Scribd
Upload
31 views

Aci DC Cisco

Uploaded by

Juan Manuel Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views

Aci DC Cisco

Uploaded by

Juan Manuel Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 71

ACI para Profesionales de

Networking

Miguel Angel Ruiz Hornillos – mruizhor@cisco.com

Consulting Systems Engineer

Febrero 2015
A New Conversation

Speeds & ACI Outcomes


Abstraction CPU
Feeds Docker
DevOps Agile
Management Fast IT Agility Architecture
Unified Fabric Automation
Unified
FCOE Simple – Smart - Secure
XaaS Cloud
Containers
Data Fast IT
Centre

UDC

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
What is SDN?

 OpenFlow?
 Controller?
 OpenStack?
 Network virtualization?
 Automation?
 APIs?
 Application-oriented?
 Open vSwitch?

 Still Don’t kNow!


© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Policy Driven Data Centre

Define the
Invest Application Communication Policy
Time
Network Security Virtualization Application Cloud

Policy Framework

Spend
No Provision the Policy into the Fabric
Time (Fully Automated)

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Current Networking Constructs

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
The life cycle of a traditional network
And the frequency of the work required
1 Design Physical and Logical Network

2 Unpack, rack and provide initial switch config Once


(new switch)
3 Connect the switches to build the base network

4 Configure the switches for core network functions


Occasionally
5 Configure the switches for L3 external connections (new tenant, new switch)

6 Configure the access switches for host access Often


(new host, tenant or switch)
7 Add VM port-groups and related network configs

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
A Typical Physical Network Design
L3 Backbone
Design Characteristics
Aggregation/Core • L2 access with and without
vPC Pair
vPC connected hosts
(including peer links where
needed)
• Port-Channel to Aggregation
Layer (vPC)
• Default Gateway in
vPC/PortChannel
Aggregation Layer
• Routing Protocol to the L3
Access (ToR) backbone
• VRF for multi-tenant

Assumption: Out of Band management network


and workstation is up and running
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
The Typical Logical Design
with VRF
Router with ACL/FW rules
Design Characteristics
BGP
• VRF for multi-tenant
• Trunks between
VRF’s Access/Aggregation
• Default Gateway for all
Default subnets on their respective
Gateways VRF SVI interfaces
Trunks • VRF has OSFP neighbor
with core router (with
optional ACL/FW rules)
VLAN 10, VRF 1, IP 10.10.10.0/24 • Access layer has VLAN’s
VLAN 11, VRF 1, IP 10.11.11.0/24 assigned to ports/trunks.
VLAN 20, VRF 2, IP 20.20.20.0/24
VLAN 21, VRF 2, IP 20.21.21.0/24
VLAN 30, VRF 3, IP 30.30.30.0.24
VLAN 31, VRF 3, IP 30.31.31.0/24

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
What is ACI ?

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
ACI - Logical Network Provisioning of Stateless Hardware
Embracing SDN and Moving beyond with ACI

Web App DB

QoS QoS QoS


Outside
(Tenant VRF) Filter Service Filter

APIC

ACI Fabric Application Policy


Infrastructure
Non-Blocking Penalty Free Overlay Controller

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Why ACI?

 The data center is both Virtual and Physical

 Enterprise Scale and Performance requires


hardware acceleration

 A SINGLE architecture to deliver


performance, programmability, agility and
reduced complexity

 An Application Centric Policy Model that


dynamically defines the network fabric by mean
of the application requirements

 An AUTOMATED network fabric for both


virtual and physical workloads and services

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Should you…..

Use ACI as a Network ?

or

Use ACI as an Application Centric


Infrastructure ?

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
What is an Application?

