Cisco ACI 6.0 New Interface Configuration (Explained and Example)
Reference: cisco.com
Contents
I- ACI Traditional Access policies configuration: Profiles and Selectors configuration
In Cisco ACI, Interface configurations are performed by associating an interface policy group, which is a group of interface policies such as interface speed or link layer discovery protocol (LLDP), to an interface on a switch node.
Cisco ACI uses four objects (switch profile, switch selector, interface profile, and interface selector) to select a certain interface on a certain switch node.
II- Per-port interface configuration
Starting from release ACI 6.0(1), a new configuration option “per-port configuration” is added (also known as the “interface configuration” or infraPortConfig
, which is the name of the object for this configuration) that simplifies the interface configuration.
This option presents the four objects as a single object and has the object specify an interface on a switch node. As a result, you do not need to use nor maintain switch profiles, switch selectors, interface profiles, and interface selectors.
Basically, switch profile, switch selector, interface profile, and interface selector –> “Port Configuration“
Please note that the traditional configuration method is still available, but, the newer option is recommended.
III- Per-Port Configuration Example in Cisco ACI
You can access the per-port configuration in the following ways in the Cisco Application Policy Infrastructure Controller (APIC) GUI:
- Fabric > Access Policies > Interface Configurations
- Fabric > Access Policies > Quick Start > Configure Interfaces
- Fabric > Inventory > pod_ID > switch_name > Interface tab > Configure Interfaces
Click on Action > Configure Interfaces:
Then, save and Continue, never been easier
Let check the object “infraPortConfig” created by the previous configuration:
APIC# moquery -c infraPortConfig -x rsp-subtree=full
Total Objects shown: 1
# infra.PortConfig
node : 102
card : 1
port : 24
subPort : 0
annotation :
assocGrp : uni/infra/funcprof/accportgrp-server1
brkoutMap : none
childAction :
connectedFex : unspecified
description :
dn : uni/infra/portconfnode-102-card-1-port-24-sub-0
extMngdBy :
lcOwn : local
modTs : 2023-05-18T18:54:27.744+00:00
operationalAssocGrp : uni/infra/funcprof/accportgrp-server1
operationalAssocSubGrp :
pcMember :
pcPortDn :
portDn : topology/pod-1/paths-102/pathep-[eth1/24]
rn : portconfnode-102-card-1-port-24-sub-0
role : leaf
shutdown : no
status :
uid : 15374
userdom : :all:common:
But, do we really replace the four object with a one object:
Keep in mind, that the behind the hood the same object as before are created by the system.
ACI translate port configuration to leaf profile/selector interface profile/selector according to the best practices (1 leaf profile per node/VPC and one interface profile per node/VPC)
Actually, if you scroll into the configuration of the leaf Profile/selector and Interface Profile/selector, you will see that new objects are created by the system. For example for leaf the profile it’s “system-node-profile-NODE_ID” , in our use case “system-node-profile-102”
When using the interface configuration option, the Cisco APIC creates and maintains switch profiles and selectors and interface profiles and selectors as read-only with as few objects as possible. For example, if you configure two contiguous ports identically, the Cisco APIC automatically creates a range in the configuration. You configure the ports individually and you do not have to worry about these optimizations; the Cisco APIC takes care of them. These objects that the Cisco APIC creates automatically are called “system-generated profiles” and you do not need to maintain them.
The system-generated profiles are still visible under Fabric > Access Policies > Interfaces > {Leaf | Spine} {Switches | Interfaces} > Profiles in the GUI along with any user-defined profiles.
IV- Migrate from Interface Selectors to Per-Port Configuration
If you configure an interface using the interface configuration option and you previously configured the interface with profiles and selectors, the Cisco APIC automatically removes the interface from the existing profiles and moves the interface to the system-generated profiles seamlessly. If the pre-existing switch and interface profiles contain other interfaces, the Cisco APIC does not delete them; you can keep using them in the traditional way. If the pre-existing profiles no longer contain any interfaces, the Cisco APIC automatically removes those profiles because they are no longer needed.
If you already configured an interface using a multinode selector, meaning that you assigned the port selector to a profile with multiple leaf switches, you must simultaneously configure the same interface for each node that belongs to the multinode selector for the Cisco APIC to remove those nodes automatically from the existing profile. Otherwise, a validation failure blocks the migration.