ACI Fabric Mode

47 %
53 %
Information about ACI Fabric Mode
Technology

Published on February 20, 2014

Author: gseltzer

Source: slideshare.net

Description

Annual Top Gun: ACI Fabric Presentation

C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

NXOS NXOS w/ Enhancements Per-Box Programmability Network Ops Driven, Switch Automation C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. ACI Open, Flexible, & Choice of Programmability Modes Application Policy Infrastructure Controller 1/10/40/100GE Common Platform Centralized Fabric Programmability Policy Based Fabric Automation Cisco Confidential 2

NXOS Mode Only  Single Image NXOS image vs. system/kickstart Same image across Fixed/Modular  Integrated Fault Monitoring, Detection and Recovery Process crashes Feature Kernel crashes Hardware Failures API API Management Infrastructure Hgh Availability Infrastructure  Solutions – Fixed and Modular The network cannot API go down Stateful Process re-startability Stateful Switchover Hardware Drivers Netstack 64-bit Kernel Software Patching (Cold and/or In-Service)  In Service Software Upgrade (ISSU) C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

NXOS Mode Only High Density Data Center Features (Physical/Virtual) L2 Features: STP, vPC, VTP…. L3 Routing Protocol for IPv4/IPv6 (ISIS, BGP, OSPF, FHRP..), VRF-lite Multicast (IGMP, PIM-SM, ASM..) QoS, Security (L2/L3 ACL) 64-way ECMP (Equal Cost MultiPath Routing) VXLAN Bridging VMTracker Automation and Orchestration Power-on Auto Provisioning (PoAP) Chef/Puppet Integration XMPP Support OpenStack Network Plugin OpenDaylight Integration NX-API C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. NX-OS Resiliency Linux 3.4.10 64 bit kernel Stateful Process Restartability Stateful Switchover (Dual-Supervisor) Patching (Hot & Cold) In-Service Software Upgrade (ISSU) Generic Online Diagnostics Open Access And Visibility XML, JSON, REST, RPC, NetConf Embedded Event Manager (EEM) Dynamic Buffer, Flow Monitoring, Nagios Python Scripting BASH, BCM Shell access OpenFlow Support 64-Linux Containers for custom applications Cisco onePK SMTP Email “Pipe” output Cisco Confidential 4

NXOS Mode Only Optional Application  Provides a secure and segregated operating environment for applications  Can run either Cisco or Open Source applications  Can use standard Linux distributions  OS Level Virtualization  OnePK Controller (Physical or VM hosted)  Open Standard Protocol  Custom Protocol Shared Kernel  Shared physical resources  Nexus Platform LXC Container Isolation through name spaces agent onePK Policy API (Nexus Platform) NXOS C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

NXOS Mode Only DC Fabric (non-blocking) DC Core DC Aggregation DC PODs DC Access Nexus 9300 ToR Nexus 9300 ToR Nexus 22xx ToR Nexus 9300 ToR Nexus 9300 ToR Nexus 22xx U CS 1GE/10GE Server Access Nexus 9500 EoR 10GE Server Access Up to 12-way Nexus 9500 DC Spine Up to 288 Leafs DC Leaf Nexus 9300 (ToR) Nexus 9500 (EoR) Nexus 22xx Nexus 22xx Enables and Support L2/L3 at Scale C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

NXOS Mode Only Bridged VXLAN Overlay Nexus 9300 VTEPs (VXLAN GW) Nexus 9500 Nexus 9300 VTEPs (VXLAN GW) VTEP (VXLAN GW) Hypervisor VTEP VLANs VLANs VxLANs VLANs • Virtual Tunnel End Points (VTEPs) may exist in software or on the Nexus9000 in hardware that supports: • • VxLAN Bridging, Termination and Routing VxLAN Routing requires Merchant+ functionality C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Extend Layer2 Connectivity between Virtual and Physical Devices Cisco Confidential 7

