Integration of Hypervisors & L4-7 Services with ACI

Size: px
Start display at page:

Download "Integration of Hypervisors & L4-7 Services with ACI"

Transcription

1

2 Integration of Hypervisors & L4-7 Services with ACI Bradley Wong Principal Engineer, Maurizio Portolani Distinguished TME, INSBU

3 This session provides a technical introduction to how the ACI fabric handles single and multi-hypervisor environments, how the ACI controller provides integration into different VMMs for a single point of management for virtual network management as well as how the fabric integrates and automates both virtual and physical L4-L7 services BRKACI-9006 ABSTRACT

4 Agenda Introduction to ACI Review of ACI Policy Model Hypervisor Integration Layer 4-7 Services Integration Conclusion 4

5 Introduction to ACI

6 Cisco ACI Logical Network Provisioning of Stateless Hardware Web App DB Outside (Tenant VRF) QoS Filter QoS Service QoS Filter APIC ACI Fabric Scale-Out Penalty Free Overlay Application Policy Infrastructure Controller 6

7 ACI Network Profile Policy-Based Fabric Management Application Extend the principle of Cisco UCS Manager service profiles to the entire fabric Network profile: stateless definition of application requirements - Application tiers - Connectivity policies - Layer 4 7 services - XML/JSON schema Fully abstracted from the infrastructure implementation - Removes dependencies of the infrastructure - Portable across different data center fabrics Web Tier Storage App Tier ## Network Profile: Defines Application Level Metadata (Pseudo Code Example) <Network-Profile = Production_Web> <App-Tier = Web> <Connected-To = Application_Client> <Connection-Policy = Secure_Firewall_External> <Connected-To = Application_Tier> <Connection-Policy = Secure_Firewall_Internal & High_Priority>... <App-Tier = DataBase> <Connected-To = Storage> <Connection-Policy = NFS_TCP & High_BW_Low_Latency>... Storage DB Tier The network profile fully describes the application connectivity requirements 7

8 Opflex: AN OPEN, extensible policy protocol OPFLEX WAS DESIGNED TO OFFER: Abstract policies rather than 1. device-specific configuration Flexible, extensible definition 2. of using XML / JSON APIC Policies: Who can talk to whom What about Ops requirements 3. Support for any device including virtual switches, physical switches, network services with strong interoperability across vendors OPFLEX PROXY OPFLEX AGENT OPFLEX AGENT OPFLEX AGENT Open, standardized API with an open 4. source reference implementation FIREWALL HYPERVISOR SWITCH ADC 8

9 Multi-Hypervisor-Ready Fabric Virtual Integration APIC Network Admin APIC ACI Fabric Integrated gateway for VLAN, VxLAN, and NVGRE networks from virtual to physical Normalization for NVGRE, VLAN VXLAN VLAN NVGRE VLAN VXLAN VLAN VXLAN, and VLAN networks ESX Hyper-V KVM Customer not restricted by a choice of hypervisor Fabric is ready for multihypervisor Application Admin VMware Microsoft Red Hat XenServer Hypervisor Management VMware Microsoft Red Hat PHYSICAL SERVER 9

10 Providers Service Profile Service Graph ACI Layer 4-7 Service Integration Centralized, Automated, And Supports Existing Model Elastic service insertion architecture for physical and virtual services Helps enable administrative separation between application tier policy and service definition APIC as central point of network control with policy coordination Automation of service bring-up/tear-down through programmable interface Supports existing operational model when integrated with existing services Service enforcement guaranteed, regardless of endpoint location Application Admin Service Admin Web Tier A Web Server Server begin Policy Redirection Chain Security 5 Security 5 Chain Defined Stage 1 inst inst Firewall.... Stage N inst inst Load Balancer end App Tier B Web App Server Server 10

11 Review of the ACI Policy Model

12 End-points Things that connect to the fabric and use it to interface with other things A compute, storage or service instance attaching to a fabric ACI Fabric NIC vnic... end-points [ EP ] 12

13 End-points Things that connect to the fabric and use it to interface with other things A compute, storage or service instance attaching to a fabric EP EP EP... A collection of end-points with identical network behaviour form a End Point Group (EPG) 13

14 End-point Groups (EPGs) EPG APP SERVER policies EPG WEB EP EP EP.. Allows to specify rules and policies on groups of physical or virtual end-points without understanding of specific identifiers and regardless of physical location. Can flexibly map into application tier of multi-tier app segmentation construct (ala VLAN) a security construct ESX port group, SCVMM VMNetwork end-point group [ EPG ] 14

15 Tenant L3, L2 Isolation EPG subnet EPG APP SERVER outside BD Tenant self-contained tenant definition representable as a recursive structured text document EPG WEB EP EP EP... network profile subnet subnet BD With or without flooding semantics L3 context (isolated tenant VRF) 15

16 Integration with Multiple Hypervisors

17 Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vcenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack Integration 17

18 Hypervisor Interaction with ACI Two modes of Operation Non-Integrated Mode Integrated Mode VLAN 10 VLAN 10 VXLAN APP WEB DB DB ACI Fabric as an IP-Ethernet Transport Encapsulations manually allocated Separate Policy domains for Physical and Virtual ACI Fabric as a Policy Authority Encapsulations Normalized and dynamically provisioned Integrated Policy domains across Physical and Virtual 18

19 Hypervisor Integration with ACI Control Channel - VMM Domains Relationship is formed between APIC and Virtual Machine Manager (VMM) Multiple VMMs likely on a single ACI Fabric Each VMM and associated Virtual hosts are grouped within APIC vcenter DVS vcenter AVS SCVMM Called VMM Domain VMM Domain 1 VMM Domain 2 VMM Domain 3 There is 1:1 relationship between a Virtual Switch and VMM Domain 19

