Table Of ContentCisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release
1.2(2x)
First Published: February22,2016
Last Modified: April07,2016
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.ALLSTATEMENTS,
INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND,
EXPRESSORIMPLIED.USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS.
THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITH
THEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY,
CONTACTYOURCISCOREPRESENTATIVEFORACOPY.
TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversion
oftheUNIXoperatingsystem.Allrightsreserved.Copyright©1981,RegentsoftheUniversityofCalifornia.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS"WITHALLFAULTS.
CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOF
MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.
INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUT
LIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERS
HAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.
AnyInternetProtocol(IP)addressesandphonenumbersusedinthisdocumentarenotintendedtobeactualaddressesandphonenumbers.Anyexamples,commanddisplayoutput,network
topologydiagrams,andotherfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesorphonenumbersinillustrativecontentisunintentional
andcoincidental.
CiscoandtheCiscologoaretrademarksorregisteredtrademarksofCiscoand/oritsaffiliatesintheU.S.andothercountries.ToviewalistofCiscotrademarks,gotothisURL:http://
www.cisco.com/go/trademarks.Third-partytrademarksmentionedarethepropertyoftheirrespectiveowners.Theuseofthewordpartnerdoesnotimplyapartnership
relationshipbetweenCiscoandanyothercompany.(1110R)
©2016CiscoSystems,Inc.Allrightsreserved.
CONTENTS
Preface Preface ix
Audience ix
DocumentConventions ix
RelatedDocumentation xi
DocumentationFeedback xiii
ObtainingDocumentationandSubmittingaServiceRequest xiii
CHAPTER 1 Overview 1
AboutDeployingApplication-CentricInfrastructureLayer4toLayer7Services 1
ConfiguringLayer4toLayer7ServicesUsingtheGUI 2
AboutServiceGraphTemplates 2
CHAPTER 2 ImportingaDevicePackage 5
AbouttheDevicePackage 5
InstallingaDevicePackageUsingREST 6
ImportingaDevicePackageUsingtheGUI 6
CHAPTER 3 DefiningaLogicalDevice 7
AboutDeviceClusters 7
AboutManagedDeviceClusters 8
AboutUnmanagedDeviceClusters 8
AboutConcreteDevices 8
CreatingaDeviceUsingtheGUI 8
CreatingaDeviceUsingtheNX-OS-StyleCLI 11
UsinganImportedDeviceUsingtheRESTAPIs 15
ImportingaDeviceFromAnotherTenantUsingtheNX-OS-StyleCLI 15
UsinganImportedDeviceUsingtheObjectModelCLI 16
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
iii
Contents
VerifyingtheImportofaDeviceUsingtheGUI 17
CHAPTER 4 ConfiguringConnectivitytoDevices 19
AboutIn-BandManagementforDevices 19
ConfiguringIn-BandManagementforDevicesUsingtheGUI 20
TroubleshootingIn-BandManagementforDevicesUsingtheGUI 21
CHAPTER 5 SelectingaLayer4toLayer7DevicetoRenderaGraph 23
AboutDevice(LogicalDevice)Contexts 23
CreatingaLogicalDeviceContextUsingtheGUI 23
ConfiguringaDeviceSelectionPolicyUsingRESTAPIs 24
CreatingaDeviceContextUsingtheRESTAPIs 24
AddingaLogicalInterfaceinaDeviceUsingtheRESTAPIs 25
ConfiguringtheDeviceSelectionPolicyUsingtheObjectModelCLI 25
CHAPTER 6 ConfiguringaServiceGraph 27
AboutServiceGraphs 27
AboutFunctionNodes 27
AboutFunctionNodeConnectors 28
AboutServiceGraphConnections 28
AboutTerminalNodes 28
AboutServiceGraphTemplateConfigurationParameters 28
ConfiguringServiceGraphTemplatesUsingtheGUI 28
CreatingaServiceGraphTemplateUsingtheRESTAPIs 28
ConfiguringaServiceGraphUsingtheNX-OS-StyleCLI 29
CHAPTER 7 ConfiguringRoutePeering 35
AboutRoutePeering 35
OpenShortestPathFirstPolicies 37
BorderGatewayProtocolPolicies 40
SelectinganL3extOutPolicyforaCluster 43
RoutePeeringEnd-to-EndFlow 45
CiscoApplicationCentricInfrastructureFabricServingAsaTransitRoutingDomain 46
ConfiguringRoutePeeringUsingtheGUI 47
CreatingaStaticVLANPoolUsingtheGUI 48
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
iv
Contents
CreatinganExternalRoutedDomainUsingtheGUI 49
CreatinganExternalRoutedNetworkUsingtheGUI 49
CreatingaRouterConfigurationUsingtheGUI 51
CreatingaServiceGraphAssociationUsingtheGUI 52
ConfiguringRoutePeeringUsingtheNX-OS-StyleCLI 52
TroubleshootingRoutePeering 54
VerifyingtheLeafSwitchRoutePeeringFunctionalityUsingtheCLI 55
CHAPTER 8 ConfiguringDirectServerReturn 59
AboutDirectServerReturn 59
Layer2DirectServerReturn 60
AboutDeployingLayer2DirectServerReturnwithCiscoApplicationCentric
Infrastructure 62
SupportedDirectServerReturnConfiguration 63
DirectServerReturnArchitecture 63
ExampleXMLPOSTofDirectServerReturnforStaticServiceDeployment 65
DirectServerReturnforStaticServiceDeployment 66
DirectServerReturnforStaticServiceDeploymentLogicalModel 66
DirectServerReturnforServiceGraphInsertion 66
DirectServerReturnSharedLayer4toLayer7ServiceConfiguration 67
ConfiguringtheCitrixServerLoadBalancerforDirectServerReturn 67
ConfiguringaLinuxServerforDirectServerReturn 67
CHAPTER 9 ConfiguringtheDeviceandChassisManager 69
AboutDeviceManagersandChassisManagers 69
DeviceManagerandChassisManagerBehavior 72
CreatingaDeviceManagerUsingtheGUI 73
CreatingaChassisUsingtheGUI 73
ExampleXMLforDeviceManagersandChassisManagers 74
ExampleXMLforCreatingtheMDevMgrObject 74
ExampleXMLforAssociatinganLDevVipObjectWithaDevMgrObject 74
ExampleXMLforCreatingtheMChassisObject 75
ExampleXMLforCreatingtheChassisObject 75
ExampleXMLforAssociatinganCDevObjectWithaChassisObject 75
DeviceandChassisCallouts 76
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
v
Contents
ExampledeviceValidateCalloutforaDevice 76
ExampledeviceAuditCalloutforaDevice 76
ExampleclusterAuditCalloutforaDevice 76
ExampleserviceAuditCalloutforaDevice 77
ExampledeviceValidateCalloutforaChassis 77
ExampledeviceAuditCalloutforaChassis 78
ExampleclusterAuditCalloutforaChassis 78
ExampleserviceAuditCalloutforaChassis 79
CHAPTER 10 ConfiguringUnmanagedMode 81
AbouttheUnmanagedMode 81
AboutManagedandUnmanagedLogicalDevices 82
AboutManagedandUnmanagedFunctionNodes 82
AboutLayer4toLayer7ServicesEndpointGroups 83
UsingStaticEncapsulationforaGraphConnector 83
CreatingaPhysicalDeviceUsingtheNX-OS-StyleCLI 84
CreatingaHighAvailablityClusterUsingtheNX-OS-StyleCLI 85
CreatingaVirtualDeviceUsingtheNX-OS-StyleCLI 86
ExampleXMLfortheUnmanagedMode 87
ExampleXMLofCreatinganUnmanagedLDevVipObject 88
ExampleXMLofCreatinganUnmanagedAbsNodeObject 88
ExampleXMLofAssociatingaLayer4toLayer7ServiceEndpointGroupwitha
Connector 88
ExampleXMLofUsingStaticEncapsulationwithaLayer4toLayer7ServiceEndpoint
Group 89
UnmanagedModeBehavior 89
CHAPTER 11 ConfigurationParameters 91
ConfigurationParametersInsidetheDevicePackageSpecification 91
ConfigurationScopeofaDevicePackageSpecification 93
ExampleXMLofConfigurationParametersInsidetheDevicePackage 94
ConfigurationParametersInsideAnAbstractFunctionProfile 94
ConfigurationScopeofanAbstractFunctionProfile 96
ExampleXMLPOSTforanAbstractFunctionProfileWithConfigurationParameters 97
ConfigurationParametersInsideanAbstractFunctionNodeinaServiceGraph 98
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
vi
Contents
ExampleXMLPOSTforanAbstractFunctionNodeWithConfigurationParameters 100
ConfigurationParametersInsideVariousConfigurationMOs 101
ExampleXMLPOSTforanApplicationEPGWithConfigurationParameters 103
ParameterResolution 105
LookingUpanMODuringParameterResolution 106
AboutRole-BasedAccessControlRuleEnhancements 107
Role-BasedAccessControlRuleArchitecture 107
Role-BasedAccessControlRuleSystemFlow 109
CHAPTER 12 UsingaServiceGraphTemplate 111
AssociatingServiceGraphTemplateswithContractsandEPGsUsingtheGUI 111
CreatingaServiceGraphTemplateUsingtheNX-OS-StyleCLI 111
ConfiguringaServiceGraphTemplateUsingtheObjectModelCLI 115
ConfiguringaServiceGraphTemplateUsingtheRESTAPIs 115
