What is Cisco Application Centric Infrastructure ACI?
The Cisco ACI. It is SDN solution from Cisco for Data Centers, simply ACI is a Network policy based automation model. The end goal of this solution is about enabling software control of the network and how it operates, so that software can automate and change the network based on current conditions in the network.
- ACI uses a concept of endpoints and policies. The endpoints are the VMs (or even traditional servers with the OS running directly on the hardware). Because several endpoints have the same needs, you group them together into aptly named endpoint groups. Then policies can be defined about which endpoint groups can communicate with whom—for instance, a group of web servers may need to communicate with a group of application servers. The policy also defines other key parameters, like which endpoint groups can access each other (or not), as well as QoS parameters and other services.
- ACI uses a centralized controller called the Application Policy Infrastructure Controller (APIC); it is the controller that creates application policies for the data center infrastructure…..this is your SDN controller for Data Center.
- ACI uses a partially centralized control plane, Restful and native APIs, and OpFlex as an SBI. The NBIs allow software control from outside the controller. The controller communicates with the switches connected to the endpoints, and asks those switches to then create the correct flows to be added to the switches. Interestingly.
ACI has three main components: Nexus 9000 switches, APIC and Ecosystem
Nexus 9000 Switches
- These devices can become part of an ACI fabric through a variant of the NX-OS operating system called ACI Fabric OS.
- ACI Fabric OS is not pure NX-OS but similar to it , actually a rewritten version of NX-OS.
- These switches run ACI Fabric OS to render policies received from APIC
- Two Types of Switches will be used in ACI , Leaf and Spine
- You can imagine that Spine switch is like Distribution switch and Leaf switch is like Access switch
- You cannot use any other Vendor switches or other Cisco switches in ACI
- Some models of Nexus 9K support NX-OS and ACI Fabric OS
- Some models of Nexus 9K support to work as Leaf, Spine, both or not supporting ACI at all.
- You should use One or more leaf switches to be connected to End Points and APIC cluster , Models supported are Cisco Nexus 93128TX, 9332PQ, 9372PX, 9372PX-E, 9372TX, 9396PX, or 9396TX switches
- You should use One or more spine switches to be connected to each Leaf, Models supported are Cisco Nexus 9336PQ, 9504, 9508, or 9516 switches
- You cannot use Leaf switch model as spine switch model & vice versa, with one exception with 9336PQ which can be used as leaf switch or baby spine switch for small networks.
- Last digit in each leaf or spine model shows how many interfaces can be used , for example the last digit (8) in 9508 spine switch means it had 8 interfaces can be connected to leaf switches.
- Both Nexus spine and leaf nodes will be managed using APIC
- Spine can be connected only to leaf switches but not each other’s.
- Leaf switches can be connected only to spine switches and endpoint devices including APIC devices , so this means APIC will be connected only to Leaf switches
- ACI Switches are not running spanning tree.
- Max APIC can be used are 5
- Max Leaf switches can be used are 200
- Max Spine switches can be used are 6
- Max Endpoints physical servers are 10000
- Max Endpoints physical servers are 10000
Learn More: The Latest Cisco Nexus 9000 Innovations
Application Policy Infrastructure Controller (APIC)
This is the network controller is responsible for provisioning policies to physical and virtual devices that belong to an ACI fabric. Minimum a cluster of three controllers is used.
- APIC policies could be configured to do many things such as decide where endpoints are logically exist or what types of traffic flow are allowed etc.
- APIC observe Network traffic Statistics and devices status and keep logs for devices operation history.
- APIC showing you the physical and logical topology (who is connected to whom)
- APIC handle boot information and upgrade capabilities for images
The main features of the controller include:
- Application-centric network policies
- Data-model-based declarative provisioning
- Application and topology monitoring and troubleshooting
- Third-party integration (Layer 4 through Layer 7 [L4-L7] services & VMware vCenter/ vShield)
- Image management (spine and leaf)
- Cisco ACI inventory and configuration
- Implementation on a distributed framework across a cluster of appliances
- Health scores for critical managed objects (tenants, application profiles, switches, etc.)
- Fault, event, and performance management
- Cisco Application Virtual Switch (AVS), which can be used as a virtual leaf switch
The controller framework enables broad ecosystem and industry interoperability with Cisco ACI. It enables interoperability between a Cisco ACI environment and management, orchestration, virtualization, and L4-L7 services from a broad range of vendors.
Cisco APIC supports a simplified approach to configuring the ACI with the choice of two additional user interfaces.
They are the NX-OS style CLI and the Basic GUI. The existing methods of configuration using REST API and Advanced GUI are supported as well.
More info for how to use APIC scripted install for First-Time Access: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/getting-started/b_Getting_Started_Guide_Rel_2_x/b_Getting_Started_Guide_Rel_2_x_chapter_0100.html
APIC handles the interaction with other solutions besides Nexus 9000 switches, which include Cisco Adaptive Security Appliances (ASA) firewalls, Cisco Application Virtual Switch (AVS), VM managers such as VMware vCenter, Microsoft System Center Virtual Machine Manager (SCVMM), application delivery controllers from companies such as F5 and Citrix, and cloud orchestration systems such as OpenStack.
What is End Points EPs & End Points Groups EPGs?
Normally are Physical servers and VMs (Normally are Database , Application and Web servers or services…etc) ,We group endpoints (EPs) with identical semantics into endpoint groups (EPGs) and then write policies that regulate how such groups can interact with each other. These policies provide rules for connectivity, visibility (access control), and isolation of the endpoints.
The original article document created by Yasser Ramzy Auda from https://learningnetwork.cisco.com/docs/DOC-32331
Why Choose Application Centric Infrastructure (ACI)?
Application Deployment at the Speed of Business
Without ACI or With ACI
More References: ACI Document Navigator (all Cisco ACI docs): https://www.cisco.com/web/techdoc/aci/navigator/index.html