20 Hypervisor Integration with ACI F/W EPG WEB APIC Application Network Profile L/B EPG APP WEB PORT GROUP APP PORT GROUP DB PORT GROUP VM VM VM EPG DB ACI Fabric implements policy on Virtual Networks by mapping Endpoints to EPGs Endpoints in a Virtualized environment are represented as the vnics VMM applies network configuration by placement of vnics into Port Groups or VM Networks EPGs are exposed to the VMM as a 1:1 mapping to Port Groups or VM Networks 20

21 ACI Fabric Integrated Overlay Data Path - Encapsulation Normalization IP Fabric Using VXLAN Tagging Normalized Encapsulation Any to Any VTEP VXLAN IP Payload Localized Encapsulation VXLAN VNID = Q VLAN 50 VXLAN VNID = NVGRE VSID = 7456 All traffic within the ACI Fabric is encapsulated with an extended VXLAN header External VLAN, VXLAN, NVGRE tags are mapped at ingress to an internal VXLAN tag Forwarding is not limited to, nor constrained within, the encapsulation type or encapsulation overlay network External identifies are localized to the Leaf or Leaf port, allowing re-use and/or translation if required Outer IP Outer IP 802.1Q NVGRE VXLAN Eth MAC Eth IP IP IP Eth IP Normalization of Ingress Encapsulation Payload Payload Payload Payload Payload 21

22 Hypervisor Integration with ACI VMM Domains & VLAN Encapsulation 16M Virtual Networks VLAN ID only gives 4K EPGs (12 bits) Scale by creating pockets of 4K EPGs EP EP EP EP EP EP VMM Domain 1 4K EPGs EP EP EP EP EP EP VMM Domain 2 4K EPGs EP EP Map EPGs to VMM Domain based on scope of live migration Place VM anywhere Live migrate within VMM domain 22

23 Hypervisor Integration with ACI VMM Domains & VLAN Encapsulation 16M Virtual Networks VLAN ID only gives 4K EPGs (12 bits) Scale by creating pockets of 4K EPGs EP EP VLAN 5 VMM Domain 1 4K EPGs VNID 6032 EP VLAN 16 EP VMM Domain 2 4K EPGs Map EPGs to VMM Domain based on scope of live migration Place VM anywhere Live migrate within VMM domain 23

24 Hypervisor Integration with ACI Endpoint Discovery Virtual Endpoints are discovered for reachability & policy purposes via 2 methods: APIC Control Plane Learning: - Out-of-Band Handshake: vcenter APIs - Inband Handshake: OpFlexenabled Host (AVS, Hyper-V, etc.) Data Path Learning: Distributed switch learning Control (OpFlex) Data Path Data Path VMM Control (vcenter API) LLDP used to resolve Virtual host ID to attached port on leaf node (non-opflex Hosts) OpFlex Host DVS Host 24

25 Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vcenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack Integration 25

26 VMWare Integration Three Different Options Distributed Virtual Switch (DVS) vcenter + vshield Application Virtual Switch (AVS) + Encapsulations: VLAN Installation: Native VM discovery: LLDP Software/Licenses: vcenter with Enterprise+ License Encapsulations: VLAN, VXLAN Installation: Native VM discovery: LLDP Software/Licenses: vcenter with Enterprise+ License, vshield Manager with vshield License Encapsulations: VLAN, VXLAN Installation: VIB through VUM or Console VM discovery: OpFlex Software/Licenses: vcenter with Enterprise+ License 26

27 ACI Hypervisor Integration VMware DVS/vShield APIC 5 Create Application Policy F/W Application Network Profile EPG WEB L/B EPG APP EPG DB APIC Admin 9 Push Policy ACI Fabric 1 Cisco APIC and VMware vcenter Initial Handshake 6 Automatically Map EPG To Port Groups 4 Learn location of ESX Host through LLDP 2 Create VDS VIRTUAL DISTRIBUTED SWITCH VI/Server Admin vcenter Server / vshield 8 Instantiate VMs, Assign to Port Groups 7 3 Create Port Groups Attach Hypervisor to VDS WEB PORT GROUP APP PORT GROUP DB PORT GROUP Web App HYPERVISOR DB Web Web HYPERVISOR DB 27

28 ACI Hypervisor Integration VMware DVS Name of VMM Domain Type of vswitch (DVS or AVS) Associated Attachable Entity Profile (AEP) VLAN Pool vcenter Administrator Credentials vcenter server information 28

29 ACI Hypervisor Integration VMware DVS 29

30 Application Virtual Switch (AVS) Integration Overview OpFlex Control protocol - Control channel - VM attach/detach, link state notifications VEM extension to the fabric vsphere 5.0 and above BPDU Filter/BPDU Guard SPAN/ERSPAN Port level stats collection Remote Virtual Leaf Support (future) Southbound OpFlex API VM VM VM VM N1KV VEM Hypervisor Manager vsphere 30

31 ACI Hypervisor Integration AVS APIC 5 Create Application Policy F/W Application Network Profile EPG WEB L/B EPG APP EPG DB APIC Admin 9 Push Policy ACI Fabric 1 Cisco APIC and VMware vcenter Initial Handshake 6 Automatically Map EPG To Port Groups 4 Learn location of ESX Host through OpFlex OpFlex Agent OpFlex Agent VI/Server Admin vcenter Server 8 Instantiate VMs, Assign to Port Groups Create AVS VDS Create Port Groups Attach Hypervisor to VDS Application Virtual Switch (AVS) WEB PORT GROUP APP PORT GROUP DB PORT GROUP Web App HYPERVISOR DB Web Web HYPERVISOR DB 31

32 ACI Hypervisor Integration VMware DVS Name of VMM Domain Type of vswitch (DVS or AVS) Switching mode (FEX or Normal) Associated Attachable Entity Profile (AEP) VXLAN Pool Multicast Pool vcenter Administrator Credentials vcenter server information 32

33 ACI Hypervisor Integration VMware 33

34 Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vcenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack Integration 34

