Cisco ACI Deep Dive

Overall rating: 4.71 Instructor: 4.50 Materials: 5.00 more …

Application Centric Infrastructure (ACI) is Cisco's response to the Software-Defined Networking (SDN) hype... but fortunately, Cisco took a significantly different approach from the usual "centralized control plane" crowd and created a scalable data center solution. Seven years after Cisco ACI was announced (on November 6th, 2013), we can confidently say that the data center Cisco SDN solution reached its maturity.

This webinar will cover advanced Cisco ACI topics from infrastructure components and protocols to managed objects, VMM integration, and automation... not from a merely theoretical point of view, but from a perspective of a networking engineer with hands-on ACI design, installation and deployment experience. Expect "How does it really work" glimpses under the glitzy orchestration cover supported by real-world insights.

The pragmatic approach of the webinar will be based on screenshots taken from real Cisco ACI installations that will provide the right level of details to help you understand not just the Cisco ACI protocols, but also the physical and logical fabric configuration procedures.

We’ll start to explore the Cisco ACI fabric configuration with APIC GUI, and later move then to Python scripting and REST API (using Postman) as the main automation tools.

Contents

An Overview of Cisco ACI Pillars

This section describes the the Cisco ACI fabric setup process, how Cisco ACI uses VXLAN to build logical L2 fabric on top of physical L3 fabric, and the mechanisms used to provide external access to ACI tenants (L3Out and GOLF).

It will help you understand:

• The automatic discovery process in Cisco ACI fabric;
• The meaning of infrastructure VLAN and VRF overlay-1;
• The difference between Platform Independent VLAN ID and Encapsulation VLAN ID and the ACI mapping between the two;
• VTEP pool addresses in single fabric, multi-pod and multi-site deployment;
• How ACI normalizes the VLAN/VXLAN frames entering the fabric;
• How Cisco ACI marks packets with endpoint group (EPG) identifiers and how that information is transported in VXLAN packets;
• What is the pervasive anycast address GW for a bridge domain;
• Connecting Cisco ACI fabrics to external world with L3Out, and the supported topologies;
• Scalability advantages of using GOLF instead of L3Out in a multi-tenant environment.

Underlay Protocols

After describing the basics of Cisco ACI, it's time to focus on Cisco ACI control plane protocols including:

• Underlay IS-IS
• IP Multicast
• Council of Oracles Protocol (COOP)
• Multi-protocol BGP (MP-BGP)
• MP-BGP VPNv4 address family within a single fabric
• MP-BGP VPNv4 and EVPN address families in multi-pod and multi-site deployments

ACI Physical Managed Objects

The third session will focus on managed physical objects, including:

• The ACI Management Information Model (MIM)
• The Managed Object (MO)
• Physical MOs
• VLAN pool
• Domain
• Attachable Access Entity Profile (AAEP)
• Interface Policy
• Switch Policy
• Interface Policy Group
• Interface Profile
• Switch Profile
• Fabric Access Policies definition
• Fabric Access Policies relations

ACI Logical Managed Objects

This section discusses logical managed objects including:

• Tenants, VRFs and Bridge Domains (BD)
• Application Profiles
• Endpoint groups (EPGs), contracts and filters

L3OUT deep dive

• L3OUT model
• Preparatory tasks
• Building blocks
• Import and Export route-map
• BD Binding
• Demonstration

ACI GUI

• System
• Admin
• Fabric
• Operations
• Apps

ARP, L2 & L3 forwarding

• Bridge Domain knobs
• Unicast routing use case
• ARP handling
• L2 unicast forwarding
• L3 unicast forwarding
• ARP/L2/L3 unicast forwarding
• Silent host
• Pervasive GW subnets propagation

Troubleshooting

• Misconfigurations
• Same VLAN ID in different EPGs
• Operations
• ELAM
• moquery
• ERSPAN
• Endpoint troubleshooting

VMM integration

• VMM
• Benefits of ACI & VMM integration
• vMware & ACI integration
  • EPG to VMM domain Association
• uSegmentation

Automation – REST API

• Why automation?
• ACI object model
• APIC login authentication (by Python)
• REST calls format
• POST REST call - Tenant creation (by Python)
• GET REST call (by Python)
• REST API queries (by Python)
• POSTMAN

Target Audience

• Network architects designing modern data center fabrics
• Network engineers tasked with building or managing Cisco ACI fabrics
• Network engineers with limited exposure to Cisco ACI looking to gain deeper understanding of the overall solution
• Network engineers interested in getting confident about the right use of the tools for implementing and troubleshooting different scenarios on ACI
• Network consultant engineers trying to get familiar with Cisco ACI to be able to propose ACI solutions to their customers
• Anyone interested to move from the classical "one-by-one CLI configuration" method to an SDN-based data center fabric

The Author

Mario Rosi is currently working as Senior System Engineer in an Austrian CISCO Gold Partner firm in the areas of Data Center and ISP. He's also the author of the eBook "CISCO ACI, how to use it!". Along with years of experience in networking, he developed his know-how in MPLS/VPN environment working as a consultant in international Service Providers; then he focused more on Data Center technologies concerning above all network infrastructure and protocols used inside. He had also an interesting collaboration with the Computer Science University of Padova as a lecturer, taking some seminars on SD-WAN, SD-ACCESS and ACI topics. He loves time by time going back to the roots that bring him to Italy's green heart, Umbria region where he's coming from.

Happy Campers