Automation Win: Recreating Cisco ACI Tenants in Public Cloud

This blog post was initially sent to the subscribers of our SDN and Network Automation mailing list. Subscribe here.

Most automation projects are gradual improvements of existing manual processes, but every now and then the stars align and you get a perfect storm, like what Adrian Giacommetti encountered during one of his automation projects.

The customer had well-defined security policies implemented in Cisco ACI environment with tenants, endpoint groups, and contracts. They wanted to recreate those tenants in a public cloud, but it took way too long as the only migration tool they had was an engineer chasing GUI screens on both platforms.

The customer decided to use Oracle cloud, but the same principles could apply to AWS, Azure or GCP.

Adrian was asked to automate the process, and figured out he might have stumbled on a motherlode.

Cisco ACI has rich REST API which allows you to extract all configuration (including everything Adrian needed) as well-formatted data structures. Forget screen scraping and crappy show commands… ACI speaks JSON to make your life easier.

Most public clouds are configurable through REST API, and most infrastructure-as-code tools like Terraform support those APIs.

The hard part of Adrian’s job was mapping ACI constructs into public cloud constructs, everything after that was relatively simple programming:

  • Extract data from Cisco ACI environment with REST API calls;
  • Write a data munging module that transforms Cisco ACI configuration into data structures usable by public cloud API;
  • Use public cloud REST API to recreate the environment, or use a templating tool to create a Terraform configuration file from the target data structure.

End result: the migration process took a few minutes instead of months of painstaking error-prone GUI hunting. For more details, read Adrian’s blog post, explore the source code he published on GitHub, and contact him if you have a similar project – he’s an independent consultant, and I’m sure he would appreciate some extra work.

Have you encountered a challenge that could be automated as successfully as this one? Managed to make it work? Leave a comment!

Recent posts in the same categories

2 comments:

  1. H 15 October 2020 12:43

    Of course writing code is great, but for the less brave, you can also just buy this.

    https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739609.html

  2. Ivan Pepelnjak 15 October 2020 01:04

    ... and how would that help migrating to Oracle cloud? ACI-on-cloud supports AWS and Azure, not to mention you're then limited to the least-common-denominator of ACI and your public cloud, and blessed with running a number of extra instances in the public cloud.

Add comment
Home
Sidebar