35 Microsoft Interaction with ACI Two modes of Operation Integration with SCVMM Integration with Azure Pack APIC APIC + Policy Management: Through APIC Software / License: Windows Server with HyperV, SCVMM VM Discovery: OpFlex Encapsulations: VLAN, NVGRE (Future) Plugin Installation: Manual Superset of SCVMM Policy Management: Through APIC or through Azure Pack Software / License: Windows Server with HyperV, SCVMM, Azure Pack (free) VM Discovery: OpFlex Encapsulations: VLAN, NVGRE (Future) Plugin Installation: Integrated 35

36 ACI Hypervisor Integration MSFT SCVMM APIC 5 Create Application Policy F/W Application Network Profile EPG WEB L/B EPG APP EPG DB APIC Admin 9 Push Policy ACI Fabric 1 Cisco APIC and MSFT SCVMM Initial Handshake 6 Automatically Map EPG To VM Networks 4 OpFlex Agent Learn location of HyperV Host through OpFlex OpFlex Agent MSFT SCVMM 2 7 Create Virtual Switch Create VM Networks HYPERV VIRTUAL SWITCH WEB VM NETWORK APP VM NETWORK DB VM NETWORK HYPERVISOR HYPERVISOR SCVMM Admin 8 Instantiate VMs, Assign to VM Networks 3 Attach Hypervisor to Virtual Switch Web App Web App DB 36

37 Microsoft Azure Pack Integration Integration with Microsoft requires: - Windows Server Systems Center 2012 R2 with SPF - Windows Azure Pack Azure Pack provides single pane of glass for Definition, creation, management of their cloud service Divided into Provider (Admin) portal and Consumer Self-Service (Tenant) portal Cisco ACI Service Plugin enables management of Network Infrastructure through APIC REST API Service Plans Users Web Sites Service Provider Provider Portal VMs SQL Web Sites Apps Database VMs ACI Service Bus Customer Consumer Self-Service Portal R2 w/ Service Provider Foundation 37

38 Microsoft Azure Pack Integration Admin Experience Add & Configure service providers for this deployment (APIC IP Address, Login Credentials, etc.) Usage & Billing statistics per user and other admin functions 38

39 Microsoft Azure Pack Integration Tenant Experience Services this account has access to Resources of ACI service currently created and consumed by this tenant Application Network Profiles are created through Azure Pack, and pushed to APIC using REST APIs 39

40 ACI Azure Pack Integration 1 APIC APIC Admin (Basic Infrastructure) 7 ACI Fabric 3 2 Pull Policy on leaf where EP attaches Get VLANs allocated for each EPG Push Network Profiles to APIC Create Application Policy 1 Create VM Networks Instantiate VMs 6 Indicate EP Attach to attached leaf when VM starts APIC Plugin SCVMM Plugin OpFlex Agent OpFlex Agent OpFlex Agent HYPERVISOR HYPERVISOR HYPERVISOR Azure Pack Tenant Azure Pack \ SPF Web App Web App DB Web Web DB 40

41 Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vcenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack Integration 41

42 OpenStack Components Initial Focus on Networking (Neutron) 42

43 OpenStack Neutron Networking Model Tenant Router Network: external Network Security Group Subnet Port Security Group Rule L3 + External Net Extension Core API Sec Grp Extension 43

44 Cisco ACI Model Tenant Outside Network App Profile Bridge Domain Context (VRF) Contract Subnet Subject Endpoint Group 44

45 Cisco OpenStack ACI Model Neutron API Mapping OpenStack Tenant No Equivalent Network Subnet Security Group Security Group Rule Router Network:External ACI Tenant Application Profile EPG + Bridge Domain Subnet Handled by Host Handled by Host L3 Context L3 Outside 45

46 ACI OpenStack Integration Phase 1 APIC 3 Create Application Policy APIC Admin (Performs Steps 3) 5 Push Policy ACI Fabric 2 Automatically Push Network Profiles to APIC Create Network, Subnet, Security Groups, Policy 1 NETWORK ROUTING SECURITY OPEN VIRTUAL SWITCH OPEN VIRTUAL SWITCH OPEN VIRTUAL SWITCH NEUTRON NOVA 4 Web App Web App DB Web Web DB OpenStack Tenant (Performs Steps 1,4) Instantiate VMs HYPERVISOR HYPERVISOR HYPERVISOR 46

47 Group-based Policy in OpenStack Approved for Juno Release Messy mapping ACI to current OpenStack components Endpoint Groups (Ports + Security Groups) Contracts (Security Groups + Security Group Rules) Goal : Introduce ACI model into OpenStack Starting with Groups and Group based Policies 47

48 ACI OpenStack Integration Phase 2 Create Application Network Profile 1 F/W L/B Application Network Profile EPG WEB L/B EPG APP EPG DB NEUTRON NOVA 4 Web App Web App DB Web Web DB OpenStack Tenant (Performs step 1,4) Instantiate VMs HYPERVISOR HYPERVISOR HYPERVISOR 2 Automatically Push Network Profiles to APIC APIC 3 Create Application Policy F/W L/B Application Network Profile EPG WEB L/B EPG APP EPG DB ACI Admin (manages physical network, monitors tenant state) 5 Push Policy ACI Fabric

49 Layer 4-7 Services Integration

50 Agenda Too many network layers in today s datacenters The concept of abstract graph Key concepts and building blocks 50

51 Too many layers in today s networks Today s networks suffer for a replication and redundancy of forwarding elements Network 2: virtual networks a lot of dependencies = configurations are not easily portable lack of visibility no abstraction Network 1: physical networks 51

52 Intended design I want virtual firewalling in between with ASA version a.b I want physical firewalling in between with F5 version a.b and Firewall version c.d. Physical server Virtual Server 52

