This topic is to discuss the following lesson:
This was a wonderful read and very streamline understanding.
Wonderful series of articles.
Some clarification if I may.
- An “SDN solution” seems to be equivalent to an “SDN controller/framework”
- The SDN controller is presumably the most imprtant part of any solution/framework
- In the case of the Cisco APIC EM the SDN controller is the solution. No framework around it really?
- Cisco APIC on the other hand is the SDN controller wrapped up in a more broad solution/framework called ACI?
Many thanks for any reply
Some of these terms are indeed a bit vague. The total “SDN package” is a SDN controller with SDN supported hardware like routers, switches, firewalls or wireless access points. It also includes the NBI (an API) and a SBI protocol that communicates with our hardware (for example OpenFlow). We can also call this complete package a “SDN solution” or “SDN framework”.
The SDN controller is important, but you also need supported hardware or you won’t be able to do much
In case of APIC-EM, we have APIC-EM as the SDN controller, regular Cisco IOS / IOS XE hardware, the NBI is a GUI/API. The SBI are regular protocols like SSH/SNMP. This is our complete “SDN solution”.
Cisco called Cisco ACI a “SDN architecture” (yet another name)…it’s the same as a SDN solution / SDN framework. In this architecture, APIC is the SDN controller and ACI is what runs on the hardware (switches) that is managed by the SDN controller. They probably couldn’t choose more confusing names
How can you classify Cisco Prime Infrastructure or compare it with APIC-EM controller ?
Thank’s for your answer.
Cisco Prime Infrastructure is a software package that that can be used to manage wired and wireless Cisco networks including:
…performance, application visibility, and user experience. It brings automation and best practices to the management of your Cisco® networks throughout the technology lifecycle, from design and deployment to day-to-day operations and service assurance.monitoring,
Cisco Prime Infrastrucutre can also be used to manage multiple instances of geographically separate CPI networks as one. More information about it can be found here.
APIC-EM on the other hand is something much more specific. It provides a method of implementing Software Defined Networking using traditional networking hardware.
I hope this has been helpful!
Many thank’s Laz. I can see the difference now
A few questions about the APIC-EM. To me it looks like APIC-EM can only be used to discover topology, backup configuration and configure devices, but we already have plenty of tools out there that can be used for all of those things. I am not sure what is the special about APIC-EM.
On the other hand, a full blown SDN package might be little bit helpful. I am not sure about it, but it will require special devices for it.
Now let’s come to the point.
After clicking the admin section on the top right corner, according to Rene, passwords need to be entered for CLI credentials and snmpv2c or snmpv3. What does it do? Why the CLI password is required here?
When I am discovering a device, do I need to use SNMP read or write or both? Is it also required to enter CLI password? A device might be managed by a TACACS server. For that case, can any user’s credential be used here?
Would you please show me how to configure a remote device by using APIC-EM?
Let’s say a device is connected to the network and it does not have any configuration at all in it. Now, what is the minimum configuration the device has to have for me to configure the device remotely?
Thank you so much.
APIC-EM is indeed a bit similar to some other network management tools out there. After all, the devices that it manages are all “autonomous” routers/switches/etc so it’s not a “real” SDN solution. The control and data plane remains on the routers/switches. With so many proven network management tools out there, I don’t think APIC-EM will be that popular. The main reason I tested it is because the APIC-EM Path Trace ACL Analysis Tool is on the CCNA exam now.
From what I’ve read in the APIC-EM documentation the CLI is used for:
CLI global credentials are used by the Cisco APIC-EM to authenticate and access the devices in a network that share this device credential when performing network discoveries.
So it seems it uses the CLI (and SSH) sometimes. This is also possible through SNMP so there is some overlap here. However, the documentation does mention:
Both the CLI and SNMP credentials are required for a successful device discovery. You should enter at least one set of SNMP credentials, either SNMPv2c or SNMPv3 for device discovery.
It doesn’t tell us exactly when they use the CLI and when SNMP. You could test this by monitoring it though.
For discovery, you normally only need SNMP read. Write is used when you want to make changes to a device through SNMP. I think you can get away by only specifying the SNMP read community so it can only do discovery.
To add new devices, take a look at APIC-EM Plug and Play
If you want to try APIC-EM, make sure you look at the devnet labs. There’s also a lab where they apply a policy to APIC-EM managed devices which might be nice to try. Those are free:
Do you have the APIC-EM .ova file readily available? Also, what are you seeing right now as a good SDN controller for AWS?
You can grab the ISO from Cisco directly, you don’t need a license for it.
So far, I only used SDN in lab environments Not sure if there are any other (non-vendor) solutions that are truly ready for production.
Great , thanks Rene.