 Exchange
 Subnet 10
 Active Directory
 Campus VLAN 10
 Single Sign On
 IP storage
 Steve’s Custom Application

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
ACI as a Network

 Centralised Network Management


 Configuration based on:
 VLANs / VxLANs
 Subnets
 Routing

 Secure closed network


 Integrated Physical and Virtual Networking
 Traffic visibility
 The bottom line … It’s just a network managed from a single place – the APIC

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
ACI as Application Centric Infrastructure

 Centralised Network Management


 Configuration based on:
 Grouping machines into application constructs
 VLANs / VxLANs
 Subnets
 Routing

 Secure closed network


 Integrated Physical and Virtual Networking
 Traffic visibility
 The bottom line … What’s the difference? It’s still just a network managed from a single
place – the APIC

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
ACI Networking Constructs

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Definitions

Tenant - Logical Container for Hosted Tenants or Business units, can contain
multiple Private Networks
Private Network - VRF or context allows overlapping addresses
Owner*: Network Team
Bridge Domain - L2 Broadcast/Multicast domain
Application Profile - Definition of Application
End Point Group – Single or Multiple End Points (exist in single bridge Owner*: Application
Team
domains)
Contracts – Directional Access Control between EPGs
Subjects – Access rules (Filters) for the Contracts e.g. TCP port number,
redirect, mark
Owner*: Security Team

* Owners are notional simply to show how RBAC could be used in an Application Profile definition

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Definitions
Customer/ BU/ Group
Tenant

Private Network Private Network VRF

Bridge Domain Bridge Domain Bridge Domain L2 Boundary

Subnet A Subnet B
Subnet D
Subnet B Subnet F IP Space(s)

EPG Groups of end-points


EPG EPG A and the policies that
EPG
A C define their
EPG B
EPG connection
B C

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
End Points and End Point Groups

End Points are physical or virtual devices which attach to the network.
Identified End Points are aggregated into End Point Groups.
Examples include
 Virtual Machine, Physical Server

 Layer 2 or 3 switch

 VLAN

 Subnet

 Load balancer

 Firewall

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
EPG Definition
EPs are devices which attach to the network either virtually or physically, e.g:
• Virtual Machine
• Physical Server (running Bare Metal or Hypervisor)
• External Layer 2 device
• External Layer 3 device
Application
• VLAN
Profile
• Subnet
• Firewall
• Load balancer
EPG EPG

EP EP EP EP

Virtual Port, Physical Ports, External L2 VLAN, External L3 subnet

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Single Bridge Domain, External Gateway

EPGs contain virtual or


physical machines in the
same subnet.

EPGs cannot communicate


– i.e PVLAN.

Bridge Domain: Blue Legacy network


Subnet: 192.168.10.x/24
EPG EPG
No Contract = No Communication
Green Red

Without a contact traffic is


blocked between EPGs
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Single Bridge Domain, Single Subnet/Gateway

EPGs contain virtual or


physical machines in the
same subnet.

EPGs cannot communicate


– i.e PVLAN.

Traffic Permitted
Traffic Permitted

Traffic permitted from EPGs to


Anycast default gateway – each
Bridge Domain: Blue leaf switch is a default gateway
Subnet: 192.168.10.x/24
EPG EPG
No Contract = No Communication
Green Red

Without a contact traffic is


blocked between EPGs
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Single Bridge Domain, Single Subnet/Gateway

EPGs contain virtual or


physical machines in the
same subnet.

EPGs can communicate


with a Contract (ACL) – i.e
PVLAN +.

Traffic Permitted
Traffic Permitted

Traffic permitted from EPG’s to


Anycast default gateway – each
Bridge Domain: Blue leaf switch is a default gateway
Subnet: 192.168.10.x/24
EPG EPG
Contract = Allow s Communication
Green Red

With a contact traffic is permitted


between EPG’s irrespective of
VLAN, VxLAN or Physical interface
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Single Bridge Domain, Multiple Subnets/Gateways

EPGs contain virtual or


physical machines in the
same or different subnets.

EPGs cannot communicate


– i.e PVLAN.

Traffic Permitted
Traffic Permitted

Traffic permitted from EPG’s to


Bridge Domain: Blue Anycast default gateway – each
Subnet: 192.168.10.x/24 leaf switch is a default gateway
Subnet: 192.168.20.x/24 sec
EPG EPG
No Contract = No Communication
Green Red

Without a contact traffic is * Note: Subnets can span EPGs, i.e. EPG Green can contain hosts in both subnets
blocked between EPG’s
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Single Bridge Domain, Multiple Subnets/Gateways

EPGs contain virtual or


physical machines in the
same or different subnets.

