Deployment regions
In the Fabric Services System, a deployment region (or just "region") is a container for other intents. A region serves the following purposes:
- it logically groups intents together on the system map to make them more manageable.
- it is the level at which some connection properties are set; these properties are shared among all intents within the region.
- it maintains a deployment pipeline for all intents (fabric intents, workload VPN intents, and maintenance intents) within the region.
You cannot create an intent without assigning it to a region. For this reason, you must create a region before deploying any fabric intent, workload VPN intent, or maintenance intent.
The deployment pipeline
The deployment pipeline tracks the set of intents that have been deployed to nodes, or are awaiting deployment to nodes, within a single region. This includes fabric intents, workload VPN intents, and maintenance intents.
The deployment pipeline is a key feature of a region. Because the Fabric Services System can manage complex data center fabrics encompassing many nodes and multiple locations, there is the potential for operators to concurrently design and deploy a large number of intents (whether fabric intents, workload VPN intents, or maintenance intents). The deployment pipeline ensures that resources are allocated to each intent deployment, in sequence, to prevent simultaneous deployments from interfering with each other.
You can view the deployment pipeline, trigger deployments, and manage the deployment process from the region's deployment pipeline page.
Default pools
- System IP addresses
- Inter Switch Links (ISL) IP addresses
- Out of Band Management IP addresses
- Autonomous System numbers
These are the default pools that are available when creating fabric intents within the region. However you can create additional pools as part of the Network Resources available to objects within the Fabric Services System.
Managing multiple regions
The Fabric Services System supports multiple regions. Keep the following in mind when working with multiple regions:
- Some types of objects within the Fabric Services System are associated with a single
region, and are not available outside of that region. This includes:
- Fabric intents
- Workload VPN intents
- Maintenance intents
- Network Resources (IPAM)Note: An exception is that there cannot be any overlapping management IP CIDR blocks across the IP management pools of all regions.
- ACL and QoS global profiles
- Alarms and alarm profiles
- Labels and the label manager
- Operational and health insights
- Traffic mirroring
- The node inventory, including management profiles
- Global Configuration Overrides (GCO) and Contextual Configuration Overrides (CCO)
- Other objects are global - that is, not associated with any region, and are available
across all regions. This includes:
- User accounts, and their supporting objects like user groups and roles
- Anything that appears under Settings in the Fabric Services
System menu:
- software images
- the software catalog
- common application settings (currently pertaining to the geographical map)
- certificates
- Connect
- User accounts in the Fabric Services System can be associated with one or more regions.
Within the Fabric Services System UI, a user only sees those region-specific items that
belong to the regions to which that user has been granted access.
For example, when viewing a list of fabric intents (a region-specific object), the list only includes fabric intents that belong to one selected region; and a user can only select a region to which their user account has been granted access.
Lock to prevent changes that would affect fabrics
A configurable setting for deployment regions can protect fabrics from some changes that an operator can perform in the Fabric Services System UI.
- the deletion of any topology from the Topologies list if that topology is currently used by a fabric
- the creation of any new candidate of a fabric intent, if that candidate would delete any node or link in the current fabric
- when attempting to delete an item in the Topologies list, the deletion is prevented and a warning message displays describing why the action cannot be completed.
- when creating a new candidate for a fabric intent, the action fails during cable map generation. The events log includes an entry describing why the action cannot be completed.
When this toggle is disabled, these changes are not prevented.
The Region selector
If two or more regions have been configured in the Fabric Services System, use the Region selector at the top of the page to select the correct region context for the data that is displayed on the current page.
This selection can also impact actions you are taking on that page.
For example, when configuring a fabric intent, you must specify the region to which the fabric intent belongs. Although there is a Region parameter among the settings for the fabric intent, you cannot set its value directly. Instead, you must select the appropriate region context using the region selector at the top of the page. This selection automatically sets the Region parameter for the fabric to match your selection.