SCALABLE 1 GE/10 Gbps/40 Gbps/100 GE PERFORMANCE Nexus® 9300 FCS Q4 2013 FCS Q1 2014 FCS Q1 2014 Nexus 9500 FCS Q4 2013 Aggregation line card 36 40G QSFP+ FCS Q1 2014 ACI Ready Leaf Line Card 48 1/10G-T & 4 QSFP+ FCS Q1 2014 ACI-ready Leaf line card 48 1/10G SFP+ & 4 QSFP+ 48 1/10G SFP+ & 12 QSFP+ 96 1/10G-T & 8 QSFP+ 12-port QSFP+ GEM FCS Q4 2013 C9500 8-Slot FLEXIBLE FORM FACTORS CAN ENABLE VARIABLE DATA CENTER DESIGN AND SCALING PERFORMANCE C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. PORTS PRICE POWER PROGRAMMABILITY Cisco Confidential 8

Application Centric Infrastructure (ACI) Introduction ACI Fabric Services and Hypervisor Integration Application Policy Infrastructure Controller Services for ACI Key Takeaway C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Web Outside (Tenant VRF) App DB QoS QoS QoS Filter Service Filter APIC ACI Fabric Application Policy Infrastructure Controller Non-Blocking Penalty Free Overlay C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Application • Extend the principle of Cisco UCS® Manager service profiles to the entire fabric • Network profile: stateless definition of application requirements ̶ Application tiers ̶ Connectivity policies ̶ Layer 4 – 7 services ̶ XML/JSON schema • Fully abstracted from the infrastructure implementation ̶ Removes dependencies of the infrastructure ̶ Portable across different data center fabrics C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Storage Web Tier Storage App Tier DB Tier The network profile fully describes the application connectivity requirements ## Network Profile: Defines Application Level Metadata (Pseudo Code Example) <Network-Profile = Production_Web> <App-Tier = Web> <Connected-To = Application_Client> <Connection-Policy = Secure_Firewall_External> <Connected-To = Application_Tier> <Connection-Policy = Secure_Firewall_Internal & High_Priority> ... <App-Tier = DataBase> <Connected-To = Storage> <Connection-Policy = NFS_TCP & High_BW_Low_Latency> ... Cisco Confidential 11

Application Client Application policy model: Defines the application requirements (application network profile) Storage Storage App Tier Web Tier DB Tier Policy instantiation: Each device dynamically instantiates the required changes based on the policies APIC VM VM 10.2.4.7 VM VM VM VM 10.9.3.37 VM 10.32.3.7 All forwarding in the fabric is managed through the application network profile • IP addresses are fully portable anywhere within the fabric • Security and forwarding are fully decoupled from any physical or virtual network attributes • Devices autonomously update the state of the network based on configured policy requirements C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

ACI Fabric provides the next generation of analytic capabilities PetStore Event Triggered Events or Queries Actions: No new hosts or VMs Evacuate hypervisors Re-balance clusters Per application, tenants, and infrastructure: • Health scores • Latency • Atomic counters PetStore Dev PetStore Prod PetStore QA • Leaf 1 and 2 • Spine 1 – 3 • Atomic counters • Leaf 2 and 3 • Spine 1 – 2 • Atomic counters • Leaf 3 and 4 • Spine 2 – 3 • Atomic counters • Resource consumption APIC Integrate with workload placement or migration C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. VXLAN Per-Hop Visibility Physical and Virtual as One Cisco Confidential 13

• Elastic service insertion architecture for physical and virtual services Application Admin Web App Server Server Server Chain “Security 5” ….. inst inst …….. … Service Admin Stage N inst inst Firewall Load Balancer end Service Profile Stage 1 … C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. begin Service Graph “Security 5” Chain Defined • Automation of service bring-up/tear-down through programmable interface • Service enforcement guaranteed, regardless of endpoint location App Tier B Web Web Server • APIC as central point of network control with policy coordination • Supports existing operational model when integrated with existing services Policy Redirection Providers • Helps enable administrative separation between application tier policy and service definition App Tier A Cisco Confidential 14

