ACI

Cisco APIC ACI Model Viewer

Simon Birtles

This application has been ported to an integrated APIC application which removes the security workarounds surrounding CORS and uses SSO with the APIC logged in user. Further details are here.

The Cisco ACI APIC Model Viewer visualises the APIC configuration through the use of graphs illustrating the configuration of the APIC. The model viewer has been used and added to over the last few years and hopefully will be of help to the community as it has been to me and my colleagues. The model viewer assists in understanding how the model has been implemented, enables troubleshooting where compnents have not been configured correctly and assists in writing scripts against the APIC by drilling down into the model to find data or objects.

 

The model viewer is written in javascript and can be found here.

 

Drilling Down On A L3 Out

alt text

Drilling Through a Leaf Policy Group Bi-Directionally

alt text

Important Notes

As this has been built over time for my use there are certain restrictions (or untested uses) of the code.

  • The code uses cross site scripting to the APIC, so to avoid errors and the script being denied the browser web security must be disabled. In Chrome this is done by starting Chrome with the –disable-web-security switch. A Windows Chrome lnk file has been provided to start chrome in this mode.
  • Due to the operation of XHR in JS and that the APIC in HTTPS mode only uses a locally generated certificate, XHR will fail to permit the operation connecting to the APIC due to the invalid certificate. This would not be an issue where the APIC has had public signed certificate installed. To workaround this issuee, when the browser is first opened without web security as discussed, open a page to the APIC and accept the locally signed certificate. Once this is done, then open up the model viewer html page (index.html)
  • To store the APIC IP, username and password, edit the default credentials in apic-comms.js

Usage Steps

  1. Open apic-comms.js and change login details, app will prompt for them but wont save them between sessions, this will setup defautl fields.
  2. Use the link “chrome(no sec)” to open Chrome with web security disabled, this is due to cross site scripting and HTTPS restrictions.
  3. Open a tab in the chrome session and enter the APIC IP and accept the invalid certificate (only required if the APIC has the default self signed cert – if a public signed one has been installed then this does not need to be done)
  4. Open a tab and browse to and open index.html
  5. Validate login details and click submit, the app should login to the APIC.

Author

Simon Birtles http://linkedin.com/in/simonbirtles

Licence

  • Copyright (c) 2015-2017,
  • All rights reserved.
  • Dual licensed under the MIT and GPL licenses.

Simon Birtles

I have been in the IT sector for over 20 years with a primary focus on solutions around networking architecture & design in Data Center and WAN. I have held two CCIEs (#20221) for over 12 years with many retired certifications with Cisco and Microsoft. I have worked in demanding and critical sectors such as finance, insurance, health care and government providing solutions for architecture, design and problem analysis. I have been coding for as long as I can remember in C/C++ and Python (for most things nowadays). Locations that I work without additional paperwork (incl. post Brexit) are the UK and the EU including Germany, Netherlands, Spain and Belgium.