ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

Similar documents
Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Cisco ACI Multi-Pod Design and Deployment

Cisco ACI Multi-Site Architecture

Cisco ACI Multi-Site Fundamentals Guide

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

ACI 3.0 update. Brian Kvisgaard, System Engineer - Datacenter Switching

Cisco ACI Multi-Pod and Service Node Integration

Modeling an Application with Cisco ACI Multi-Site Policy Manager

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Cisco APIC in a Cisco ACI Multi-Site Topology New and Changed Information 2

Cisco ACI Terminology ACI Terminology 2

Extending ACI to Multiple Sites: Dual Site Deployment Deep Dive

White Paper ACI Multi-Pod White Paper 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

ACI Anywhere (3.1/3.2) Brian Kvisgaard, System Engineer - Datacenter Switching

Cisco HyperFlex Systems

Service Graph Design with Cisco Application Centric Infrastructure

Virtual Machine Manager Domains

Cisco ACI Virtual Machine Networking

Configuring VXLAN EVPN Multi-Site

Cisco ACI Virtual Machine Networking

Configuring VXLAN EVPN Multi-Site

Cisco Application Centric Infrastructure Release 2.3 Design Guide

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

ACI Fabric Endpoint Learning

Layer 4 to Layer 7 Design

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Layer 3 IP Multicast Architecture and Design in Cisco ACI Fabric

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Intuit Application Centric ACI Deployment Case Study

Cisco IT Compute at Scale on Cisco ACI

New and Changed Information

Cisco ACI vpod. One intent: Any workload, Any location, Any cloud. Introduction

ACI Transit Routing, Route Peering, and EIGRP Support

Building NFV Solutions with OpenStack and Cisco ACI

VXLAN Overview: Cisco Nexus 9000 Series Switches

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Provisioning Overlay Networks

Schema Management. Schema Management

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Provisioning Overlay Networks

Contents Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 50

Cisco ACI Virtual Machine Networking

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Optimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric)

Introduction to External Connectivity

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

Hierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017

Cisco ACI Multi-Site, Release 1.1(1), Release Notes

2018 Cisco and/or its affiliates. All rights reserved.

Routing Design. Transit Routing. About Transit Routing

Cisco ACI Virtual Machine Networking

Virtualization Design

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cisco ACI for Red Hat Virtualization Environments

Border Provisioning Use Case in VXLAN BGP EVPN Fabrics - Multi-Site

SharkFest 16. Cisco ACI and Wireshark. Karsten Hecker Senior Technical Instructor Fast Lane Germany. Getting Back Our Data

Migration from Classic DC Network to Application Centric Infrastructure

VXLAN Multipod Design for Intra-Data Center and Geographically Dispersed Data Center Sites

Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601

Cisco ACI Virtual Machine Networking

Segmentation. Threat Defense. Visibility

Configuring VXLAN EVPN Multi-Site

Configuring Cisco Nexus 9000 Series Switches in ACI Mode (DCAC9K) v3.0

Cisco APIC Layer 3 Networking Configuration Guide

Cisco APIC Layer 3 Networking Configuration Guide

LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager

Ethernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services. Introduction and Application Note

Cisco ACI vcenter Plugin

Networking and Management Connectivity

Multi-site Datacenter Network Infrastructures

VXLAN Design with Cisco Nexus 9300 Platform Switches

Cisco CCIE Data Center Written Exam v2.0. Version Demo

Cisco Application Centric Infrastructure

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Real World ACI Deployment and Migration

Design Guide for Cisco ACI with Avi Vantage

Cisco VTS. Enabling the Software Defined Data Center. Jim Triestman CSE Datacenter USSP Cisco Virtual Topology System

Question No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric?

IP Fabric Reference Architecture

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Cisco UCS Director and ACI Advanced Deployment Lab

Participate in the session polling and Q&A We have 5 questions that we would like your input

Routing Implementation

Cisco Application Policy Infrastructure Controller Data Center Policy Model

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

DELL EMC VSCALE FABRIC

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access.

Configuring Policy-Based Redirect

Use Case: Three-Tier Application with Transit Topology

Integrating Cisco UCS with Cisco ACI

OpFlex: An Open Policy Protocol

Quick Start Guide (SDN)

VXLAN EVPN Fabric and automation using Ansible

Cisco ACI with Cisco AVS

Ethernet VPN (EVPN) in Data Center

Cisco SDN 解决方案 ACI 的基本概念

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

Data Center Configuration. 1. Configuring VXLAN

Transcription:

ACI Multi-Site Architecture and Deployment Max Ardica Principal Engineer - INSBU

Agenda ACI Network and Policy Domain Evolution ACI Multi-Site Deep Dive Overview and Use Cases Introducing ACI Multi-Site Policy Manager Inter-Site Connectivity Deployment Considerations Migration Scenarios Conclusions and Q&A