Network Admin Virtual Integration APIC APIC ACI Fabric • Integrated gateway for VLAN, VxLAN, and NVGRE networks from virtual to physical VLAN VXLAN • Normalization for NVGRE, VXLAN, and VLAN networks VLAN VXLAN ESX VMware Microsoft • Fabric is ready for multi-hypervisor Red Hat XenServer Application Admin Hyper-V Microsoft VLAN KVM VMware • Customer not restricted by a choice of hypervisor C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. VLAN NVGRE Red Hat PHYSICAL SERVER Hypervisor Management Cisco Confidential 15

Northbound API • Rapid integration with existing management frameworks System Management • OpenStack • Tenant- and application-aware NetQoS HP CA Technologies SolarWinds Arbor Networks Tivoli Software NetBrain InfoVista Automation Tools Hypervisor Management Opscode Python CFEngine CloudStack VMware XenServer Microsoft Red Hat KVM Object-Oriented Centralized Automation RESTful XML/JSON Puppet Labs Orchestration Frameworks OpenStack VMware Nebula Eucalyptus Comprehensive Programmability and System Access Open Ecosystem Framework Southbound API • Publish data model • Open source • Enables application portability Microsoft XenServer Red Hat KVM *Only straight chains supported at FCS C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Application Centric Infrastructure (ACI) Introduction ACI Fabric Services and Hypervisor Integration Application Policy Infrastructure Controller Services for ACI Key Takeaway C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Adoption Server Virtualization Intel/AMD Virtualization Support Network Virtualization ACI-Enabled Hardware True virtualization and abstraction requires hardware innovation C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

APIC • Industry‟s most efficient fabric: ‒ 1/10 Gb edge – High-density 40 Gb spine (100 Gbcapable) ‒ 1 million+ IPv4 and IPv6 endpoints ‒ 64,000+ tenants ‒ 220K+ 1/10 Gb hosts in a single tier 3:1 oversubscribed fabric Spine Inline overlay hardware database 288 x 40 Gb ports Higher capacity and lower cost • Routed fabric – optimal IP forwarding ‒ Bridging (L2) and routing (L3) of VXLAN, NVGRE, VLAN at scale ‒ No x86 gateways – physical and virtual ‒ Application agility – place and join without limits in the fabric • Full visibility into virtual and physical • Common operations from hypervisor to compute, to fabric, to WAN Scale Improved utilization1588 timing and Latency ECMP-based approaches C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Fabric Optimization Intelligent caching Overlay hardware offload Improved analytics Cisco Confidential 19

APIC ACI Spine Nodes Insieme Fabric Controller ACI Leaf Nodes • ACI Fabric provides: ‒ Decoupling of endpoint identity, location, and associated policy, all of which are independent from the underlying topology ‒ Full normalization of the ingress encapsulation mechanism used: 802.1Q VLAN, IETF VXLAN, IETF NVGRE ‒ Distributed Layer 3 gateway to ensure optimal forwarding for Layers 3 and 2 ‒ Support for standard bridging and routing semantics without standard location constraints (any IP address anywhere) ‒ Service insertion and redirection ‒ Removal of flooding requirements for IP control plane (ARP, GARP) C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

APIC Each node will be assigned loopback IP address(es) advertised through IS-IS IP fabric with integrated overlay IP un-numbered 40 Gb links • ACI Fabric is based on an IP fabric supporting routing to the edge with an integrated overlay for host routing ‒ All end-host (tenant) traffic within the fabric is carried through the overlay • The fabric is capable of supporting an arbitrary number of tiers and/or partial mesh if required • Why choose an integrated overlay? ‒ Mobility, scale, multi-tenancy, and integration with emerging hypervisor designs ‒ Data traffic can now carry explicit meta data that allows for distributed policy (flow-level control without requiring flow-level programming) C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

