We have observed that NDO currently has some important limitations that must be kept in mind:

• NDO frameworks have limitations, particularly NaC
• NDO itself has limitations
• certain configurations must necessarily be managed directly on the APIC

This consideration is far from trivial, and to fully understand it, we need to analyze how objects are created by NDO on the APIC.

Objects Created by APIC vs. NDO

When I manually create an object on the APIC, the annotation field is empty. If I create it through Terraform or Ansible, the field is populated with the name of the framework used.

However, when the object is created by NDO, it results in:

annotation: orchestrator:msc-shadow:no
children -> fvSiteAssociated -> children -> fvRemoteId

See files BD-MANUAL-ON-APIC.json and BD-94-FROM-NDO.json in the GitHub repository .

Modifying an Object Created by NDO

Let’s now look at a practical example: we need to add the IGMP Snooping policy since it is not supported by NDO with NaC. The Bridge Domain has unicastRoute disabled.

We modify the Bridge Domain using Terraform/NaC. The final result shows the following differences:

Continue reading the post on Patreon .