ACI Introduction

Template Version 2020.11.13-1 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
1
Module Goal

This module sets out to introduce key ACI

concepts and terms:
1. Ensure all students are familiar with the key
ACI concepts and terms
– Endpoints, EPGs, BDs, VRFs
– VTEPs, VXLAN, COOP, ISIS, BGP
– Role of the APIC and dynamic configuration
– GUI navigation

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
4
Agenda

What is ACI? And why use it?

ACI Configuration

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
5
 What is ACI? And why use it?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
6
What is ACI?

Still Networking
Spines
• Just a different approach
• Single Fabric that is controlled as
a whole
Leaves
• Fabric is an Intelligent Network

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
7
Challenges of Today
Limits of traditional design
Management
Core
• CLI to every Device
• Manual Configuration – Takes Time
• Harder when we scale!
Functionality
Dist • Control Plane is Decoupled From the
Data Plane
• Spanning Tree to Prevent Loops
• Static Configuration
• Allow all Traffic by Default
Access
• Coordination between Network and
Server Team

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
8
What is ACI?
ACI is Software Defined Networking
Management
Spines
• Fabric is managed by APIC:
Application Policy Infrastructure
Controller
• All configuration exposed via API
Leaves • Switches join network in a few
clicks!
Functionality
• VXLAN Fabric
• Dynamic Configuration
• Whitelist Model (customizable)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
9
What physical topology is required?

• Physical topology must support our endpoint communication

(layer-2/layer-3) and the location of endpoints within the physical
network will affect the supporting design/configuration.

VLAN VLAN L2 L3
EP1 EP2 EP3 EP4
1 2 External External

VRF-1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
10
Traditional Topology – Routing at Core/Spine
STP results in unused links / limits scale / slower convergence

Layer2 – STP forwarding

Layer2 – STP blocked
Layer3 – ECMP

VLAN VLAN L2 L3
EP1 EP2 EP3
1 2 External External

VRF-1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
11
Traditional Topology – Routing at Access
Restricts L2 endpoint locations / requires separate links for L2 / segmented STP

Layer2 – STP forwarding

Layer2 – STP blocked
Layer3 – ECMP

VLAN VLAN L2 L3
EP1 EP2 EP3
1 2 External External

VRF-1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
12
ACI Infrastructure
ACI takes L3 to the Edge ACI Fabric is L3 Routed

ACI Fabric

L2 L3
EP1 EP2 EP3
External External

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
13
ACI Infrastructure
APIC provisions BD/VRF VXLAN overlays based on EPG attachments
• ACI is policy driven - using EPGs
• Abstracts traditional L2 roles
• Abstracts traditional L3 roles

BD_1
BD_1 BD_2BD_2
EPG2
VLANs 103/1/3
EPG13-9
l3extInstP 104/1/8
102/1/1
105/1/10
101/1/5
L2
EP1 EP2 EP3 External L3Out
VLANs 3-9
EPG_1 EPG_1 EPG_2 =EPG_3-EPG_9 L3ExtEPG

VRF_1VRF_1 VRF_1 VRF_1 VRF_1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
14
Underlay and Overlay

Underlay
• A layer 3 network running ISIS is configured automatically by your APIC
cluster to provide a routed underlay network between leaves and spines
– user does not have to understand how to build the underlay

Overlay
• An overlay network is built using an enhanced version of VXLAN to allow
layer 2 switching across the fabric as well as per VRF routing across the
fabric – user does not have to understand how to build the overlay

• VXLAN VNIDs are used to separate layer 2 switching as well as layer 3

routing

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
15
ACI Overview
Application Centric Infrastructure
Software Defined Networking built on Nexus
9000

Spines
Spine1# show module
Mod Ports Module-Type Model Status
--- ----- ----------------------------------- --------------- ------
2 32 32p 40/100G Ethernet Module N9K-X9732C-EX ok
22 0 Fabric Module N9K-C9504-FM-E ok
23 0 Fabric Module N9K-C9504-FM-E ok
24 0 Fabric Module N9K-C9504-FM-E ok
26 0 Fabric Module N9K-C9504-FM-E ok
27 0 Supervisor Module N9K-SUP-A Active
Leaves 28 0 Supervisor Module N9K-SUP-A Standby

Leaf4# show module

Mod Ports Module-Type Model Status

--- ----- ---------------------------------- ------------------ ------
----
1 54 48x10/25G+6x40/100G Switch N9K-C93180YC-EX ok

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
16
Node Functionality
R External Routing
V VLAN
GW Gateway (SVI)

T VXLAN Tunnel Endpoint (VTEP)

T T
ISIS/BGP

T T T T T T

T T T External L3
GW V R Network
Bare Metal/External L2 APIC Cluster Hypervisors
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
17
ACI Infrastructure
Leaves/spines advertise VTEP via ISIS
Physical links
ISIS / MDT(multicast)
T Tunnel Endpoint (VTEP)
L2 v4 v6 L2 v4 v6
L2 v4 v6 Anycast Spine Proxy VTEPs

