Network: ACI Community plan - ansible/community GitHub Wiki

GitHub aci issues GitHub aci PRs ACI pinboard

Bare facts for the connection plugin (ACI + MultiSite)

What basic facts do we need to add as part of the initial connection ? What hierarchical structure would best fit its use ?

  • Facts related to version information
  • Facts deemed highly important for operational decisions (playbook constructs)
  • Facts that don't change too often unexpectedly

ACI MultiSite TODO list

  • Integrated label handling (auto-add labels if they do not exist)
  • Persistent connection plugin for ACI MultiSite
  • Should we use "msc_" as the prefix ?
  • Review the current user interface
  • How will we manage schemas ?
  • Implement change-detection using Modified-header (instead of internal comparison)
  • Test the minimum requirement with the version
  • Known issues
    • MSC Error 400: Bad Request: Cannot Update - APIC Site ID for the new url entered does not match
    • Initial password reset

Needed modules

What ACI functionality would you prefer to see added as modules ?

  • aci_aaa_user_domain (aaa:UserDomain)
  • aci_aaa_user_role (aaa:UserRole)
  • aci_bd_dhcp_association
  • aci_taboo_contract_subject
  • aci_vmm_controller (vmm:CtrlrP)
  • mso_site_domain_facts
  • mso_site_fabric_facts
  • mso_tenant_l3out_facts
  • mso_schema_template_anp_epg_selector
  • mso_schema_template_anp_epg_selector_expression
  • mso_schema_template_anp_epg_usegattr ??
  • mso_schema_template_contract_filter_directive
  • mso_schema_template_vrf_contract (incl. consumer and provider)
  • mso_schema_site_anp_epg_selector
  • mso_schema_site_anp_epg_selector_expression
  • mso_schema_site_anp_epg_usegattr
  • your module here ?

Needed functionality

What use-cases do you have that require additional functionality ?

Configuration - Access Policies

  • Creating FEX profiles (NOT VERY COMMON)

Configuration - EPGs

  • Creating EPG Subnets(adding subnets to EPG on top, NOT COMMON)
  • Add handling for EPG modules for Contract-Master functionality

Configuration - Networking

  • L3Out creation (VERY UNCOMMON) #37570
    • Logical Node Profiles (NOT COMMON)
    • Logical Interface Profiles (NOT COMMON)
    • Networks (adding/removing) (COMMON)
    • Contracts (adding/removing) (COMMON)

Configuration - inventory management addresses (COMMON)

(All these bullets are related when setting new switch up)

  • When putting new switch and setting in-band and OOB addresses (COMMON)
  • IP address Pools(COMMON)
  • Node management addresses (COMMON)
  • Managed mode connectivity groups (COMMON)
  • Updating of management addresses (VERY COMMON)

Configuration - protocol policies (Fabric policies)

  • Date/Time (NTP) Policy (NOT COMMON, one time fab setup)
  • SNMP Policy (NOT COMMON, one time fab setup)
  • TACACS Policy (NOT COMMON, one time fab setup)
  • BGP route reflectors (NOT COMMON, one time fab setup)
  • Syslog / Monitoring Destinations (NOT COMMON, one time fab setup)
  • DHCP Protocol Policy creation (NOT COMMON, one time)
  • DHCP relay applied to bridge domain (COMMON) (aci_bd_dhcp_association)
  • DNS - Global Policies (NOT COMMON, one time fab setup)

Operational - Queries

  • Query APIC Cluster health (COMMON) (@dagwieers) Wiki Docs
  • Find ip script (VERY COMMON --> used by IDO) -- (@brunocalogero @dagwieers)
  • Find all endpoints in Fabric or specific switch (COMMON)
  • Contract Checker (identifies all contracts between any two endpoints, source/destination and handles response(if policy allows them to talk or not)) (COMMON)
  • Checking if VLAN is in use (COMMON)
  • Query operations - DNQuery, ClassQuery (VERY COMMON)
  • Visore type queries/filters (VERY COMMON)
  • Endpoint lookups on leafs (COMMON)
  • Identification of stale tunnels (COMMON)
  • Interface CRC checks per switch(es) (COMMON)

Actions on Fabric

(Avoided in prod., mainly used in LAB)

  • Decommission APIC
  • Decommission Switch
  • Recommission Switch (pre-provision switch)
  • Disable port(s)
  • Enable port(s)
  • Reload switch
  • Reload APIC --> We have a playbook for this (@dagwieers)

ACI Lab Task041: Create NXOS ACI topology scenario 1

  • Create complex l3out (l3ext:Out)

ACI Lab Task073: SCVMM step03

  • Configure a VMM domain
    • (vmm:ProvP)
      • Create virtual domain (vmm:DomP)
        • Bind to VLAN pool (infra:RsVlanNs)
        • Adding VMM controller, e.g. SCVMM (vmm:CtrlrP)