ACI Lab Presentation PDF

ACI Fundamentals Lab
Ivan Andjelkovic
Systems Engineer
Agenda
1)Why Application Centric Infrastructure (ACI)

2)ACI components and benefits
3)What is Application in ACI
4)Logical model
5)Lab logistics
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Industry Trends
DevOps
New operational models are driving the need for infrastructure change.
Agile Networking Needed
Datacenter Spending (%) Over Time
100%
• Operating expenses
90%
represent over 80%
80%
of DC spending
70%
60% • Dynamic (Re-

50% )programming of the
40% Network is needed to curb
30%
OpEx increase driven by
20%
Server Virtualization
10%
0%
06 07 08 09 10 11 12 13
Server Spending Standalone Servers - Mgnt & Admin
Virtual Servers - Mgnt & Admin Power & Cooling Expense
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Source: IDC, 2011 “New Economic Model for the Datacenter” Cisco Confidential 4
Agenda

2)ACI components
4)Logical model
5)Lab logistics
ACI Introduces Logical Network Provisioning of Stateless
Hardware
Web App DB
QoS QoS QoS

Outside
(Tenant VRF) Filter Service Filter
APIC
ACI Fabric Application Policy

Infrastructure
Non-Blocking Penalty Free Overlay Controller
ACI Fabric
ACI Spines
One Logical System to Manage
Any IP address anywhere !!

ACI Leafs
L4 -7 Services
External L2 / L3 Servers
APIC APIC APIC APIC Cluster
OOB Managment
Multi-Hypervisor-Ready Fabric
Network
Admin
Hypervisor Integration APIC
APIC
ACI Fabric
• Integrated gateway for VLAN,
VxLAN, NVGRE networks from
virtual to physical
VLAN VLAN VLAN VLAN
VXLAN NVGRE VXLAN
• Normalization for NVGRE, VXLAN,
and VLAN networks ESX Hyper-V KVM
• Customer not restricted by a

PHYSICAL
choice of hypervisor SERVER
• Fabric is ready for multi-

Application Hypervisor
hypervisor Admin Management
Application Awareness
Application-Level Visibility
Triggered Events Actions:
or Queries No new hosts or VMs
ACI Fabric provides the next generation PetStore Event Evacuate hypervisors
of analytic capabilities Re-balance clusters
Per application, tenants, and

infrastructure:
• Health scores
PetStore Dev PetStore Prod PetStore QA
• Latency • Leaf 1 and 2 • Leaf 2 and 3 • Leaf 3 and 4
• Spine 1 – 3 • Spine 1 – 2 • Spine 2 – 3
• Atomic counters • Atomic counters • Atomic counters • Atomic counters
• Resource consumption
APIC
Integrate with workload placement or
migration
VXLAN Physical and
Per-Hop Virtual as One
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Visibility Cisco Confidential 9
Northbound API System Automation
• Rapid integration with existing Management Tools
management frameworks
• OpenStack
Hypervisor Orchestration
• Tenant- and application-aware Management Frameworks
Object-Oriented Comprehensive
Open Ecosystem
Centralized Automation Programmability and
RESTful XML / JSON Framework System Access
Southbound API
• Publish data model
• Open source
• Enables application portability
*Only straight chains supported at FCS
C97-730020-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Agenda
1) Why Application Centric Infrastructure (ACI)

2) ACI components
3) What is Application in ACI
4) Logical model
5) Lab logistics
Application Language Barriers
Developers Infrastructure Teams
Application VLANs
Tiers
Subnets
Provider / Protocol
Consumer s
Relationship Ports
s
Developer and infrastructure teams must translate between disparate languages.
What is an Application to the Network?
It is More than just a VM or Server

 It is collection of all the Application’s End Points
 ‘plus’
 The Application’s L2 – L7 Network Policies
 ‘plus’
 The Relationship between these End Points and their Policies
Web Tier App Tier DB Tier

QoS End Points QoS End Points QoS End Points
External
Service Service Service
Network
Filter Filter Filter
Application Policy Model and Instantiation
Application
Client
Application policy model: Defines the
application requirements (application Storage Storage
network profile)
Web App Tier DB Tier
Tier
Policy instantiation: Each device

dynamically instantiates the required APIC
changes based on the policies
VM VM VM VM VM VM VM
10.2.4.7 10.9.3.37 10.32.3.7
All forwarding in the fabric is managed through the application network profile
• IP addresses are fully portable anywhere within the fabric
• Security and forwarding are fully decoupled from any physical or virtual network attributes
• Devices autonomously update the state of the network based on configured policy requirements
Application Network Profiles
Application Network Profile
Inbound/Outbound Inbound/Outbound
Policies - Contracts Policies - Contracts
Application Network profiles are a group of EPGs and the policies that define the communication
between them.
Filter Action Label
TCP Port 80 Permit Web Access
Subjects are a combination of

