Product Documentation

Create and deploy a service graph

You have to use Cisco APIC service graph templates in APIC to create and deploy the Citrix ADCs. Make sure that you use the ADC function profile while creating and deploying a service graph.

After the graph is configured in the APIC, the APIC automates the device configuration on the basis of the function definitions, device connectivity to the fabric, and the entities configured as part of the graph deployment. The APIC also automates the network configuration, such as VLAN allocation and its binding, as part of the service graph creation, and the configuration is removed once you delete the graph from the APIC.

A service graph is represented as two or more tiers of an application, with the appropriate service function inserted between them. A service graph is inserted between the source and destination EPGs by a contract.

To create a service graph by using the APIC GUI:

  1. On the menu bar, go to Tenants > All Tenants.

  2. In the Work pane, double-click the tenant’s name.

  3. In the Navigation pane, select tenant_name > L4-L7 Services > L4-L7 Service Graph Templates.

  4. In the Work pane, select Actions > Create a L4-L7 Service Graph Template.

  5. In the Create a L4-L7 Service Graph Template dialog box, in the Device Clusters section, select a device cluster and do the following:

    1. In the Graph Name field, enter the name of the service graph template.

    2. In the Graph Type field, select Create A New One.

    3. From the Device Cluster section, drag the device and drop it between the consumer end-point group and provider end-point group to create a service node.

      localized image

    4. In the <L4-L7device_name information> section, do the following:

      1. In the ADC field, select One-Arm or Two-Arm, depending on how the Citrix ADC is deployed in the fabric.

      2. In the Profile drop-down list, select the function profile provided in the device package.

        localized image

      3. Click SUBMIT.

  6. In the Navigation pane, click the service graph template. The screen presents a graphic topology of the service graph template.

    Note

    The Cisco APIC supports the notion of connectors, and these connectors are visible in the ADCCluster node. The connectors define the network traffic direction and the device script that dynamically binds the allocated VLAN to a virtual IP (VIP) or subnet IP (SNIP) address, depending on whether the connection is external or internal. VLANs are also bound to specific interfaces used for inbound and outbound traffic.

    localized image

Applying the Service Graph Template to Endpoint Groups

After you have created the service graph template, you need to apply the created service graph template by using the APIC GUI.

To apply the service graph template:

  1. On the menu bar, go to Tenants > All Tenants.

  2. In the Work pane, double click the tenant’s name.

  3. In the Navigation pane, choose tenant_name > L4-L7 Services > L4-L7 Service Graph Templates.

  4. Right-click on the template_name and click Apply L4-L7 Service Graph Template.

    localized image

  5. In the Apply L4-L7 Service Graph Template To EPGs dialog box, in the EPG Information section, complete the following fields:

    1. In the Consumer EPG/External Network drop-down list, select the consumer endpoint group.

    2. In the Provider EPG/External Network drop-down list, select the provided endpoint group.

    3. In the Contract Information section, complete the appropriate fields. The contract information is specific to the Cisco APIC and is configured as part of the security policies associated with the EPGs.

      localized image

    4. Click Next.

    5. In the Graph Template drop-down list, select the service graph template that you created.

    6. In the Connector section, do the following:

      1. In the Type field, select General.

      2. In the BD drop-down list, select the bridge domain. Connector details are part of the bridge domain that is part of the Cisco APIC infrastructure model.

      3. In the Cluster Interface drop-down list, select the appropriate cluster interface for the selected bridge domain.

        The Cisco APIC uses the selected bridge domains for data path traffic between the Citrix ADC device and the fabric as required by the selected service graph template.

        localized image

      4. Click Next.

      On the Parameters screen, on the Required Parameters tab, enter the L2-L3 specific details, such as the IP address that is mandated by the profile. The other key parameter is the StyleBook name. It can be the built-in StyleBook APIC-HTTP-LB provided in Citrix Application Delivery Management (ADM), or you can provide the name of the SytleBook that you created in Creating a StyleBook for the Application Using Citrix ADM

      Note

      The StyleBook name links the Service Graph details with the L4-L7 configuration created with Citrix ADM for a given application.

      localized image

      The Cisco APIC GUI allows you to filter the parameters on the basis of features (for example, load balancing). You can view and set all the mandatory parameters on the Required Parameters tab, and you can view and set all the other parameters related to the feature on the All Parameters tab.

      localized image

      Note

      By default, a built-in one-arm profile requires you to provide SNIP details such as IP address and netmask. You can view other networking parameters by clicking All Parameters and expanding the Configure Network tree in the Cisco APIC GUI. This lists all the network parameters supported by Citrix ADC. You can instantiate any entity and provide values for the listed attributes from the Cisco APIC GUI.