53 The communication path between physical compute elements is defined in archaic ways: 1 st you need to configure the underlay network Assign a server to a VLAN configure HSRP for this subnet repeat this for redundancy and ensure reachability to the entry point into the overlay Provision Routing connectivity for the underlay Virtual Server Configure VLAN stitching for the physical appliances, make sure they are defined as redundant appliances 53

54 The communication path between virtual compute elements is ALSO defined in archaic ways: 2 nd you need to configure the overlay network In the virtual network you need to configure: the gateway to funnel traffic into the virtual infrastructure The virtual firewall placement Virtual Server The default gateway for the servers Redundancy for the server connectivity etc 54

55 Challenges with Network Service Insertion Router Configure Network to insert Firewall FW Configure firewall network parameters Service insertion takes days Router Switch vfw LB Configure firewall rules as required by the application Configure Load Balancer Network Parameters Configure Router to steer traffic to/from Load Balancer Network configuration is time consuming and error prone Difficult to track configuration on services servers Service Insertion In traditional Networks Configure Load Balancer as required by the application 55

56 Defining a virtual network still requires a multitude of subnets and VLANs Subnet 1 Subnet 2 Subnet 3 software switch 1 software switch 2 VLAN 10 VLAN 20 VLAN 30 VLAN 40 56

57 You can do service chaining with ACI without any service graph x x CSR1kv peer to the outside outside router no ip routing enable ARP flood no ip routing enable ARP flood no ip routing enable ARP flood In order not to learn outside IPs you need to use a l2ext when you disable ip routing the fabric does L2 based forwarding lookup is based on the mac

58 The Goal of ACI The relationship between compute nodes should be defined in a way that this is no more anchored to the underlying: VLANs IP addresses virtual or physical network connectivity ACI defines the relationship between workloads as an abstract policy 58

59 Agenda Too many network layers in today s datacenters The concept of abstract graph Key concepts and building blocks 59

60 The Policy must apply to any network so it can be re-used Physical Virtual 60

61 Automate Service Insertion Through APIC Application profile EXTERNAL Policy WEB Policy APP Policy DB APIC Policy Model Endpoint Group (EPG): Collection of similar End Points identifying a particular Application Tier. Endpoint could represent VMs, VNICs, IP, DNS name etc Application Profile: Collection of Endpoint Groups and the policies that define way Endpoint group communicate with each other 61

62 Application Policy db Contract APP Consumes MSSQL: Accept MySQL: Accept HTTP: Accept, Count Provides DB EPG - APP EPG - DB Contract Filter Named collection of L4 port ranges - HTTP = [80, 443] - MSSQL = [ ] - MySQL = [3306, 25565] - DNS = [53, 953, 1337, 5353] Action What action or actions to take on packet - Accept - Service Insert - Count - Copy (future sw release) 62

63 Abstract Graph Abstract Node Abstract Node Abstract Graph Consumer Provider firewall: ASA version a.b load balancer: F5 version a.b Application Profile Pool of concrete devices SLB A FW A rendering layer SLB B FW B FW A SLB B SLB C FW C 63

64 Agenda Too many network layers in today s datacenters The concept of abstract graph Key concepts and building blocks 64

65 Key Concepts in Service Insertion Concrete Device: it represents a service device, e.g. one load balancer, or one firewall Logical Device: represents a cluster of 2 devices that operate in active/standby mode for instance. Service Graph: defines a sequence of functions connected: e.g. a firewall from Checkpoint followed by a load balancing from F5. Logical Device Context: specifies upon which criteria a specific device in the inventory should be used to render a service graph Device Package: defines things such as how to label connectors for a function, and how to translate names from ACI to the specific device. E.g. a load balancer function has predefined connectors called: external internal management. 65

66 Service Automation Through Device Package Open Device Package Configuration Model (XML File) Python Scripts APIC Policy Engine APIC provides extendable policy model through Device Package Device Package contains XML fine defining Device Configuration Model APIC Policy Manager Provider Administrator can upload a Device Package Configuration Model Script Engine APIC Script Interface Device scripts translates APIC API callouts to device specific callouts Python Scripts Device Interface: REST/CLI 66

67 Metadevice predefined interface labels, you can t change them 67

68 Device Package Example Following functions can be configured through APIC 68

69 Register Service Devices with APIC Configure Management IP address on the device Create username/password for APIC to manage the device Attach the management interface to appropriate interface/port-group Register the device with APIC Provide IP address and Login credentials 69

70 Device Cluster Devices on APIC are registered as a cluster Cluster can contain one or more physical or virtual devices Devices within the cluster can be deployed in Active-Active or Active-Standby mode APIC configures Service Function using Cluster Mgmt IP and Login Credentials Logical Device (LDev): Represents a cluster Concrete Device (CDev): A Physical or Virtual Service Device -1 Concrete Device (CDev): A Physical or Virtual Service Device -N APIC can configure device specific feature ike (Port-channel configuration etc) using device s IP address and login credentials 70

71 Service Function Graph Functions rendered on the same device Service Graph: web-application Func: Firewall Func: SSL offload Func: Load Balancing Terminals Firewall params Permit ip tcp * dest-ip <vip> dest-port 80 Deny ip udp * Connectors SSL params Ipaddress <vip> port 80 Terminals Load-Balancing params virtual-ip <vip> port 80 Lb-aglorithm: round-robin 71

72 Create Service Graph 72

73 Configure Function Parameters 73

74 Service Insertion Application profile EXTERNAL Policy WEB Policy APP Policy DB Terminal: Output1 Terminal: Input1 Service Graph: WebGraph Service Graph: appgraph Func: Firewall Func: Load Balancer Func: Load Balancer 74

75 Associate Graph to a Contract 75

76 Example Graph 76

77 How to render the service graph? Via a menu called Context Each individual logical device is then wrapped in a Device Context which is just a set of metatags to create a menu to be used later. Device Context = match FW logical device 1 The meta tags are: contract name, graph name and node label e.g. <vnsldevctx ctrctnameorlbl="webctrct" graphnameorlbl="webgraph" nodenameorlbl="fw"> This also includes the subnets that need to be found by the logical device to plug itself into the graph Menu Device Context = match FW logical device 2 77

