6.35M

Category:

management

Cisco ACI Overview

1. Cisco ACI Overview

[email protected]

2.

Cisco ACI Architecture and Building Blocks
Cisco Nexus 9000 Series Hardware
Cisco ACI Access Policies
Cisco ACI Logical Constructs
Cisco ACI Packet Flow Scenarios
© 2019 GREENNET. All rights reserved.
2

3.

Cisco ACI Overview, what is ACI
Network for data center, that operates as consistent system
Based on SDN concepts
Build by Nexus 9000 switches and APIC Controller
As name states Application Centric Infrastructure, build around
Application
ACI trues to be Application Centric not VLAN/IP/Routing centric
© 2019 GREENNET. All rights reserved.
3

4.

Cisco ACI Overview
Developers
Infrastructure Teams
Application
Tiers
Provider /
Consumer
Relationships
© 2019 GREENNET. All rights reserved.
VLANs
Subnets
Protocols
Ports
4

5.

Cisco ACI Architecture and Building Blocks
Application Centric Infrastructure
Nexus 9000
Switch
© 2019 GREENNET. All rights reserved.
Application Centric
Infrastructure
Controller
5

6.

Nexus 9000 Data Center Switch Product Line
Cisco Nexus 9000 is main switching platform in ACI
Cisco Nexus 9000 series have Fixed and Modular models
- Nexus 9200 – Fixed Form Factor (NX-OS only)
- Nexus 9300 – Fixed Form Factor
- Nexus 9500 – Modular Form Factor
© 2019 GREENNET. All rights reserved.
6

7.

Application Infrastructure Controller - APIC
ACI is managed, monitored and configured form Controller (APIC)
APIC provide single pane of glass for all aspect of ACI operation
APIC is software, running on top of Cisco UCS C series server
Currently APIC is available as appliance, or VM
APIC are sized based on total port number inside ACI network
© 2019 GREENNET. All rights reserved.
7

8.

Cisco ACI Topology
ACI is based on Clos topology
Clos topology is comprised by Leaf and Spine layers
Usually for simplicity referred as Leaf and Spine topology
© 2019 GREENNET. All rights reserved.
8

9.

Spine-Leaf Topology Benefits
Leaf and Spine strictly defined topology
Leaf connect to Spines
Spines don’t connect to other Spines
Leafs don’t connect to other Leafs
Endpoint, Servers, connect to Leafs
Connection to Spine used for DCI and GOLF*:
- ACI MultiPOD and MultiSite
Simple and consistent topology
Scalability for connectivity and bandwidth
Least-cost design for high bandwidth
Low latency and oversubscription
Symmetry for optimization of forwarding behavior
© 2019 GREENNET. All rights reserved.
9

10.

ACI – APIC Controller
APIC Controllers
© 2019 GREENNET. All rights reserved.
10

11.

Cisco ACI Topology
• Policy controller
• Holds the defined policy
- Management plane
- Not the control plane
- Not in the traffic path
• Redundant cluster of three or more servers
• Each server dual-homed for resilience
• Instantiates the policy changes
• Managed switches by OpFlex protocol
• M2, M3, L2, L3 Controller types, for different scale
• More that three APIC can be deployed for large fabric deployment
© 2019 GREENNET. All rights reserved.
11

12.

Cisco ACI Topology
© 2019 GREENNET. All rights reserved.
APIC Controllers Cluster
12

13.

Cisco ACI Topology
© 2019 GREENNET. All rights reserved.
13

14.

Cisco ACI Topology
© 2019 GREENNET. All rights reserved.
14

15.

Cisco ACI Topology
© 2019 GREENNET. All rights reserved.
15

16.

ACI Clos Architecture as big Chassis Switch
© 2019 GREENNET. All rights reserved.
16

17.

18.

19.

20.

21.

22.

• VTEPs (VXLAN Tunnel Endpoints) – Loopback address
• IS-IS is responsible for infrastructure connectivity.
- Advertises VTEP addresses.
- Computes multicast trees.
- Announces tunnels from every leaf to all other fabric nodes.
• IS-IS is tuned for a densely connected fabric
• IS-IS is also responsible for generating the multicast forwarding tag
(FTAG) trees in the fabric using vendor TLVs
© 2019 GREENNET. All rights reserved.
22

23.

