ACI-Part-1

Categories

Before starting with ACI I would like to discuss or wanted to ask a few questions 🙂 .

The diagram needs to be added.

  • What are the different tasks we might need to complete to configure this network?
  • How many different devices would we have to connect/access to configure this network?
  • How many commands would have to type to configure all devices in this network?

Now you may understand, why ACI as a solution?

  1. A central point of management: ACI allows us to manage to configure, manage devices from APIC. APIC is software that runs on the server and use to manage, configure devices in ACI fabric.
  2. Stateless switching
  3. Configuration in Mass: In the ACI environment, we can configure serval switches and interfaces in a few clicks. Please keep mind that consistency is the key for configuration in mass. Basically, before ACI we had to manually configure each individual device command by command however ACI allows us to do configuration in mass.

Other Benefits:

1. Reduce Network provisioning/Automated deployment
2. Reduce Management cost
3. Mobility
4. Operations Simplicity

ACI Terminology:

APIC (Application Policy Infrastructure Controller)

  • APIC is a software or policy controller that provides a single point of management.
  • It connects to leaf switches.
  • It can be managed from GUI/CLI.

APIC Function:

  • Perform configuration and applies them to switches/interfaces.
  • Application/Health monitoring (Link utilization, faults, statistics).
  • Fabric image management, APIC images, DHCP addressing (leaf/spine switches).
  • Topology and cabling validation.

Multi-Tenancy:  A mode of operation where multiple independant instances (Tenant) operate over a shared enviornment.

Tenant:

Tenant is a logical administrative container (or Logical Separator (i.e customer, BU, group etc.) ) for Application/Networking/Policies. A Tenant can mean different things to different organizations. For example for service provider, A tenant might mean different customers. For a single company a Tenant might mean different parts of the organization ( engineering, marketing, HR). Basically mean that In AC, customer or different enviornment can share an ACI fabric.

There are three preconfigured Tenants:

  • Common
  • Infra
  • Mgmt

Bridge Domain

  • Bridge domain is a layer 2 domain that defines flooding rules.
  • Please keep in mind that BD is NOT a VLAN. it can contain multiple subnets.
  • Each BD must be linked to a Private Network (VRF).
  • Each VRF can have one or more bridge domain.

EPG (End Point Group)

  • EPG is a group of endpoints (which can be physical or Virtual) that has same properties or characteristics.
  • End points are devices connected to the network directly or indirectly.
  • EPG is like template (BGP Template).
  • When we talk about EPG communication then we can think that EPGs are like “Security Zones“.
  • By default communication within EPG is allowed however communication across EPG is not permitted.

Do you think two devices in different EPG can communicate with each other if they are in same subnet?                  By default NO. In ACI it’s not about Subnet. It’s all about the EPG you are in.  Basically means IP address/subnets are less relevant in ACI.

Contract :

  • Contracts are very similar to ACL. Contracts are the rules that specify what and how communication between EPGs takes place. If there is no contract, inter-EPG communication is disabled by default. Contracts are “provided” by one EPG (Provider) and “consumed” by another (Consumer).
  • In ACL, we have multiple ACE entries which defines action (permit/deny) and IP/Subnets/Port. Same way Contract contain multiple filters. Contract contains Subject.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

TOP
© 2017 evanetworktech. All rights reserved.
error: