Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601
Icons and Terms APIC Application Policy Infrastructure Controller (APIC)
Nexus 7000
Nexus 5000
Storage
Cisco Nexus 9500
Nexus 2000 / FEX
Virtual Machine
Nexus 1000
VMware vCenter
Cisco Nexus 9300
Router
Load Balancer
Firewall
Agenda •
Application Centric Infrastructure (ACI) Overview
•
ACI Design Parameters
•
Building an Application Profile
•
Real World ACI Adoption and Migration •
Network Centric
•
Hybrid Approach
•
Application Centric
Nexus 9000 Series Network Ops Driven, Switch Automation
Per-Box Programmability
User Driven, Policy Based Fabric Automation
Open, Flexible, & Choice of Programmability Modes
Policy Controller, Centralized Fabric Programmability
NX-API
APIC
1/10/40/100GE Common Platform
ACI Overview WEB
POLICY
Application Virtualization
Networking
POLICY
APP
APIC
Merchant+
Policy Driven
External Network
Physical
HYPERVISOR
HYPERVISOR
HYPERVISOR
POLICY
DB
Agenda •
Application Centric Infrastructure (ACI) Overview
•
ACI Design Parameters
•
Building an Application Profile
•
Real World ACI Adoption and Migration •
Network Centric
•
Hybrid Approach
•
Application Centric
ACI Fabric Initialization ACI Fabric
ACI Fabric supports discovery, boot, inventory and systems maintenance processes via the APIC
• Fabric Discovery and Addressing: Fabric Discovery is through LLDP and is done automatically and progresses as administrator registers the switches to join the fabric. Once a switch is registered, its LLDP neighbors are now visible for the admin to approve for them to join the fabric.
• Commissioning, Decommissioning, Image Management • Lifecycle management of switches • Topology validation through wiring diagram and systems checks
APIC
APIC
APIC
ACI Forwarding Model Tenant VRF_Context_One Bridge Domain One 10.10.0.0/16
EPG_1
EPG_N
VRF_Context_N Bridge Domain One EPG1A
192.168.1.0/24 10.10.0.0/16
EPGNA
Bridge Domain N Non-IP, L2 forwarding only
EPG_Legacy
• A Tenant may be referred to by one or more VRFs/Contexts • A Context/VRF is referred to by one or more Bridge Domains (BD) • Bridge Domains identify properties influencing forwarding behavior. One or more subnets, ARP handling, Multicast etc. • A collection of end-points form an end-point group(EPG). EPG associates to a BD. • EndPoint Groups Identified by: • Physical or Virtual Switch ports, VLAN ID, VNID • Future - NVGRE (VSID), DNS hostname, IP address
L3 Sub-Interfaces… Key concept to understand •
In the following valid topology, N9KA L3 sub-interface is treating 802.1Q as just a tag to identify the L3 IP interface, while on the N9KB side, the tags correspond to the L2 VLANs.
Interface e1/1.10 ip 10.1.1.1/24 encapsulation dot1q 10 ! Interface e1/1.20 ip 20.1.1.1/24 encapsulation dot1q 20
Nexus 9KA L3 802.1Q
L2 802.1Q Nexus 9KB
Vlan 10 name l2 vlan 10 ! Vlan 20 name l2 vlan 20 ! Interface e1/1 switchport mode trunk switchport trunk allowed vlan 10,20
L3 Sub-Interfaces… Key concept to understand Vlan10 ! Interface vlan10 ip address 10.1.1.1/24 ! Interface e1/1 switchport mode trunk switchport trunk allowed vlan 10
Vlan 10 ! Interface vlan10 ip address 10.1.1.2/24 ! Interface e1/1 switchport mode trunk switchport trunk allowed vlan 10
L2 802.1Q Nexus 9KA
Nexus 9KB L3 802.1Q
Interface e1/2.10 ip 10.1.2.1/30 encapsulation dot1q 10
• •
Interface e1/2.10 ip 10.1.2.2/30 encapsulation dot1q 10
When configuring L3 Sub-interfaces on a Nexus Switch, The 802.1Q tag is local to the interface and has no relevance to a VLAN with same number on the same switch. Eventhough L3 subinterface uses 802.1Q, the 802.1q tag determines the IP L3 interface and not the L2 vlan.
EPG identification example ACI Fabric Leaf Bridge Domain 100 10.1.1.1/24
EPG1
EPG2
EPG3
EPG4
vlan103
vlan101
•
VLANs outside the ACI Fabric, map to EPGs inside the fabric
•
EPGs then map to a BD where the gateway addresses are defined
•
Policies are applied to let the VMs communicate
vlan104
vlan102
ESXi Host w/vSwitch vlan101
vlan104
vlan102 vlan103
VM1….....VM10 VM11…..VM20
VM21…..VM30
VM31…..VM40
Cisco ACI Hypervisor Integration – VMWare DVS Application Network Profile 5
APIC
EPG WEB
F/W
Create Application Policy
EPGAPP
L/B
EPG
APIC Admin ACI Fabric
9 Push Policy 1 Cisco APIC and VMware vCenter Initial Handshake
6
2
Create VDS
7
Create Port Groups
VIRTUAL DISTRIBUTED SWITCH WEB PORT GROUP
vCenter Server 8
VI/Server Admin
Instantiate VMs, Assign to Port Groups
Learn location of ESX Host through LLDP
4
Automatically Map EPG To Port Groups
3
Attach Hypervisor to VDS
Web
App
HYPERVISOR
APP PORT GROUP
DB
Web
DB PORT GROUP
Web
HYPERVISOR
DB
DB
ACI Policy Model C
Contracts define “what” an EPG exposes to other app tiers and “how”
EPG MGMT
C Tenant
Application Profile
C
EPG Web
C
EPG App
C
EPG DB
C EPG NFS
Contracts are reusable for multiple EPGs and EPGs can inherit multiple contracts
ACI Policy Model – What is a Contract C action
filter
action
identifier to which actions will be filter applied
…
Allows to specify rules and policies on groups of physical or virtual end-points without understanding of specific identifiers and regardless of physical location.
filter
L4 port ranges TCP options …
filter
identifies actions to be applied action Permit QoS Log Redirect to Services …
action
defined bi-directionally in the “provider” centric way
Agenda •
Application Centric Infrastructure (ACI) Overview
•
ACI Design Parameters
•
Building an Application Profile
•
Real World ACI Adoption and Migration •
Network Centric
•
Hybrid Approach
•
Application Centric
Building the Application Profile Oracle Internet Expenses
Application Profile - iExpenses Other Applications: Payroll, email ..
C C TCP: *,443
Intranet EPG @ Border Leaf
C Active Directory
iExpenses Application Profile C
C Intranet EPG @ Border Leaf Expenses EPG
C
C
Oracle RAC DB Extranet EPG @ Border Leaf
C
Agenda •
Application Centric Infrastructure (ACI) Overview
•
ACI Design Parameters
•
Building an Application Profile
•
Real World ACI Adoption and Migration •
Network Centric
•
Hybrid Approach
•
Application Centric
Migration Paths to ACI Classic mode • Growth – Addition • Network refresh
Current DC Infrastructure
ACI Integration • New environments • Service Chaining • Dev, Test
ACI Fabric ACI Migration • Business drivers • Security, Compliance, TCO, Programmability, Operations etc.
ACI Migration Methodology
Deployment Design and deploy new ACI POD
Integration Connecting ACI to your current infrastructure
Migration Migrate workloads to use new ACI POD
ACI Adoption Strategies ACI Fabric Model
Leverage Known APPLICATIONS Constructs (decoupled from Network)
Leverage Known NETWORKING Constructs
= OPERATIONS
New OPERATIONS Model
DESIGN Model
DESIGN
HYBRID: Leverage BOTH APPLICATIONS & NETWORKING Centric Constructs OPERATIONS
+
OPERATIONS
DESIGN
DESIGN
ACI Fabric New ACI Fabric Operational Model
Agenda •
Application Centric Infrastructure (ACI) Overview
•
ACI Design Parameters
•
Building an Application Profile
•
Real World ACI Adoption and Migration •
Network Centric
•
Hybrid Approach
•
Application Centric
Network Centric Deployment example 1 VRF + 1 VLAN ACI Fabric
Classic mode shown here for Reference
10.10.10.1/24
VLAN 10
.101
.102
.3
Policies VRF Blue •Routing •VLAN 10 •HSRP •Access List •QoS etc.