APIC VTEP eVXLAN IP VTEP Payload VTEP VTEP VTEP VTEP VTEP • ACI Fabric decouples the tenant endpoint address - its “identifier” - from the location of that endpoint, which is defined by its “locator,” or VTEP address • Forwarding within the fabric is between VTEPs (eVXLAN tunnel endpoints) and takes advantage of an extender VXLAN header format, referred to as the eVXLAN policy header • The mapping of the internal tenant MAC or IP address to the location is performed by the VTEP, using a distributed mapping database C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

APIC IP Fabric Using eVXLAN Tagging Normalized Encapsulation Any to Any VTEP Localized Encapsulation VXLAN VNID = 5789 802.1Q VLAN 50 VXLAN VNID = 11348 eVXLAN NVGRE VSID = 7456 IP Payload C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Payload Eth IP • All traffic within the ACI Fabric is encapsulated with an extended VXLAN (eVXLAN) header • External VLAN, VXLAN, NVGRE tags are mapped at ingress to an internal eVXLAN tag • Forwarding is not limited to, nor constrained within, the encapsulation type or encapsulation „overlay‟ network • External identifies are localized to the iLeaf or iLeaf port, allowing re-use and/or translation if required Eth MAC Payload 802.1Q IP Payload Outer IP NVGRE IP Payload Outer IP VXLAN Eth IP Payload Normalization of Ingress Encapsulation Cisco Confidential 23

APIC 10.1.1.10 10.1.3.11 10.6.3.2 10.1.3.35 APIC 10.1.1.10 Distributed Default Gateway 10.1.3.35 10.1.3.11 10.6.3.2 Directed ARP Forwarding • ACI Fabric supports full Layer 2 and Layer 3 forwarding semantics; no changes required to applications or endpoint IP stacks • ACI Fabric provides optimal forwarding for Layer 2 and Layer 3 ‒ Fabric provides a pervasive SVI, which allows for a distributed default gateway ‒ Layer 2 and Layer 3 traffic are directly forwarded to the destination endpoint • IP ARP and GARP packets are forwarded directly to the target endpoint address contained within ARP or GARP header (elimination of flooding) C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

Proxy A Proxy A Proxy B 10.1.3.35 10.1.3.11 fe80::8e5e fe80::5b1a Proxy B Leaf 3 Leaf 1 Leaf 4 Leaf 6 Global station table contains a local cache of the fabric endpoints 10.1.3.35 * 10.1.3.11 Leaf 3 Proxy station table contains addresses of all hosts attached to the fabric Proxy A Port 9 10.1.3.11 Local station table contains addresses of all hosts attached directly to the iLeaf 10.1.3.35 fe80::462a:60ff:fef7:8e5e fe80::62c5:47ff:fe0a:5b1a • The forwarding table on the Leaf switch is divided between local (directly attached) and global entries • The Leaf global table is a cached portion of the full global table • If an endpoint is not found in the local cache the packet is forwarded to the „default‟ forwarding table in the spine switches (1,000,000+ entries in the spine forwarding table) C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

APIC • ACI Fabric tracks the congestion along the full path between the ingress leaf and the egress leaf through the data plane (real-time measurements) ‒ Congestion on switch-to-switch ports (external wires) ‒ Congestion on internal ASIC-to-ASIC connections (internal wires) • Fabric load-balances traffic on a „flowlet‟ basis ‒ Dynamic shedding of active flows from congested to less congested paths • Fabric prioritizes small (and early) flowlets ‒ Provides DC-TCP behavior without having to modify host stacks ‒ Ramps up large TCP flows faster C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

