ACI

Cisco APIC Embedded App – Managed Object Browser

Simon Birtles

The application has now been published at Cisco ACI App Center and can be downloaded from the Cisco ACI App Center here.

The original application was blogged about here and allows the user to browse the APIC managed objects (MO) similar to the Visore application but in a graphical tree representation. The application had limitations due to CORS and certain actions were required by the user to start the application which were not acceptable.  The APIC now supports embedded stateless and stateful applications,  so this MO browser has been coded to run as a stateless application within the APIC application environment. The source code can be found at Github. The file named ‘HaystackNetworks-ACIModelBrowser-1.0.aci’ is the packaged APIC application which can be uploaded to the APIC via the ‘Apps’ tab. The application is written and configured for read-only access to the APIC, for full MO visibility a user with admin rights needs to be logged into the APIC or not all MO’s will be available to the browser, the APIC enforces this security and read-only access as shown when the app is installed.

Application Use

The application starts up and displays the polUni root, this is not actually the real root of the MO tree but is one of most important direct children of the root and the one you will probably work with the most other than fabricTopology. Double clicking any MO represented as a circle will discover and display as nodes;

  • All direct children of the MO
  • Any relationships with the MO
  • The parent of the MO(If not on the direct path back to the root)

The parent of the MO is shown if it is not on the direct path back to the root MO, this is because MOs other than children can be displayed in the tree like a relationship object. A relationship object is displayed as a circle but shaded lighter that children MO’s are colored. A relationship object points to another MO elsewhere in the tree and the related object is not a child of the selected object. A selected object shown with a broken red outline will have its attributes shown in the properties window as shown in the image.

 

The menu in the top left corner provides some basic functions; from top to bottom the menu buttons provide the following;

  1. ‘Toggle Fault Tooltips’ – When a MO is filled with a color other than white/gray and has a number displayed, this is the number of faults reported at this MO or within its decadents. The color represents the highest fault type found.
  2. ‘Toggle Properties Window’ – Shows or hides the ‘Properties window’.
  3. ‘Toggle App Messages Window’ – Shows or hides the ‘Application Messages’ window.
  4. “Toggle Downstream Parent” – When showing connected MOs of a selected (double clicked) MO, this will either allow the display of parents of the object or not downstream.
  5. “Restore Window Positions” – Moves the properties and messages windows back to the original locations on the left side of the window.
  6. “About” – Provides about &  contact information in the application  messages.

Application Functions

Change the Root MO

The default root displayed is ‘polUni’ but other ‘roots’ are available to browse, the next most common one is the ‘fabricTopology’ root which has the MO’s related to the physical fabric such as switches, pods, controllers, interfaces, CDP, LLDP neighbors etc. To change the root, right click any node and select “Change Root MO’ from the context menu. The dialog box shown below appears and the one in the example has the ‘fabricTopology’ root selected.

 

The top dropdown provides the abstract class names and  the second dropdown box gives the concrete implementations for the abstract type. There is only one concrete implementation for polUni and fabricTopology leaving on one choice for the second dropdown. Click submit and the root of the tree will be the ‘topology’  (or which ever root you choose) MO, again double click this node to browse the configured MOs.

Edit Query Strings

When an MO (node) is double clicked to show children, relationships, etc a query filter is applied to the results. As query filter is applied by default to polUni (uni), this filter reduces the number of MO’s displayed to reduce screen clutter and show the mostly viewed MO’s. For all MO’s other than (uni) the filter shows all children, for (uni) the filter is shown below.

 

This filter queries for all children but only ones that are of type tenant, physical/vmm/fc domains, fabric, l2/l3 outs. You can change this filter, removing all but the “query-target=children” will provide all the children of this node. The query string applies only to the MO (node) that was selected when the option “Edit Query Filter” was selected from the context menu on that node. You can also filter for a specific class type that is anywhere under the root which is not a direct descendant.  For example, if we wanted to show all EPG’s on the entire fabric, we can choose “Edit Object Query String” for the (uni) MO and replace the query string with;

query-target=subtree&target-subtree-class=fvAEPg

Note the difference is we have changes the query-target to subtree meaning search through all descendants of the (uni) MO and show any MO with a class type of fvEPGg (an EPG). This will redraw the tree with the (uni) MO at the root with all the fabric EPGs drawn directly connected. You can then double click on an EPG MO and drill up and down the tree from that object, remember if the MO’s parent is not on the path back to the root, the tree will display it when showing children too unless the menu option for display parent downstream is disabled. This can be likened to a graphical moquery, the same filter strings can be used.

The query string is the APIC format and is documented in the Cisco CCO REST configuration guide.

Filter On This Class

The context menu option “Filter On This Class” is a shortcut option to change the query string. This option is used by selecting a child MO that you would like to display only these child types of the parent. So you may have a tenant MO open and this will display the BD, VRF, AP, etc.. There will be a lot of these in a production deployment for each tenant. Lets say we only want to look at VRF (contexts in ACI world) only and filter out other MO noise. If we right click on any ‘ctx-**’ child object of this parent tenant and select “Filter On This Class”, this will change the parent query string to filter out all but this MO type. The image that follows shows the result in the tree before and after this.

Before Filter

After Filter

This can be done on any node to help clear clutter as you explore deeper into the tree, you can reset the filter by selecting “Edit Query Filter” on the parent node and click the reset button. This has been used in the following screenshot which has been used to drill through a section of a multi-pod setup in a production environment after the multi-pod commissioning  – as you can see, there are no colored objects meaning no faults and that the correct objects and properties exist. You can see there are four spine switches as part of this multi-pod build.

The application and source code can be found at Github with more information on how to re-package the application should you wish to review the source code first. The application licence is MIT & GPL.

The application has now been published at Cisco ACI App Center and can be downloaded from the Cisco ACI App Center here.

 

Simon Birtles

I have been in the IT sector for over 20 years with a primary focus on solutions around networking architecture & design in Data Center and WAN. I have held two CCIEs (#20221) for over 12 years with many retired certifications with Cisco and Microsoft. I have worked in demanding and critical sectors such as finance, insurance, health care and government providing solutions for architecture, design and problem analysis. I have been coding for as long as I can remember in C/C++ and Python (for most things nowadays). Locations that I work without additional paperwork (incl. post Brexit) are the UK and the EU including Germany, Netherlands, Spain and Belgium.