Bridge Domain Blue_1 10.10.10.1/24
External EPG
Exchange Routes (Blue)
EPG blue_1
.101
Access or Virtual Tag 2101 Switch
.102 Tag could be VLAN ID or VNID
1.1.1.12/30
.2
Blue Tenant and Context
1.1.1.0/30
1.1.1.0/30
1.1.1.12/30
APIC
Network Centric Deployment Example 1 VRF + 2 VLANs – Option 1
ACI Fabric
Classic mode shown here for Reference
Blue Tenant and Context Policies
Vlan 10,11
VLAN 10 (10.10.10.0/24)
VLAN 11 (10.10.11.0/24)
EPG blue_1
BD Blue_2 (10.10.11.1/24)
External EPG
EPG blue_2
Access or Virtual Switch Tag 2101 Tag 2102
Exchange Routes (Blue)
1.1.1.12/30
BD Blue_1 (10.10.10.1/24)
1.1.1.0/30
1.1.1.0/30
1.1.1.12/30
APIC
Network Centric Deployment Example 1 VRF + 2 VLANs – FW is the Def. GW
ACI Fabric
Classic mode shown here for Reference
Blue Tenant and Context
Vlan 10,11
VLAN 10 (10.10.10.0/24)
VLAN 11 (10.10.11.0/24)
EPG blue_1
BD Blue_2
External EPG
EPG blue_2
Classic Access Tag 2101
Exchange Routes (Blue)
Tag 2102
1.1.1.12/30
BD Blue_1
1.1.1.0/30
1.1.1.0/30
1.1.1.12/30
APIC
Network Centric Configuration
Configuring ACI Forwarding
Unicast Routing: Enable both L3 and L2 Forwarding (IP or MAC address). Enabled by default. L2 Unknown Unicast: forwarding method for unknown layer 2 destinations. The method can be flood or proxy (default) ARP Flooding: Specifies whether ARP flooding is enabled. If flooding is disabled, unicast routing will be performed on the target IP address. Can be on or off (default)
Traditional VLAN
ACI Innovations
Network Centric Deployment Example 1 VRF + 2 VLANs – Option 2
1.1.1.0/30
1.1.1.12/30
What if different policies between two groups mandated separate VLANs in Classic Networks.
Vlan 10,11
APIC Blue Tenant and Context Policies
BD Blue_1 10.10.10.1/24 10.10.11.1/24
EPG blue_1
X
VLAN 11 (10.10.11.0/24)
Tag 2101
Tag 2102
Exchange Routes (Blue) External EPG
EPG blue_2
Classic Access VLAN 10 (10.10.10.0/24)
ACI Fabric
Policies are based on EPG Forwarding is based on BD attributes
1.1.1.12/30
1. 2.
1.1.1.0/30
Classic mode shown here for Reference
Network Centric Deployment Example 1 VRF + 2 VLANs – Option 3
Hardware based directed ARP forwarding
ACI Fabric
Classic mode shown here for Reference
Blue Tenant and Context BD Blue_1 10.10.10.1/24 10.10.11.1/24
VLAN 11 (10.10.11.0/24)
Exchange Routes (Blue) External EPG
EPG blue_1
Classic Access VLAN 10 (10.10.10.0/24)
Policies
Tag 2101
1.1.1.12/30
Vlan 10,11
APIC
1.1.1.0/30
1.1.1.0/30
1.1.1.12/30
What if two VLANs was only due to ARP broadcast concerns.
