NDFC_Terraform_Sample
This is an example on how to use Terraform and REST API to automate Cisco Nexus Dashboard Fabric Controller (NDFC) for provisioning VXLAN EVPN underlay and overlay.
This project is derived from a previous project: https://github.com/philiwon8868/terraform-aci. It is a working sample for those who would like to leverage on NDFC's Terraform integration to experience the power of "Infrastructure As Code".
In this example, a sample Cisco Modeling Labs 2 (CML2) lab environment is setup with 2 pairs of VPC Border Gateways (VPC-BGWs) interconnecting to simulate a multi-site EVPN fabric as shown below
Figure 1: Logical Diagram of the Multi-Site VXLAN EVPN
Figure 2: Cisco Modeling Lab 2 Environment
Assumptions
- All 4 VPC-BGWs switches are preconfigured with management IP addresses and can be reached by the NDFC OOB interface.
- All 4 switches share the same admin user ID and password
Requirements
Providers
Name |
Version |
NDFC |
>= 1.2.0 |
Use Case Description
This example will deploy EVPN underlay configuration and the sample overlay network in 2 separate flows:
EVPN Underlay
Step 1: Switch Discovery & Switch Role Assignment
The main.tf in subdirectory Underlay will perform the switch discovery of the 4 Nexus 9000v and assign them the role of "Border Gateway" with "preserve config" set to false. Depending on CML2 environment, this step may take up to more than 30 minutes to complete.
Figure 3. Switches are added and being rebooted
Step 2: Go to the NDFC UI to perform vpc pairing for these 2 pairs of Border Gateway
In next release, this step will be removed with automation.
Figure 4. vPC pairing the 2 pairs of Border Gateway switches
Step 3: Run the Python Recalculate.py to recalculate and deploy the configuration to the 4 switches
python3 Recalculate.py
Sample Overlay
The main.tf in subdirectory Overaly-sample will perform 3 actions:
- Change the interface Ethernet1/4 of all 4 BGWs to switchport mode access
Figure 5. Use REST API call in Terraform to make the interface change
- Provision a VRF named "Tenant-B" and associate with all 4 BGWs; perform a recalculate-and-deploy to commit the change.
- Provision a Network named "Web-Network" with an anycast gateway "192.168.1.1/24" and associate the Ethernet1/4 of switches A1 and B2 where 2 Ubuntu VMs are attached.
Expected Result
Data traffic between the 2 Ubuntu VMs will flow through the overlay network provisioned.
Figure 6. Overlay network provisioned
Usage
To provision:
- Execute with usual terraform init, terraform plan and terraform apply
To destroy:
- Destroy the deployment with terraform destroy command.
Credits and references
- Cisco Infrastructure As Code
- DCNM provider Terraform
- DCNM REST APIs