ACI Network and Policy Domain Evolution

Cisco ACI Fabric and Policy Domain Evolution ACI Single Pod Fabric ACI Stretched Fabric ACI Multi-Pod Fabric ACI Multi-Site Pod A IPN Pod n Fabric A IP Fabric n DC1 APIC Cluster DC2 MP-BGP - EVPN MP-BGP - EVPN APIC Cluster ACI 1.0 Leaf/Spine Single Pod Fabric ACI 1.1 Geographically Stretch a single fabric ACI 2.0 - Multiple Networks (Pods) in a single Availability Zone (Fabric) ACI 3.0 - Multiple Availability Zones (Fabrics) in a Single Region and Multi- Region Policy Management more to come! 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

Regions and Availability Zones OpenStack and AWS Definitions OpenStack Regions - Each Region has its own full OpenStack deployment, including its own API endpoints, networks and compute resources Availability Zones - Inside a Region, compute nodes can be logically grouped into Availability Zones, when launching new VM instance, we can specify AZ or even a specific node in a AZ to run the VM instance Regions Separate large geographical areas, each composed of multiple, isolated locations known as Availability Zones Amazon Web Services Availability Zones - Distinct locations within a region that are engineered to be isolated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same region 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

Terminology Pod A Leaf/Spine network sharing a common control plane (ISIS, BGP, COOP, ) Pod == Network Fault Domain Fabric Scope of an APIC Cluster, it can be one or more Pods Fabric == Availability Zone (AZ) or Tenant Change Domain Multi-Pod Single APIC Cluster with multiple leaf spine networks Multi-Pod == Multiple Networks within a Single Availability Zone (Fabric) Multi-Fabric Multiple APIC Clusters + associated Pods (you can have Multi-Pod with Multi-Fabric)* Multi-Fabric == Multi-Site == a DC infrastructure Region with multiple AZs * Available from ACI release 3.1 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

Typical Requirement Creation of Two Independent Fabrics/AZs Fabric A (AZ 1) Fabric B (AZ 2) Application workloads deployed across availability zones 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Creation of Two Independent Fabrics/AZs Deployment of Two (or More) Pods per Fabric/AZ Fabric A (AZ 1) Classic Active/Active Pod 1.A Pod 2.A Pod 1.B Fabric B (AZ 2) Classic Active/Active Pod 2.B 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

ACI Multi-Site Deep Dive

Overview and Use Cases

ACI Multi-Site Overview IP Network VXLAN ACI 3.0 Release MP-BGP - EVPN Availability Zone A REST API GUI Availability Zone B Region C Separate ACI Fabrics with independent APIC clusters ACI Multi-Site pushes cross-fabric configuration to multiple APIC clusters providing scoping of all configuration changes MP-BGP EVPN control plane between sites Data Plane VXLAN encapsulation across sites End-to-end policy definition and enforcement 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

ACI Multi-Site Network and Identity Extended between Fabrics Network information carried across Fabrics (Availability Zones) Identity information carried across Fabrics (Availability Zones) VTEP IP VNID Class-ID Tenant Packet IP Network No Multicast Requirement in Backbone, Head-End Replication (HER) for any Layer 2 BUM traffic) MP-BGP - EVPN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

ACI Multi-Site Namespace Normalization Translation of Source VTEP address IP Network Translation of Class-ID, VNID (scoping of name spaces) MP-BGP - EVPN Site 1 VTEP IP Leaf to Leaf VTEP, Class-ID is local to the Fabric VNID Class-ID Tenant Packet Site to Site VTEP traffic (VTEPs, VNID and Class-ID are mapped on spine) VTEP IP VNID Class-ID Tenant Packet Leaf to Leaf VTEP, Class-ID is local to the Fabric VTEP IP VNID Class-ID Site n Tenant Packet Maintain separate name spaces with ID translation performed on the spine nodes Requires specific HW on the spine to support for this functionality 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

ACI Multi-Site Hardware Requirements Support all ACI leaf switches (1 st Generation, -EX and -FX) Only -EX spine nodes (or newer) to connect to the inter-site network IP Network Can have only a subset of spines connecting to the IP network New FX non modular spine (9364C, 64x40G/100G ports) will be supported for Multi-Site in Q1CY18 timeframe 1 st Gen 1 st Gen -EX -EX 1 st generation spines (including 9336PQ) not supported Can still leverage those for intra-site leaf to leaf communication 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

ACI Multi-Site The Easiest DCI Solution in the Industry! Communication between endpoints in separate sites (Layer 2 and/or Layer 3) is enabled simply by creating and pushing a contract between the endpoints EPGs IP Site 1 DP-ETEP A DP-ETEP B S1 S2 S3 S4 S5 S6 S7 S8 Site 2 EP1 EP2 EP1 EPG Define and push inter-site policy C EP2 EPG = VXLAN Encap/Decap 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

