_11_1 template to set these roles for switches in a fabric.
-
After you upgrade DCNM Release 10.4(2) or 11.0(1) to Release 11.1(1), perform the following steps to use the LAN fabric features of DCNM 11.1(1):
-
Update or save all the Easy Fabrics with the new Easy Fabric Template, that is, Easy_Fabric_11_1. Then click Save & Deploy to deploy each updated Easy fabric.
-
Update or save all the MSD Fabrics with new MSD Template, that is, MSD_Fabric_11_1. Then click Save & Deploy to deploy each updated MSD fabric.
Note
Under the Resources tab for each Easy Fabric, the Loopback IP Ranges should not be a duplicate of any other Easy Fabric Loopback IP Ranges.
-
After you upgrade DCNM Release 10.4(2) to Release 11.1(1) with custom VRF templates, do the following steps to use MSD feature:
-
For BGP ASN and multicast Group variables, edit the template. Refer Modifying a Template.
-
Add an attribute isFabricInstance=true in the custom VRF and network templates.
Otherwise while deploying, a network/VRFs created for a member fabric will have bgp ASN and router bgp values to null.
Enabling Freeform Configurations on Fabric Switches
In DCNM, you can add custom configurations through freeform policies in the following ways:
-
Fabric-wide
-
On all leaf, border leaf, and border gateway leaf switches in the fabric, at once.
-
On all spine, super spine, border spine, border super spine, border gateway spine and border switches, at once.
-
-
On a specific switch at the global level.
-
On a specific switch on a per Network or per VRF level.
Leaf switches are identified by the roles Leaf, Border, and Border Gateway. The spine switches are identified by the roles Spine, Border Spine, Border Gateway Spine, Super Spine, Border Super Spine, and Border Gateway Super Spine.
Note |
You can deploy freeform CLIs when you create a fabric or when a fabric is already created. The following examples are for an existing fabric. However, you can use this as a reference for a new fabric. |
Deploying Fabric-Wide Freeform CLIs on Leaf and Spine Switches
-
Click Control > Fabric Builder. The Fabric Builder screen comes up. A rectangular box represents each fabric.
-
Click the Edit Fabric icon (located on the top right part of the rectangular box) for adding custom configurations to an existing fabric. The Edit Fabric screen comes up.
(If you are creating a fabric for the first time, click Create Fabric).
-
Click the Advanced tab and update the following fields:
Leaf Freeform Config – In this field, add configurations for all leaf, border leaf, and border gateway leaf switches in the fabric.
Spine Freeform Config - In this field, add configurations for all Spine, Border Spine, Border Gateway Spine, Super Spine, Border Super Spine, and Border Gateway Super Spine switches in the fabric.
Note
Copy-paste the intended configuration with correct indentation, as seen in the running configuration on the Nexus switches. For more information, see Resolving Freeform Config Errors in Switches.
-
Click Save. The fabric topology screen comes up.
-
Click Save & Deploy at the top right part of the screen to save and deploy configurations.
Configuration Compliance functionality will ensure that the intended configuration as expressed by those CLIs are present on the switches and if they are removed or there is a mismatch, then it will flag it as a mismatch and indicate that the device is Out-of-Sync.
Incomplete Configuration Compliance - On some Cisco Nexus 9000 Series switches, in spite of configuring pending switch configurations using the Save & Deploy option, there could be a mismatch between the intended and switch configuration. To resolve the issue, add a switch_freeform_config policy to the affected switch (as explained in the Deploy Freeform CLIs on a Specific Switch section). For example, consider the following persistent pending configurations:
line vty
logout-warning 0
After adding the above configurations in a policy and saving the updates, click Save and Deploy in the topology screen to complete the deployment process.
To bring the switch back in-sync, you can add the above configuration in a switch_freeform_config policy saved and deployed onto the switch.
Deploying Freeform CLIs on a Specific Switch
-
Click Control > Fabric Builder. The Fabric Builder screen comes up.
-
Click on the rectangular box that represents the fabric. The Fabric Topology screen comes up.
Note
To provision freeform CLIs on a new fabric, you have to create a fabric, import switches into it, and then deploy freeform CLIs.