Dynamic Load Balancing and Dynamic Flow Prioritization • Improve fabric capacity of the fabric (resulting in more VMs per port) • Improve application response over standard ECMP 1 Normalized Average Flow Completion Time 0.9 0.8 0.7 ACI Dynamic Load Balancing + Flow Prioritization 0.6 0.5 0.4 Standard ECMP Network 0.3 0.2 0.1 0.12 0.20 0.21 0 Small Flows (0,100KB) Medium Flows (100KB, 5MB) Large Flows (5MB, Inf) Up to 80% improvement in application flow completion time Up to 60% improved utilization of the fabric capacity C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

• TEP-to-TEP counters ‒ Packet and Byte counts between all iLeaf TEPs ‒ Matrix of load to and from each iLeaf to all other iLeaves ‒ Always active; level of granularity is TEP to TEP Odd Bank Even Bank TEP-to-TEP Atomic Counters C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

APIC Path 1 Path 2 Packets Sent from Leaf 2 to Leaf 5 Path 1 2068 Path 2 2963 Path 3 2866 Path 4 2506 C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Path 3 Path 4 Packets Received on Leaf 5 Sent from Leaf 2 Difference Path 1 2 Path 1 2066 Path 2 0 Path 2 2963 Path 3 -3 Path 3 2869 Path 4 0 Path 4 2506 Cisco Confidential 29

• Matrix of latency measurements between all iLeaves is tracked at each iLeaf • Per-port average latency and variance to up to 576 other iLeaves ̶ Maximum accumulation, sum of square, and packet count • Per-port 99% latency (recorded to up to 576 other iLeaves) ̶ 99% of all packets have recorded latency less than this value • 48-bucket histogram Boundary Clock PTP Time Sync External Clock Source (Pulse Per Second [PPS]) on Each Supervisor in the Spine Chassis C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

APIC QFP VM VM DB QFP VM VM DB QFP VM VM DB QFP VM VM DB • 1 million+ IPv4 and IPv6 endpoints within a single fabric • 64,000+ tenants within a single fabric • 200,000+ 10 Gb ports • Any service anywhere for physical and virtual • Normalizes encapsulations for VXLAN, VLAN, NVGRE ‒ No need for additional software or hardware gateways to connect between physical and virtual ‒ No latency penalty and no throughput penalty C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

Application Centric Infrastructure (ACI) Introduction ACI Fabric Services and Hypervisor Integration Application Policy Infrastructure Controller Services for ACI Key Takeaway C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

Device Package Device Specification <dev type= “f5”> <service type= “slb”> <param name= “vip”> <dev ident=“210.1.1.1” <validator=“ip” <hidden=“no”> <locked=“yes”> • Service automation requires a vendor device package. It is a zip file containing • Device specification (XML file) APIC – Policy Element Device Model • Device scripts (Python) • APIC interfaces with the device using device Python scripts • APIC uses the device configuration model provided in the package to pass appropriate configurations to the device scripts • Device script handlers interface with the device using its REST or CLI interface C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. APIC APIC Script Interface Device-Specific Python Scripts Device Interface: REST/CLI Script Engine APIC Node Service Device Cisco Confidential 33

Self-Service User – App Ops or Tenant Admin Managed Objects: APIC • Publishes service graphs • Deploys service graphs • Service graphs • Device and service configuration Device Package A Device Package B Device Package C Provider Network Administrator • Uploads device package • Deploys devices • Registers and allocates devices to the tenants • Publishes service graphs C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Device A Device A Device A Device C Device C Device B Tenant X Cisco Confidential 34

Network Admin Virtual Integration APIC APIC ACI Fabric • Integrated gateway for VLAN, VxLAN, and NVGRE networks from virtual to physical VLAN VXLAN • Normalization for NVGRE, VXLAN, and VLAN networks C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. VLAN VXLAN ESX Red Hat XenServer Application Admin Hyper-V Microsoft VLAN KVM VMware VMware Microsoft • Customer not restricted by a choice of hypervisor • Fabric is ready for multi-hypervisor VLAN NVGRE Red Hat PHYSICAL SERVER Hypervisor Management Cisco Confidential 35