ACI Multi-Site CloudSec Encryption for VXLAN Traffic VTEP Information Clear Text Encrypted Fabric to Fabric Traffic [ GCM-AES-128 (32-bit PN), GCM--AES-256 (32-bit PN), GCM-AES-128-XPN (64-bit PN), GCM-AES-256- XPN (64-bit PN)]) VTEP IP MACSEC VXLAN Tenant Packet IP Network MP-BGP - EVPN Future Support planned in CY18 for FX line cards and 9364C platform 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

ACI Multi-Site Networking Options Per Bridge Domain Behavior Layer 3 only across sites IP Mobility without L2 flooding Full Layer 2 and Layer 3 Extension L3 L3 L3 Site 1 Site 2 Site 1 Site Site 2 2 Site 1 Site 2 Bridge Domains and subnets not extended across Sites Layer 3 Intra-VRF or Inter- VRF communication only Same IP subnet defined in separate Sites Support for IP Mobility ( cold VM migration) and intra-subnet communication across sites No Layer 2 flooding across sites Interconnecting separate sites for fault containment and scalability reasons Layer 2 domains stretched across Sites (Support for hot VM migration) Layer 2 flooding across sites 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

Introducing ACI Multi-Site Policy Manager

ACI Multi-Site Multi-Site Policy Manager VM REST API GUI ACI Multi-Site VM Hypervisor.. VM Site 1 Site 2 Site n Micro-services architecture Multiple VMs are created and run concurrently (active/active) vsphere only support at FCS (KVM and physical appliance support scoped for future releases) OOB Mgmt connectivity to the APIC clusters deployed in separate sites Support for 500 msec to 1 sec RTT Main functions offered by ACI Multi-Site: Monitoring the health-state of the different ACI Sites Provisioning of day-0 configuration to establish inter-site EVPN control plane Defining and provisioning policies across sites (scope of changes) Inter-site troubleshooting (post-3.0 release) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

ACI Multi-Site Deployment Considerations Intra-DC Deployment IP Network Interconnecting DCs over WAN New York Site3 WAN Hypervisor Hypervisor Hypervisor Milan Site1 Rome Site2 VM VM VM ACI Multi-Site Hypervisor VM VM ACI Multi-Site Hypervisor VM Hypervisors can be connected directly to the DC OOB network Each ACI Multi-Site VM has a unique routable IP Async calls from ACI Multi-Site to APIC Moderate latency (~150 msec) supported between ACI Multi-Site nodes Higher latency (500 msec to 1 sec RTT) between ACI Multi-Site nodes and remote APIC clusters If possible deploy a node in each site for availability purposes (network partition scenarios) 20 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

ACI Multi-Site Dashboard Health/Faults for all managed sites Easily way to identify stretched policies across sites Quickly search for any deployed inter-site policy Provide direct access to the APIC GUIs in different sites 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

ACI Multi-Site Templates and Profiles Template = APIC policy definition (App & Network) Template is the scope/granularity of what can be pushed to sites Profile Template POLICY DEFINITION EP1 EPG C EP2 EPG Template is associated to all managed sites or a subset of sites SITE LOCAL Profile = Group of Templates sharing a common use-case Scope of change: policies can be pushed to separate sites at different times Site 1 EFFECTIVE POLICY Site 2 EFFECTIVE POLICY 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

APIC vs. ACI Multi-Site Functions Central point of management and configuration for the Fabric Responsible for all Fabric local functions Fabric discovery and bring up Fabric access policies Service graphs Domains creation (VMM, Physical, etc.) Integration with third party services Maintains runtime data (VTEP address, VNID, Class_ID, GIPo, etc.) Complementary to APIC Provisioning and managing of Inter-Site Tenant and Networking Policies Scope of changes Granularly propagate policies to multiple APIC clusters Can import and merge configuration from different APIC cluster domains End-to-end visibility and troubleshooting No run time data, configuration repository No participation in the fabric control and data planes No participation in the fabric control and data planes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

Inter-Site Connectivity Deployment Considerations

ACI Multi-Site Inter-Site IP Network Requirements Site A IP Site n MP-BGP EVPN Not managed by APIC, must be separately configured (day-0 configuration) IP topology can be arbitrary, not mandatory to connect to all spine nodes, can extend long distance (across the World) Main requirements: OSPF on the first hop routers to peer with the spine nodes and exchange site specific E-TEP reachability Increased MTU support to allow site-to-site VXLAN traffic 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

