ACI automation

1. UCS
2. Contiv
3. Kubernetes
4. TrustSec
5. Cobra
6. Arya
7. REST API

UCS

• B2G: better together tool
• implements ACI policy in UCS

Contiv

• manage ACI from Docker, Kubernetes: tenants, BD, contracts, EPG
• static VLAN binding
• EPG ≡ VLAN/VXLAN

Kubernetes

• pod = container group with shard namespace
• pod receives IP, unit for policy enforcement
• no NAT between pods, K8s notes
• ACI does not manage K8s, K8s registers settings in ACI
• default EPG:
  1. kube-nodes
  2. kube-system: pods in kube-system namespace
  3. kube-default: pods in other namespaces
• contracts for EPG:
  1. provider: healthcheck (kube-system), ARP (kube-system)
  2. DNS (kube-system), ARP (kube-system), L3Out

TrustSec

• ISE receives EPGs and creates SGTs based on /32
• ISE creates L3Out EPGs based on SGT (IP mapping, /32)

Cobra

• ACI Python SDK

Arya

• transforms JSON (ACI object) with parameters to Python code that uses Cobra SDK

REST API

• paging: 100k entries of same class; query parameter – page-size
• /api/mo/uni – object request
• /api/class – class request