Académique Documents
Professionnel Documents
Culture Documents
with ACI
Lilian Quan – Principle Engineer, INSBU
Tim Garner – TME, INSBU
Erum Frahim – Technical Leader, Services
LTRACI-1210
This session will help the participants to understand the key concepts
of new SDN based datacenter solution "Application Centric
Infrastructure(ACI)". Using API Controller (APIC), this session will help
the participants to how to transition the traditional networks into the
ACI. Students of this class will learn how to configure, deploy the ACI
Application Network Profile and integrate services such as Firewalls in
addition able to learn how to program it using Python/API and scale the
environment.
3
Agenda
• Cisco ACI Overview
• ACI Application Network Profile
• ACI Multi-Tenancy Construct
• ACI Policy Contract
• ACI Layer4-7 Service Integration
• Hypervisor Integration
• ACI Adoption Model
• Migration to ACI
• Lab Introduction
4
Agenda
• Cisco ACI Overview
• ACI Application Network Profile
• ACI Multi-Tenancy Construct
• ACI Policy Contract
• ACI Layer4-7 Service Integration
• Hypervisor Integration
• ACI Adoption Model
• Migration to ACI
• Lab Introduction
5
ACI and Nexus 9000 Breaking Away
COMPUTE NETWORK
APPLICATION CLOUD
6
Application Centric Infrastructure
Cisco’s SDN Solution for Data Center Networking
Rapid Deployment of Applications onto Networks with Scale, Security and Full Visibility
GROUP-BASED
ACI FABRIC CONTROLLER
POLICIES
Best SDN Controller
Interop 2015
ACI
7
Logical Provisioning of Stateless Hardware
Power of Abstraction
UCS
Mobile Phone Service Profile
SIM Card Identity for a Server
Identity for a Phone
UCS Service Profile
Unified Device Management
Network Policy
Storage Policy
Server Policy
8
ACI Fabric:
Logical Provisioning of Stateless Network
ACI Fabric • Extend the principle of Cisco UCS®
Application Profile Manager service profiles to the entire
Identity for the Network fabric
• Network profile: stateless definition of
application requirements
− Application tiers
− Connectivity policies
− Layer 4 – 7 services
− XML/JSON schema
• Fully abstracted from the infrastructure
implementation
− Removes dependencies of the infrastructure
− Portable across different data center fabrics
9
Application Policy Model and Instantiation
Application
Client
Application policy model: Defines
the application requirements Storage Storage
(application network profile)
Web Tier App Tier DB Tier
All forwarding in the fabric is managed through the application network profile
• IP addresses are fully portable anywhere within the fabric
• Security and forwarding are fully decoupled from any physical or virtual network attributes
• Devices autonomously update the state of the network based on configured policy requirements
10
ACI Fabric – Application Agility & Visibility
Application
Tenant
Health Health
Score Score
Latency Latency
Isolation Isolation
APP
APP VISIBILITY
MOBILITY
11
Agenda
• Cisco ACI Overview
• ACI Application Network Profile
• ACI Multi-Tenancy Construct
• ACI Policy Contract
• ACI Layer4-7 Service Integration
• Hypervisor Integration
• ACI Adoption Model
• Migration to ACI
• Lab Introduction
12
Cisco ACI Fabric Multi-Tenancy Construct
Tenants
13
Cisco ACI Fabric Multi-Tenancy Construct
Private Networks
Pepsi-Tenant Coke-Tenant
Private Network 1 Private Network 1 Private networks (also called
VRFs or contexts) are defined
within a tenant to allow
isolated and potentially
overlapping IP address space.
Private Network 2 Private Network 2
14
Cisco ACI Fabric Multi-Tenancy Construct
Bridge Domains
15
Cisco ACI Fabric Multi-Tenancy Construct
End Point Groups (EPGs)
Pepsi-Tenant Coke-Tenant
Private Network 1 Private Network 1
Bridge Domain 1 EPG Bridge Domain 1 EPG EPGs exist within a single
Bridge Domain 2
bridge domain only – they do
EPG Bridge Domain 2 EPG
not span bridge domains.
16
Cisco ACI Fabric Multi-Tenancy Construct
Mapping the Configuration to the Packet Coke-Tenant
• ACI Fabric leverages VXLAN Encapsulation to build Private Network 1
network overlay
Bridge Domain 1 EPG
• VXLAN Source Group is used as a tag/label to identify the
specific end point for each application function (EPG) Bridge Domain 2 EPG
Flags/DR
Flags Source Class ID == EPG VNID == BD/VRF M/LB/SP
E
17
Agenda
• Cisco ACI Overview
• ACI Application Network Profile
• ACI Multi-Tenancy Construct
• ACI Policy Contract
• ACI Layer4-7 Service Integration
• Hypervisor Integration
• ACI Adoption Model
• Migration to ACI
• Lab Introduction
18
Cisco ACI Fabric Multi-Tenancy Construct
Tenant “Coke”
Infrastructure
Private Network 1 Private Network 2
EPG web
EPG WEB EPG DB Policy “HTTP”
Apps
Policy “HTTP” EPG db
Policy “SQL”
EPG APP Policy “SQL”
EPG app
19
Defining Application Logic Through Policy
Applications and Conversations
App
Users Web Servers DB
Farm Farm
20
Defining Application Logic Through Policy
The Provider Consumer Relationship
App
Users Web Farm Servers
21
Building ACI Contracts
Filter Action Label
TCP Port 80 Permit Web Access
22
Agenda
• Cisco ACI Overview
• ACI Application Network Profile
• ACI Multi-Tenancy Construct
• ACI Policy Contract
• ACI Layer4-7 Service Integration
• Hypervisor Integration
• ACI Adoption Model
• Migration to ACI
• Lab Introduction
23
Cisco ACI Layer 4-7 Service Integration (1)
Application Profile
24
Cisco ACI Layer 4-7 Service Integration (2)
Policy Enforcement
Web Tier App Tier
• Elastic service insertion architecture for A B
Web Web
physical and virtual services Web
Server
App
Server
Server
Server
Application
• APIC as central point of network control Admin Chain
“Security 5”
with policy coordination
• Automation of service bring-up/tear-down
through programmable interface “Security 5” Chain Defined
Service
Graph
begin Stage 1 ….. Stage N end
when integrated with existing services
• Service enforcement assured, regardless
Service Profile
inst inst
Providers
of endpoint location
…
Service ……..