Virtual Integration Hypervisor Management APIC VMware Microsoft Red Hat XenServer APIC • Network policy coordination with virtualization managers • Automatic virtual endpoint detection and policy placement • Policies consistently implemented in virtual and physical • Network policy stays sticky with VM C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Network Policy Coordination Web App DB Application Profile VM Attach/Detach Notification VMware Microsoft PortGroups VM Networks Web App DB VM Mobility Notification PortGroup Cisco Confidential 36

VMM Domain 1 vCenter vCenter vShield vShield Hosts Hosts VMM Domain 1 The Fabric normalizes VLAN‟s which allows re-use and efficient communication across VMM Domains VMM Domain 2 VMM Domain 1 4000 EPGs VXLAN is not required to address the 4K VLAN limitations (VXLAN „is‟ supported if desired) An EPG can be spread across multiple VMM Domains (common policy across Domains) Web EPG VM C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. VM App EPG VM VM DB EPG VM VM App EPG VM VM VM Cisco Confidential 37

• OVS with ACI OpFlex Agent NOVA Compute OpenStack NEUTRON Networking • OVS fully controlled by APIC • ACI neutron plugin Insieme ACI Neutron Plugin ̶ No OVS plugin Application Profile Creation ̶ Modify neutron-ovs-agent on compute node • Expose ACI value-added functions to OpenStack VM Creation APIC VM Attach Notification ̶ Requires contribution to neutron (maybe Nova) • Use software scale where appropriate • Best of both C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. OpFlex KVM OpFlex Agent KVM ACI OVS Extension Web App OpFlex Agent ACI OVS Extension Web App Cisco Confidential 38

Application Centric Infrastructure (ACI) Introduction ACI Fabric Services and Hypervisor Integration Application Policy Infrastructure Controller Services for ACI Key Takeaway C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39

• Unified point of data center network automation and management: ̶ Application-centric network policies ̶ Data model-based declarative provisioning ̶ Application, topology monitoring, and troubleshooting Layer 4..7 Citrix F5 Cisco Python Opscode CFEngine APIC ̶ Image management (Spine/Leaf) • Single APIC cluster supports one million+ endpoints, 200,000+ ports, 64,000+ tenants Puppet Labs Storage Management NetApp EMC Corporation Orchestration Management CloudStack VMware Red Hat KVM OpenStack Microsoft XenServer Open RESTful API ̶ Third-party integration (Layer 4 - 7 services, storage, compute, WAN, etc.) ̶ Fabric inventory System Management Policy-Based Provisioning Storage SME Security SME Server SME Network SME App. SME OS SME • Centralized access to all fabric information - GUI, CLI, and RESTful APIs • Extensible to compute and storage management C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40

APIC • Applications fully use clustered and replicated controller (N+1, N+2, etc.) Single Point of Management Without a Single Point of Failure • Any node is able to service any user for any operation • Seamless APIC node adds and deletes • Fully automated APIC software cluster upgrade with redundancy during upgrade See What‟s Inside • Cluster size driven by transaction rate requirements • APIC is not in the data path APIC Cluster Distributed, Synchronized, Replicated C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

Topology discovery through LLDP using ACIspecific TLVs (ACI OUI) Loopback and VTEP IP addresses allocated from “infra VRF” through DHCP from APIC APIC APIC Cluster APIC APIC • ACI Fabric supports discovery, boot, inventory, and systems maintenance processes through the APIC ‒ Fabric discovery and addressing ‒ Image management ‒ Topology validation through wiring diagram and systems checks C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42

Everything is an object Root Objects are hierarchically organized dMIT Distributed Managed Information Tree (dMIT) contains comprehensive system information • Discovered components • System configuration • Operational status, including statistics and faults Class identifies object type MO Card, port, path, EPG, etc. • class • dn • prop1 • prop2 •… Class inheritance • An access port is a subclass of the port • A leaf node is a subclass of the fabric node Full, Unified Description of Entities Set of attributes Descriptions Lifecycle C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. States Identity No Artificial Separation of Configuration, State, or Runtime Data References Cisco Confidential 43