Subject Filter | Action | Label
A filter, an action and a label
Contract 1
Contracts define
Subject 1
communication
between source and Subject 2
destination EPGs
Subject 3
Contracts are groups of subjects which define communication between EPGs.
18
Policy Table Size Reduction
Sources Destinations
1 Filters
1
Total policy entries = n * m * f
2 1 - Allow x
2
3 2 - Deny y
3
Standard model requires 100
policy entries
4 3 - Allow x
4
5 4 - Deny y
5 – Allow x
n=5 f=5 m=4
Source EPG Destination EPG
1 Filters
1
2 1 - Allow x
2 ACI model requires 5 policy
3 2 - Deny y
3 entries
4 3 - Allow x
4
5 4 - Deny y
5 – Allow x
n=1 f=5 m=1
ACI Layer 4 - 7 Service Integration
Centralized, Automated, and Supports Existing Model
• Elastic service insertion architecture for Web Tier Policy Redirection

App Tier
A B
physical and virtual services Web Web
Web App
Server Server
• Helps enable administrative separation Application Server Server
Admin Chain
between application tier policy and “Security 5”
service definition
• APIC as central point of network control
“Security 5” Chain Defined
with policy coordination
Service
…..
Graph
• Automation of service bring-up / tear- begin Stage 1 Stage N end
down through programmable interface
Service Profile
• Supports existing operational model inst inst
Providers
Service
…
when integrated with existing services Admin inst
……..
inst
• Service enforcement guaranteed, Firewall Load Balancer
regardless of endpoint location

End-Point Groups
Phys Virtual VxLAN NVGRE

FCS End-Points VLAN
Port Port
DHCP VM
Future End-Points Subnet DNS * DNS Pool Attribute
Agenda

2)ACI components
4)Logical model
5)Lab logistics
Logical Model Overview
root\uni
Tenant A Tenant B
Private-L3 A Private-L3 B Private-L3 A
Bridge Domain Bridge Domain Bridge Domain Bridge Domain
Subnet A Subnet B Subnet A Subnet D
Subnet C
Private-L3 and subnets are independent between tenants

Mapping the ACI Logical Model to 7 Layer OSI for Network
Engineers
7 Layer OSI Model ACI Constructs that apply
Application
Presentation
Session Contracts, Graphs, ANP
Transport
Network BD (SVI), Private Network (VRF lite)
Data Link EPG, BD, Policy Groups (VPC, PC,
Interfaces), Encapsulation (VLAN,
VXLAN, NVGRE)
Physical Policy, AEP, Domains
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
(Physical/VMM) Cisco Confidential 24
How to connect with the external devices
Agenda

2)ACI components
4)Logical model
5)Lab logistics
Lab Topics
1)GUI Overview
2)API Inspector and Postmen
3)ACI Forwarding Constructs
4)Application Networking Profile (ANP)
5)Integration with vCenter
6)External L2 connectivity
7)External L3 connectivity
Lab Logistics
- Ask me with any question you might have!
- There are 3 documents
ACI Fundamentals Lab Guide – THE lab guide
ACI Lab Setup and Connectivity – Missing steps to be
used when setting up your ACI from scratch
Optional ACI Simulator Lab – Steps from the previous
document available on the Simulator
- Link to documents, the password and pod assignment
are provided by instructor. The rest is in the lab guide.
- Replace X with your pod number!
- Ask me with any questions you might have!
Resources
- dCloud (5 ACI related labs)

http://dcloud.cisco.com/
- TNI Lab used for ACI FE bootcamp
http://dcv-labs.labgear.net/Home.asp
- Adam Raffe blog (great Cisco Live presentation)
http://adamraffe.com/2015/02/04/my-cisco-live-milan-aci-
sessions/
Both Lab resources and Cisco Live content are free of charge for
Cisco partners. You will have to go through sign up process.

ACI Lab Presentation PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

ACI Lab Presentation PDF

Hochgeladen von

Copyright:

Verfügbare Formate

ACI Fundamentals Lab

1)Why Application Centric Infrastructure (ACI)

60% • Dynamic (Re-

1)Why Application Centric Infrastructure (ACI)

QoS QoS QoS

ACI Fabric Application Policy

One Logical System to Manage

Any IP address anywhere !!

APIC APIC APIC APIC Cluster

• Customer not restricted by a

• Fabric is ready for multi-

Per application, tenants, and

*Only straight chains supported at FCS

1) Why Application Centric Infrastructure (ACI)

Developers Infrastructure Teams

Developer and infrastructure teams must translate between disparate languages.

It is More than just a VM or Server

Web Tier App Tier DB Tier

Policy instantiation: Each device

10.2.4.7 10.9.3.37 10.32.3.7

Application Network Profile

Subjects are a combination of

Contracts are groups of subjects which define communication between EPGs.

Source EPG Destination EPG

• Elastic service insertion architecture for Web Tier Policy Redirection

down through programmable interface

• Service enforcement guaranteed, Firewall Load Balancer

regardless of endpoint location

Phys Virtual VxLAN NVGRE

1)Why Application Centric Infrastructure (ACI)

Private-L3 A Private-L3 B Private-L3 A

Bridge Domain Bridge Domain Bridge Domain Bridge Domain

Subnet A Subnet B Subnet A Subnet D

Private-L3 and subnets are independent between tenants

1)Why Application Centric Infrastructure (ACI)

- dCloud (5 ACI related labs)

Das könnte Ihnen auch gefallen