ACI Hands-on Lab

Cisco Confidential© 2015 Cisco and/or its affiliates. All rights reserved. 1
Cisco ACI Hands-on
Lab
Azeem Suleman - Principal Engineer, Insieme Business Unit
Nadir Lakhani – Systems Engineer, Sales
18th May 2016
In collaboration with

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Housekeeping notes
Thank you for attending Cisco Connect Toronto 2016, here are a few housekeeping notes
to ensure we all enjoy the session today.
• Please ensure your cellphones / laptops are set on silent to ensure no one is disturbed
during the session
• You should have laptop or device that can access to dCloud for the lab
• Have enough power or energy to live for 4 hours 

Global Traction Across All Market Segments
6,000+ 50+1400+
Nexus 9K and ACI
Customers Globally
Ecosystem
Partners
ACI
Customers
NEW ECOSYSTEM

Cisco Confidential 4© 2015 Cisco and/or its affiliates. All rights reserved.
Evolution of Data Center

Accelerating Convergence Disruptions
Through Innovation…
2005 2010 2014 2016+
Innovation Timeline
Data
Voice
Video
Compute
Network
Storage
Application
Network
Scale & Security
Analytics
HyperConvergence
Cloud Scale
IP
Convergence
Virtualization
Application
Economy
Hybrid Cloud

Security Everywhere9
Analytics Everywhere10
8 Policy Everywhere
Policy-Driven Integrated Infrastructure Answers
Customers’ Request
1
Modernize Infrastructure:
Open and Programmable
Network / L4-7
Compute
Storage
Security
Data Center
5
Move Data and
Workloads Securely
6
Self-Service Portal
(IT as a Service)
7
Extend Policy
Model
2
Automate
and Simplify
POLICY
3
Build Your
Hybrid Cloud
Private Cloud
Stack
Integrated Infrastructure
4
Choose any
Other Cloud
Managed
Public
Private

A Generation Ahead:
Leapfrogging the Competition
2012 2014 2015 20172016 2018
FeaturesandCapabilities
Competition
2 Year Dev Cycle
Cisco
18 Month Dev Cycle
N9K Gen1 ASICs
28nm
T2
40nm
TH
28nm
N9K Gen2 ASICs
16nm
New Switches every
18 months
Jericho
28nm

Next Gen Foundation with 2 Year Advantage
Fabric Wide Cloud Scale and Services
P O W E R E D B Y C I S C O
ASIC innovation using 16nm technology
Cloud Scale
Technology
Cost Advantage
25G/100G at price of 10/40G
Investment Protection
for the next decade
Non-blocking Performance Pervasive Visibility at Line Rate
Embedded Security
at cloud scale
Enhanced Fabric
Performance
50% Lower system cost, better reliability, lower power
Multi-speed ports 100M -100G
IP storage, FCOE/FC ready
36p 100G line rate w/
single chip—25% more
Wire rate NetFlow
50% faster application completion
time
8x more network segmentation vs competition
Cloud scale endpoint density 6-7x
12x IPv6 routesNexus 9200
Nexus 9300EX Nexus 9500

Modular Cloud Scale Platform for Spine/Aggregation
Cloud Economics: Starts at $1,500 US List per 100G Port
Cloud Network Requirements
Shift to scale-out architectures based on
Spine/Leaf routed designs
Support for workload mobility and dynamic
traffic flow optimization
Granular control and telemetry at tenant
and application level
Automation at scale
Available
NowNexus 9500
Build for generations
Best Price-Performance Available Today
Full Internet Route Table – 1M+
Up to 512 line rate 100G ports per chassis
Converged Fabric for IP storage

Organizational Transformation with ACI
Ultimate Goal: Achieve Application Agility with Minimal Risk
Policy-driven Framework Across All Elements of the Infrastructure, Private and Public Cloud
• Deploy a modern,
programmable
infrastructure
• Train/upgrade the skillset
of your team on
programmable APIs
Step 1:
Network Automation
Step 2:
Services Automation
Step 3: Application
Based Automation
• Integrate additional
L4-L7 services
• Deploy applications
based on policy
templates

Application Centric Infrastructure (ACI)
Rapid Deployment of Applications onto
Networks with Scale, Security and Full Visibility
ACI
APPLICATION CENTRIC
POLICY CONTROLLERNEXUS 9500 AND 9300

Architecture
Service Producers EPG “Users”
EPG “Files”
Leaf Nodes
Spine Nodes
EPG “Internet”
AVS
Service Consumers

