Vous êtes sur la page 1sur 29

ACI Fundamentals Lab

Ivan Andjelkovic
Systems Engineer
Agenda

1)Why Application Centric Infrastructure (ACI)


2)ACI components and benefits
3)What is Application in ACI
4)Logical model
5)Lab logistics

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Industry Trends

DevOps

New operational models are driving the need for infrastructure change.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Agile Networking Needed
Datacenter Spending (%) Over Time
100%
• Operating expenses
90%
represent over 80%
80%
of DC spending
70%

60% • Dynamic (Re-


50% )programming of the
40% Network is needed to curb
30%
OpEx increase driven by
20%
Server Virtualization
10%

0%
06 07 08 09 10 11 12 13
Server Spending Standalone Servers - Mgnt & Admin
Virtual Servers - Mgnt & Admin Power & Cooling Expense

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Source: IDC, 2011 “New Economic Model for the Datacenter” Cisco Confidential 4
Agenda

1)Why Application Centric Infrastructure (ACI)


2)ACI components
3)What is Application in ACI
4)Logical model
5)Lab logistics

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
ACI Introduces Logical Network Provisioning of Stateless
Hardware
Web App DB

QoS QoS QoS


Outside
(Tenant VRF) Filter Service Filter

APIC

ACI Fabric Application Policy


Infrastructure
Non-Blocking Penalty Free Overlay Controller

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
ACI Fabric
ACI Spines

One Logical System to Manage

Any IP address anywhere !!


ACI Leafs

L4 -7 Services
External L2 / L3 Servers

APIC APIC APIC APIC Cluster

OOB Managment
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Multi-Hypervisor-Ready Fabric

Network
Admin
Hypervisor Integration APIC

APIC
ACI Fabric
• Integrated gateway for VLAN,
VxLAN, NVGRE networks from
virtual to physical
VLAN VLAN VLAN VLAN
VXLAN NVGRE VXLAN
• Normalization for NVGRE, VXLAN,
and VLAN networks ESX Hyper-V KVM

• Customer not restricted by a


PHYSICAL
choice of hypervisor SERVER

• Fabric is ready for multi-


Application Hypervisor
hypervisor Admin Management
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Application Awareness
Application-Level Visibility
Triggered Events Actions:
or Queries No new hosts or VMs
ACI Fabric provides the next generation PetStore Event Evacuate hypervisors
of analytic capabilities Re-balance clusters

Per application, tenants, and


infrastructure:
• Health scores
PetStore Dev PetStore Prod PetStore QA
• Latency • Leaf 1 and 2 • Leaf 2 and 3 • Leaf 3 and 4
• Spine 1 – 3 • Spine 1 – 2 • Spine 2 – 3
• Atomic counters • Atomic counters • Atomic counters • Atomic counters

• Resource consumption
APIC
Integrate with workload placement or
migration
VXLAN Physical and
Per-Hop Virtual as One
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Visibility Cisco Confidential 9
Northbound API System Automation
• Rapid integration with existing Management Tools
management frameworks
• OpenStack
Hypervisor Orchestration
• Tenant- and application-aware Management Frameworks

Object-Oriented Comprehensive
Open Ecosystem
Centralized Automation Programmability and
RESTful XML / JSON Framework System Access

Southbound API
• Publish data model
• Open source
• Enables application portability

*Only straight chains supported at FCS

C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Agenda

1) Why Application Centric Infrastructure (ACI)


2) ACI components
3) What is Application in ACI
4) Logical model
5) Lab logistics

C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Application Language Barriers

Developers Infrastructure Teams

Application VLANs
Tiers
Subnets
Provider / Protocol
Consumer s
Relationship Ports
s

Developer and infrastructure teams must translate between disparate languages.

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
What is an Application to the Network?

It is More than just a VM or Server


 It is collection of all the Application’s End Points
 ‘plus’
 The Application’s L2 – L7 Network Policies
 ‘plus’
 The Relationship between these End Points and their Policies

Web Tier App Tier DB Tier


QoS End Points QoS End Points QoS End Points
External
Service Service Service
Network
Filter Filter Filter

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Application Policy Model and Instantiation
Application
Client
Application policy model: Defines the
application requirements (application Storage Storage
network profile)
Web App Tier DB Tier
Tier

Policy instantiation: Each device


dynamically instantiates the required APIC
changes based on the policies
VM VM VM VM VM VM VM

