- Preface
- Overview
- Troubleshooting Matrix
- Troubleshooting an Unsuccessful Installation or Update
- Troubleshooting the Configuration
- Troubleshooting Cisco APIC-EM Multi-Host
- Troubleshooting Services Using System Health
- Troubleshooting Services Using the Developer Console
- Troubleshooting Using the Logs
- Troubleshooting Passwords
- Troubleshooting Commands
- Troubleshooting Log Files
- Contacting the Cisco Technical Assistance Center
- Index
Overview
- About the Cisco Application Policy Infrastructure Controller Enterprise Module
- Cisco APIC-EM Components and Architecture
About the Cisco Application Policy Infrastructure Controller Enterprise Module
The Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is Cisco's SDN Controller for Enterprise Networks (Access, Campus, WAN and Wireless).
The platform hosts multiple applications (SDN apps) that use open northbound REST APIs that drive core network automation solutions. The platform also supports a number of south-bound protocols that enable it to communicate with the breadth of network devices that customers already have in place, and extend SDN benefits to both greenfield and brownfield environments.
The Cisco APIC-EM platform supports both wired and wireless enterprise networks across the Campus, Branch and WAN infrastructures. It offers the following benefits:
-
Creates an intelligent, open, programmable network with open APIs
-
Saves time, resources, and costs through advanced automation
-
Transforms business intent policies into a dynamic network configuration
-
Provides a single point for network wide automation and control
The following table describes the features and benefits of the Cisco APIC-EM.
Feature |
Description |
---|---|
Network Information Database (NIDB) |
The Cisco APIC-EM periodically scans the network to create a “single source of truth” for IT. This inventory includes all network devices, along with an abstraction for the entire enterprise network. |
Network topology visualization |
The Cisco APIC-EM automatically discovers and maps network devices to a physical topology with detailed device-level data. You can use this interactive feature to troubleshoot your network. |
EasyQoS |
The EasyQoS feature enables you to configure quality of service on the devices in your network that have been discovered by the Cisco APIC-EM. Using EasyQoS, you can group devices and then define the business relevance of applications that are used in your network. The Cisco APIC-EM takes your QoS selections, translates them into the proper command line interface (CLI) commands, and deploys them onto the selected devices. |
Cisco Network Plug and Play application |
The Cisco Network Plug and Play solution is a converged solution that extends across Cisco's enterprise portfolio. It provides a highly secure, scalable, seamless, and unified zero-touch deployment experience for customers across Cisco routers, switches and wireless access points. |
Cisco Intelligent WAN (IWAN) application |
The separately licensed IWAN application for APIC-EM simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links. |
Public Key Infrastructure (PKI) server |
The Cisco APIC-EM provides an integrated PKI service that acts as Certificate Authority (CA) to automate X.509 SSL certificate lifecycle management. Applications, such as IWAN and PnP, use the capabilities of the imbedded PKI service for automatic SSL certificate management. |
Path Trace application |
The path trace application helps to solve network problems by automating the inspection and interrogation of the flow taken by a business application in the network. |
High Availability (HA) |
HA is provided in N+ 1 redundancy mode with full data persistence for HA and Scale. All the nodes work in Active-Active mode for optimal performance and load sharing. |
Back Up and Restore |
The Cisco APIC-EM supports complete back up and restore of the entire database from the controller GUI. |
Audit Logs (IWAN) |
The Cisco APIC-EM provides a direct link to the IWAN Audit Logs, which allows you to view Cisco APIC-EM- and IWAN-related log entries. |
Cisco APIC-EM Components and Architecture
The Cisco APIC-EM consists of the components and architecture discussed in this section. To better troubleshoot any issues with the Cisco APIC-EM, you should review the topics in this section.
Appliances
The Cisco APIC-EM can be deployed on either a physical or virtual appliance.
-
For physical appliance support, the Cisco APIC-EM can be installed on the following Cisco UCS servers:
-
Cisco APIC-EM has been tested and qualified to run on these servers.
