Cisco ACI

Cisco Application Centric Infrastructure (ACI) is an orchestrator that applies the SDN policy model across networks, servers, storage, security, and services.
cavna37
Cisco Application Centric Infrastructure (ACI) is an orchestrator that applies the SDN policy model across networks, servers, storage, security, and services.
The plug-in collects inventory for the following items:
  • ACI interfaces
  • ACI tenants
  • ACI virtual routing and forwarding (VRF)
  • APIC controller
  • APIC interfaces
  • Applications profiles
  • Bridge domains
  • Contracts
  • End points
  • End point groups (EPG)
  • L2/L3 EPGs
  • Subnets
  • Switches (leafs and spines)
Cisco ACI collects the following performance metrics:
Item Type
VNA Metric Families and Metrics
Fabric
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
Tenant
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
Pod
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
Interface
  • Interface
    • Incoming Bytes
    • Outgoing Bytes
    • Incoming Packets
    • Outgoing Packets
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
Controller
  • Disk
    • Disk Usage
    • Disk Available
    • Disk Capacity
Switch Policy
  • Cam
    • Policy Capacity
    • Policy Usage
Application Profile
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
Bridge Domain
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
Contracts
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
End Point & End Point Group
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
VRF
  • Health Score
    • Health Score
    • Critical Count
    • Major Count
    • Minor Count
    • Warning Count
Supported Releases
Virtual Network Assurance
(VNA) supports the following releases of Cisco ACI:
  • Cisco ACI 4.2.4
  • Cisco ACI 4.0
  • Cisco ACI 3.2
  • Cisco ACI 2.0
Requirements
  • For the
    DX NetOps Performance Management
    Data Collector that polls switches through SNMP, add the host IP address to the list of IPs in the Client Group Policies.
  • The service account requires read-only access. We recommend, but do not require, the service account have access to all tenants.
    If you grant access to only a single tenant, then you must deploy multiple plug-ins for visibility into the other tenants (one per tenant).
    You can have multiple plug-ins of the same technology type on a single instance of VNA.
  • We only require the service account have access to a single APIC. Other APIC controllers are identified through an inventory request.
    The plugin does not use the controllers that are discovered through the inventory request.
Plug-in Configuration Example
The following JSON example shows the Cisco ACI plug-in configuration:
{
"PLUGIN_CONFIG": {
"APIC_HOST_IP": "10.241.17.185",
"APIC_HOST_aaaUser_NAME": "api",
"APIC_HOST_aaaUser_PASSWORD": "apiReadOn1y",
"APIC_MAX_PAGE_SIZE": 15,
"PROTOCOL": "https",
"INVENTORY_POLL_RATE": "0 */10 *",
"INVENTORY_DELTA_TIME": 600,
"PERFORMANCE_POLL_RATE": "0 */5 *",
"PERFORMANCE_DELTA_TIME": 300,
"AVAILABILITY_POLL_RATE": "0 */5 *",
"AVAILABILITY_DELTA_TIME": 300,
"DOMAIN_ID": 0
}
}
3.7.5 Only:
{ "PLUGIN_CONFIG": { "APIC_HOST_IP": "10.241.17.185", "APIC_HOST_aaaUser_NAME": "api", "APIC_HOST_aaaUser_PASSWORD": "apiReadOn1y", "APIC_MAX_PAGE_SIZE": 15, "PROTOCOL": "https", "INVENTORY_POLL_RATE": "0 */10 *", "INVENTORY_DELTA_TIME": 600, "PERFORMANCE_POLL_RATE": "0 */5 *", "PERFORMANCE_DELTA_TIME": 300, "AVAILABILITY_POLL_RATE": "0 */5 *", "AVAILABILITY_DELTA_TIME": 300, "HISTORICAL_EVENT_DAYS": 1, "DOMAIN_ID": 0 } }
3.7.6 and Higher Only:
{ "PLUGIN_CONFIG": { "APIC_HOST_IP": "10.241.17.185", "APIC_HOST_aaaUser_NAME": "api", "APIC_HOST_aaaUser_PASSWORD": "apiReadOn1y", "APIC_MAX_PAGE_SIZE": 15, "PROTOCOL": "https", "INVENTORY_POLL_RATE": "0 */10 *", "INVENTORY_DELTA_TIME": 600, "PERFORMANCE_POLL_RATE": "0 */5 *", "PERFORMANCE_DELTA_TIME": 300, "AVAILABILITY_POLL_RATE": "0 */5 *", "AVAILABILITY_DELTA_TIME": 300, "FAULT_SUBSCRIPTION_ENABLED": true, "EVENT_SUBSCRIPTION_ENABLED": true, "HISTORICAL_EVENT_DAYS": 1, "DOMAIN_ID": 0 } }
3.7.8 and Higher Only:
{ "PLUGIN_CONFIG": { "APIC_HOST_IP": "10.241.17.185", "APIC_HOST_aaaUser_NAME": "api", "APIC_HOST_aaaUser_PASSWORD": "apiReadOn1y", "APIC_MAX_PAGE_SIZE": 15, "PROTOCOL": "https", "INVENTORY_POLL_RATE": "0 */10 *", "INVENTORY_DELTA_TIME": 600, "PERFORMANCE_POLL_RATE": "0 */5 *", "PERFORMANCE_DELTA_TIME": 300, "AVAILABILITY_POLL_RATE": "0 */5 *", "AVAILABILITY_DELTA_TIME": 300, "FAULT_SUBSCRIPTION_ENABLED": true, "EVENT_SUBSCRIPTION_ENABLED": false, "HISTORICAL_EVENT_DAYS": 1, "DOMAIN_ID": 0 } }