78 ADC Service Graph Changes Via EP Attach/Detach App Component: External Func: Firewall Service Graph: web-application Func: SSL offload Func: Load Balancer App Component: Web A new web server is deployed Firewall Func: SSL offload Func: Load Balancer Web EP - 1 APIC detects a new end-point attached for a web application component APIC walks through associated graph and calls device endpointattach event handlers for associated devices A Load Balancer device can implement EP attach function to dynamically add a new server and bind it to a Load-Balancer virtual service add unbind server lb vserver EP vserver-web web-service-1 add rm service service web-service-1 web-service HTTP HTTP bind rm server lb vserver EP vserver-web web-service When device is de-commissioned, APIC calls endpointdetach event A Load Balancer device can use EP detach function to remove server configuration and unbind server from load balance virtual server

79 Participate in the My Favorite Speaker Contest Promote Your Favorite Speaker and You Could be a Winner Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) Send a tweet and include Your favorite speaker s Twitter Two hashtags: #CLUS #MyFavoriteSpeaker You can submit an entry for more than one of your favorite speakers Don t forget to View the official rules at 79

80 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 80

81 Continue Your Education Demos in the Cisco Campus Walk-in Self-Paced Labs Table Topics Meet the Engineer 1:1 meetings 81

82

83

Integration of Hypervisors and L4-7 Services into an ACI Fabric

Integration of Hypervisors and L4-7 Services into an ACI Fabric Integration of Hypervisors and L4-7 Services into an ACI Fabric Bradley Wong Principal Engineer, INSBU Technical Marketing #clmel This session provides a technical introduction to how the ACI fabric handles

More information

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit Integration of Hypervisors and L4-7 Services into an ACI Fabric Azeem Suleman, Principal Engineer, Insieme Business Unit Agenda Introduction to ACI Review of ACI Policy Model Hypervisor Integration Layer

More information

Integration of Multi-Hypervisors with Application Centric Infrastructure

Integration of Multi-Hypervisors with Application Centric Infrastructure Integration of Multi-Hypervisors with Application Centric Infrastructure BRKAPP-9005 Bradley Wong Principal Engineer The Application Centric Infrastructure (ACI) is adopting an innovative approach to addressing

More information

Integrating Cisco UCS with Cisco ACI

Integrating Cisco UCS with Cisco ACI Integrating Cisco UCS with Cisco ACI Marian Klas, mklas@cisco.com Systems Engineer Data Center February 2015 Agenda: Connecting workloads to ACI Bare Metal Hypervisors UCS & APIC Integration and Orchestration

More information

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure

More information

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine

More information

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine

More information

Migration from Classic DC Network to Application Centric Infrastructure

Migration from Classic DC Network to Application Centric Infrastructure Migration from Classic DC Network to Application Centric Infrastructure Kannan Ponnuswamy, Solution Architect, Cisco Advanced Services Acronyms IOS vpc VDC AAA VRF STP ISE FTP ToR UCS FEX OTV QoS BGP PIM

More information

Service Graph Design with Cisco Application Centric Infrastructure

Service Graph Design with Cisco Application Centric Infrastructure White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...

More information

Virtual Machine Manager Domains

Virtual Machine Manager Domains This chapter contains the following sections: Cisco ACI VM Networking Support for Virtual Machine Managers, page 1 VMM Domain Policy Model, page 3 Virtual Machine Manager Domain Main Components, page 3,

More information

Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director

Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director Raju Penmetsa @RajuPenmetsa1 Data Center Group Agenda IT Complexity Solution for ACI Automation Cisco UCS Director Application

More information

Layer 4 to Layer 7 Design

Layer 4 to Layer 7 Design Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a

More information

F5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures

F5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures F5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures Jeffrey Wong - Solution Architect F5 Networks February, 2015 Agenda F5 Synthesis

More information

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine

More information

Building NFV Solutions with OpenStack and Cisco ACI

Building NFV Solutions with OpenStack and Cisco ACI Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco

More information

Layer 4 to Layer 7 Service Insertion, page 1

Layer 4 to Layer 7 Service Insertion, page 1 This chapter contains the following sections:, page 1 Layer 4 to Layer 7 Policy Model, page 2 About Service Graphs, page 2 About Policy-Based Redirect, page 5 Automated Service Insertion, page 12 About

More information

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine

More information

Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601

Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601 Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601 Icons and Terms APIC Application Policy Infrastructure Controller (APIC) Cisco Nexus 9500 Cisco Nexus 9300 Nexus

More information

Nexus 1000V in Context of SDN. Martin Divis, CSE,

Nexus 1000V in Context of SDN. Martin Divis, CSE, Nexus 1000V in Context of SDN Martin Divis, CSE, mdivis@cisco.com Why Cisco Nexus 1000V Losing the Edge Server Admin Host Host Host Host Server Admin manages virtual switching! vswitch vswitch vswitch

More information

Virtualization Design

Virtualization Design VMM Integration with UCS-B, on page 1 VMM Integration with AVS or VDS, on page 3 VMM Domain Resolution Immediacy, on page 6 OpenStack and Cisco ACI, on page 8 VMM Integration with UCS-B About VMM Integration

More information

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine

More information

Cisco HyperFlex Systems

Cisco HyperFlex Systems White Paper Cisco HyperFlex Systems Install and Manage Cisco HyperFlex Systems in a Cisco ACI Environment Original Update: January 2017 Updated: March 2018 Note: This document contains material and data

More information

Service Insertion with Cisco Application Centric Infrastructure

Service Insertion with Cisco Application Centric Infrastructure Guide Service Insertion with Cisco Application Centric Infrastructure August 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents

More information

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI) Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI) Version: 1.0 September 2016 1 Agenda Overview & Architecture Hardware & Software Compatibility Licensing Orchestration Capabilities

