I’ve spent the last few days experimenting with APIC-EM and the path trace capabilities. My lab environment is currently leveraging VIRL (Virtual Internet Routing LAB). Since it wasn’t obvious how to integrate APIC-EM with the lab platform, I wanted to share my configuration.
TL;DR–When building the topology, click the background and view the properties for the Topology. Change the Management Network to “Shared flat network”. This will put the all of the devices ‘Mgmt-intf’ vrf on the ‘flat’ (172.16.1.0/24 by default) network when the topology is built.
When I started this process, I really didn’t realize how easy it could be. I actually tried to leverage a manual connection to L2 External (FLAT) to do the management in-band for the topology. This is certainly possible, but there is a much easier way. As most VIRL users have noticed, there is a management IP address that gets assigned to each device. There is a simple configuration change that will allow that address to be one from the ‘FLAT’ pool and connected externally to the ‘L2 External (FLAT)’ network.
- APIC-EM built with IP address 172.16.1.2/24 (172.16.1.2-49 are unassigned and part of the FLAT pool of addresses. They are also ‘directly connected’ to the management interfaces of the VIRL nodes when the topology is built.
- L2 External (FLAT) is configured in VIRL as per this article – Connecting VIRL to the Outside World (note this is only for the config, I am not using the L2 External FLAT node in my topology for APIC-EM.
- Topology built using the “Shared flat network” for management (above screenshot)
- Configuration -> Build Initial Configuration to build the node and topology configuration
- Start the project simulation
- SNMP configuration manually added to the nodes (172.16.1.2 is the IP of AMIC-EM)
snmp-server engineID remote 172.16.1.2 vrf Mgmt-intf BBBBBBBBBB
snmp-server community cisco RO
At this point, I can successfully run a discovery from APIC-EM. The IP range for the discovery is 172.16.1.50-172.16.1.253 (assuming the default was used for the ‘FLAT’ pool). It is worth noting that VIRL enables telnet by default and a username and password of ‘cisco’ (so isolating your lab is an important from a security perspective). After a short delay the Node inventory will be populated in APIC-EM.
- Adding the SNMP config is manual (there might be a way to automate it)
- The Image for CSR1000v 16.3.1-build2 seems to have a problem where all instances have the same virtual SN. This causes only one node to appear in the APIC-EM node database. I used IOSv for my demonstration, but it is also possible to use a different CSR1000v image.
- If APIC-EM doesn’t reside on 172.16.1.0/24, it is also important to add a default route to the nodes in the Mgmt-intf vrf.
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 172.16.1.1 (assuming this to be the gw)
This is a straightforward process that can be applied to integrating APIC-EM into a VIRL configuration. The integration should work equally as well with other network management platforms.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This
may or may does not reflect the position of past, present or future employers.