EPGs can communicate


with a Contract (ACL) – i.e
PVLAN +.

Traffic Permitted
Traffic Permitted

Traffic permitted from EPG’s to


Bridge Domain: Blue Anycast default gateway – each
Subnet: 192.168.10.x/24 leaf switch is a default gateway
Subnet: 192.168.20.x/24 sec
EPG EPG
Contract = Allow s Communication
Green Red

With a contact traffic is permitted


between EPG’s irrespective of * Note: Subnets can span EPGs, i.e. EPG Green can contain hosts in both subnets
VLAN, VxLAN or Physical interface
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Tenant

Pepsi-Tenant Coke-Tenant A Tenant is a container for all


network, security,
troubleshooting and L4 – 7
service policies.

Tenant resources are isolated


from each other, allowing
management by different
administrators.

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Private Networks

Pepsi-Tenant Coke-Tenant
Private Network 1 Private Network 1
Private networks (also called
VRFs or contexts) are defined
within a tenant to allow
isolated and potentially
Private Network 2 Private Network 2 overlapping IP address space.

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Bridge Domain

Pepsi-Tenant Coke-Tenant
Within a private network, one
Private Network 1 Private Network 1
or more bridge domains must
Bridge Domain 1 Bridge Domain 1
be defined.
Bridge Domain 2 Bridge Domain 2

A bridge domain is a L2
Private Network 2 Private Network 2 forwarding construct within the
Bridge Domain 3 Bridge Domain 3
fabric, used to constrain
broadcast and multicast traffic.
Bridge Domain 4 Bridge Domain 4

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
End Point Groups

Pepsi-Tenant Coke-Tenant
Private Network 1 Private Network 1
Bridge Domain 1 EPG Bridge Domain 1 EPG

Bridge Domain 2 EPG Bridge Domain 2 EPG


EPGs exist within a single
bridge domain only – they do
not span bridge domains.
Private Network 2 Private Network 2
Bridge Domain 3 EPG EPG Bridge Domain 3 EPG EPG

Bridge Domain 4 EPG Bridge Domain 4 EPG

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
ACME – Campus Network Integration

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
ACME – Application as a Subnet

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Cisco Application - iExpenses

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Cisco Application - iExpenses

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
XML representation of iExpenses Application

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Demo

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Wrapping up

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Application Centric Infrastructure
SDN for ALL workloads, with built in security and micro segmentation.
Single open API
for entire system Network Service Appliances X86 Multi-Hypervisor

HYPERVISOR HYPERVISOR HYPERVISOR

Application Centric Infrastructure

X86-Virtual Machines & LXC Containers X86 Servers Unix Systems IP Storage
Virtual Appliances Dockers

©2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Two Types of Languages
Infrastructure Language App Language

• VLAN • Application Tier Policy and


• IP Address Dependencies
• Subnets • Security Requirements
• Firewalls • Service Level Agreement
• Quality of Service • Application Performance
• Load Balancer • Compliance
• Access Lists • Geo Dependencies
Human
Translator
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
An Innovative Approach to Policy

Provided Provided Provided


Contract Contract Contract

F/W WEB ADC APP DB


OUTSIDE
ADC

What is an application policy?

1. Group: A set of virtual or physical workloads with the same policy


2. Contracts: A set of rules governing communication between groups
3. Service Chains: A set of network services between groups
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
ACI and Existing Nexus Designs
Bringing ACI to existing Nexus infrastructure

Miguel Angel Ruiz


Consulting Systems Engineer

Febrero 2015
Legal Disclaimer

Any information provided in this document regarding future functionalities is for


informational purposes only and is subject to change including ceasing any further
development of such functionality. Many of these future functionalities remain in
varying stages of development and will be offered on a when-and-if available basis,
and Cisco makes no commitment as to the final delivery of any of such future
functionalities. Cisco will have no liability for Cisco’s failure to deliver any or all
future functionalities and any such failure would not in any way imply the right to
return any previously purchased Cisco products.