More information

Application Centric Infrastructure

Application Centric Infrastructure Application Centric Infrastructure Design pro řešení na zelené louce i do stávajícího DC DCA4 Miroslav Brzek, Systems Engineer Agenda Modern DC infrastructure Customer requirements What s Application Centric

More information

believe in more SDN for Datacenter A Simple Approach

believe in more SDN for Datacenter A Simple Approach believe in more SDN for Datacenter A Simple Approach 1 Agenda ACI Overview Fabric Policy Constructs Hypervisor Support A migra>on scenario One management umbrella: UCS Director Q&A 2 Applica,on Language

More information

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

More information

VXLAN Overview: Cisco Nexus 9000 Series Switches

VXLAN Overview: Cisco Nexus 9000 Series Switches White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide

More information

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview

More information

Cisco ACI and Cisco AVS

Cisco ACI and Cisco AVS This chapter includes the following sections: Cisco AVS Overview, page 1 Installing the Cisco AVS, page 5 Key Post-Installation Configuration Tasks for the Cisco AVS, page 14 Distributed Firewall, page

More information

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version Course: Duration: Fees: Cisco Learning Credits: Kit: DCAC9K v1.1 Cisco Data Center Application Centric Infrastructure 5 days lecture course and hands-on lab $3,295 USD 33 Digital Version Course Details

More information

Cisco ACI vcenter Plugin

Cisco ACI vcenter Plugin This chapter contains the following sections: About Cisco ACI with VMware vsphere Web Client, page 1 Getting Started with, page 2 Features and Limitations, page 7 GUI, page 12 Performing ACI Object Configurations,

More information

Real World ACI Deployment and Migration

Real World ACI Deployment and Migration Real World ACI Deployment and Migration #clmel Kannan Ponnuswamy Solution Architect Cisco Advanced Services Icons and Terms APIC Application Policy Infrastructure Controller (APIC) Cisco Nexus 9500 Cisco

More information

DevNet Technical Breakout: Introduction to ACI Programming and APIs.

DevNet Technical Breakout: Introduction to ACI Programming and APIs. DevNet Technical Breakout: Introduction to ACI Programming and APIs. Michael Cohen Agenda Introduction to ACI ACI Policy ACI APIs REST API Python API L4-7 Scripting Opflex 3 Application Centric Infrastructure

More information

Service Insertion with ACI using F5 iworkflow

Service Insertion with ACI using F5 iworkflow Service Insertion with ACI using F5 iworkflow Gert Wolfis F5 EMEA Cloud SE October 2016 Agenda F5 and Cisco ACI Joint Solution Cisco ACI L4 L7 Service Insertion Overview F5 and Cisco ACI Integration Models

More information

Cisco ACI Virtualization Guide, Release 2.2(1)

Cisco ACI Virtualization Guide, Release 2.2(1) First Published: 2017-01-18 Last Modified: 2017-07-14 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Configuring APIC Accounts

Configuring APIC Accounts This chapter contains the following sections: Adding an APIC Account, page 1 Viewing APIC Reports, page 3 Assigning an APIC account to a Pod, page 15 Handling APIC Failover, page 15 Adding an APIC Account

More information

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design White Paper Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design Emerging IT technologies have brought about a shift from IT as a cost center to IT as a business driver.

More information

Policy Driven Data Centre with ACI

Policy Driven Data Centre with ACI Policy Driven Data Centre with ACI Chris Gascoigne Technical Solutions Architect #clmel Agenda Introduction What is policy Network policy Application policy Conclusion Introduction Traditional Data Centre

More information

Cisco ACI Virtualization Guide, Release 2.1(1)

Cisco ACI Virtualization Guide, Release 2.1(1) First Published: 2016-10-02 Last Modified: 2017-05-09 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access.

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access. This chapter contains the following sections:, on page 1 Bridge Domains, on page 2 VMM Domains, on page 2 Configuring Physical Domains, on page 4 A fabric administrator creates domain policies that configure

More information

Cisco ACI with Cisco AVS

Cisco ACI with Cisco AVS This chapter includes the following sections: Cisco AVS Overview, page 1 Cisco AVS Installation, page 6 Key Post-Installation Configuration Tasks for the Cisco AVS, page 43 Distributed Firewall, page 62

More information

Cisco UCS Director and ACI Advanced Deployment Lab

Cisco UCS Director and ACI Advanced Deployment Lab Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container

More information

Layer-4 to Layer-7 Services

Layer-4 to Layer-7 Services Overview, page 1 Tenant Edge-Firewall, page 1 LBaaS, page 2 FWaaS, page 4 Firewall Configuration, page 6 Overview Layer-4 through Layer-7 services support(s) end-to-end communication between a source and

More information

F5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure

F5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure F5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure Deployment Guide December 2015 2015 Cisco F5. All rights reserved. Page 1 Contents Introduction... 4 Preface...

More information

Table of Contents HOL-PRT-1305

Table of Contents HOL-PRT-1305 Table of Contents Lab Overview... 2 - Abstract... 3 Overview of Cisco Nexus 1000V series Enhanced-VXLAN... 5 vcloud Director Networking and Cisco Nexus 1000V... 7 Solution Architecture... 9 Verify Cisco

More information

UCS Management Deep Dive

UCS Management Deep Dive UCS Management Deep Dive Jason Shaw Cisco UCS Technical Marketing Engineer Agenda Introductions UCS Architecture, Topology Physical Building Blocks Logical Building Blocks Policy Driven Management UCS

More information

Hybrid Cloud Solutions

Hybrid Cloud Solutions Hybrid Cloud Solutions with Cisco and Microsoft Innovation Rob Tappenden, Technical Solution Architect rtappend@cisco.com March 2016 Today s industry and business challenges Industry Evolution & Data Centres

More information

Cisco ACI Virtualization Guide, Release 2.2(2)

Cisco ACI Virtualization Guide, Release 2.2(2) First Published: 2017-04-11 Last Modified: 2018-01-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Quick Start Guide (SDN)

Quick Start Guide (SDN) NetBrain Integrated Edition 7.1 Quick Start Guide (SDN) Version 7.1a Last Updated 2018-09-03 Copyright 2004-2018 NetBrain Technologies, Inc. All rights reserved. Contents 1. Discovering and Visualizing

More information

Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure

Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure White Paper 2016 Cisco F5 Networks. All rights reserved. Page 1 Contents What You Will Learn...

