Table of Contents
What is Cisco ACI?
As network grow, Software-defined networking (SDN) becomes more popular and meanwhile Cisco ACI changes the way we’ve traditionally thought about networking. Previously, in Traditional networking administrators use commands and to manage different devices locally. Cisco Application Centric Infrastructure (ACI) is a holistic architecture in the data center providing centralized automation and policy-driven application profiles. This solution delivers software flexibility with the scalability of hardware performance. To fully understand the Cisco ACI, we should first get familiar with Spine-and-Leaf architecture.
Spine and Leaf Architecture
In this design, the leaf nodes are connected to the spines in a mesh fashion. This innovative design is a replacement for traditional three-layer architecture and increases in East-West traffic in most modern data centers due to the increase in virtual servers on top of physical hosts. Between the spine and leaf devices is an IP network (layer 3) that uses an optimized IS-IS routing protocol as of the first release. This architecture eliminates the need for Spanning Tree Protocol, which used to cause constant challenges and bandwidth limitation in over the past several years. These serious concerns no longer exist with ACI and makes the network and transport links more reliable.
Hosts, or Endpoints, of all kinds are then connected to the leaf ports, never the spine ports. Both the spine and leaf nodes consist of Cisco Nexus 3000 and Nexus 9000 series switches, though there are ways to integrate other Nexus switches to migrate from your current network to this new ACI model.
White-list policy model used in Cisco ACI, does not allow any packets to flow between applications until it has been specifically allowed access. Endpoint Groups can be set within the ACI for basically any construct, such as applications, virtual port groups, VLANs, etc.
Micro-segmentation within the ACI model can be provided by assigning EPGs to tenants. Multi-tenancy provides complete isolation between tenants and ACI addresses not only fulfill the need for network virtualization but also hardware abstraction to create a stateless network in the entire data center. This matter creates powerful networks that offer great performance in less time than traditional networks because of things like automation and repeatable processes.
As a hardware appliance, the Cisco Application Centric Infrastructure Controller or Cisco APIC is a UCS C220 M3 with a locked down image which is completely encrypted. For implementing Cisco ACI, At least three APICs are required to ensure high availability, but more can be added to ensure scalability using Web UI for admins to configure the various constructs that go into creating the ACI network. Within the APIC we can create policies, Endpoint Groups, Contracts, Application Network Profiles, and tenants among other things. So let’s dive into what some of those configurations do.
Cisco Nexus 9000 Leaf and Spine Switches
The Cisco Nexus 9500 switches can operate in one the following modes, depending on the operating system loaded and the line cards installed: NX-OS vs ACI mode. Also, the components of the Nexus 9508 chassis are common to both NX-OS and ACI mode: the chassis, the supervisor cards, power supplies, and fabric modules. But the line cards are different in a critical way.