NDFC_Terraform_Sample

This is an example on how to use Terraform and REST API to automate Cisco Nexus Dashboard Fabric Controller (NDFC) for provisioning VXLAN EVPN underlay and overlay.

This project is derived from a previous project: https://github.com/philiwon8868/terraform-aci. It is a working sample for those who would like to leverage on NDFC's Terraform integration to experience the power of "Infrastructure As Code".

In this example, a sample Cisco Modeling Labs 2 (CML2) lab environment is setup with 2 pairs of VPC Border Gateways (VPC-BGWs) interconnecting to simulate a multi-site EVPN fabric as shown below

Figure 1: Logical Diagram of the Multi-Site VXLAN EVPN
image

image

Figure 2: Cisco Modeling Lab 2 Environment

Assumptions

  1. All 4 VPC-BGWs switches are preconfigured with management IP addresses and can be reached by the NDFC OOB interface.
  2. All 4 switches share the same admin user ID and password

Requirements

Name Version
terraform >= 0.13
NDFC >= 12.0.2f

Providers

Name Version
NDFC >= 1.2.0

Use Case Description

This example will deploy EVPN underlay configuration and the sample overlay network in 2 separate flows:

EVPN Underlay

Step 1: Switch Discovery & Switch Role Assignment

The main.tf in subdirectory Underlay will perform the switch discovery of the 4 Nexus 9000v and assign them the role of "Border Gateway" with "preserve config" set to false. Depending on CML2 environment, this step may take up to more than 30 minutes to complete.

Figure 3. Switches are added and being rebooted
image

Step 2: Go to the NDFC UI to perform vpc pairing for these 2 pairs of Border Gateway

In next release, this step will be removed with automation.

Figure 4. vPC pairing the 2 pairs of Border Gateway switches
image

Step 3: Run the Python Recalculate.py to recalculate and deploy the configuration to the 4 switches

python3 Recalculate.py

Sample Overlay

The main.tf in subdirectory Overaly-sample will perform 3 actions:

  1. Change the interface Ethernet1/4 of all 4 BGWs to switchport mode access
    image

Figure 5. Use REST API call in Terraform to make the interface change

  1. Provision a VRF named "Tenant-B" and associate with all 4 BGWs; perform a recalculate-and-deploy to commit the change.
  2. Provision a Network named "Web-Network" with an anycast gateway "192.168.1.1/24" and associate the Ethernet1/4 of switches A1 and B2 where 2 Ubuntu VMs are attached.

Expected Result

Data traffic between the 2 Ubuntu VMs will flow through the overlay network provisioned.

Figure 6. Overlay network provisioned
image

Usage

To provision:

  • Execute with usual terraform init, terraform plan and terraform apply

To destroy:

  • Destroy the deployment with terraform destroy command.

Credits and references

  1. Cisco Infrastructure As Code
  2. DCNM provider Terraform
  3. DCNM REST APIs
View code on GitHub

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.