More information

Cisco ACI Virtualization Guide, Release 1.1(1j)

Cisco ACI Virtualization Guide, Release 1.1(1j) First Published: June 14, 2015 Last Modified: September 06, 2016 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS

More information

Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Cisco PSOSDN-1050

Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Cisco PSOSDN-1050 Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Group @ Cisco PSOSDN-1050 Agenda Cisco Data Center SDN Strategy Programmable Fabric with VTS VTS Architecture

More information

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Overview 2 General Scalability Limits 2 Fabric Topology, SPAN, Tenants, Contexts

More information

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing

More information

Intra-EPG Isolation Enforcement and Cisco ACI

Intra-EPG Isolation Enforcement and Cisco ACI This chapter contains the following sections: Intra-EPG Isolation for VMware VDS or Microsoft vswitch, on page 1 Intra-EPG Isolation Enforcement for Cisco AVS, on page 6 Intra-EPG Isolation Enforcement

More information

Architecting Scalable Clouds using VXLAN and Nexus 1000V

Architecting Scalable Clouds using VXLAN and Nexus 1000V Architecting Scalable Clouds using VXLAN and Nexus 1000V Lawrence Kreeger Principal Engineer Agenda Session Is Broken Into 3 Main Parts Part 1: VXLAN Overview What is a VXLAN? Why VXLANs? What is VMware

More information

Configuring Policy-Based Redirect

Configuring Policy-Based Redirect About Policy-Based Redirect, page 1 About Symmetric Policy-Based Redirect, page 8 Policy Based Redirect and Hashing Algorithms, page 8 Using the GUI, page 9 Using the NX-OS-Style CLI, page 10 Verifying

More information

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Overview 2 General Scalability Limits 2 Fabric Topology, SPAN, Tenants, Contexts

More information

Intuit Application Centric ACI Deployment Case Study

Intuit Application Centric ACI Deployment Case Study Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key

More information

Cisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer

Cisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer Cisco Virtual Networking Solution Nexus 1000v and Virtual Services Abhishek Mande Engineer mailme@cisco.com Agenda Application requirements in virtualized DC The Anatomy of Nexus 1000V Virtual Services

More information

Provisioning Overlay Networks

Provisioning Overlay Networks This chapter has the following sections: Using Cisco Virtual Topology System, page 1 Creating Overlays, page 2 Creating Network using VMware, page 3 Creating Subnetwork using VMware, page 4 Creating Routers

More information

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?

More information

Microsegmentation with Cisco ACI

Microsegmentation with Cisco ACI This chapter contains the following sections:, page 1 Microsegmentation with the Cisco Application Centric Infrastructure (ACI) provides the ability to automatically assign endpoints to logical security

More information

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation) This chapter contains the following sections:, on page 1 Alias API Inspector App Center Alias A changeable name for a given object. While the name of an object, once created, cannot be changed, the Alias

More information

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018 Running RHV integrated with Cisco ACI JuanLage Principal Engineer - Cisco May 2018 Agenda Why we need SDN on the Data Center What problem are we solving? Introduction to Cisco Application Centric Infrastructure

More information

Cisco IT Compute at Scale on Cisco ACI

Cisco IT Compute at Scale on Cisco ACI Cisco IT ACI Deployment White Papers Cisco IT Compute at Scale on Cisco ACI This is the fourth white paper in a series of case studies that explain how Cisco IT deployed ACI to deliver improved business

More information

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU ACI Multi-Site Architecture and Deployment Max Ardica Principal Engineer - INSBU Agenda ACI Network and Policy Domain Evolution ACI Multi-Site Deep Dive Overview and Use Cases Introducing ACI Multi-Site

More information

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer Disclaimer This session may contain product

More information

Cisco Nexus 1000V InterCloud

Cisco Nexus 1000V InterCloud Deployment Guide Cisco Nexus 1000V InterCloud Deployment Guide (Draft) June 2013 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 49 Contents

More information

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco PSOACI-4592 Why ACI: An overview and a customer (BBVA) perspective TJ Bijlsma César Martinez Joaquin Crespo Technology Officer DC EMEAR Cisco Lead Architect BBVA Lead Architect BBVA Cisco Spark How Questions?

More information

Question No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric?

Question No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric? Volume: 60 Questions Question No: 1 You discover that a VLAN is not enabled on a leaf port even though on EPG is provisioned. Which cause of the issue is most likely true? A. Cisco Discovery protocol is

More information

Configuring Policy-Based Redirect

Configuring Policy-Based Redirect About Policy-Based Redirect, page 1 About Symmetric Policy-Based Redirect, page 8 Using the GUI, page 8 Using the NX-OS-Style CLI, page 10 Verifying a Policy-Based Redirect Configuration Using the NX-OS-Style

More information

Nexus 7000 F3 or Mx/F2e VDC Migration Use Cases

Nexus 7000 F3 or Mx/F2e VDC Migration Use Cases Nexus 7000 F3 or Mx/F2e VDC Migration Use Cases Anees Mohamed Network Consulting Engineer Session Goal M1 VDC M1/M2 VDC M2/F3 VDC M1/F1 VDC M1/M2/F2e VDC F2/F2e/F3 VDC F2 VDC F3 VDC You are here This Session