T T T T T

T
L2 L3
EP1 EP2 EP3
External External

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
18
What a VTEP in ACI?
Choose the best answer(s)
In ACI, a VTEP is best described as an address that…
A. identifies a leaf switch
B. is an anycast address shared by all spine switches
C. identifies a spine switch
D. identifies an APIC
E. is used as source and destination IP addresses for all user traffic
crossing the fabric
F. does all of the above

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
19
ACI Infrastructure
Leaves advertise learned EP to spines via COOP
Physical links
ISIS / MDT
COOP Oracles T Tunnel Endpoint (TVEP)
L2 v4 v6 L2 v4 v6

10.1.1.57 L2 v4 v6 Anycast Spine Proxy VTEPs

P1
TE
COOP Citizens
T T T T T

10.1.1.57
1
TEP

L2 L3
EP1 EP2 EP3
External External
10.1.1.57

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
20
What is the role of COOP in ACI?
Choose the best answer
A. Endpoint information is shared between Leaf Switches using COOP
B. Endpoint routes are shared between Leaf and Spine Switches using
COOP
C. Leaf switches use COOP to report endpoint information to the APIC
D. Leaf switches use COOP to report endpoint information to a spine
switch

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
21
ACI Infrastructure
APICs communicate to fabric over infra vlan
Physical links
ISIS / MDT

L2 L3
EP1 EP2 EP3
External External

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
22
ACI Infrastructure
ACI integrates with traditional L3 environments Physical links
ISIS / MDT
MP-BGPL LRRs
L T Tunnel Endpoint (VTEP)
B BB

BL
L2 v4 v6 L2 v4 v6
0.0.0.0/0 L2 v4 v6 Anycast Spine Proxy VTEPs

RR-Clients
0.0.0.0/0 BL
T T T T T
0.0.0.0/0

L2 L3
EP1 EP2 EP3
External External

Border Leaf advertises external routes to fabric through MP-BGP

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
23
Decoupling of Endpoint Location and Policy

• Endpoints Identified by IP (L3) or MAC (L2) address

• Endpoint location specified by VTEP address
• Forwarding occurs between VTEPs
• Transport based on enhanced VXLAN header format
• Distributed reachability database maps endpoints to VTEP locations

SVTEP DVTEP VXLAN IP Payload SVTEP DVTEP VXLAN MAC Payload

VTEP VTEP VTEP VTEP VTEP VTEP

VM VM VM

MAC A MAC B MAC C

10.10.10.10 11.11.11.10 11.11.11.11
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
24
Which of the following are true in relation to ACI attached devices?
Choose two
A. L2 Endpoints are identified by IP or MAC address
B. L2 Endpoints are identified by MAC address only
C. L3 Endpoints are identified by IP or MAC address
D. L3 Endpoints are identified by IP address only
E. L3 Endpoints are identified by IP subnet

• ACI is based around L2/L3 Endpoints for locally attached devices.

• Remote L3 sub/networks are treated like traditional L3
• Endpoint destinations identified as part of a locally connected subnet, but no L3
address yet learned are sent to the proxy
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
25
 ACI Configuration

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
26
ACI Configuration Options

All configuration is via centralised APIC

• Nodes can be accessed for Read Only CLI
Management Information Model
• Component objects and relationships
Options
• GUI
• CLI
• Programming

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
27
APIC GUI Overview - Main Navigation

Two Level Top Navigation

• Main Sections
o System
o Tenants
HTTP(s)://<IP APIC> o Fabric
o Virtual Networking
o L4-L7 Services
o Admin
HTML5 Application o
o
Operations
Apps
o Integrations

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
28
APIC GUI – System Dashboard

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
29
Management Overview - Status

• GUI gives full

visibility into entire
system
• Controller status
shows state of the
APIC Cluster.
Fully Fit
• means all APIC’s are
in sync and
communicating

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
30
Management Overview – Faults

• Faults are raised to

warn users of issues
in the environment
• Faults are classified
based on severity

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
31
Why - Health

Looks like we had

an issue!

• Health scores are

driven based on faults
and events
• Can be viewed system
wide or per object

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
32
Basic Elements – Health
Useful when health is <100 and no Faults appear
• Explore
Health
Information
• Drill down to
cause
• Examine
Problematic
Object(s)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
33
Basic Elements – Stats

• Selectable
Properties &
Report
Interval
• Table / Graph
View
• Download
Data as XML

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
34
Basic Elements – Tree (Explorer)

• Hierarchical Organization
• Folders/Tree Nodes
• Context Menu
• Workspace syncs with navigation
tree
• Consistency right-click on tree
and Action button

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
35
Basic Elements – Properties

Properties page
always up-to
date
(Websockets)
• Refresh (for
peace of
mind)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
36
Basic Elements – History

Historical Records for:

• Faults (faults raised/cleaned/etc)
• Events (when the system did what)
• Health (when the object health score changed)
• Audit Logs (who did what)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
37
Management Overview – Fabric View

• Fabric Inventory and Topology are centrally managed.

Clicking on Objects
will Drill down
further

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
38
Which of the following are supported in the ACI GUI
Choose the best answer
A. Audit log
B. Faults history
C. Event History
D. Object Health history
E. A & B above
F. A, B & C above
G. A, B, C and D above

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
39
 End

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
40
Thank You

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
41