  6. Click Finish.

    Important

    After you apply the service graph template, make sure that there are no faults in the deployed graph. You can view the faults by clicking the Faults tab in the Work pane.

    localized image

    As part of the Service Graph deployment, the Hybrid Mode Device package pushes the configuration details from the Cisco APIC to the Citrix ADM. The Citrix ADM internally processes these configurations to the respective Citrix ADC and returns the response to the APIC. A successful graph deployment will have no fault, and the Citrix ADC is successfully networked with the fabric for the corresponding graph.

    The APIC supports different ways to configure and deploy graphs by using APIs, and graph deployment includes various dependencies on some APIC-specific constructs, such as Tenant, contract, VLAN and namespace.

    The following sample approach illustrates one of the ways to make use of the APIC’s APIs to create and deploy L4-L7 graphs, with the assumption that APIC specific artifacts are already configured in the APIC.

    Important

    Make sure that you use these XML payloads as a reference and make appropriate changes to the XML before you use them in your environment.

    Following is an example of creating and deploying the service graph by using APIs:

    1. Create AppProfile

    2. Create service graph details

    3. Attach the service graph to a contract

    Following is a sample XML payload for creating an AppProfile. The AppProfile contains EPGs, and the provider EPG contains the Citrix ADC specific entities, attributes, and their  values.  In the following sample XML payload, Citrix ADC-specific network entities such as the NSIP are created with a set of attributes and StyleBook name.

    <polUni>
        <fvTenant name="coke">
            <!-- Application Profile -->
            <fvAp dn="uni/tn-coke/ap-sap" name="sap">
                <!-- EPG 1  -->
                <fvAEPg dn="uni/tn-coke/ap-sap/epg-web" name="web">
                    <fvRsBd tnFvBDName="BD_web" />
                    <!-- --------- CONFIG PAYLOAD ---------------- -->
                    <vnsFolderInst ctrctNameOrLbl="Ctrct1" graphNameOrLbl="Graph1" nodeNameOrLbl="ADC" key="Network" name="Network">
                        <vnsFolderInst ctrctNameOrLbl="Ctrct1" graphNameOrLbl="Graph1" nodeNameOrLbl="ADC" key="nsip" name="snip1">
                            <vnsParamInst key="ipaddress" name="ip1" value="110.110.110.2"/>
                            <vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/>
                            <vnsParamInst key="type" name="tye" value="SNIP"/>
                            <vnsParamInst key="dynamicrouting" name="dynamicrouting" value="DISABLED"/>
                            <vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
                        </vnsFolderInst>
                        <vnsFolderInst ctrctNameOrLbl="Ctrct1" graphNameOrLbl="Graph1" nodeNameOrLbl="ADC" key="nsip" name="snip2">
                            <vnsParamInst key="ipaddress" name="ip2" value="220.220.220.2"/>
                            <vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/>
                            <vnsParamInst key="type" name="tye" value="SNIP"/>
                            <vnsParamInst key="dynamicrouting" name="dynamicrouting" value="DISABLED"/>
                            <vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
                        </vnsFolderInst>
                    </vnsFolderInst>
                    <vnsFolderInst ctrctNameOrLbl="Ctrct1" graphNameOrLbl="Graph1" nodeNameOrLbl="ADC" key="Stylebook" name="stylebook_1">
                        <vnsParamInst name="stylebookName" key="name" value="APIC-HTTP-LB"/>
                    </vnsFolderInst>
                    <vnsFolderInst ctrctNameOrLbl="Ctrct1" graphNameOrLbl="Graph1" nodeNameOrLbl="ADC" key="internal_network" name="internal_network">
                        <vnsCfgRelInst name="internal_network_key" key="internal_network_key" targetName="Network/snip1"/>
                    </vnsFolderInst>
                    <vnsFolderInst ctrctNameOrLbl="Ctrct1" graphNameOrLbl="Graph1" nodeNameOrLbl="ADC" key="external_network" name="external_network">
                        <vnsCfgRelInst name="external_network_key" key="external_network_key" targetName="Network/snip2"/>
                    </vnsFolderInst>
                    <vnsFolderInst ctrctNameOrLbl="Ctrct1" graphNameOrLbl="Graph1" nodeNameOrLbl="ADC" key="mFCngStylebook" name="mFCngStylebook_1">
                        <vnsCfgRelInst name="Stylebook_key" key="Stylebook_key" targetName="stylebook_1"/>
                    </vnsFolderInst>
                    <!-- ------- END CONFIG PAYLOAD -------------- -->
                    <fvSubnet ip="110.110.110.110/24" scope="shared"/>
                    <fvRsProv tnVzBrCPName="Ctrct1"></fvRsProv>
                    <fvRsDomAtt tDn="uni/phys-sepg" />
                    <fvRsPathAtt tDn="topology/pod-1/paths-101/pathep-[eth1/38]" encap="vlan-3703" instrImedcy="immediate"/>
                </fvAEPg>
                <!-- EPG 2 -->
                <fvAEPg dn="uni/tn-coke/ap-sap/epg-app"  name="app">
                    <fvRsCons tnVzBrCPName="Ctrct1"/>
                    <fvRsBd tnFvBDName="BD_app" />
                    <fvSubnet ip="220.220.220.220/24" scope="shared"/>
                    <fvRsPathAtt tDn="topology/pod-1/paths-101/pathep-[eth1/37]" encap="vlan-3704" instrImedcy="immediate"/>
                    <fvRsDomAtt tDn="uni/phys-sepg" />
                </fvAEPg>
            </fvAp>
        </fvTenant>
    </polUni>
    

