Showcase ACI / UCSD Integration for Tenant 3 Tier Network Creation

Version 4
    Task NameACI / UCSD integration example
    Description
    Prerequisites
    1. Tested on 5.3.2.0
    CategoryWorkflow
    ComponentsvSphere 5.x
    User Inputs

    Instructions for Regular Workflow Use:

    1. Download the attached .ZIP file below to your computer. *Remember the location of the saved file on your computer.
    2. Unzip the file on your computer. Should end up with a .WFD file.
    3. Log in to UCS Director as a user that has "system-admin" privileges.
    4. Navigate to "Policies-->Orchestration" and click on "Import".
    5. Click "Browse" and navigate to the location on your computer where the .WFD file resides. Choose the .WFD file and click "Open".
    6. Click "Upload" and then "OK" once the file upload is completed. Then click "Next".
    7. Click the "Select" button next to "Import Workflows". Click the "Check All" button to check all checkboxes and then the "Select" button.
    8. Click "Submit".
    9. A new folder should appear in "Policies-->Orchestration" that contains the imported workflow. You will now need to update the included tasks with information about the specific environment.

     

     

    Many Thanks go out to Wee Kuenn Leow who built this.

     

    This is the workflow was build to showcase ACI / UCSD integration for Tenant 3 Tier Network creation (WWW/APP/DB EPGs) + UCSD vDC creation (WWW/APP/DB).

    Thank to your custom_Task, we can now map the ACI EPG to UCSD vDC.

     

    We also make use of the content contribution from  Matt Day and Orf to help us “Passing variables from PowerShell to UCS Director”.

     

    Below is a brief description of our use case.

    Hope this is something for those out there that does not have the physical storage to meet UCSD tenant on-boarding requirement to still use UCSD to complete ACI + UCSD integration use case.

     

    Workflow:

    -          2015-06-23-SEVT2015SG-ACI-3Tier-Ver2-test3.wfdx



    Summary:

    - create APIC Tenant with WWW/APP/DB EPG

    - Assign IP Address to BD, Outside OSPF from network pool

    - Standardized use of IP Subnet Pool for APIC

    - Custom task for Add Domain to EPG to handle VARIABLE mismatch of dv-Switch Variable in APIC and UCSD

    - Custom PowerShell script to create IP-Address-Range from IP-Subnet

    - create WWW/APP/DB vDC matching to APIC EPG Name

    - User Self Service to “Create APIC 3 Tier Network n Create UCSD vDC (WWW/APP/DB)

    - User Self Service to Order VM into the different vDC created by the Workflow

     

     

    Version History:

    - 2015-05-12 matday ogelbric (code contribution Passing variables from PowerShell)

    - 2015-06-05 Abhilash Pujari(code contribution Add Domain to EPG for custom task)

    - 2015-06-01 Kwai Seng (Workflow Initial build + OSPF Layer 3 scripts)

    - 2015-06-23 Kuenn (Modified to include vDC creation for user self service)


    Workflow Ilustations:


    The run of the workflow:

    Unknown.png


    Standardized EGP Naming with “ActiveDirectory OU GroupName” with the TierName

     

     

    Unknown.jpeg



    APIC EPGs Mapped directly into UCSD vDC construct


    Unknown.jpeg


    User Self Service to Order VM in the respective vDC (aka EPG in ACI construct)


    Unknown.jpeg


    Ordering from the catalog:


    Unknown.jpeg


    Request for “Windows 2012R2 VM Catalog


    Unknown.jpeg


    Demo NSLOOKUP failed as ACI Contract does not ACCESS RULE defined


    Unknown.jpeg


    TURN on NSLOOKUP with commonServices_ClientAccess Contract on both “External Routed Network” and “WWW EGP


    Unknown.png


    BEFORE Contract definition (where NSLOOK FAILED)


    Unknown.jpeg


    Unknown.png


    AFTER adding Contract (NSLOOK PASSED)


    Unknown.png


    Unknown-1.png


    Unknown.jpeg


    Slight ISSUE on APIC GUI: Dangling CONTRACT to “External Router Network” connection.


    Unknown.png


    Included the subnet calculator to convert “UCSD IP Subnet from IP Subnet Pool” used for ACI  to “ip Address Range from IP Pool” used by UCSD Network Policy.

    Attached is the powershell script need to be placed in the “Powershell Agent”



    The Powershell script:


    function toBinary ($dottedDecimal){

    $dottedDecimal.split(".") | %{$binary=$binary + $([convert]::toString($_,2).padleft(8,"0"))}

    return $binary

    }

    function toDottedDecimal ($binary){

    do {$dottedDecimal += "." + [string]$([convert]::toInt32($binary.substring($i,8),2)); $i+=8 } while ($i -le 24)

    return $dottedDecimal.substring(1)

    }

    #read args and convert to binary

    if($args.count -ne 2){ "`nUsage: .\subnetCalc.ps1 <ipaddress> <subnetmask>`n"; Exit }

    $ipBinary = toBinary $args[0]

    $smBinary = toBinary $args[1]

    #how many bits are the network ID

    $netBits=$smBinary.indexOf("0")

    #validate the subnet mask

    if(($smBinary.length -ne 32) -or ($smBinary.substring($netBits).contains("1") -eq $true)) {

    Write-Warning "Subnet Mask is invalid!"

    Exit

    }

    #validate that the IP address

    if(($ipBinary.length -ne 32) -or ($ipBinary.substring($netBits) -eq "00000000") -or ($ipBinary.substring($netBits) -eq "11111111")) {

    Write-Warning "IP Address is invalid!"

    Exit

    }

    #identify subnet boundaries

    $networkID = toDottedDecimal $($ipBinary.substring(0,$netBits).padright(32,"0"))

    $firstAddress = toDottedDecimal $($ipBinary.substring(0,$netBits).padright(31,"0") + "1")

    $lastAddress = toDottedDecimal $($ipBinary.substring(0,$netBits).padright(31,"1") + "0")

    $broadCast = toDottedDecimal $($ipBinary.substring(0,$netBits).padright(32,"1"))

    $AddressRange = "$firstAddress-$lastAddress"

     

     

    #write output

    #"`nNetwork_ID`t$networkID/$netBits"

    #"First_Address`t$firstAddress"

    #"Last_Address`t$lastAddress"

    #"Broadcast`t$broadCast`n"

     

     

    $ucsd = @{};

    $ucsd.Network_ID = $networkID;

    $ucsd.First_Address = $firstAddress;

    $ucsd.Last_Address = $lastAddress;

    $ucsd.Broadcast = $broadCast;

     

     

    $ucsd.Address_Range = $AddressRange;

    $ucsd.netBits = $netBits;

    return $ucsd;

     

     

    The workflows:

     

    Screen Shot 2015-06-24 at 8.21.11 AM.png

     

    Screen Shot 2015-06-24 at 8.15.12 AM.png