Cisco UCS Integration with Cisco ACI

July 13, 2015

Colin Lynch, one of our UK & Ireland Cisco Champions from Computacenter UK, talks about Cisco UCS Integration with Cisco ACI

It’s always a great day when I can combine my passions, now I’m not talking about playing Rugby, underwater, while eating awesomely hot chili peppers, in this instance I’m talking combining Cisco Unified Computing System (UCS) with Cisco Application Centric Infrastructure (ACI).

Cisco ACI is a very hot topic with my clients, and it makes sense they are very interested in how their existing Cisco UCS infrastructure would integrate into a Cisco ACI environment.

Now as you may know, many of the smart folks at Cisco who developed Cisco ACI are the very same people who brought us Cisco UCS, so it stands to reason that the two technologies share many characteristics, which is one of the reasons why Cisco UCS trained consultants and engineers are finding it a relatively pain free process to understand the guiding principles of Cisco ACI.

I am writing this blog post as a companion post to a complete end to end “How to” video which covers the complete configuration of the Cisco ACI environment through the Cisco UCS Infrastructure and extending the ACI policies into the VMware vSphere Distributed Switch (vDS) or Cisco Application Virtual Switch (AVS).

The Video post can be found Here

This text post will focus on the concepts to understand in order to configure a virtual port-channel (vPC) between the leaf Nexus 9300 switches in ACI mode and the Cisco UCS Fabric Interconnects.

This post will not focus on the integration between Cisco ACI and VMware as that is not UCS Specific, neither will I detail the actual step by step configuration of the APIC, as there would be far too many screen shots required. However all those topics are covered in the above video post.

Important considerations to understand is that the APIC does not directly manage or interact with the Cisco UCS Fabric interconnects, and I have not heard whether this is likely to change with the release of the 6332 Fabric Interconnect based on the Nexus 9300 platform.

The crux of the matter:

By default the APIC relies on Link Layer Discovery Protocol (LLDP) all the way through to the vSwitch in order to discover changes in the virtual environment however when using Cisco UCS B-Series blades LLDP is not passed through the Virtual Interface Card (VIC1240/1340) and as such does not reach the vDS thus LLDP cannot be used. (The VIC PCI cards used in UCS C-Series Rack mounts do allow LLDP to be passed through, thus this is not an issue).

The Solution to this is to disable LLDP on the ports between the Fabric Interconnects and the vSwitch and instead enable CDP.

The diagram below shows the topology we will be using:

ACI blog 5

Figure 1 Cisco UCS connected to Cisco ACI Fabric, Physical Topology.

Prerequisites and assumptions:

The minimum Cisco UCS firmware version of all Cisco UCS components is 2.2(1c).

Now if you’re here, I’m going to assume that you know how to create the VLANs and Port-Channels on the Cisco UCS side, this is exactly the same procedure regardless of the upstream network to which you are connecting into, if you are dual attaching your UCS to both an ACI Fabric and a classical Ethernet network then normal disjoint layer 2 rules apply.

You will also need to ensure that your vNICs within your UCS Service profiles have CDP enabled (This if off by default)

To do this create a Network Control Policy>Enable CDP> Associate it to your vNICs

ACI blog 4

Figure 2 UCS Network Control Policy CDP Enable

ACI blog 3

Figure 3 Associate NCP to vNIC

APIC Configuration:

So the goal of this task is to configure the leaf switches as a vPC pair with a LACP port-channel down to each Fabric Interconnect.

One thing you may have noticed is that we now run vPC between a pair of ACI mode leaf switches without a dedicated keep-a-live or peer-link.

ACI blog 2

Figure 4 Logical Topology

So you will need to create the below 6 interface policies on the APIC.

Policies for use between FI and Leaf Switches

  • CDP Disable
  • LLDP Enable
  • LACP Active

Policies for use between FI and vSwitch (Cisco UCS VIC Card in between)

  • CDP Enable
  • LLDP Disable
  • LACP Mac-pinning

ACI blog 1

Figure 5 APIC Interface Policies

The figure below shows where these 6 interface polices will be used.

ACI blog

As mentioned for full details of how to configure these policies and apply them to the correct area of the network please refer to the instructional video Here.

