How Devices Connect to the Fabric: Understanding Cisco ACI Domains

Carly Stoughton, a Technical Marketing Engineer at Cisco, presented an in-depth look at how devices connect to the Application Centric Infrastructure (ACI) fabric, focusing on the concept of ACI domains. She began by explaining the basic architecture of ACI, which includes a spine-leaf topology where all devices connect to leaf switches, and leaves connect to spines but not to each other. This setup ensures predictable latency and efficient data flow. Stoughton emphasized the role of the Application Policy Infrastructure Controller (APIC) in managing these connections and policies, highlighting how it integrates with various types of devices and systems, such as VMware servers, bare metal servers, and external routers.

Stoughton detailed the integration of VMware into ACI through the creation of Virtual Machine Manager (VMM) domains. This integration allows for enhanced visibility and control over VMware environments by pushing a VMware distributed switch into the servers, enabling each port group to act as an endpoint group (EPG). This method allows network administrators to define EPGs based on virtual ports rather than traditional VLANs or physical ports. The APIC establishes a relationship with the VMware vCenter, creating a VMM domain for each data center, which helps in isolating and managing different environments. This setup ensures that network policies are consistently applied across virtual machines, simplifying management and enhancing security.

In addition to VMware integration, Stoughton discussed how ACI handles other types of devices through physical and external Layer 2 and Layer 3 domains. For bare metal servers, a physical domain can be created to group servers with similar policies into the same EPG, regardless of their physical or virtual nature. External Layer 2 domains are typically used for connecting to existing data center switches, while external Layer 3 domains facilitate connections to WAN or internet routers using protocols like OSPF, static routing, and BGP. Stoughton also touched on the future support for additional protocols like EIGRP and IPv6. This comprehensive approach ensures that ACI can accommodate a wide range of devices and configurations, making it a versatile solution for modern data centers.