Connecting to the External Layer 3 Domain

Connecting ACI to Layer 3 Domain Traditional L3Out on the BL Nodes PE Client L3Out PE PE WAN PE Border Leafs Connecting to WAN Edge devices at Border Leaf nodes Definition of a L3Out logical construct VRF-lite hand-off for extending L3 multitenancy outside the ACI fabric Each tenant defines one (or more) L3Out with a set of Logical Nodes, Logical Interfaces, peering protocol 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

Multi-Site and Traditional L3Out BD1 L3Out-1 BD2 Basic assumption: every site defines its local L3Out connection 3 EPG Web1 C1 L3Out-2 EPG Web2 C2 2 4 2 IP Network ExtEPG-1 ExtEPG-2 Site 1 Site 2 1 1 L3Out-1 BL Nodes Routing Protocol Route policy ExtEPG-1 L3Out-2 BL Nodes Routing Protocol Route policy ExtEPG-1 EPG Web1 C1 ExtEPG-1 EPG Web2 C2 ExtEPG-2 5 5 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

Multi-Site and Traditional L3Out Stretched BD Basic assumptions: every site defines its local L3Out connection IP Network BD EPG Web ExtEPG-1 C1 ExtEPG-2 L3Out-1 L3Out-2 Site 1 Site 2 EPG Web C1 ExtEPG-1 EPG Web C1 ExtEPG-2 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

Connecting ACI to Layer 3 Domain GOLF Design For More Information on GOLF Deployment: LABACI-2101 = VXLAN Encap/Decap PE PE WAN PE PE Client DCI GOLF Routers (ASR 9000, ASR 1000, Nexus 7000) OTV/VPLS Direct or indirect connection from spines to WAN Edge routers Better scalability, one protocol session for all VRFs, no longer constraint by border leaf HW table VXLAN handoff with MP-BGP EVPN Simplified tenant L3Out configuration Support for host routes advertisement out of the ACI Fabric VRF configuration automation on GOLF router through OpFlex exchange 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

GOLF and Multi-Site Integration Centralized and Distributed Models Centralized GOLF Devices* Distributed GOLF Devices WAN GOLF Routers GOLF Routers WAN GOLF Routers MP-BGP EVPN MP-BGP EVPN MP-BGP EVPN MP-BGP EVPN Common when sites represent rooms/halls in the same physical DC MP-BGP EVPN peering required from spines in each fabric and the centralized WAN Edge devices *Supported post-fcs Sites represent separate physical DCs Local only MP-BGP EVPN peering between spines and GOLF router 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

GOLF and Multi-Site Integration Inter-DC Scenario with Stretched BD Site A Host routes for endpoint belonging to public BD subnets in Pod A MP-BGP EVPN Control Plane WAN Edge devices inject host routes into the WAN or register them in the LISP database IPN Host routes for endpoint belonging to public BD subnets in Pod B MP-BGP EVPN Control Plane Site B 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32

GOLF and Multi-Site Integration Inter-DC Scenario with Stretched BD (2) Remote Router Table 10.10.10.10/32 G1,G2 10.10.10.11/32 G3,G4 Granular inbound path optimization( host route advertisement into the WAN or integration with LISP) G1,G2 Routing Table 10.10.10.0/24 A 10.10.10.10/32 A WAN G3,G4 Routing Table 10.10.10.0/24 B 10.10.10.11/32 B IPN Proxy A Proxy B 10.10.10.10 10.10.10.11 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

Migration Scenarios

ACI Multi-Site Migration Paths Fabric 1 Brownfield ACI Fabric to Multi-Site Site 1 Site 2 Pod A Pod B Multi-Pod to Hierarchical Multi-Site Pod A Pod B Site 2 APIC Cluster Multi-Pod Planned for Q1CY18 APIC Cluster Site 1 Fabric 1 Inter-Site App Fabric 2 Multi-Fabric Design to Multi-Site Site 1 Site 2 L2/L3 DCI Multi-Fabric Scoped for the future 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

Conclusions and Q&A

Conclusions Cisco ACI offers different multi-fabric options that can be deployed today There is a solid roadmap to evolve those options in the short and mid term Multi-Pod represents the natural evolution of the existing Stretched Fabric design MP-BGP EVPN MP-BGP EVPN Multi-Site will replace the Dual-Fabric approach Cisco will offer migration options to drive the adoption of those new solutions 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

Where to Go for More Information ACI Stretched Fabric White Paper ACI Multi-Pod White Paper ACI Multi-Site Cisco Live Las Vegas 2017 https://www.ciscolive.com/online/connect/sessiondetail.ww?session_id=95450&backbtn=true ACI Multi-Site White Paper http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_kb-aci-stretchedfabric.html#concept_524263c54d8749f2ad248faeba7dad78 http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centricinfrastructure/white-paper-c11-737855.html?cachemode=refresh https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centricinfrastructure/white-paper-c11-739609.html 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback