Cisco ACI deployment
This section describes steps to create endpoint objects within ACI that SDN Connector can extract from. The steps include the following:
- Create a tenant (Tenant1) and VRF (vrf1).
- Create BDs (app and web).
- Create EPGs (app and web).
- Create an L4-L7 device (FGT1).
- Create a service graph template (Template1).
- Deploy service graph between web and app.
To create a tenant and VRF:
- In Cisco APIC, go to Tenants > Add Tenant.
- Create a tenant and VRF as shown below. In the example below, the tenant is named "Tenant1", and the VRF is named "vrf1".
To create a BD (app and web):
- Create the app BD:
- Go to Tenants > Tenant 1 > Networking > Bridge Domains.
- Create the app BD as shown. In the Name field, enter App. From the VRF dropdown list, select vrf1. Click Next.
- Configure the other parameters as required. Click Finish.
- Define a subnet gateway for the app BD:
- If you are using policy base routing (PBR), this will be the gateway for the endpoints that belong to this BD. For PBR configuration, consult the Cisco configuration guide. If you are not using PBR, the endpoint gateway will be the interfaces on the FortiGate. In our example, we are using the FortiGate interface as the gateway for the endpoints. Go to the newly created BD app, then click Subnets.
- Create the subnet and enter the gateway IP address as shown.
- Click Submit.
- Create the web BD:
- Go to Tenants > Tenant 1 > Networking > Bridge Domains.
- Create the web BD as shown. In the Name field, enter web. From the VRF dropdown list, select vrf1. Click Next.
- Configure the other parameters as required. Click Finish.
- Define a subnet gateway for the web BD:
- If you are using policy base routing (PBR), this will be the gateway for the endpoints that belong to this BD. For PBR configuration, consult the Cisco configuration guide. If you are not using PBR, the endpoint gateway will be the interfaces on the FortiGate. In our example, we are using the FortiGate interface as the gateway for the endpoints. Go to the newly created BD app, then click Subnets.
- Create the subnet and enter the gateway IP address as shown.
- Click Submit.
To create EPGs:
- Create an application profile for the EPGs:
- Go to Tenants > Tenant 1 > Create Application Profile.
- Configure as shown, then click Submit.
- Create the app EPG:
- Go to Tenants > Tenant 1 > Application Profiles > AP > Application EPGS > Create Application EPG. Do not use | in the EPG name.
- Configure as shown, selecting the web BD.
- Click Finish.
- Configure tag(s) for the app EPG if desired.
- Map endpoint VMs to the app EPG:
- Go to Tenants > Tenant1 > Application Profiles > AP > Application EPGs > app, then right-click Domains (VMs and Bare-Metals). Select Add VMM Domain Association.
- Configure the VMM domain association as shown. Click Submit.
- In the hypervisor, select the configured VMM domain association under the Network label.
- Repeat step b to create the web EPG, selecting the web BD instead of the app BD. Do not use | in the EPG name.
- If desired, create tag(s) for the web EPG.
- Repeat step c to map endpoints to the web EPG.
To create an L4-L7 device:
- Go to Tenant > Tenant1 > Services > L4-L7 > Devices > Create L4-L7 Devices.
- If using unmanaged mode, ensure that the Managed checkbox is not selected.
- Configure as shown, then click Finish.
To create the service graph template:
- Go to Tenant > Tenant1 > Services > L4-L7 > Service Graph Templates > Create L4-L7 Service Graph Template.
- Configure the service graph template.
- Click Submit.
To deploy the service graph template between the web and app EPGs:
- Deploy the service graph between the web and app EPGs:
- Go to Tenant > Tenant1 > Services > L4-L7 > Service Graph Templates. Right-click Template1, then select Apply L4-L7 Service Graph Template.
- From the Consumer EPG / External Network dropdown list, select the web EPG.
- From the Provider EPG / Internal Network dropdown list, select the app EPG.
- Enter a contract name.
- Click Next.
- From the Service Graph Template dropdown list, select the service graph template configured in step h.
- Under FGT1 Information, configure the consumer connector as shown, selecting the web BD. Configure the provider connector with the app BD.
- Click Finish. The service graph is deployed.
- Obtain the VLANs assigned to the interfaces. You will configure the corresponding VLANs on the FortiGate side:
- Go to Tenant > Tenant1 > Services > L4-L7 > Deployed Graph Instances > contract1-Template1-Tenant1 > Function Node - N1.
- Under Function Connectors, note the VLANs listed for the consumer and provider in the Encap column.