Admin inst inst
25
Agenda
• Cisco ACI Overview
• ACI Application Network Profile
• ACI Multi-Tenancy Construct
• ACI Policy Contract
• ACI Layer4-7 Service Integration
• Hypervisor Integration
• ACI Adoption Model
• Migration to ACI
• Lab Introduction
26
Hypervisor Integration with ACI
Relationship is formed between APIC and
APIC Virtual Machine Manager (VMM)
ACI Fabric implements policy on Virtual
Networks by mapping Endpoints to EPGs
Endpoints in a Virtualized environment are
represented as the vNICs
VMM applies network configuration by placing
Application Network Profile vNICs into:
EPG EPG EPG
F/W WEB L/B APP DB Port Groups (VMWare),
VM Networks (Hyper-V)
WEB PORT GROUP APP PORT GROUP DB PORT GROUP Networks (OpenStack)
EPGs are exposed to the VMM as a 1:1
mapping to Port Groups, VM Networks or
VM VM VM
OpenStack Networking.
27
Agenda
• Cisco ACI Overview
• ACI Application Network Profile
• ACI Multi-Tenancy Construct
• ACI Policy Contract
• ACI Layer4-7 Service Integration
• Hypervisor Integration
• ACI Adoption Model
• Migration to ACI
• Lab Introduction
28
ACI Fabric Powered with Group-Based Policies
Connectivity
ACI Fabric
30
03 Approaches to EPG mapping on ACI
32
Co-Existence of ACI Hosted Applications With
Existing Application Components
Subnet ‘A’
Subnet ‘B’
Classical L2/L3
ACI - VXLAN
33
Lab Topology
Legacy DC ACI DC
Classical L2
L3 Links
Core1 Core2
ACI Infra
Agg1 Agg2
FI FI
UCS B Chassis
34
LAB Agenda
• Section I: Deploy ACI Fabric
• Create your Tenant
• Deploy the 3-Tier Application Policy
• Connect the Fabric to External Core
35
LAB Migration Scenario
• Bring Up the ACI fabric
Classical L2
L3 Links
Core1 Core2
ACI Infra
Subnet ‘A’
Subnet ‘B’
Agg1 Subnet ‘C’ Agg2
Subnet ‘D’
FI FI
UCS B Chassis
36
Lab Migration
• Integrate the VMware Domain and Tenant Configuration
Classical L2
L3 Links
Core1 Core2
ACI Infra
Subnet ‘A’
Subnet ‘B’
Agg1 Subnet ‘C’ Agg2
Subnet ‘D’
FI FI
UCS B Chassis
37
Migration Planning: Provide External Connectivity
• Connect the Fabric to Outside via L3out
Classical L2
L3 Links
Core1 Core2
ACI Infra
Subnet ‘A’
Subnet ‘B’
Agg1 Subnet ‘C’ Agg2
Subnet ‘D’
FI FI
UCS B Chassis
38
Migration Planning: Fabric in L2 Mode
• Extent the Fabric to Legacy Datacenter via L2 Extension
Classical L2
L3 Links
Core1 Core2
ACI Infra
Subnet ‘A’
Subnet ‘B’
Agg1 Subnet ‘C’ Agg2
Subnet ‘D’
FI FI
UCS B Chassis
39
Migration Planning: Migrate the Default Gateway
• Start Migrating the Hosts
Classical L2
L3 Links
Core1 Core2
ACI Infra
Subnet ‘A’
Subnet ‘B’
Agg1 Agg2 Subnet ‘C’
Subnet ‘D’
FI FI
UCS B Chassis
40
Migration Planning: Migrate the Default Gateway
• Shut the SVI on N7ks and configure the BridgeDomains on the Fabric
Classical L2
L3 Links
Core1 Core2
ACI Infra
Subnet ‘A’
Subnet ‘B’
Agg1 Agg2 Subnet ‘C
Subnet ‘D’
FI FI
UCS B Chassis
41
Migration Complete
• Remove all the Server Connections and migrate them to ACI
Classical L2
L3 Links
Core1 Core2
ACI Infra
Subnet ‘A’
Subnet ‘B’
Agg1 Agg2 Subnet ‘C
Subnet ‘D’
FI FI
UCS B Chassis
42
APIC: Logical Tenant Layout
POD-X Tenant
Private Network 1
Bridge Domain DB
10.1X.3.1/24 DB EPG-VLANX3
43
Access to Lab
• RDP: vxlanlab.ciscolive.com:3390
• Username: acilab\podX <-- this is case sensitive
• Password: Provided by Proctor
• Manual:
• Manual is located inside the RDP session
• If it is already not opened, open the Chrome Browser
44
Call to Action
• Visit the World of Solutions for
• Cisco Campus
• Walk in Labs
• Technical Solution Clinics
47