What is Cisco ACI?
What is Cisco ACI?
Todays, software-defined networking (SDN) becomes more popular and meanwhile Cisco ACI changes the way we’ve traditionally thought about networking. In Traditional networking administrators use commands and to manage different devices locally. Cisco Application Centric Infrastructure (ACI) is a holistic architecture in the data center providing centralized automation and policy-driven application profiles. This solution delivers software flexibility with the scalability of hardware performance.
For understanding Cisco ACI, it is based-on Spine-and-Leaf architecture where the leaf nodes are connected to the spines in a mesh fashion. This innovative design is a replacement for traditional three-layer architecture and increases in East-West traffic in most modern data centers due to the increase in virtual servers on top of physical hosts. So, Cisco ACI for data Center, how it and its components works?
Generally, between the spine and leaf devices is an IP network (layer 3) that uses an optimized IS-IS routing protocol as of the first release. As a pro for ACI network, there is no need for Spanning Tree Protocol, which used to cause constant challenges and bandwidth limitation in over the past several years. Basically, spanning tree used to address problems with broadcast storms. Although, it could slow the network down and took a lot of time to plan properly. Adding or removing network switches could create problems with STP as well. These concerns no longer exist with ACI and makes the network and transport links more reliable.
Hosts, or Endpoints, of all kinds are then connected to the leaf ports, never the spine ports. Both the spine and leaf nodes consist of Cisco Nexus 9000 series switches, though there are ways to integrate other Nexus switches to migrate from your current network to this new ACI model.
The Cisco Application Centric Infrastructure Controller or Cisco APIC is a hardware appliance that is essentially a UCS C220 M3 with a locked down image which is completely encrypted. For implementing Cisco ACI, At least three APICs are required to ensure high availability, but more can be added to ensure scalability using Web UI for admins to configure the various constructs that go into creating the ACI network. Within the APIC we can create policies, Endpoint Groups, Contracts, Application Network Profiles, and tenants among other things. So let’s dive into what some of those configurations do.
Cisco ACI Policy Model
Cisco ACI benefits from white-list policy model which means that no packets are allowed to flow between applications until it’s been specifically allowed access. Endpoint Groups can be set within the ACI for basically any construct, such as applications, virtual port groups, VLANs, etc.
Cisco ACI Service Graphs
Using a new protocol called OpFlex (as well as device packages) we would be able to take advantage of that declarative model referred to above with all sorts of Cisco and 3rd-party applications and appliances. This makes it really easy to insert security between tiers as well as create constructs that can be copied and changed more easily making automation even more possible.
Application Network Profile
Contracts can be created between the tiers after we’ve set up EPGs, policies, and service graphs. All together and as an Application Network Profile, The EPGs will act as either a provider or consumer of these contracts which essentially connect the policies to the tiers with which they should be associated. This Application Network Profile can provide us with not only layered security, but again reusable constructs that administrators can apply anywhere within the network.
Cisco ACI Tenants
Micro-segmentation within the ACI model can be provided by assigning EPGs to tenants. Multi-tenancy provides complete isolation between tenants and ACI addresses not only fulfill the need for network virtualization but also hardware abstraction to create a stateless network in the entire data center. This matter creates powerful networks that offer great performance in less time than traditional networks because of things like automation and repeatable processes.
Cisco Nexus 9500 ACI Switch
The Cisco Nexus 9500 switches can operate in one the following modes, depending on the operating system loaded and the line cards installed: NX-OS vs ACI mode. Also, the components of the Nexus 9508 chassis are common to both NX-OS and ACI mode: the chassis, the supervisor cards, power supplies, and fabric modules. But the line cards are different in a critical way.