    Following is a sample XML payload for creating service graph details:

    <polUni>
        <fvTenant name="coke">
            <vnsAbsGraph name = "Graph1">
                <vnsAbsTermNodeProv name = "Input1">
                    <vnsAbsTermConn name = "C1"></vnsAbsTermConn>
                </vnsAbsTermNodeProv>
                <vnsAbsNode name="ADC" funcType="GoTo">
                    <vnsAbsFuncConn name = "outside" attNotify="true">
                        <vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScalerMAS-1.0/mFunc-ADCFunction/mConn-external" />
                    </vnsAbsFuncConn>
                    <vnsAbsFuncConn name = "inside" attNotify="true">
                        <vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScalerMAS-1.0/mFunc-ADCFunction/mConn-internal" />
                    </vnsAbsFuncConn>
                    <vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScalerMAS-1.0/mFunc-ADCFunction"/>
                    <vnsRsDefaultScopeToTerm tDn="uni/tn-coke/AbsGraph-Graph1/AbsTermNodeProv-Input1/outtmnl"/>
                    <vnsRsNodeToAbsFuncProf tDn="uni/infra/mDev-Citrix-NetScalerMAS-1.0/absFuncProfContr/absFuncProfGrp-ADCOneArmServiceProfileGroup/absFuncProf-A
    DCOneArmFunctionProfile"/>
                    <vnsRsNodeToLDev tDn="uni/tn-coke/lDevVip-ADCCluster1"/>
                </vnsAbsNode>
                <vnsAbsTermNodeCon name = "Output1">
                    <vnsAbsTermConn name = "C6"></vnsAbsTermConn>
                </vnsAbsTermNodeCon>
                <vnsAbsConnection name = "CON1">
                    <vnsRsAbsConnectionConns tDn="uni/tn-coke/AbsGraph-Graph1/AbsTermNodeCon-Output1/AbsTConn" />
                    <vnsRsAbsConnectionConns tDn="uni/tn-coke/AbsGraph-Graph1/AbsNode-ADC/AbsFConn-outside" />
                </vnsAbsConnection>
                <vnsAbsConnection name = "CON2">
                    <vnsRsAbsConnectionConns tDn="uni/tn-coke/AbsGraph-Graph1/AbsNode-ADC/AbsFConn-inside" />
                    <vnsRsAbsConnectionConns tDn="uni/tn-coke/AbsGraph-Graph1/AbsTermNodeProv-Input1/AbsTConn" />
                </vnsAbsConnection>
            </vnsAbsGraph>
        </fvTenant>
    </polUni>
    

    Following is a sample XML payload for attaching the service graph to a contract:

    <polUni>
        <fvTenant name="coke">
            <vzBrCP name="Ctrct1">
                <vzSubj name="http">
                    <vzRsSubjGraphAtt tnVnsAbsGraphName="Graph1"/>
                </vzSubj>
            </vzBrCP>
        </fvTenant>
    </polUni>
    

Create and deploy a service graph