Network Centric - ACI Deployment as a L2 Fabric
ACI as a Layer 2 Fabric
(L2Context, BD200, EPG200), No IP Def. GW, No Contracts
Vlan-200 Maps to EPG200
200.1.1.12/24
200.1.1.11/24
VM VMOne_on_EPG200 on Host1 DVS
VM VMTwo_on_EPG200 on Host2 DVS
Def. GW: 200.1.1.1, .2, .3 vPC, SVI200
N7K1
N7K2
Extending current infrastructure with Layer 2 ACI Fabric Internet
WAN / DCI
L3 vPC/STP based Current Infrastructure
L2
N7K
ACI L2 Fabric
N7K
N9K
N9K
APIC
N9300
N9300
N9300
N9300
N9300
N9300
V Integrated L4-L7 Services Physical & Virtual
N9300
N9300
Layer 2 Fabric STP Containment • •
Tenant(TraditionalDC)Context(CtxtForL2VLANs)BridgeDomain(BD202)EPG(EPG202, EPG1202) If Context is in enforced mode, Contracts are needed to communicate between EPG202 and 1202 even though they are on same Subnet. TraditionalDC(Tenant) CtxtForL2VLANs (Context) BD202 ; No IP Addr
EPG 202 (or L2 Out)
EPG1202 VLAN 502
VLAN 102
DVS
vswitch1
202.1.1.11/24
VMOne_on_EPG1202 on Host1 DVS
202.1.1.1, .2, .3 vPC, SVI202
N7K1
202.1.1.12/24
VM
VLAN 202
VM VMTwo_on_EPG1202 on Host2 DVS
N7K2
STP BPDUs from the N7Ks are limited to EPG202 and does not unnecessarily flood into the fabric and EPG1202.
Layer 2 ACI Fabric with External GW Internet
WAN / DCI
L3 L2
N7K
N7K
ACI L2 Fabric Spine
N9K
N9K
APIC
Leaf
N9300
N9300
N9300
N9300
N9300
N9300
Integrated L4-L7 Services Physical & Virtual
N9300
N9300
ACI as L2 Fabric –Three-Tiered With Services Applications: Load Balancer as gateway – non-automated insertion Firewall Context 1 (Routed Mode)
LB Context 1 (Routed Mode) GW
GW
GW
EPG LB_Out
BD Web
BD App
BD DB
EPG Web
EPG App
EPG DB
EPG LB_Out
EPG FW_Out
ACI Fabric Bridge Domain Settings (all BDs): · ARP Flooding: enabled · Unicast Routing: disabled · L2 Unknown Unicast: flood DB Server
EPG FW_Out BD FW_out
BD LB_out
No contract necessary for host to LB communication
App Server
OSPF / iBGP
VLAN E
VLAN D
EPG DB
VLAN E
VLAN C
EPG App
OSPF / iBGP / Static
VLAN D
VLAN B
VLAN A EPG Web1
Web Server
ASR 9000
Layer 2 ACI Fabric (BD One, EPG One), No IP Def. GW, No Contracts (BD Two, EPG Two), No IP Def. GW, No Contracts
…. ….
(BD 3500, EPG 3500), No IP Def. GW, No Contracts
• How? • 1 BD and 1EPG per Current Infrastructure VLAN • Also available is BD in legacy mode which preserves VLAN resources to allow for 3500 BDs per Leaf. • Who are deploying ? • Customers who want to slowly introduce ACI • NFV or Virtual Overlay Use Case
• Benefits: • Network Operations, Network Automation • Any VLAN, Any Workload, Any Where • Network Capacity and Bandwidth
Network Centric - ACI Deployment as a L3 Fabric
ACI as a Layer 3 Fabric CtxtForL3VLANs (Context) SubnetOne (BD) Def GW 210.1.1.1
ZoneOne (EPG) VLAN 234
VLAN 2100
VXLAN 8814592
DVS
AVS
DVS
vswitch1 ESX Host 1
AVS ESX Host 2