Endpoints identified by IP or MAC address
Endpoint location specified by VTEP address
Forwarding occurs between VTEPs
Transport based on enhanced VXLAN header format
Distributed reachability database maps endpoints to VTEP
locations
© 2019 GREENNET. All rights reserved.
23

24.

25.

26.

Cisco ACI Fabric discovery prerequisites are these:
• Provide correct initial cabling of the Cisco ACI fabric.
• Create a Cisco APIC cluster over the out-of-band network.
• Cisco APIC nodes must run the same version of firmware.
© 2019 GREENNET. All rights reserved.
26

27.

28.

29.

30.

31.

32.

The Cisco ACI fabric uses LLDP- and DHCP-based fabric
discovery to automatically discover the fabric switch nodes,
assign the infrastructure VTEP addresses, and install the
firmware on the switches. Before this automated process, a
minimal bootstrap configuration must be performed on the
Cisco APIC.
© 2019 GREENNET. All rights reserved.
32

33.

34.

35.

Fabric name, number of controllers, controller ID, and controller name:
First, you must enter the fabric name, number of controllers (default is 3),
controller ID (which is a unique ID number for the Cisco APIC instance: 1, 2,
or 3), and the controller name. These values have to be unique among the
different APICs in the cluster.
© 2019 GREENNET. All rights reserved.
35

36.

Address pool for TEP addresses:
Enter the address pool for tunnel endpoint (TEP) addresses. The default IP
address pool for TEP tunnel endpoint addresses is 10.0.0.0/16. This value is
for the infrastructure VRF only. This subnet should not overlap with any other
routed subnets in your network. If this subnet does overlap with another
subnet, change this subnet to a different /16 subnet. The minimum
supported subnet for a 3-APIC cluster is a /23.
.
© 2019 GREENNET. All rights reserved.
36

37.

VLAN ID for infra network:
Enter the VLAN ID for infrastructure network. This infrastructure VLAN
serves for APIC-to-switch communication including virtual switches. Reserve
this VLAN for APIC use only. VLAN ID must not be used elsewhere in your
environment and must not overlap with any other reserved VLANs on other
platforms.
.
© 2019 GREENNET. All rights reserved.
37

38.

Configuring out-of-band (OOB) management:
- Out-of-band management IP address: Enter the IP address for the out-ofband management, which is the IP address that you use to access the Cisco
APIC through the GUI, CLI, or application programming interface (API). This
address must be a reserved address from the VRF.
- Default gateway IP address: Enter the IP address of the default gateway
for communication to external networks using out-of-band management.
© 2019 GREENNET. All rights reserved.
38

39.

40.

41.

42.

Communication between the various nodes and processes in the Cisco ACI
Fabric uses IFM, and IFM uses SSL-encrypted TCP communication. Each
Cisco APIC and fabric node has 1024-bit SSL keys that are embedded in
secure storage. The SSL certificates are signed by Cisco Manufacturing
Certificate Authority (CMCA).
© 2019 GREENNET. All rights reserved.
42

43.

44.

45.

46.

47.

48.

49.

1. Cisco APIC is configured with the cluster, fabric name, TEP ….
2. The leaf switch discovers the attached Cisco APIC via LLDP
3. The spine switch discovers the attached leaf switch via LLDP
4. All nodes in Cisco APIC cluster should contain the same bootstrap
3
5. The fabric can be discovered multiple sources concurrently.
2
1
© 2019 GREENNET. All rights reserved.
4
49

50.

51.

52.

Cisco APIC learns about the other Cisco APIC controllers via LLDP. After validating these
newly discovered Cisco APIC controllers in the cluster, the controllers update their local
appliance vector (AV), a mapping of an APIC ID to its IP address and universally unique
identifier (UUID). The APIC then discovers the leaves via LLDP and programs them with the
new AV. Switches then start advertising this new AV to their neighbors. This process
continues until all the switches have the identical AV and all Cisco APIC controllers know
the IP address of all the other Cisco APIC controllers.
© 2019 GREENNET. All rights reserved.
52

53.

Cisco APIC automatically discovers all spine and leaf switches. However, you
need to manually add switches as fabric node members in order for them to
participate in the Cisco ACI fabric.
© 2019 GREENNET. All rights reserved.
53

54. 55. Q & A

Q&A

English Русский Rules