-
Right-click the switch icon and select the View/edit policies option.
The View/Edit Policies screen comes up.
-
Click +. The Add Policy screen comes up.
In the Priority field, the priority is set to 500 by default. You can choose a higher priority (by specifying a lower number) for CLIs that need to appear higher up during deployment. For example, a command to enable a feature should appear earlier in the list of commands.
-
From the Policy field, select switch_freeform_config.
-
Add or update the CLIs in the Freeform Config CLI box.
Copy-paste the intended configuration with correct indentation, as seen in the running configuration on the Nexus switches. For more information, see Resolving Freeform Config Errors in Switches.
-
Click Save.
After the policy is saved, it gets added to the intended configurations for that switch.
-
Close the policy screens. The Fabric Topology screen comes up again.
-
Right click the switch and click Deploy Config.
The Save & Deploy option can also be used for deployment. However, the Save & Deploy option will identify mismatch between the intended and running configuration across all fabric switches.
Pointers for switch_freeform_config Policy Configuration:
-
You can create multiple instances of the policy.
-
For a vPC switch pair, create consistent switch_freeform_config policies on both the vPC switches.
-
When you edit a switch_freeform_config policy and deploy it onto the switch, you can see the changes being made (in the Side-by-side tab of the Preview option).
Freeform CLI Configuration Examples
Console line configuration
This example involves deploying some fabric-wide freeform configurations (for all leaf, and spine switches), and individual switch configurations.
Fabric-wide session timeout configuration:
line console
exec-timeout 1
Console speed configuration on a specific switch:
line console
speed 115200
ACL configuration
ACL configurations are typically configured on specific switches and not fabric-wide (leaf/spine switches). When you configure ACLs as freeform CLIs on a switch, you should include sequence numbers. Else, there will be a mismatch between the intended and running configuration. A configuration sample with sequence numbers:
ip access-list ACL_VTY
10 deny tcp 172.29.171.67/32 172.29.171.36/32
20 permit ip any any
ip access-list vlan65-acl
10 permit ip 69.1.1.201/32 65.1.1.11/32
20 deny ip any any
interface Vlan65
ip access-group vlan65-acl in
line vty
access-class ACL_VTY in
If you have configured ACLs without sequence numbers in a switch_freeform_config policy, update the policy with sequence numbers as shown in the running configuration of the switch.
After the policy is updated and saved, right click the device and select the per switch Deploy Config option to deploy the configuration. Alternatively, use the Save and Deploy option in the fabric topology screen (within Fabric Builder) so that the fabric triggers Configuration Compliance and resolves the configuration mismatch.
Resolving Freeform Config Errors in Switches
Copy-paste the running-config to the freeform config with correct indentation, as seen in the running configuration on the NX-OS switches. The freeform config must match the running config. Otherwise, configuration compliance in DCNM marks switches as out-of-sync.
Let us see an example of the freeform config of a switch.
feature bash-shell
feature telemetry
clock timezone CET 1 0
# Daylight saving time is observed in Metropolitan France from the last Sunday in March (02:00 CET) to the last Sunday in October (03:00 CEST)
clock summer-time CEST 5 Sunday March 02:00 5 Sunday October 03:00 60
clock protocol ntp
telemetry
destination-profile
use-vrf management
The highlighted line about the daylight saving time is a comment that is not displayed in the show running config command output. Therefore, configuration compliance marks the switch as out-of-sync because the intent does not match the running configuration.
Let us check the running config in the switch for the clock protocol.
spine1# show run all | grep "clock protocol"
clock protocol ntp vdc 1
You can see that vdc 1 is missing from the freeform config.
In this example, let us copy-paste the running config to the freeform config.
Here is the updated freeform config:
feature bash-shell
feature telemetry
clock timezone CET 1 0
clock summer-time CEST 5 Sunday March 02:00 5 Sunday October 03:00 60
clock protocol ntp vdc 1
telemetry
destination-profile
use-vrf management
After you copy-paste the running config and deploy, the switch will be in-sync. When you click Save & Deploy, the Side-by-side Comparison tab in the Config Preview window provides you information about the difference between the defined intent and the running config.