210.1.1.12/24 210.1.1.11/24
210.1.1.13/24
VM VM
vswitch1
VM
VMTwo_on_ZoneOne VMThree_on_ZoneOne
VMOne_on_ZoneOne
Layer 3 Fabric: PXE Booting Spines
Aggregation
APIC
dhcp relay
Leafs Access LACP Individual State
LACP Individual State
DHCP, PXE Server DHCP, PXE Server
Traditional Nexus Infrastructure • [no] lacp suspend-individual: LACP sets a port to the individual (I) state if it does not receive an LACP protocol data unit (PDU) from the peer
• • • •
ACI Fabric
Disable LACP suspend-individual Set Untagged packets to belong to dedicated BD Set the BD dhcp relay to point to PXE/DHCP Server DHCP Option 82 support
Multi-Tenancy with services ACI Fabric
RegularSoda (BD)
DietSoda (BD)
EPGAppOne VLAN
DVS
EPGAppOne
External Stateful Firewall AVS
3.3.2.11/24
3.3.2.12/24
VM VMOne_on_ RegSodaAppOne
VLAN
VXLAN
VM VMTwo_on_ RegSodaAppOne
Tenant RegularSoda
DVS
VXLAN
AVS
4.4.2.11/24
4.4.2.12/24
VM VMOne_on_ DietSodaAppOne
VM VMTwo_on_ DietSodaAppOne
Tenant DietSoda
Multi-Tenancy: shared external routes example Internet Routes 1.1.1.0, 2.2.2.0
N7K1
N7K2
OSPF and iBGP Over VLAN 300
ACI Fabric: Tenant Common PubForRegularSoda (BD)
DVS
VXLAN
AVS
3.3.3.11/24
3.3.3.12/24
VM VMOne_on_ RegSodaWebOne
C
PubForDietSoda (BD)
EPGWebOne
SharedContext (Context)
EPGWebOne VLAN
C
VM VMTwo_on_ RegSodaWebOne
Tenant RegularSoda
VLAN
DVS
VXLAN
AVS
4.4.4.11/24
4.4.4.12/24
VM VMOne_on_ DietSodaWebOne
VM VMTwo_on_ DietSodaWebOne
Tenant DietSoda
Layer 3 ACI Fabric (BD One, EPG One), IP Def. GW, Optional Contracts (BD Two, EPG Two), IP Def. GW, Optional Contracts
….
(BD 1750, EPG 1750), IP Def. GW, Optional Contracts
• How? • 1 BD and 1EPG per Current Infrastructure VLAN • Fabric as default gateway with or without policy enforcement. • Who are deploying ? • Customers who want basic L3 ACI Features, and adopt ACI Fabric as a single DC switching system
• Benefits: • Pervasive Gateway, Directed ARP and other features • Network Operations, Network Automation • Any VLAN, Any Workload, Any Where • Network Capacity and Bandwidth
Network Centric ACI Migration
Network Centric Migration Example VRF + 2 VLANs Layer 3 Routing Static, OSPF, BGP 1.1.1.0/30
1.1.1.12/30
APIC Blue Tenant and Context Policies
Migration BD Blue_2 10.10.11.1/24
BD Blue_1
Vlan 10,11 L2_ Out
EPG blue_1
EPG blue_2
L2_ Out
Layer 2 vPC Trunk VLAN 10 (10.10.10.0/24)
VLAN 11 (10.10.11.0/24)
.101
.102
• • • • • • •
STP compatibility with Classic Network VLAN 10 maps to BD Blue_1 VLAN 11 maps to BD Blue_2 Classic Devices are still the Default Gateway Equally applicable to L4-7 services (FW/LB) in the Classic Network Flooding enabled on ACI BDs during migration Once migration completed, insert needed services and move Default Gateway ACI BDs
Access Tag 2101
Tag 2102
Tag could be VLAN ID or VNID.
