Deploying Cisco Application Service Engine (SE) for ACI – Fabric Internal Mode – 1.1.2i

Day – 0 – Upgrade to the latest code

 

In order to get started deploying Cisco Application Service engine. I recommend that you first go to Cisco.com and download the latest version of the iso for the physical appliance. This will ensure that you have the latest version of bug fixes. 

 

Once the download has finished, we can then install the ISO onto the SE physical appliances using CIMC and the vKVM. 

 

 


Once you have successfully opened the vKVM and are presented with the following screen we will attach the newly downloaded iso. Navigate to the Virtual Media and Activate Virtual Devices. Once activated we can then map our locallying download Service Engine iso, through our vKVM session.

 

 



 

Once mapped we can restart our Service Engine Physical appliance through the vKVM session and while it is booting we will continually hit F6. You may need to create a macro if your keyboard is not being recognized during bring up. This will bring us to the boot menu screen, where we need to choose the following boot option. 



 

 

Then the installer will launch, and we will choose the following option from the installer menu.



 

Now wait for the installation to finish. No further action should be needed from the user. Leave this running while we move to the next step.




Connecting Cisco Application Service Engine to Cisco ACI fabric

 

Take a look at the diagram below. This diagram will show us how our SE cluster has been connected to the ACI fabric.



You can see that we have 4 total connected interfaces. You can have these interfaces connected before the previous step or after, it really makes no difference.

 

  • 1 Interface for CIMC
  • 1 Interface for MGMT
  • 2 Interface in a Bond connected to the ACI leaves.

 

You should model your SE cluster connections like the diagram above. 

 

Deploying Cisco Application Service Engine ACI Application

 

You may be thinking how do I configure the mgmt interface on my SE appliance. This configuration is handled by installing an Application onto your running APIC cluster. To download the latest version of the APIC app navigate in your browser to https://dcappcenter.cisco.com/ where you will be able to download the latest version from Cisco.

Once the download has finished we will then navigate to your APIC GUI, in order to upload the App to the APIC. Go to the Apps tab on your top navigation bar and to the Upload button below.  



You will then have a pop up that will allow you to Upload the newly downloaded Cisco Application Service Engine to the APIC. Use the settings seen below.



After clicking on submit, the application will be uploaded to the APIC app repository. This will take some time to complete successfully. After the app has successfully been uploaded it will appear under the APIC GUI in the Apps tab on the top navigation bar of the APIC GUI.



Click enable to get the application to start running on the APIC. This will also take some time to complete. Once completed the app will look like this.



Go ahead and open the app. You should be greeted with the initial setup screen. Go ahead and set up the app.

After clicking the Begin Setup button you will be brought to the next screen. Be sure that your In-Band configuration is in place prior to starting the initial configuration of the SE APIC app.

After clicking the cluster configuration tab you will be brought to the next screen to setup your SE cluster. Input the following initial configuration parameters. Default values are in Blue. Below you will find the initial configuration requirements and an explanation of the value.

 

  • Cluster Name – SECluster
  • Password
  • Confirm Password
  • Service Engine In-Band Gateway – This will become the BD subnet found in the mgmt tenant for the SE Cluster and the subsequent SE Cluster EPG
  • Fabric In-Band Management EPG
  • App Subnet – This is the BD subnet that is created for the application running on the SE cluster. This will be found in the tenant pushed by the Cisco Application Service Engine APIC App.
  • Service Subnet – This subnet is an internal subnet on the SE Cluster. It is used for the Kubernetes underlay for pod to pod communication. It is NOT seen on the APIC.
  • VLAN Range – This is the VLAN range that will be used for the physical domain created for your SE Cluster.

After inputting this configuration go ahead and hit the next button. You will then be brought to the next initial configuration page where we will input NTP and DNS configuration for the SE Cluster. You must click the Check to input your variables. When finished Save and Continue on the button on the lower right.



After clicking on the Register nodes button, you will be brought to the next initial configuration screen. It will look like what is below. Go ahead and click on the Register button for the First SE node as shown on the topology diagram early in this document. We will input the following configuration for each SE node.