10.2.4.7 10.9.3.37 10.32.3.7

All forwarding in the fabric is managed through the application network profile
• IP addresses are fully portable anywhere within the fabric
• Security and forwarding are fully decoupled from any physical or virtual network attributes
• Devices autonomously update the state of the network based on configured policy requirements
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Application Network Profiles

Application Network Profile

Inbound/Outbound Inbound/Outbound
Policies - Contracts Policies - Contracts

Application Network profiles are a group of EPGs and the policies that define the communication
between them.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Filter Action Label
TCP Port 80 Permit Web Access

Subjects are a combination of


Subject Filter | Action | Label
A filter, an action and a label

Contract 1
Contracts define
Subject 1
communication
between source and Subject 2
destination EPGs
Subject 3

Contracts are groups of subjects which define communication between EPGs.

C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
18
Policy Table Size Reduction
Sources Destinations

1 Filters
1
Total policy entries = n * m * f
2 1 - Allow x
2
3 2 - Deny y
3
Standard model requires 100
policy entries
4 3 - Allow x
4
5 4 - Deny y
5 – Allow x
n=5 f=5 m=4

Source EPG Destination EPG

1 Filters
1
2 1 - Allow x
2 ACI model requires 5 policy
3 2 - Deny y
3 entries
4 3 - Allow x
4
5 4 - Deny y
5 – Allow x
n=1 f=5 m=1
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
ACI Layer 4 - 7 Service Integration
Centralized, Automated, and Supports Existing Model

• Elastic service insertion architecture for Web Tier Policy Redirection


App Tier
A B
physical and virtual services Web Web
Web App
Server Server
• Helps enable administrative separation Application Server Server
Admin Chain
between application tier policy and “Security 5”
service definition
• APIC as central point of network control
“Security 5” Chain Defined
with policy coordination

Service
…..

Graph
• Automation of service bring-up / tear- begin Stage 1 Stage N end

down through programmable interface

Service Profile
• Supports existing operational model inst inst

Providers
Service


when integrated with existing services Admin inst
……..
inst

• Service enforcement guaranteed, Firewall Load Balancer

regardless of endpoint location


© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
End-Point Groups

Phys Virtual VxLAN NVGRE


FCS End-Points VLAN
Port Port

DHCP VM
Future End-Points Subnet DNS * DNS Pool Attribute

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Agenda

1)Why Application Centric Infrastructure (ACI)


2)ACI components
3)What is Application in ACI
4)Logical model
5)Lab logistics

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Logical Model Overview
root\uni

Tenant A Tenant B

Private-L3 A Private-L3 B Private-L3 A

Bridge Domain Bridge Domain Bridge Domain Bridge Domain

Subnet A Subnet B Subnet A Subnet D

Subnet C

Private-L3 and subnets are independent between tenants


© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Mapping the ACI Logical Model to 7 Layer OSI for Network
Engineers
7 Layer OSI Model ACI Constructs that apply
Application
Presentation
Session Contracts, Graphs, ANP
Transport
Network BD (SVI), Private Network (VRF lite)
Data Link EPG, BD, Policy Groups (VPC, PC,
Interfaces), Encapsulation (VLAN,
VXLAN, NVGRE)
Physical Policy, AEP, Domains
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
(Physical/VMM) Cisco Confidential 24
How to connect with the external devices

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Agenda

1)Why Application Centric Infrastructure (ACI)


2)ACI components
3)What is Application in ACI
4)Logical model
5)Lab logistics

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Lab Topics

1)GUI Overview
2)API Inspector and Postmen
3)ACI Forwarding Constructs
4)Application Networking Profile (ANP)
5)Integration with vCenter
6)External L2 connectivity
7)External L3 connectivity

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Lab Logistics
- Ask me with any question you might have!
- There are 3 documents
ACI Fundamentals Lab Guide – THE lab guide
ACI Lab Setup and Connectivity – Missing steps to be
used when setting up your ACI from scratch
Optional ACI Simulator Lab – Steps from the previous
document available on the Simulator
- Link to documents, the password and pod assignment
are provided by instructor. The rest is in the lab guide.
- Replace X with your pod number!
- Ask me with any questions you might have!
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Resources

- dCloud (5 ACI related labs)


http://dcloud.cisco.com/
- TNI Lab used for ACI FE bootcamp
http://dcv-labs.labgear.net/Home.asp
- Adam Raffe blog (great Cisco Live presentation)
http://adamraffe.com/2015/02/04/my-cisco-live-milan-aci-
sessions/

Both Lab resources and Cisco Live content are free of charge for
Cisco partners. You will have to go through sign up process.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29