L3Out
ACI Integration and Migration ACI Fabric
Forwarding Flow
L3 L2
• • •
Default Gateway moves to ACI Leaf layer EPG = VLAN / Subnet (initial step) Host / FEX can migrate to Leaf (overtime)
Migration Path
10G/40G to ACI Layer 3 Layer 2 - 1GE Layer 2 - 10GE 10 GE DCB 10 GE FCoE/DCB 4/8 Gb FC
Nexus 9000 Migration from Standalone to ACI mode
Nexus 9000 Standalone to ACI mode migration non vPC L2 and L3 Connectivity Aggregation
Spines APIC
X Load ACI software
X
X
X Leafs
Load ACI software
Access
X Active
X Standby
Standalone Mode Nexus 9000
Standby
Active Standby
ACI Fabric
Nexus 9000 Standalone to ACI mode migration : vPC L2 and L3 Connectivity
Aggregation
Spines APIC
X Load ACI software
X
X
X Leafs
Load ACI software
Access
X
X Individual
Standalone Mode Nexus 9000
ACI Fabric
Agenda •
Application Centric Infrastructure (ACI) Overview
•
ACI Design Parameters
•
Building an Application Profile
•
Real World ACI Adoption and Migration •
Network Centric
•
Hybrid Approach
•
Application Centric
Deployment Example – Hybrid Approach Classic mode shown here for Reference External Network
APIC Blue Tenant and Context Policies
BD Blue_2 10.10.11.1/24
EPG 11
.3
.2
BD Blue_1 10.10.10.1/24
EPG One-web
EPG Two-web
Tag 2011
Tag 100
Tag 101 Tag 102
VLAN 10 (10.10.10.0/24)
AppOne’s WebServer AppTwo’s WebServer
External EPG
Exchange Routes (Blue)
Access
VLAN 11 (10.10.11.0/24
AppOne’s WebServer
EPG Three-web
AppThree’s WebServer
AppTwo’s WebServer AppThree’s WebServer
External Network
Hybrid (Network and Application Centric) ACI Migration
ACI Migration for Hybrid Approach Exchange Routes (Blue)
APIC Policies External EPG
Blue Tenant and Context
BD Blue_2
BD Blue_1
EPG 11
EPG One-web
EPG Two-web
EPG Three-web
Classic L2 Extension. VLAN 11 (10.10.11.0/24 VLAN 10 (10.10.10.0/24)
• • • •
• • AppOne’s WebServer
AppTwo’s WebServer
AppThree’s WebServer
•
STP compatibility with Classic Network VLAN 10 maps to BD Blue_1 VLAN 11 maps to BD Blue_2 Classic Devices are still the Default Gateway Flooding enabled on ACI BDs during migration Equally applicable to L4-7 services (FW/LB) in the Classic Network Once migration completed, insert needed services and move Default Gateway ACI BDs
Access
Tag 2011
Tag 100
Tag 101 Tag 102
Virtual Environment Migration Example L3
vCenter
L3
vShield
L3 L2 N7K
N7K
ACI Fabric N5500
L2
N5500
L3 L2
L2
L2 L3
VMware vSwitch, DVS, N1kV
“APIC Created” VMware DVS / Cisco AVS “APIC Created” VMware DVS / Cisco AVS
vMotion / Cold Migration
ACI Virtual Migration Assistant • User and Workflow driven • Multiple scenarios • vSwitch ACI • DVS ACI • N1kv ACI • Any Combination ACI
Cisco Advanced Services
Agenda •
Application Centric Infrastructure (ACI) Overview
•
ACI Design Parameters
•
Building an Application Profile
•
Real World ACI Adoption and Migration •
Network Centric
•
Hybrid Approach
•
Application Centric
Application Centric - iExpenses C C Intranet EPG @ Border Leaf Expenses EPG
C
C
Oracle RAC DB Extranet EPG @ Border Leaf
C
App Profiles - Exchange 2013 Architecture
ACI Deployments for Known Application Profiles Internet
WAN / DCI
ACI POD for Greenfield or well understood applications
ACI Introduction
L3
L2
Spine
Leaf
N9300
N9300
N9300
N7K
N7K
N9300
N9300
N9300
V Integrated L4-L7 Services Physical & Virtual
N9K
N9K
N9300
N9300
Application Centric ACI Migration
ACI Approach to Applications Traditional Data Center Design
Web Tier
Firewall Load Balancing
ACI Approach
Application Tier
Database Tier
Firewall Load Balancing
Application Profile 1
FW LB
WEB 1
FW LB
APP 1
DB 1
Application Profile 2
FW LB
WEB 2
FW LB
APP 2
DB 2
Application Profile 3
FW LB
WEB 3
FW LB
APP 3
DB 3
Operational Challenges Operational Challenges 1
Lack of Confidence in Existing Information
2
No Endpoint Details
CMDB
Identification Endpoint Classification
3
Classify and Group
SSOT
Layer 4 Ports
