ACI Lab Presentation

ACI Fundamentals Lab
Ivan Andjelkovic
Systems Engineer
Agenda
1)Why Application Centric Infrastructure (ACI)
2)ACI components and benefits
3)What is Application in ACI
4)Logical model
5)Lab logistics
2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Industry Trends
DevOps
New operational models are driving the need for infrastructure change.
Cisco Confidential
Agile Networking Needed

Datacenter Spending (%) Over Time
100%
90%
Operating expenses
represent over 80%
of DC spending
Dynamic (Re)programming of the

Network is needed to curb
OpEx increase driven by
Server Virtualization
80%
70%
60%
50%
40%
30%
20%
10%
0%
06
07
08
Server Spending
Virtual Servers - Mgnt & Admin
09
10
11
12
13
Standalone Servers - Mgnt & Admin

Power & Cooling Expense
Source: IDC, 2011 New Economic Model for the Datacenter
Cisco Confidential
Agenda
2)ACI components
4)Logical model
5)Lab logistics
Cisco Confidential
ACI Introduces Logical Network Provisioning of Stateless

Hardware
Web
Outside
(Tenant VRF)
App
DB
QoS
QoS
QoS
Filter
Service
Filter
APIC
ACI Fabric
Non-Blocking Penalty Free Overlay
Application Policy
Infrastructure
Controller
Cisco Confidential
ACI Fabric
ACI Spines
One Logical System to Manage

Any IP address anywhere !!
ACI Leafs
External L2 / L3
L4 -7 Services
Servers
APIC
APIC
APIC
APIC Cluster
OOB Managment
Cisco Confidential
Multi-Hypervisor-Ready Fabric
Hypervisor Integration
Network
Admin
APIC
APIC
ACI Fabric
Integrated gateway for VLAN,

VxLAN, NVGRE networks from
virtual to physical
VLAN
VXLAN
Normalization for NVGRE, VXLAN,

and VLAN networks
ESX
Customer not restricted by a

choice of hypervisor
Fabric is ready for multihypervisor
VLAN
NVGRE
Hyper-V
VLAN
VXLAN
VLAN
KVM
PHYSICAL
SERVER
Application
Admin
Hypervisor
Management
Cisco Confidential
Application Awareness
Application-Level Visibility
ACI Fabric provides the next generation

of analytic capabilities
PetStore Event
Triggered Events
or Queries
Actions:
No new hosts or VMs
Evacuate hypervisors
Re-balance clusters
Per application, tenants, and

infrastructure:
Health scores
Latency
Atomic counters
Resource consumption
Integrate with workload placement or

migration
PetStore Dev
Leaf 1 and 2
Spine 1 3
Atomic counters
PetStore Prod
Leaf 2 and 3
Spine 1 2
Atomic counters
PetStore QA
Leaf 3 and 4
Spine 2 3
Atomic counters
APIC
VXLAN
Per-Hop
Visibility
Physical and
Virtual as One
Cisco Confidential
Northbound API
System
Management
Automation
Tools
Tenant- and application-aware
Hypervisor
Management
Orchestration
Frameworks
Object-Oriented
Centralized Automation
RESTful XML / JSON
Open Ecosystem
Framework
Rapid integration with existing

management frameworks
OpenStack
Comprehensive
Programmability and
System Access
Southbound API
Publish data model
Open source
Enables application portability
*Only straight chains supported at FCS
C97-730020-01 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
Agenda
1) Why Application Centric Infrastructure (ACI)
2) ACI components
3) What is Application in ACI
4) Logical model
5) Lab logistics
Cisco Confidential
11
Application Language Barriers

Infrastructure Teams
Developers
Application
Tiers
Provider /
Consumer
Relationship
s
VLANs
Subnets
Protocol
s
Ports
Developer and infrastructure teams must translate between disparate languages.

Cisco Confidential
12
Cisco Confidential
13
Cisco Confidential
14
What is an Application to the Network?