Application Policy Model and Instantiation
All forwarding in the fabric is managed through the application network profile
• IP addresses are fully portable anywhere within the fabric
• Security and forwarding are fully decoupled from any physical or virtual network attributes
• Devices autonomously update the state of the network based on configured policy requirements
Application
Client
Application policy model: Defines
the application requirements
(application network profile)
Policy instantiation: Each device
dynamically instantiates the required
changes based on the policies
VM VMVM
10.2.4.7
VM
10.9.3.37
VM
10.32.3.7
VMVM
App Tier DB Tier
Storage Storage
Web Tier

Access Methodology
• CLI (Command-line interface)
Means of interacting with a computer program where user issues commands to the program in the form of
successive lines of text (command lines)
• GUI (Graphical user interface)
Interface that allows users to interact with devices through graphical icons and visuals
• Programmable interface
Software components / objects exposed to be called directly by other programs
• Open Source Tool
ACI Toolkit – Configuration Roll Back, Endpoint Tracker and other applications

ACI Toolkit
• Simple toolkit built on top of APIC API
• Set of simple python classes
Python Library
Used to generate REST API calls
Runs locally
• Small number of classes
~30 currently
“Intuitive” names
• Not full functionality, most common
Focused primarily on configuration
• Preserves the ACI basic concepts
Tenants, EPGs, Contracts, etc.
APIC
ACI Toolkit
Linux
Commands
NX-OS
like
CLI
Custom
Python
Scripts

ACI Release Timeline
A (11.0)
Aug’14
CY14
11.0 MR1
Nov’14
11.0 MR2
Feb’15
11.0 MR3
May’15
CY15
B (11.1)
Jun’15
11.1
MR1
Aug’15
CY16
11.2
Dec’15
Congo
Q3CY16
11.2. MR1
Feb’16
11.1 MR3
Nov’15
11.2 MR2
Q2CY16
11.1 MR2
Sep’15

Overloaded Network Constructs
VLAN VLAN VLAN
Subnet Subnet Subnet
Basic Network
Policy
SLAs L4-7 Services
Network constructs are overloaded with unintended functionality.

Some new (or not so new) terms: Tenants, VRF
(Context), Bridge Domains, Application Network
Profiles, Endpoint Groups, Contracts/Filters

Bridge Domain (BD)
• Unique layer 2 (L2) or layer 3 (L3) forwarding domain
• Can contain one or more subnets (if unicast routing is enabled)
• Each bridge domain must be linked to a context (VRF)
Equivalent Network Construct:
• If a BD is configured as L2 forwarding domain
It will have one or more associated VLANs
Each VLAN will be equal to EPG
• If a BD is configured as L3 forwarding domain
This is equivalent to a SVI with one or more subnets per BD
NOTE: BD can span across multiple switches

Bridge Domain (BD) Modes
L2 Unknown
Unicast
ARP Flooding Unicast Routing
Unknown Multicast
Flooding
Flood – packet is flooded
within a BD
Enabled: ARP Packets are
flooded in the BD
Enabled: define subnets
Flood:
• Ingress TOR: Flood
• Egress TOR
• If router port exists on
any BD: Flood to FP
ports
• If transit: Send to
fabric
Hardware Proxy – packet
sent only to Proxy Spine
Disabled:
• ARP Packets undergo L3
unicast lookup for Target
IP in VRF
• ARP behaves like L3
unicast packet until it
reaches egress TOR
Disabled: no subnets
defined
Optimized Flood (Up to ~75
BDs per TOR)
Sent only to Router Ports in
the Fabric

Object Relationship
Tenant
Context
BD
Subnet
A
Subnet
B
BD
Subnet
C
Context
BD
Subnet
B
Subnet
C

End Point Group (EPG)
• Set of host(s) that behave the same
• Behavior describes as all host(s) representing application or application components
independent of other network constructs
HTTPS
Service
HTTPS
Service
HTTPS
Service
HTTPS
Service
HTTP
Service
HTTP
Service
HTTP
Service
HTTP
Service
EPG - Web
POLICY MODEL

Application Network Profile (ANP)
• Application Network Profile(s) are group of EPGs and the policies that define the
communication between them
Inbound/Outbound
Policies
Inbound/Outbound
Policies
Application Network Profile
POLICY
MODEL
=
EPG - WEB EPG - APP EPG - DB

Contracts
• Defines the way in which EPGs interact
EPG
A
EPG
B
EPG
CContract 02
The policy model allows for
both unidirectional and
bidirectional policies.
Unidirectional
Communication
Bidirectional
CommunicationContract 01
Ex: ACI Logical Model applied to the “3-Tier App” ANP

