Watch on YouTube
Watch on Vimeo
In this presentation, Lukas Krattiger and Max Ardica from Cisco’s Data Center Business Unit discuss new functionalities for Cisco Data Center networking. They focus on the secure interconnection of heterogeneous fabrics, specifically integrating ACI (Application Centric Infrastructure) and standard VXLAN EVPN (Ethernet VPN) fabrics.
Max introduces the concept of the ACI Border Gateway, which is a device that allows for controlled connectivity between different leaf-spine topologies, enabling the extension of layer 2 and layer 3 connectivity in a controlled manner. The ACI Border Gateway operates in a standard VXLAN EVPN fashion to interconnect with VXLAN EVPN border gateways of other fabrics. This allows for the expansion of a network using either ACI or VXLAN EVPN fabrics within the same multi-fabric domain.
They also introduce the VXLAN Group Policy Option (GPO), which provides secure group segmentation within a VXLAN EVPN fabric, similar to the concept of SGT (Security Group Tag) discussed in a previous session. GPO enables microsegmentation and service chaining, allowing administrators to direct traffic through firewalls or other network services as part of a security policy.
Lukas and Max emphasize the importance of using a control plane to exchange group information, allowing for optimal traffic flow by applying security policies at the ingress leaf. This approach is more efficient as it avoids sending unnecessary traffic across the network only to be dropped at the destination.
The discussion also touches on the need for policy authoring and enforcement, which will be facilitated by software tools like Nexus Dashboard or Ansible playbooks, allowing for consistent policy application across ACI and VXLAN EVPN fabrics.
Throughout the conversation, they address scalability, resource management, and the benefits of using border gateways to abstract network complexity and control inter-fabric connectivity. They also mention the possibility of synchronizing policy across different network domains and the potential integration with third-party security management tools.
Personnel: Lukas Krattiger, Max Ardica
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