It is More than just a VM or Server
It is collection of all the Applications End Points
The Applications L2 L7 Network Policies
plus
plus
The Relationship between these End Points and their Policies
External
Network
QoS
Web Tier
End Points
QoS
App Tier
End Points
QoS
Service
Service
Service
Filter
Filter
Filter
DB Tier
End Points
Cisco Confidential
15
Application Policy Model and Instantiation

Application
Client
Application policy model: Defines the

application requirements (application
network profile)
Storage
Storage
App Tier
Web
Tier
DB Tier
Policy instantiation: Each device

dynamically instantiates the required
changes based on the policies
APIC
VM
VM
VM
VM
VM
VM
10.2.4.7 10.9.3.37
VM
10.32.3.7
All forwarding in the fabric is managed through the application network profile
IP addresses are fully portable anywhere within the fabric
Security and forwarding are fully decoupled from any physical or virtual network attributes
Devices autonomously update the state of the network based on configured policy requirements
Cisco Confidential
16
Application Network Profiles

Application Network Profile
Inbound/Outbound
Policies - Contracts
Inbound/Outbound
Policies - Contracts
Application Network profiles are a group of EPGs and the policies that define the communication
between them.
Cisco Confidential
17
Filter
Action
Label
TCP Port 80
Permit
Web Access
Subject
Filter | Action | Label
Subjects are a combination of

A filter, an action and a label
Contract 1
Contracts define
communication
between source and
destination EPGs
Subject 1
Subject 2
Subject 3
Contracts are groups of subjects which define communication between EPGs.

18
Cisco Confidential
18
Policy Table Size Reduction

Sources
1
2
3
4
5
n=5
Destinations
Filters
1 - Allow x
2 - Deny y
3 - Allow x
4 - Deny y
5 Allow x
f=5
Source EPG
1
2
3
4
5
n=1
1
2
3
4
Total policy entries = n * m * f

Standard model requires 100
policy entries
m=4
Destination EPG
Filters
1 - Allow x
2 - Deny y
3 - Allow x
4 - Deny y
5 Allow x
f=5
1
2
3
4
ACI model requires 5 policy

entries
m=1
Cisco Confidential
19
ACI Layer 4 - 7 Service Integration
Centralized, Automated, and Supports Existing Model

Elastic service insertion architecture for
physical and virtual services
Application
Admin
Web
App
Server
Server
Chain
Security 5
Stage 1
..
inst
inst
Firewall
inst
..
Service
Admin
Stage N
inst
Load Balancer
end
Service Profile
begin
Service
Graph
Security 5 Chain Defined
Automation of service bring-up / teardown through programmable interface
Service enforcement guaranteed,

regardless of endpoint location
App Tier
B
Web
Web
Server
Server
APIC as central point of network control

with policy coordination
Supports existing operational model

when integrated with existing services
Policy Redirection
Providers
Helps enable administrative separation

between application tier policy and
service definition
Web Tier
A
Cisco Confidential
20
End-Point Groups
FCS End-Points
Future End-Points
VLAN
Subnet
Phys
Port
DNS *
Virtual
Port
VxLAN
DNS
DHCP
Pool
NVGRE
VM
Attribute
Cisco Confidential
21
Agenda
2)ACI components
4)Logical model
5)Lab logistics
Cisco Confidential
22
Logical Model Overview

root\uni
Tenant A
Tenant B
Private-L3 A
Private-L3 A
Private-L3 B
Bridge Domain
Bridge Domain
Bridge Domain
Bridge Domain
Subnet A
Subnet B
Subnet A
Subnet D
Subnet C
Private-L3 and subnets are independent between tenants

Cisco Confidential
23
Mapping the ACI Logical Model to 7 Layer OSI for Network

Engineers
7 Layer OSI Model
ACI Constructs that apply
Application
Presentation
Session
Transport
Contracts, Graphs, ANP
Network
BD (SVI), Private Network (VRF lite)
Data Link
EPG, BD, Policy Groups (VPC, PC,