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
ACI System’s Overview
POLICY MODEL
Application Network Profile

APPLICATION POLICY INFRASTRUCTURE


CONTROLLER Single Point of Control APIC
ACI Fabric
NEXUS 9000 10G/40G
Leaf – Spine Architecture
Non-Blocking, Penalty Free Overlay

END POINTS
Physical and Virtual HY P E RV I S O R HY P E RV I S O R HY P E RV I S O R

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Integration of Existing DC Network Assets
Extending the ACI Overlay to Existing DC Assets

vSwitch vSwitch
vSwitch

• Maintain Existing Physical Network infrastructure and operations


• Extend the ACI policy based forwarding to hosts attached to the
existing physical network

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Nexus – ACI Integration Summary
APIC
N2K Integration in ACI Fabric
• Deploy N2K in ACI fabric
APIC
N9K ACI

2K-7K
Fabric
9K
ACI Leaf Overlay
AVS AVS • Full Policy & Management Model

A A

Hosts
p
p
O
S
p
p
O
S Seamless HW GWY integration
Virtual Phy sical N2K FEX

Extend Integrate
ACI Integrated N7K DCI
APIC
• Automated DCI integration
APIC • Large Scale Tenant Extension
ACI Policy Block

2K-7K
Fabric

EPG Extension
A
p
p
O
A
p
p
O
• Full Policy Model Nexus 7x00 WAN/DCI
Hosts S S

Virtual Phy sical • Zero impact to existing fabric Or DC Core

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Nexus – ACI Integration: EPG Extension

Extend Integrate
APIC

ACI Policy Block

2K-7K
Fabric

EPG Extension
A
p
p
O
A
p
p
O
• Full Policy Model
Hosts S S

Virtual Phy sical • Zero impact to existing fabric

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Co-existence of ACI hosted applications with existing application
components
• Layer 2 and Layer 3 interoperation between ACI Fabric and Existing Data Center builds
• Layer 3 interconnect via standard routing interfaces,
OSPF, iBGP, Static (FCS)
EIGRP, EVPN, eBGP (Post FCS)
• Layer 2 interconnect via standard methods

Subnet ‘A’
Subnet ‘B’
Subnet ‘C’ Subnet ‘D’

Classical L2/L3
ACI - VXLAN

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Extending ACI into Current Data Center’s
Extend EPGs to VLANs on existing infrastructure
• Connect non-ACI networks to ACI leaf nodes
• Connect at L2 with VLAN trunks (802.1Q)
• Objective: Map VLANs to EPGs, extend policy model to non-ACI networks
L2 connection
to Leaf Node

Extend VLANs
Backbone (Trunk)

vPC Customize BD/EPG


Map VLANs to to Flood Mode
vPC Internal EPGs

vPC

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Existing Designs Many Different Physical Designs
The part we care about – the host layers
N7k Cat6500

L3 HSRP L3 HSRP

Logical Design FEX VM


P

VM
P
HSRP
Default GW N7k
VLAN / Subnet L3 HSRP
N7k

L3 HSRP
vPC
VM VM VM
P P N5k
vPC

N5k
N2k
The Focus for Moving Workloads
VM VM
P P

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Connect Fabric to existing Network

 Functionally we are expanding the VLAN’s into ACI.

Existing Design ACI Fabric

HSRP
Default GW

VLAN 10 / Subnet 10

EPG-10 = VLAN 10
P P
VM VM VM
Trunk (.1Q)

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Connect Fabric to Existing Network

 The ACI “Infra Admin” creates the Leaf interface policy (speed,
CDP, LLDP etc…) for the port.
 The ACI “Tenant Admin” uses that port for the migration (see
later).
APIC

Existing Design
Lets call this Tenant “Red”

HSRP
Default GW

VLAN 10 / Subnet 10

VM VM VM
P P

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Configure ACI in preparation for the migration
(EPG equals VLAN)  Always need a Tenant & Context
 For the migration:
Tenant “Red”
 create a BD in for each VLAN & define
Context “Red” the subnet.
 Create EPG and assign it the correct
Bridge Domain “10”
subnet and VLAN.
Subnet 10 EPG-10  Per Bridge-Domain:
 We don’t want ACI to route this subnet
Bridge Domain “20” yet, the existing HSRP gateways remain
the default gateway for now.
Subnet 20 EPG-20  Disable Unicast Routing and Enable
flooding (ARP, L2 unknown Unicast)
 Temporary Bridge Domain specific settings
while we are using the HSRP gateways in
the existing network.