  • APIC_HOST_IP
    The IP address of the APIC controller host
  • APIC_HOST_aaaUser_NAME
    The APIC controller user name
  • APIC_HOST_aaaUser_PASSWORD
    The APIC controller password
  • APIC_MAX_PAGE_SIZE
    The number of response objects per page
  • PROTOCOL
    The communication protocol with the APIC controller
    Values:
    http or https (case-sensitive)
  • INVENTORY_POLL_RATE
    How often the product collects inventory data
  • INVENTORY_DELTA_TIME
    Difference between polls (in seconds)
  • PERFORMANCE_POLL_RATE
    How often the product collects performance data
  • PERFORMANCE_DELTA_TIME
    Difference between polls (in seconds) for performance data requests
  • AVAILABILITY_POLL_RATE
    How often the product polls the availability of the controller
  • AVAILABILITY_DELTA_TIME
    Difference between polls (in seconds) for availability data requests
  • FAULT_SUBSCRIPTION_ENABLED (3.7.6 and higher only)
    Whether fault subscription is enabled.
  • EVENT_SUBSCRIPTION_ENABLED (3.7.6 and higher only)
    Whether event subscription is enabled.
  • HISTORICAL_EVENT_DAYS (3.7.5 and higher only)
    The number of days to retrieve historical events.
    Default:
    1
    Maximum
    : 30
  • DOMAIN_ID
    Virtual Network Assurance
    assigns inventory from this plug-in to the specified domain.
Configure Faults (3.7.5 and Higher Only)
The ACI plug-in collects faults based on certain patterns. Configure faults to add, delete, or update fault patterns. You can add new patterns in any order. For assistance, contact Support.
Follow these steps:
  1. Stop the wildfly service:
    service wildfly stop
  2. Edit the fault configuration file:
    VNA_install_directory
    /plugins/ACI Plugin/config/aci-fault-config.xml
    Example:
    <fault-patterns> <regex>.*fv-\[(.+?)].*</regex> <regex>.*ra-\[(.+?)].*</regex> <regex>.*client-\[(.+?)].*</regex> <regex>.*rtd-\[(uni\/.+?)\/</regex> <regex>.*jobs-\[(uni\/.+?)\/</regex> <regex>(.+?)\/sys</regex> <regex>(.+?)\/local</regex> <regex>(uni\/.+?)\/</regex> </fault-patterns>
    >
  3. Start the wildfly service:
    service wildfly start
Configure Filters (3.7.5 and Higher Only)
You can configure blacklisting filters based on fault codes and severities. In 3.7.8 and higher, you can configure whitelisting filters as well. You can configure multiple fault code separated by a comma.
DX NetOps Virtual Network Assurance
filters new alarms generated after you configure the filter. The filter does not apply to pre-existing alarms. If the customer wants to apply the filter on existing alarms in the spectrum, the existing engine needs to be deleted from VNA and deploy a new engine after configuring the filter.
Follow these steps:
  1. Stop the wildfly service:
    service wildfly stop
  2. Edit the fault configuration file:
    VNA_install_directory
    /plugins/ACI Plugin/config/aci-fault-config.xml
    Examples:
    <filter enabled="true"> <fault-types>configuration,operational</fault-types> <fault-codes>F2603,F2631,F2632,F2633,F2634</fault-codes> <fault-severities>minor,warning</fault-severities> </filter>
    3.7.8 and Higher Only:
    When you upgrade to 3.7.8 and higher, all the previously set values for fault-codes, fault-types, and fault-severities are cleared. All the faults are whitelisted and saved in the database. To prevent this, stop the Wildfly service within 5 minutes of the upgrade and configure the filters as needed.
    <filter enabled="true" filterType="whitelist" <fault-types>configuration,operational</fault-types> <fault-codes>F2603,F2631,F2632,F2633,F2634</fault-codes> <fault-severities>minor,warning</fault-severities> </filter>
    • faultTypes
      Values:
      • whitelist
        Shows only the alarms that match all the configured filter values.
      • blacklist
        Excludes only the alarms that match all the configured filter values.
    • <fault-types>
      Values:
      config, generic, equipment, connectivity, environmental, management, network, operational
    • <fault-severities>
      Values:
      critical, major, minor, warning, info, cleared
  3. Start the wildfly service:
    service wildfly start