-
Any Cisco UCS server that meets the minimum system requirements as listed in the Release Notes for the Cisco Application Policy Infrastructure Controller Enterprise Module.
-
A physical appliance can also be a dedicated Cisco UCS server. The following two physical appliances are currently available:
-
Cisco APIC-EM Controller Appliance 10C-64G-2T (APIC-EM-APL-R-K9)
-
Cisco APIC-EM Controller Appliance 20C-128G-4T (APIC-EM-APL-G-K9)
Note
Contact Cisco support for additional information about the above appliances and for ordering information.
-
-
- For virtual appliance support, the Cisco APIC-EM can also be installed and deployed in a virtual machine that meets the minimum system requirements on VMware vSphere. For information about these requirements, see the Release Notes for the Cisco Application Policy Infrastructure Controller Enterprise Module
Hosts
You can set up either a single host or multi-host deployment for your network. A host is defined as an appliance, physical server, or virtual machine running instances of the Grapevine clients. The Grapevine root itself runs directly on the host's operating system. You can set up either a single host or multi-host deployment. A multi-host deployment with three hosts is best practice for both high availability and scale. Each Grapevine root in a multi-host configuration maintains an Active/Active status with the other Grapevine roots and is therefore able to coordinate with the other Grapevine roots the overall management of the cluster.
![]() Note | For additional information about a multi-host deployment, see the Cisco Application Policy Infrastructure Controller Enterprise Module Deployment Guide. |
Grapevine
The Cisco APIC-EM creates a Platform as a Service (PaaS) environment for your network, using Grapevine as an Elastic Services platform to support the controller's infrastructure and services. The Grapevine root and clients are key components of this infrastructure.
![]() Note | You can use a tool called the Grapevine developer console to troubleshoot roots and clients running services. The Grapevine developer console was bundled with the deployment files and installed when you first deployed the Cisco APIC-EM. You can access the Grapevine developer console at this controller IP address and port number: https://<controller IP address>:14141 |
Root and Clients
The Grapevine root handles all policy management in regards to service updates, as well as the service lifecycle for both itself and the Grapevine client. The Grapevine client is where the supported services run.
For a list of the supported services for this release, see the Cisco Application Policy Infrastructure Controller Enterprise Module Deployment Guide.
![]() Note | You can remotely log into the root using SSH (Secure Shell) to troubleshoot any issues. A default idle timeout of 1 hour has been set for an SSH console login. You will be automatically logged out after 1 hour of inactivity on the SSH console. |
Services
The Cisco APIC-EM creates a Platform as a Service (PaaS) environment for your network. A service in this PaaS environment is a horizontally scalable application that adds instances of itself when demand increases, and frees instances of itself when demand decreases.
For a list of the supported services for this release, see the Cisco Application Policy Infrastructure Controller Enterprise Module Deployment Guide.
Databases
The Cisco APIC-EM supports two databases: application and Grapevine. The application database is used for the application and external networking data. The Grapevine database is used for the Grapevine and internal network data. Both databases are replicated in a multi-host environment for scale and high availability.
Networks
The Cisco APIC-EM architecture requires both external and internal networks to operate:
-
The external network(s) consists of the network hosts, devices, and NTP servers, as well as providing access to the northbound REST APIs. The external network(s) also provides access to the controller GUI.
-
The internal network consists of the Grapevine roots and clients that are connected to and communicate with each other (service to service). For forwarding to or receiving traffic from the larger external network (that consists of the connected devices and hosts, as well as NTP servers), all inbound and outbound traffic for this internal network passes through a subset of clients connected to the external network. The internal network is isolated and nonroutable from the external network(s), as well as any other internal network.
Network Connections and NICs
The network adapters (NICs) on the host (physical or virtual) are connected to the following external networks:
-
Internet (network access required for Make A Wish requests, Telemetry, and trustpool updates)
-
Network with NTP server(s)
-
Network with devices that are to be managed by the Cisco APIC-EM
![]() Note | The Cisco APIC-EM should never be directly connected to the Internet. It should not be deployed outside of a NAT configured or protected datacenter environment. |