|
This date is February 13, 2015 at 8:00 - 10:00.
Presenters: Carly Stoughton, Joe Onisick, Soni Jiandani
Cisco ACI Overview with Soni Jiandani and Joe Onisick
Watch on YouTube
Watch on Vimeo
Soni Jiandani, Senior Vice President, and Joe Onisick, Principal Engineer, introduce Cisco Application Centric Infrastructure (ACI) and discuss the methodology and reasoning behind it.
Personnel: Joe Onisick, Soni Jiandani
Understanding the Cisco ACI Policy Model
Watch on YouTube
Watch on Vimeo
Carly Stoughton, a Technical Marketing Engineer at Cisco, presented an in-depth look at the Cisco ACI policy model during a Tech Field Day session on February 13, 2015. She emphasized the unique aspects of the ACI policy model, which focuses on the needs of applications rather than the traditional method of configuring individual network devices. Stoughton illustrated how ACI simplifies network management by defining who is on the network, who can communicate with whom, and what they are allowed to discuss. This approach contrasts with the traditional method of configuring multiple routers, switches, firewalls, and load balancers individually. The ACI policy model uses endpoint groups (EPGs) to categorize network entities that require similar treatment, and it employs a whitelist model where no communication is allowed until explicitly permitted through policies known as contracts.
Stoughton explained that an application typically consists of a front-end web tier, application servers, and a backend database, along with shared services like Active Directory, DHCP, and DNS. These components are grouped into EPGs, which are collections of endpoints needing similar network treatment. The ACI policy model is different from traditional Ethernet networks, as it does not allow any communication by default. Instead, it requires explicit policies, or contracts, to be defined to permit communication between EPGs. These contracts can specify actions such as permit, deny, redirect, log, or copy, and can be unidirectional or bidirectional. The policies are enforced at the leaf switches, which tag packets with source EPG information to ensure proper policy enforcement across the network fabric.
The session also covered the technical aspects of how ACI handles traffic and policy enforcement. Stoughton discussed various methods for defining EPGs, including VLANs, VXLAN tags, physical ports, and virtual ports. She highlighted the flexibility of the ACI policy model in integrating with existing network environments and its ability to support stateful and stateless filtering. The ACI fabric uses a spine-leaf architecture, ensuring predictable latency and bandwidth. Stoughton also touched on the role of the APIC controller cluster, which manages policy configurations and can be interacted with through a GUI or API. The APIC supports automated backups and the export of configurations for version control. Overall, the presentation showcased how the ACI policy model brings a new level of simplicity and efficiency to network management by aligning network configurations with application requirements.
Personnel: Carly Stoughton
How Devices Connect to the Fabric: Understanding Cisco ACI Domains
Watch on YouTube
Watch on Vimeo
Carly Stoughton, a Technical Marketing Engineer at Cisco, presented an in-depth look at how devices connect to the Application Centric Infrastructure (ACI) fabric, focusing on the concept of ACI domains. She began by explaining the basic architecture of ACI, which includes a spine-leaf topology where all devices connect to leaf switches, and leaves connect to spines but not to each other. This setup ensures predictable latency and efficient data flow. Stoughton emphasized the role of the Application Policy Infrastructure Controller (APIC) in managing these connections and policies, highlighting how it integrates with various types of devices and systems, such as VMware servers, bare metal servers, and external routers.
Stoughton detailed the integration of VMware into ACI through the creation of Virtual Machine Manager (VMM) domains. This integration allows for enhanced visibility and control over VMware environments by pushing a VMware distributed switch into the servers, enabling each port group to act as an endpoint group (EPG). This method allows network administrators to define EPGs based on virtual ports rather than traditional VLANs or physical ports. The APIC establishes a relationship with the VMware vCenter, creating a VMM domain for each data center, which helps in isolating and managing different environments. This setup ensures that network policies are consistently applied across virtual machines, simplifying management and enhancing security.
In addition to VMware integration, Stoughton discussed how ACI handles other types of devices through physical and external Layer 2 and Layer 3 domains. For bare metal servers, a physical domain can be created to group servers with similar policies into the same EPG, regardless of their physical or virtual nature. External Layer 2 domains are typically used for connecting to existing data center switches, while external Layer 3 domains facilitate connections to WAN or internet routers using protocols like OSPF, static routing, and BGP. Stoughton also touched on the future support for additional protocols like EIGRP and IPv6. This comprehensive approach ensures that ACI can accommodate a wide range of devices and configurations, making it a versatile solution for modern data centers.
Personnel: Carly Stoughton
Cisco ACI Demo with Carly Stoughton
Watch on YouTube
Watch on Vimeo
Carly Stoughton, Technical Marketing Engineer, demonstrates the Cisco Application Centric Infrastructure (ACI) system from the Application Policy Infrastructure Controller (APIC).
Personnel: Carly Stoughton