CreatingaSecurityPolicyUsingtheRESTAPIs 116
CHAPTER 13 MonitoringaServiceGraph 117
MonitoringaServiceGraphInstanceUsingtheGUI 117
MonitoringServiceGraphFaultsUsingtheGUI 118
ResolvingServiceGraphFaults 119
MonitoringaVirtualDeviceUsingtheGUI 123
MonitoringDeviceClusterandServiceGraphStatusUsingtheNX-OS-StyleCLI 124
MonitoringDeviceClusterandServiceGraphStatusUsingtheObjectModelCLI 127
CHAPTER 14 ConfiguringAdministratorRolesforManagingaServiceConfiguration 129
AboutPrivileges 129
ConfiguringaRoleforDeviceManagement 130
ConfiguringaRoleforServiceGraphTemplateManagement 130
ConfiguringaRoleforUploadingDevicePackage 130
ConfiguringaRoleforExportingDevices 130
CHAPTER 15 DevelopingAutomation 131
AbouttheRESTAPIs 131
ExamplesofAutomatingUsingtheRESTAPIs 132
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
vii
Contents
CHAPTER 16 UsingtheGUI 139
DeployingtheLayer4toLayer7ServicesUsingtheGUI 139
ImportingaDevicePackageUsingtheGUI 140
CreatingaFunctionProfileUsingtheGUI 140
UsinganExistingFunctionProfiletoCreateaNewFunctionProfileUsingtheGUI 141
CreatingaLayer4toLayer7ServiceGraphTemplateUsingtheGUI 142
ModifyingaDevice 142
ApplyingaServiceGraphTemplatetoEndpointGroupsUsingtheGUI 144
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
viii
Preface
Thisprefaceincludesthefollowingsections:
• Audience, page ix
• DocumentConventions, page ix
• RelatedDocumentation, page xi
• DocumentationFeedback, page xiii
• ObtainingDocumentationandSubmittingaServiceRequest, page xiii
Audience
Thisguideisintendedprimarilyfordatacenteradministratorswithresponsibilitiesandexpertiseinoneor
moreofthefollowing:
•Virtualmachineinstallationandadministration
•Layer4toLayer7Servicesinstallationandadministration
•Switchandnetworkadministration
Document Conventions
Commanddescriptionsusethefollowingconventions:
Convention Description
bold Boldtextindicatesthecommandsandkeywordsthatyouenterliterally
asshown.
Italic Italictextindicatesargumentsforwhichtheusersuppliesthevalues.
[x] Squarebracketsencloseanoptionalelement(keywordorargument).
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
ix
Preface
Document Conventions
Convention Description
[x|y] Squarebracketsenclosingkeywordsorargumentsseparatedbyavertical
barindicateanoptionalchoice.
{x|y} Bracesenclosingkeywordsorargumentsseparatedbyaverticalbar
indicatearequiredchoice.
[x{y|z}] Nestedsetofsquarebracketsorbracesindicateoptionalorrequired
choiceswithinoptionalorrequiredelements.Bracesandaverticalbar
withinsquarebracketsindicatearequiredchoicewithinanoptional
element.
variable Indicatesavariableforwhichyousupplyvalues,incontextwhereitalics
cannotbeused.
string Anonquotedsetofcharacters.Donotusequotationmarksaroundthe
stringorthestringwillincludethequotationmarks.
Examplesusethefollowingconventions:
Convention Description
screen font Terminalsessionsandinformationtheswitchdisplaysareinscreenfont.
boldface screen font Informationyoumustenterisinboldfacescreenfont.
italicscreenfont Argumentsforwhichyousupplyvaluesareinitalicscreenfont.
<> Nonprintingcharacters,suchaspasswords,areinanglebrackets.
[] Defaultresponsestosystempromptsareinsquarebrackets.
!,# Anexclamationpoint(!)orapoundsign(#)atthebeginningofaline
ofcodeindicatesacommentline.
Thisdocumentusesthefollowingconventions:
Note Meansreadertakenote.Notescontainhelpfulsuggestionsorreferencestomaterialnotcoveredinthe
manual.
Caution Meansreaderbecareful.Inthissituation,youmightdosomethingthatcouldresultinequipmentdamage
orlossofdata.
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 1.2(2x)
x
Description:Configuring the Device Selection Policy Using the Object Model CLI 25 Verifying the Leaf Switch Route Peering Functionality Using the CLI 55 Direct Server Return for Static Service Deployment Logical Model 66 . ACI Simulator documentation is available at http://www.cisco.com/c/en/us/support/.