Interfaces), Encapsulation (VLAN,
VXLAN, NVGRE)
Physical
Policy, AEP, Domains

(Physical/VMM)
Cisco Confidential
24
How to connect with the external devices
Cisco Confidential
25
Agenda
2)ACI components
4)Logical model
5)Lab logistics
Cisco Confidential
26
Lab Topics
1)GUI Overview
2)API Inspector and Postmen
3)ACI Forwarding Constructs
4)Application Networking Profile (ANP)
5)Integration with vCenter
6)External L2 connectivity
7)External L3 connectivity
Cisco Confidential
27
Lab Logistics
- Ask me with any question you might have!
- There are 3 documents
ACI Fundamentals Lab Guide THE lab guide
ACI Lab Setup and Connectivity Missing steps to be
used when setting up your ACI from scratch
Optional ACI Simulator Lab Steps from the previous
document available on the Simulator
- Link to documents, the password and pod assignment
are provided by instructor. The rest is in the lab guide.
- Replace X with your pod number!
- Ask me with any questions you might have!
Cisco Confidential
28
Resources
- dCloud (5 ACI related labs)
http://dcloud.cisco.com/
- TNI Lab used for ACI FE bootcamp

http://dcv-labs.labgear.net/Home.asp
- Adam Raffe blog (great Cisco Live presentation)

http://adamraffe.com/2015/02/04/my-cisco-live-milan-acisessions/
Both Lab resources and Cisco Live content are free of charge for
Cisco partners. You will have to go through sign up process.
Cisco Confidential
29

ACI Lab Presentation

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

ACI Lab Presentation

Hochgeladen von

Copyright:

Verfügbare Formate

ACI Fundamentals Lab

2013-2014 Cisco and/or its affiliates. All rights reserved.

2013-2014 Cisco and/or its affiliates. All rights reserved.

Agile Networking Needed

Dynamic (Re)programming of the

Standalone Servers - Mgnt & Admin

Source: IDC, 2011 New Economic Model for the Datacenter

2013-2014 Cisco and/or its affiliates. All rights reserved.

ACI Introduces Logical Network Provisioning of Stateless

2013-2014 Cisco and/or its affiliates. All rights reserved.

One Logical System to Manage

Integrated gateway for VLAN,

Normalization for NVGRE, VXLAN,

Customer not restricted by a

ACI Fabric provides the next generation

Per application, tenants, and

Integrate with workload placement or

Tenant- and application-aware

Rapid integration with existing

C97-730020-01 2013 Cisco and/or its affiliates. All rights reserved.

Application Language Barriers

Developer and infrastructure teams must translate between disparate languages.

2013-2014 Cisco and/or its affiliates. All rights reserved.

2013-2014 Cisco and/or its affiliates. All rights reserved.

What is an Application to the Network?

It is collection of all the Applications End Points

The Applications L2 L7 Network Policies

The Relationship between these End Points and their Policies

2013-2014 Cisco and/or its affiliates. All rights reserved.

Application Policy Model and Instantiation

Application policy model: Defines the

Policy instantiation: Each device

Application Network Profiles

Filter | Action | Label

Subjects are a combination of

Contracts are groups of subjects which define communication between EPGs.

Policy Table Size Reduction

Total policy entries = n * m * f

2013-2014 Cisco and/or its affiliates. All rights reserved.

ACI model requires 5 policy

ACI Layer 4 - 7 Service Integration

Centralized, Automated, and Supports Existing Model

Security 5 Chain Defined

Automation of service bring-up / teardown through programmable interface

Service enforcement guaranteed,

APIC as central point of network control

Supports existing operational model

Helps enable administrative separation

2013-2014 Cisco and/or its affiliates. All rights reserved.

2013-2014 Cisco and/or its affiliates. All rights reserved.

Logical Model Overview

Private-L3 and subnets are independent between tenants

Mapping the ACI Logical Model to 7 Layer OSI for Network

ACI Constructs that apply

Contracts, Graphs, ANP

BD (SVI), Private Network (VRF lite)

EPG, BD, Policy Groups (VPC, PC,

Policy, AEP, Domains

2013-2014 Cisco and/or its affiliates. All rights reserved.

How to connect with the external devices

2013-2014 Cisco and/or its affiliates. All rights reserved.

2013-2014 Cisco and/or its affiliates. All rights reserved.

2013-2014 Cisco and/or its affiliates. All rights reserved.

- TNI Lab used for ACI FE bootcamp