More information

Design Guide for Cisco ACI with Avi Vantage

Design Guide for Cisco ACI with Avi Vantage Page 1 of 23 Design Guide for Cisco ACI with Avi Vantage view online Overview Cisco ACI Cisco Application Centric Infrastructure (ACI) is a software defined networking solution offered by Cisco for data

More information

Configuring Policy-Based Redirect

Configuring Policy-Based Redirect About Policy-Based Redirect, on page 1 About Multi-Node Policy-Based Redirect, on page 3 About Symmetric Policy-Based Redirect, on page 3 Policy Based Redirect and Hashing Algorithms, on page 4 Policy-Based

More information

Implementing VXLAN in DataCenter

Implementing VXLAN in DataCenter Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric

More information

with ACI Any workload anywhere.

with ACI Any workload anywhere. Cisco IT: Scalable Enterprise UCS with ACI Any workload anywhere. Hugh Flanagan, Senior IT Engineer Jason Stevens, IT Engineer BRKCOC-0 Agenda Introduction Challenges of Large Scale UCS Deployments in

More information

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 MP-BGP VxLAN, ACI & Demo Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 Datacenter solutions Programmable Fabric Classic Ethernet VxLAN-BGP EVPN standard-based Cisco DCNM Automation Modern

More information

Quick Start Guide (SDN)

Quick Start Guide (SDN) NetBrain Integrated Edition 7.1 Quick Start Guide (SDN) Version 7.1 Last Updated 2018-07-24 Copyright 2004-2018 NetBrain Technologies, Inc. All rights reserved. Contents 1. Discovering and Visualizing

More information

Virtual Security Gateway Overview

Virtual Security Gateway Overview This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,

More information

Configuring Layer 4 to Layer 7 Resource Pools

Configuring Layer 4 to Layer 7 Resource Pools Configuring Layer 4 to Layer 7 Resource Pools About Layer 4 to Layer 7 Resource Pools, page 1 About External IP Address Pools, page 2 About External Layer 3 Routed Domains and the Associated VLAN Pools,

More information

Cisco ACI Terminology ACI Terminology 2

Cisco ACI Terminology ACI Terminology 2 inology ACI Terminology 2 Revised: May 24, 2018, ACI Terminology Cisco ACI Term Alias API Inspector App Center Application Policy Infrastructure Controller (APIC) Application Profile Atomic Counters Alias

More information

Configuring a Device Cluster (Logical Device)

Configuring a Device Cluster (Logical Device) , page 1 About Device Clusters (Logical Devices) A device cluster (also known as a logical device) is one or more concrete devices that act as a single device. A device cluster has logical interfaces,

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme NET1350BUR Deploying NSX on a Cisco Infrastructure Jacob Rapp jrapp@vmware.com Paul A. Mancuso pmancuso@vmware.com #VMworld #NET1350BUR Disclaimer This presentation may contain product features that are

More information

Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking

Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking Markosz Maliosz PhD Department of Telecommunications and Media Informatics Faculty of Electrical Engineering

More information

PSOACI Tetration Overview. Mike Herbert

PSOACI Tetration Overview. Mike Herbert Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion

More information

Forescout. Controller Plugin. Configuration Guide. Version 1.1

Forescout. Controller Plugin. Configuration Guide. Version 1.1 Forescout Network Module: Centralized Network Controller Plugin Version 1.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/

More information

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH Cisco Tetration Analytics Demo Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH Agenda Introduction Theory Demonstration Innovation Through Engineering

More information

Cisco ACI Multi-Site Fundamentals Guide

Cisco ACI Multi-Site Fundamentals Guide First Published: 2017-08-10 Last Modified: 2017-10-09 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Practical Applications of Cisco ACI Micro Segmentation

Practical Applications of Cisco ACI Micro Segmentation BRKACI-2301 Practical Applications of Cisco ACI Micro Segmentation @JuanLage, Principal Engineer INSBU Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find

More information

Introduction to Application Centric Infrastructure

Introduction to Application Centric Infrastructure Introduction to Application Centric Infrastructure Mike Herbert Principal Engineer What is our Goal Today? This is an intermediate level session that provides detailed information on Cisco's Application

More information

Segmentation. Threat Defense. Visibility

Segmentation. Threat Defense. Visibility Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,

More information

Intra-EPG Isolation Enforcement and Cisco ACI

Intra-EPG Isolation Enforcement and Cisco ACI This chapter contains the following sections: Intra-EPG Isolation for VMware vds, page 1 Intra-EPG Isolation Enforcement for Cisco AVS, page 5 Intra-EPG Isolation for VMware vds Intra-EPG Isolation is

More information

Session objectives and takeaways

Session objectives and takeaways Session objectives and takeaways Objectives Explain SDN Core Concepts Deploy SDN Fabric with SCVMM 2016 Takeaways: Deploying SDN Fabric components with SCVMM requires planning Deploying Tenant Resources

More information

Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud

Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud Usha Ramachandran, Technical Marketing Engineer Session Abstract In this session, participants will learn how to create hybrid

More information

Exam Name: VMware Certified Associate Network Virtualization

Exam Name: VMware Certified Associate Network Virtualization Vendor: VMware Exam Code: VCAN610 Exam Name: VMware Certified Associate Network Virtualization Version: DEMO QUESTION 1 What is determined when an NSX Administrator creates a Segment ID Pool? A. The range

More information

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service Cisco ACI Multi-Site Service Integration, on page 1 Cisco ACI Multi-Site Back-to-Back Spine Connectivity Across Sites Without IPN, on page 8 Bridge Domain with Layer 2 Broadcast Extension, on page 9 Bridge

More information

Virtuální firewall v ukázkách a příkladech

Virtuální firewall v ukázkách a příkladech Praha, hotel Clarion 10. 11. dubna 2013 Virtuální firewall v ukázkách a příkladech T-SEC3 / L2 Tomáš Michaeli Cisco 2013 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Agenda VXLAN

More information

Data Center and Cloud Automation

Data Center and Cloud Automation Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve

More information