APIC Access to all managed objects is authenticated and encrypted Universe Every object has a unique set of RBAC READ and WRITE attributes Tenant: Pepsi Local and external AAA (TACACS+, RADIUS, LDAP) authentication and authorization C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Fabric App Profile App Profile Switch EPGs APIC and fabric is designed to support multi-tenant and multi-SME operations Tenant: Coke EPGs Line Cards Layer 3 Networks Layer 3 Networks Ports Cisco Confidential 44

User: pepsi_admin User: User: admin pepsi_operations universe Domain: pepsi Domain: all Role: admin Roles: ep-stats, ep-events Role: infra-admin Network Profile Coke Network Profile Pepsi QoS Policy Fabric1 Port Stats Access Policy Switch1 Endpoint Group Pepsi-DB Network Pepsi-Net L3 Network PepsiL3Net Port1 LC2 PortN-1 PortN Endpoints Tenant Network Profiles, EPGs, and EPs C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Switch3 Named ref: QoS Policy LC1 L2 Network PepsiL2Net Switch2 Shared Policies Infrastructure Cisco Confidential 45

RESTful API (JSON, XML) Purpose-Built OS for Automation and Cloud • Re-written object-oriented Cisco® NX-OS ̶ Process isolation and restart ̶ Patching capability (future) On-Box Scripting (Python, Puppet, CFEngine) APIC Data Management Engine (DME) Management Information Tree & Policy Repository ̶ Enables automation and scale • Processes as managed objects ̶ Centralized policy and configuration iNX-OS ̶ Consistent run-time policy • Centralized image management ̶ Management for all nodes Switch Node DME Object Store Switch Node ̶ Zero-touch installation – POAP • Third-party extensibility ̶ Puppet, Chef, Python, CFEngine C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. iNX-OS Cisco Confidential 46

Application Centric Infrastructure (ACI) Introduction ACI Fabric Services and Hypervisor Integration Application Policy Infrastructure Controller Services for ACI Key Takeaway C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47

How will ACI benefit my business? • Network programmability for creating new services • Open standards to prevent vendor lock-in • Centralized management and control for consistency C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Where do I start? How do I manage the migration from traditional networking to programmable? • Business strategy definition • Security policy placement • Technology use case creation • Application network profile • Current state assessment • Organizational alignment • Verification before migration How do I operate after the implementation? • Skill set readiness for deployment and operation • Tier 1 - N support process implementation • Financial charge-back model in place Cisco Confidential 48

SMART SERVICE CAPABILITIES Services from Cisco Together with Cisco Certified Partners C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49

Catalyst Environments Migration Tools • Automate Nexus 9000 deployment and configuration • Migrate any Cat6500 topology to any Nexus 9000 topology • Advanced Services best practices • Catalyst IOS to NX-OS config conversion VSS C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Nexus 9000 Deployment Cisco Confidential 50

Overview • Technical advice and guidance for smooth integration of Nexus 9000 • Technical consultant 3-day on-site • High-level use case/design discussion C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Deliverables • N/A Outcomes • Share best practices and knowledge • Increase competency and speed to optimize ACI in your environment • Gain valuable expertise by having direct access to Cisco consultants Cisco Confidential 51

Overview • Define business and technical objectives, use case alignment, current and future state • Assess data center ecosystem (server, network, storage, and virtualization) • Functional specs, design, test plan, acceptance criteria • Support customer team during validation • Knowledge transfer C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Deliverables • • • • • Design document Configuration migration Operations guideline Custom script development Knowledge transfer Outcomes • Blueprint for ACI • Accelerate time-to-value attainment and production Cisco Confidential 52

Direct Access to Cisco Technical Experts • Highly trained network and application software engineers worldwide • Expertise and best practices across data center technologies 24x7 • Computer science/electrical engineering degrees • Engineering staff averages 5 years' industry experience • CCIE professionals • 24x7 global access by phone, web, or email C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53

Hardware and Software Product Support • SMARTnet • Software application service and upgrades • Expert troubleshooting, online tools, proactive diagnostics, and real-time alerts • Global TAC and online community support • Experience greater network availability through proactive diagnostics • Reduce incident resolution time through real-time alerts • Improve operational efficiency C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54

Application Centric Infrastructure will transform data centers to meet demands of next-generation applications C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Start your journey: Cisco Services are ready to help Contact us today: as-aci-support@cisco.com Cisco Confidential 55

Application Centric Infrastructure (ACI) Introduction ACI Fabric Services and Hypervisor Integration Application Policy Infrastructure Controller Services for ACI Key Takeaway C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56

• Application-centric definition of network services – decoupling of profile from actual implementation • Policy-driven infrastructure and service management • Scalable (endpoints, policies, tenants, applications) • Consistent model for physical, virtual, and cloud • Flexibility of software, combined with hardware performance • Extensible model that can be used by partners and other vendors across the network, compute, and storage space C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57

Application/Workload Orchestration and Scheduler Unified Information Model and API Policy Controller Network Fabric Policy Controller Compute Application Graph (EP, EPG, graph edges) Policy Controller Storage Endpoint Group (EPG) Endpoint Group (EPG) Application Profile = Compute Service Profile + Network Profile + Storage Service Profile Designed from Its Foundation to Be Application-Centric C97-730020​-01 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58

Thank you.

Add a comment

Related presentations

Related pages

Nexus 9000 (ACI) Fabric Mode - YouTube

On July 18th, Cisco IT turned on the first deployment of Application Centric Infrastructure (ACI) fabric at its engineering data center in San Jose.
Read more

Cisco Application Centric Infrastructure Fundamentals ...

Cisco Application Centric Infrastructure Fundamentals -ACI Fabric ... When an access port is configured with a single EPG in native 802.1p mode, ...
Read more

Cisco Application Centric Infrastructure - Cisco

Application Centric Infrastructure (ACI) simplifies, optimizes, and accelerates the application deployment lifecycle in next-generation data centers and ...
Read more

Insieme and Cisco ACI [Part 1] — Hardware

[Insieme and Cisco ACI] Part 1 ... mode, or ACI mode. ... you can even connect the ACI fabric to another non-Cisco switch in this manner.
Read more

Cisco ACI and AVS Recommended Topologies and Solution ...

Cisco AVS is the Cisco distributed vSwitch for ACI mode. ... (Application Policy Infrastructure Controller) to run in the leaf/spine ACI fabric mode.
Read more

Migration from Classic Design to ACI Fabric - Alcatron.net

Migration from Classic Design to ACI Fabric BRKDCT-2642 Kannan Ponnuswamy ... Classic mode • Growth – Addition • Network refresh ACI Integration
Read more

[Insieme and Cisco ACI] Part 2 - Programmability

[Insieme and Cisco ACI] ... ACI Mode - This is a completely different mode of operation for ... An ACI fabric operates as a L3 routed leaf-spine fabric ...
Read more

Traffic Flows Through the ACI Fabric - YouTube

This video covers traffic traversing the ACI Fabric and application of policy. Subscribe to Cisco's YouTube channel: http://cs.co/Subscribe
Read more

White Paper - Stretched Active-Active ACI Fabric

ACI!fabric.!Using!the!common!tenant!is!not ... Separation!Protocol!MultiEHop!Across!Subnet!Mode! ... White Paper - Stretched Active-Active ACI ...
Read more

Cisco ACI Fabric Forwarding In A Nutshell – Ethan Banks

Cisco ACI Fabric Forwarding In A Nutshell. ... Cisco ACI fabric is a self-configuring cloud of ... APIC needs Nexus 9K switches running in ACI mode to ...
Read more