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Use-case: Move Workloads
APIC point of view, the policy model
EPG-10
VM VM VM
P P

APIC
VM’s will need to be connected to new Port
Group under the APIC control
(AVS or DVS).
Existing Design

HSRP
Default GW

VLAN 10 / Subnet A

VM VM VM
P P

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Use Case: Migrate all workloads to ACI
Change BD settings back to normal for ACI mode
 Once all hosts are migrated (moved to ACI Leaves)
 Change BD settings back to default.
 Hardware Proxy, No ARP Flooding
 Unicast Routing enabled.

 Gateway is now on ACI, remove


from legacy

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Use Case: Move Services into ACI Services Graphs
APIC point of view, the policy model
EPG-20

EPG-10
VM VM VM
P P

APIC
VM’s will need to be connected to new Port
Group under the APIC control
(AVS or DVS).
Existing Design

HSRP
Default GW
VLAN 10 / Subnet A

VM VM VM
P P

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Extending ACI in to Current Data Center’s
Standard Architecture with Services

Backbone Backbone
Services
Services Chassis Services
“Fabric”
Chassis

APIC Policy
Controller

vSwitch vSwitch vSwitch vSwitch vSwitch vSwitch

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Nexus – ACI Integration Summary
APIC

N9K ACI

2K-7K
Fabric
9K
ACI Leaf Overlay
AVS AVS • Full Policy & Management Model

A A

Hosts
p
p
O
S
p
p
O
S Seamless HW GWY integration
Virtual Phy sical

Extend Integrate
APIC

ACI Policy Block

2K-7K
Fabric

EPG Extension
A
p
p
O
A
p
p
O
• Full Policy Model
Hosts S S

Virtual Phy sical • Zero impact to existing fabric

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Application Virtual Switch (AVS) with
OpFlex in ACI Fabric
• AVS: First Virtual Leaf to Hypervisor Manager
implement OpFlex vCenter

• Network policy communicated OpFlex OpFlex


from APIC to AVS through
N9k using OpFlex
• Increased control plane scale
OpFlex OpFlex
through APIC Cluster and
Leaf Node VM VM VM VM VM VM VM VM

• APIC communicates with


AVS AVS
vCenter Server for Port Group
creation

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Virtual Leaf Switching Modes

• FEX Mode: All traffic sent to Leaf for switching

• Local Switching (LS) Mode: Intra-EPGs traffic switched on the same host

• Full Switching (FS) Mode: Full APIC policy enforcement on server

AVS 1.0 NOW (since FCS of ACI) AVS 2.0 1HCY15


FEX Mode Local Switching Mode Full Switching Mode

Punt to Leaf for all traffic Punt to Leaf for Inter-EPG traffic Full Policy Enforcement

Hypervisor Hypervisor Hypervisor

VM VM VM VM VM VM VM VM VM VM VM VM
EPG Web EPG App EPG Web EPG App EPG Web EPG App

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
AVS: Extend ACI to Existing Virtual &
Physical Network
 AVS-APIC OpFlex integration
 No VLAN-EPG Stitching/Mapping

 Full Network (Any Nexus) between


Nexus 9k and AVS: Investment

OpFlex
Protection

OpFlex
OpFlex
 Phase 1: L2 network required AVS
 AVS 1.0: Local Switching & FEX mode
 AVS 2.0: Full Switching mode AVS

 Phase 2: L3 network support


AVS
 AVS 2.1: Remote Leaf, 2HCY15

Phase 1: Layer 2 Existing


Network/Local Switching
Phase 2: Layer 3 Existing
Network/Local Switching
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Extend Group Policy Model to hosts on
existing Nexus Fabrics
APIC
• Overlay to extend ACI policy model to hosts
connected to existing infrastructure
N9K ACI • Works on any infrastructure (Cisco 2-7K or other)
• Overlay provides local policy enforcement and
forwarding:
2K-7K Virtual Hosts use AVS as vLeaf
Fabric Physical Hosts use N9300 as Leaf
9K
vSwitches
AVS AVS • Mobility, ACI policies, end to end atomic counters
Hosts
App