IPAM
App Host Association Application Grouping
Application Profiling Methodology Application Dependency Analysis Network and Server Data Correlation, Application Fingerprinting, Customer Input
Network Discovery Device Configurations, Protocols, Traffic
Server Discovery Servers, Processes, Network Statistics
Collect and Analyze
Proposal for iExpenses
10011100101010001101111111110100 Contract 10010111101110110111110011010000
Contract
100111001010100011010 100111001010100011010 100101111011101101111 100101111011101101111
User Access
100111001010100011010 100101111011101101111
100111001010100011011111111101001100 100101111011101101111100110100001110
Financial Web Portal
1001110010101000110111111 1001011110111011011111001
100111001010100011011111111101001100 Contract 100101111011101101111100110100001110
Business Intelligence 100111001010100011011111111101001100 Contract 100101111011101101111100110100001110
10011100101010001101100111001010100011011001110010101000110110011100101010001101001101000111001 Contract 1001011110111011011100000110101000000000001111110000101010101000000110000011100001001101111001
10011100101010001101 10010111101110110111
Provider
Authentication (Single Sign On)
Oracle DB
Advanced Services: Application Profiling for ACI • Comprehensive application dependencies Traditional Traditional 3-Tier 3-Tier Application Application
APIC
• Multiple application network policies
App App App Profile Profile Profile
• Application, compute, network, and storage mapping • Automate physical and virtual migration
HYPERVISOR
Cisco Advanced Services
HYPERVISOR
HYPERVISOR
Multi-POD ACI Deployments
Connecting Two ACI Fabrics ACI Fabric 1 Anycast GW IP 1.1.1.1 2.2.2.1 MAC: MAC-A
APIC
ACI Fabric 2
APIC
Anycast GW IP 1.1.1.1 2.2.2.1 MAC: MAC-B
vCenter Server
ESX
1.1.1.10
ESX
2.2.2.10
vCenter Server
ESX
1.1.1.20
ESX
2.2.2.20
Single Fabric Scenarios Multi-Site (Stretched) Fabric Site/Room ‘A’
Site/Room ‘B’ Interconnect Leaf Nodes
HYPERVISOR
•
HYPERVISOR
Single Fabric + Multi-Site
•
Single Operational Zone (VMM, Storage, FW/LB are all treated as if it is ‘one’ zone) •
•
HYPERVISOR
e.g. Single vCenter with Synchronized Storage
Interconnect between sites •
Direct Fiber (40G), DWDM (40G or multiple 10G), Pseudo Wire (10G or 40G)
Multi-Fabrics – Current Options Synchronization of Fabric Policy Site ‘A’
HYPERVISOR
HYPERVISOR
HYPERVISOR
Symmetrical XML Configuration will maintain consistent operation between fabrics
Site ‘B’
HYPERVISOR
HYPERVISOR
HYPERVISOR
Externally triggered Export and Import between Fabrics is another option to maintain consistency
ACI Migration Summary • ACI designed from the ground-up to be Application Centric • Flexible and customizable to fit your business needs • A phased approach: Grow, Integrate, Migrate • Solution flexible to be Network Centric, Application Centric or a Hybrid approach • Help - Cisco Data Center Services Design Clinic @ World Of Solutions
Thank You!!
Call to Action •
Visit the World of Solutions for • Cisco Campus – DataCenter, ACI Booths with Advanced Services Tools Demo • Walk in Labs • Technical Solution Clinics
•
Follow-up Breakout Sessions • • • •
BRKACI-2001 - Integration and Interoperation of Existing Nexus Networks into an ACI Architecture BRKACI-2006 - Integration of Hypervisors and L4-7 Services into an ACI Fabric BRKACI-2102 - ACI Troubleshooting Tools and Best Practices BRKDEV-2971 - Introduction to ACI Programming and APIs
•
Meet the Engineer
•
Lunch time Table Topics
•
DevNet zone related labs and sessions
Complete Your Online Session Evaluation •
Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
•
Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
Continue Your Education •
Demos in the Cisco campus
•
Walk-in Self-Paced Labs
•
Table Topics
•
Meet the Engineer 1:1 meetings
•
Related sessions
Thank you