Infrastructure Virtualization, Operations
 Multi-PoD
 WAN Integration (GOLF)
 VXLAN EVPN BGP (iBGP and
eBGP) for IPv4 and IPv6
 Opflex Push to N7K, ASR9K
 QSA Support on –EX Spine/Leaf
 FCoE NPV, PFC (802.1Qbb)
Routing & Switching
 PBR and Policy Based Service
Insertion
 Symmetric Multipath Load
Balancing & Redirection
 Mcast Routing PIM Support
(PIM-SM/SSM/Bidir) on –EX HW
 ACI vCenter Plugin
 Multiple vCenter per fabric (50)
 AVS
 vRealize
 VEM Commands from
APIC
 EPG health score
 WAP 2.0 + Service Chaining
OpenStack
 ‘Liberty’ Support
 Hierarchical VLANs
 VMware Hypervisor integration
 GBP + ML2 Unified Plugin
Routing & Switching
 OSPF in-bound area filtering
 BGP limit maximum AS (maxas-
limit)
 64 way ECMP
Visibility and Analytics
 Analytics support on –EX HW
 Copy Service
Security
 Permit logging
Congo Release – 2.x Execute
Committed
Target Q3 CY 2016
Hardware :
 DC48V Support(Fixed and
Modular Spine)
 DOM on ACI Mode



Multiple ACI Pods connected by an IP Inter-Pod
L3 network, each Pod consists of leaf and spine
nodes
Managed by a single APIC Cluster
 Single Management and Policy Domain


Forwarding control plane (IS-IS, COOP)
fault isolation
Data Plane VXLAN encapsulation between
Pods
 End-to-end policy enforcement
ACI Multi-Pod Solution
Overview
Inter-Pod Network
Pod ‘A’
MP-BGP - EVPN
…
Single APIC Cluster
IS-IS, COOP, MP-BGP
Pod ‘n’
IS-IS, COOP, MP-BGP

L3 core
>2 interconnected sites
ACI Multi-Pod Solution
Use Cases
 Handling 3-tiers physical
cabling layout
Cable constrain (multiple
buildings, campus, metro)
requires a second tier of “spines”
Preferred option when compared
to ToR FEX deployment
 Evolution of Stretched Fabric
design
Metro Area (dark fiber, DWDM),
Inter-POD
And
WAN/DCI
ACI Fabric
‘B’
ACI Fabric
‘A’
ACI Fabric
‘E’
ACI Fabric
‘D’
ACI Fabric
‘C’

ACI Integration with WAN at Scale
‘Project GOLF’ Overview
 Addresses both control plane and data
plane scale
VXLAN data plane between ACI spines and
WAN Routers
BGP-EVPN control plane between ACI spines
and WAN routers
OpFlex for exchanging config parameters (VRF
names, BGP Route-Targets, etc.)
 Consistent policy enforcement on ACI leaf
nodes (for both ingress and egress
directions)
 ‘GOLF’ Router support (Q3CY16)
Nexus 7000, ASR9000 and ASR1000 (not yet
committed)

ACI Integration with WAN at Scale
Supported Topologies

New Automation:
Cisco Nexus Fabric Manager
Single Point, Fabric-Wide Management
Build and self-manageVXLAN-based fabric
Fully deploy in three steps
Zero-touch provisioning
Dynamically configure switches
Simplify management with point-and-click
user interface
Fabric Management Lifecycle
Creation Expansion
Fault MgmtReporting
Connection
NFM
Automate

Traditional Script-Based Approaches
• Hard-Wired
• Workflow
• Custom Scripting
• Rigid
• Change PaaS ?...
• Breaks System
• Re-Scripting Required
• Change Cloud ?...
• Breaks System
• Re-Scripting Required

CliQr CloudCenter:
Any App, Any Cloud, One Platform
Private Clouds
Datacenters
Public Clouds
Model
Manage
Deploy
Profile
NFS

Working Together: End-to-End Orchestration
Business (ITSM)
Prime Service Catalog, ServiceNow, Custom
Development (DevOps)
CliQr, Jenkins
Application-Centric Lifecycle Management
Model Benchmark Deploy Manage
Application Profiles
UCS
Director
ACI
Nexus
Switching
StorageUCS
Datacenter Private Cloud Public CloudProfileProfile
Hyper-V

How to access lab
URL: http://dcloud.cisco.com/
Username: CiscoLiveStudent1 – 24
Password: C1sc0123live

Thank you.
In collaboration with

ACI Hands-on Lab

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (20)

Similar a ACI Hands-on Lab

Similar a ACI Hands-on Lab (20)

Más de Cisco Canada

Más de Cisco Canada (20)

Último

Último (20)

ACI Hands-on Lab

Notas del editor