 

  • Name
  • In Band Management IP – This IP comes from the subnet that was configured in the Cisco Application Service Engine App. Remember to start IPing after the GW IP. EX – 34.0.0.2/24
  • Out of Band Management IP
  • Out of Band Management GW

Once finished with the first go ahead and input configuration for the remaining SE service nodes. Once you are done click Next button and you will be brought to a summary screen of the configuration you just inputted into the application. Go ahead and click the Finish button.

You have now configured Cisco Application Service Engine and it will soon be ready to accept applications for installation. After hitting finish we can navigate to the Service Node tab in the APIC App to see that our nodes are now in a Discovering state.



A look into what the Cisco Application Service Engine App creates in the APIC GUI

After clicking finish in the APIC app, a multitude of configurations were created without the user knowing. I will list them below. These are created by the App, and there is no way to change or rename them.

 

  • Tenant – __sn_cluster_SECluster – This tenant holds the networking configuration for the K8 apps running on the SE cluster.
  • Application Profile – app_app

  • Application EPG – app_epg – In this EPG all of the applications that are running on the service cluster will live.
  • Bridge Domain – app_bd – This BD contains the App Subnet inputted into the Cisco Application Service Engine APIC app initial setup.
  • Contract – __sn_inb_contract –  This contract was created in the common tenant so it is accessible in all of the tenants.

That is one tenant configuration has been created. We also need to navigate to the mgmt tenant as well.

  • Application Profile – __sn_cluster_SECluster 
  • Application EPG – inb_epg – In this EPG you will see your SE cluster learned as EPs on one of the VLANs you configured in the Cisco Application Service Engine APIC app.


  • Bridge Domain – __sn_cluster_SECluster – Configured under this bridge domain you will find the subnet and GW that we configured as the SE cluster In-band management subnet – 34.0.0.1/24
  • Contract – __sn_inb_contract – Note: that this contract is also on the EPG in the  __sn_cluster_SECluster tenant as well as the In- Band Management EPG for our ACI nodes. This contract is created in the common tenant.

 










You will need to stitch together the newly created access policies with an interface selector as shown below. NOTE: I have talked with others at Cisco that have deployed earlier version of SE, <1.1.2i, and they did not create the access selectors.

 

What has been created is the following.

 

  • Interface Policy Group – __sn_cluster_SECluster  – There are only two policies tied to this IPG, that being an L2 interface policy and an AEP.
  • AEP – __sn_cluster_SECluster – This AEP is tied to the __sn_cluster_SECluster physical Domain 
  • L2 Interface Policy – __sn_cluster_SECluster 
  • Physical Domain – __sn_cluster_SECluster – In this domain you will find the VLAN range that was input into the Cisco Application Service Engine APIC app. – EX. VLAN 100-105
  • VLAN Range – __sn_cluster_SECluster – You will find the VLAN range from the app.  EX. VLAN 100-105






NOTE: I cannot find how they are deploying the VLANs in ACI, there is NO static ports or configuration under the AEP.

Install APP on SE Cluster

First navigate back to https://dcappcenter.cisco.com/ and download the Cisco NIR application to get the latest version. Download it just like we did for the Cisco Application Service Engine APIC app.

 

Navigate over to the Apps tab in your APIC GUI. Click on the app upload button like we did in the previous step where we installed the Cisco Application Service Engine APIC app. Instead of choosing upload to APIC, we will upload to the SE cluster. 

Or

 

Scp the file to a VM that has access to the mgmt network and use python to create a simple HTTP server. The steps for that can be found at the following link.

 

https://2ality.com/2014/06/simple-http-server.html

 

Then we can navigate over to the Admin tab, navigate to the sub-tab Downloads to create our needed download task.



Once finished you should see that the app is installing. The procedure from here on out is the same as installing any other app. After it is done installing we will enable the app and it will be ready for use.

Posted in All

4 thoughts on “Deploying Cisco Application Service Engine (SE) for ACI – Fabric Internal Mode – 1.1.2i

  1. Thank you. document is really good.

    if service engine app is installed in apic. do we need to deploy the service engine cluster ?

  2. do i need to deploy service engine cluster even if i install service engine app in apic ?

    can you please tell me

    1. You only need the CASE app if you are installing the SE cluster as Fabric Internal Mode. This is what controls the configuration for the SE cluster.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.