Blog Detail
We’re excited to announce the latest addition to our portfolio of Nautobot apps, the Single Source of Truth (SSoT) App for Cisco ACI! In this post, we’ll discuss the capabilities of the SSoT App for ACI and how to get started using it to synchronize data between Cisco ACI and Nautobot.
To learn more about Nautobot SSoT Apps (aka plugins), please see this blog post.
Nautobot SSoT for ACI Overview
The Cisco ACI controller, the APIC (Application Policy Infrastructure Controller), contains a wealth of inventory information about the hardware running in the ACI fabric, including device model numbers, part numbers, and serial numbers for every switch connected to the data center fabric. This inventory information is discovered dynamically as devices are added or removed from the fabric. The APIC also contains administratively configured Out of Band management IP addressing of the hardware devices, as well as IP addressing for use on subnets within the fabric. With the SSoT App for Cisco ACI, this information can be dynamically synchronized from the APIC to Nautobot, eliminating the need to manually enter and maintain the devices and IP addressing in Nautobot. In addition, the SSoT App for Cisco ACI can also synchronize useful information from the APIC, such as interface descriptions and interface optic types. As the information is updated in the APIC, a synchronization job in Nautobot can be set to run periodically to dynamically pick up the changes. This results in reduced administrative overhead for initially getting the data from ACI into Nautobot, and keeping the data in Nautobot up to date as changes occur in ACI. In addition, it provides useful visibility of ACI configuration details inside of Nautobot.
Nautobot SSoT for ACI Capabilities
The SSoT App for ACI currently syncrhonizes the following objects:
ACI | Nautobot |
---|---|
Tenant | Tenant |
Node (Leaf/Spine/Controller) | Device |
Model | Device Type |
Management IP address (Leaf/Spine/Controller) | IP Address |
Bridge Domain Subnet | Prefix, IP Address |
Interfaces | Interface |
VRFs | VRFs |
Currently, the synchronization is one-way from ACI to Nautobot. While it would be possible to synchronize objects from Nautobot to ACI, the focus for this release was bringing data into Nautobot from ACI and keeping it up to date as changes occur in the ACI fabric. It does not mean it is any less important to model data in Nautobot and push & federate that data into ACI (and other controllers).
Tenants
The SSoT App will discover any tenants created in ACI, and create them in Nautobot. Multiple ACI fabrics can be supported by the SSoT App, and thus a configurable tenant prefix is appended to the beginning of the tenant name to indicate which ACI fabric the tenant is a member of.
VRFs
The SSoT App will synchronize the VRFs in ACI as VRF objects in Nautobot, and assign them to the appropriate tenant.
Devices and Device Types
Leaf and Spine nodes, as well as the APIC controllers will be created in Nautobot as Devices. In order to create the Devices, it is necessary to first create Device Types for each type of switch model in the ACI fabric. To accomplish creation of Device Types, a set of YAML descriptor files are placed in the nautobot_ssot_aci/diffsync/device-types
directory. The YAML filenames match the actual device model names, for example N9K-C93180LC-EX.yaml
. During the initial synchronization, new Device Types will be created in Nautobot for each of the YAML files. Note that configurable Comment and Tag values are associated to all objects in Nautobot where possible.
Several YAML files are bundled with this project. However, more can be downloaded here. Additionally, if a device type doesn’t yet exist for a particular switch model, it can be created using the same format and placed in the
device-types
directory.
Once Device Types are created, Devices will be created in in Nautobot for the Leaf and Spine nodes, as well as the APIC controllers. The device model is read from the ACI fabric, and the Device is associated to the corresponding Device Type in Nautobot.
Device details, such as the Serial Number, are synchronized. In addition, Custom Fields are created in Nautobot to store ACI Leaf and Spine Node IDs and Pod membership.
Interfaces
During synchronization, the SSoT App enumerates all interfaces on each Leaf and Spine device in ACI, creates the interfaces in Nautobot, and attaches them to the appropriate Device in Nautobot. Any interface descriptions that are configured on the interfaces in ACI will carry over to the interfaces in Nautobot.
In addition, the SSoT App will query the ACI fabric for the optics installed in the switch ports and the optic details will be programmed as Custom Fields on the interfaces in Nautobot.
There are no physical optical details in the ACI simulator, therefore the optic details will only be shown when working with a real ACI fabric.
IP Addresses and Prefixes
The APIC controllers, as well as leaf and spine switches, are all assigned out of band management IP addresses in the APIC. These management IP addresses will be programmed in Nautobot during synchronization, and will be associated to the management interface on the devices in Nautobot.
In ACI, one or more subnets can be created on each Bridge Domain. During synchronization, these subnets are programmed in Nautobot as Prefixes, if not already present. In addition, the gateway address for the subnet is created as an IP Address in Nautobot. The Prefixes and IP Addresses are assigned to the correct Tenant and VRF in Nautobot, as determined by querying the APIC controller. The description is also configured to indicate the name of the Bridge Domain where the subnet is configured.
Setting Up
The steps for installing and configuring the SSoT App for ACI can be found in the project README. The SSoT App supports use with multiple APIC clusters, and the unique credentials for each should be defined as environment variables with an identifier at the end of each variable for the APIC cluster. The identifier is a unique name that will be visible in the SSoT dashboard when executing a synchronization job. In the below example, NTC
is the identifier assigned to our fabric.
export NAUTOBOT_APIC_BASE_URI_NTC=https://aci1.infra.networktocode.com
export NAUTOBOT_APIC_USERNAME_NTC=admin
export NAUTOBOT_APIC_PASSWORD_NTC=not_so_secret_password
export NAUTOBOT_APIC_VERIFY_NTC=False
export NAUTOBOT_APIC_SITE_NTC="NTC ACI"
export NAUTOBOT_APIC_TENANT_PREFIX_NTC="NTC_ACI"
We also have environment variables defined for a second APIC cluster, which is the Cisco DevNet Always-On sandbox.
export NAUTOBOT_APIC_BASE_URI_DEVNET=https://sandboxapicdc.cisco.com
export NAUTOBOT_APIC_USERNAME_DEVNET=admin
export NAUTOBOT_APIC_PASSWORD_DEVNET=not_so_secret_password
export NAUTOBOT_APIC_VERIFY_DEVNET=False
export NAUTOBOT_APIC_SITE_DEVNET="DevNet Sandbox"
export NAUTOBOT_APIC_TENANT_PREFIX_DEVNET="DevNet"
When executing a synchronization job, we can then select which APIC we would like to operate against.
The
NAUTOBOT_APIC_SITE
environment variable is used to select the objects to be compared during synchronization. It will be programmed as a Site in Nautobot, and will also be used to ensure that a synchronization job on one APIC cluster cannot affect objects for a different APIC cluster. With this being the case, it is important that each APIC cluster be configured with a different value forNAUTOBOT_APIC_SITE
.
Running
Once the SSoT App is configured and initialized, it can be accessed by navigating to the Single Source of Truth dashboard in Nautobot and clicking on the Cisco ACI Data Source.
From there, you can view historical synchronization jobs or click Sync Now to launch a new job.
When you click Sync Now, you can launch a synchronization job immediately or it can be run on a schedule. Scheduling provides the ability to launch the job at a specific time, or run the job hourly, daily, or weekly. In addition, it is possible to initiate a Dry Run which will run the synchronization job without creating any objects in Nautobot. This is useful to view the changes that would be made in Nautobot without actually making the changes.
When a job completes, you can click on the SSoT Sync Details button to see the proposed (in the case of a Dry Run) or implemented changes.
Wrapping Up
There’s certainly more we could do with synchronizing data between ACI and Nautobot, and we’d love to hear your use cases! Please let us know in the comments or hit us up on Slack.
Conclusion
This project would not have been as comprehensive or well tested if it weren’t for the excellent contributions and testing efforts from Donnie Wood (@dnewood), Christian Adell (@chadell), and Tomek Zajac. Thanks!
-Matt
Resources
Contact Us to Learn More
Share details about yourself & someone from our team will reach out to you ASAP!