OS
App

OS
and service insertion capability are extended
Virtual Physical
• 2K-7K infrastructure not managed by APIC

Application Virtual Switch (AVS) is an • Other ACI innovation requires full ACI fabric:
Congestion based Load Balancing, Flowlet prioritization
APIC managed extension of the ACI
POD on a remote network
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
IP Core with a Hardware Directory Service

• Three data plane functions required within the ‘core’ of an ACI fabric
• Transit: IP forwarding of traffic between VTEP’s
• Multicast Root: Root for one of the 16 multicast forwarding topologies (used for
optimization of multicast load balancing and forwarding)
• Proxy Lookup: Data Plane based directory for forwarding traffic based on mapping
database of EID to VTEP bindings
• Not all functions are required on all ‘spine’ switches

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
Extending ACI into Current Data Center’s
Extend the underlay infrastructure to the non-ACI fabric
• Objective: Extend infrastructure (VRF) IP connectivity to non-ACI fabric
L3 Connection
to Spine

Extend
Infrastructure
VRF
Backbone

vPC

vPC

vPC

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
Extending ACI Policy Based Forwarding into
Existing Data Center Networks (1HCY15)
1. Extend Policy Based Forwarding
2. Extend Visibility, Fault and Audit
3. Automated Device Management for extended Fabric nodes

ACI Enabled
Remote N9K

N5K N3K N6K


vSwitch AVS
vSwitch AVS HyperV OVS

Extended ACI Fabric

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
Nexus – ACI Integration Summary
APIC
N2K Integration in ACI Fabric
• Deploy N2K in ACI fabric
APIC
N9K ACI

2K-7K
Fabric
9K
ACI Leaf Overlay
AVS AVS • Full Policy & Management Model

A A

Hosts
p
p
O
S
p
p
O
S Seamless HW GWY integration
Virtual Phy sical N2K FEX

Extend Integrate
APIC

ACI Policy Block

2K-7K
Fabric

EPG Extension
A
p
p
O
A
p
p
O
• Full Policy Model
Hosts S S

Virtual Phy sical • Zero impact to existing fabric

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
Attaching a FEX to ACI Fabric

 FEX with current ACI release can be attached using straight-through


topology
 C2248PQ-10GE
 C2248TP-E-1GE
 C2248TP-1GE
 C2232PP-10GE
 C2232TM-E-10GE

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
Nexus – ACI Integration Summary
APIC
N2K Integration in ACI Fabric
• Deploy N2K in ACI fabric
APIC
N9K ACI

2K-7K
Fabric
9K
ACI Leaf Overlay
AVS AVS • Full Policy & Management Model

A A

Hosts
p
p
O
S
p
p
O
S Seamless HW GWY integration
Virtual Phy sical N2K FEX

Extend Integrate
ACI Integrated N7K DCI
APIC
• Automated DCI integration
APIC • Large Scale Tenant Extension
ACI Policy Block

2K-7K
Fabric

EPG Extension
A
p
p
O
A
p
p
O
• Full Policy Model Nexus 7x00 WAN/DCI
Hosts S S

Virtual Phy sical • Zero impact to existing fabric Or DC Core

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
Integrate N7K as a DCI/WAN Router in the
ACI Fabric
APIC

Nexus 7000
ASR 9000
Auto-provision
WAN/DCI
Or DC Core
OpFlex

Tenant Segmentation
Integrate DCI services in the ACI Architecture
• Disaster Recovery, Business Continuity, Multi-DC Workload Mobility
• Leverage Proven/Mature DCI technologies and implementations
• Provide the necessary connectivity to extend the Group Policy Model to the N2-7K
Fabric

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
Additional Resources

 A summary of the investment protection message located


at http://www.cisco.com/c/en/us/solutions/collateral/data-center-
virtualization/application-centric-infrastructure/white-paper-c11-
731916.html
 A detailed white paper walking through technical details of the
message located
at http://www.cisco.com/c/en/us/solutions/collateral/data-center-
virtualization/application-centric-infrastructure/white-paper-c11-
731822.html

© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
Thank you.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy