Cisco ACI - Application Policy Enforcement Using APIC

Similar documents
Policy Driven Data Center Design

Intuit Application Centric ACI Deployment Case Study

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Get Your Datacenter SDN Ready. Ahmad Chehime Cisco ACI Strategic Product Sales Specialist SPSS Emerging Region

Cisco UCS Director and ACI Advanced Deployment Lab

NetBrain Technologies: Achieving Agile Network Operations: How Automation Can Improve Visibility Across Hybrid Infrastructures

The Next Opportunity in the Data Centre

DevNet Technical Breakout: Introduction to ACI Programming and APIs.

Quick Start Guide (SDN)

Policy Driven Data Centre with ACI

Cisco ACI Multi-Site Fundamentals Guide

Cisco ACI App Center. One Platform, Many Applications. Overview

Segmentation. Threat Defense. Visibility

Cisco SDN 解决方案 ACI 的基本概念

Cisco ACI vcenter Plugin

Service Graph Design with Cisco Application Centric Infrastructure

Hybrid Cloud Solutions

Design Guide for Cisco ACI with Avi Vantage

Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director

Data Center and Cloud Automation

Quick Start Guide (SDN)

Configuring Cisco Nexus 9000 Series Switches in ACI Mode (DCAC9K) v3.0

Application Centric Infrastructure

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Service Insertion with ACI using F5 iworkflow

Cisco ACI vpod. One intent: Any workload, Any location, Any cloud. Introduction

Cisco Application Policy Infrastructure Controller Data Center Policy Model

Schema Management. Schema Management

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

believe in more SDN for Datacenter A Simple Approach

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

2018 Cisco and/or its affiliates. All rights reserved.

Migration from Classic DC Network to Application Centric Infrastructure

Tenant Onboarding. Tenant Onboarding Overview. Tenant Onboarding with Virtual Data Centers

Question No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric?

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service

Deploying Cloud-Agnostic Applications with Cisco CloudCenter

SharkFest 16. Cisco ACI and Wireshark. Karsten Hecker Senior Technical Instructor Fast Lane Germany. Getting Back Our Data

Principles of Application Centric Infrastructure

Cisco ACI Virtual Machine Networking

Cisco ACI Terminology ACI Terminology 2

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

Use Case: Three-Tier Application with Transit Topology

Infoblox Network Insight Integration with Cisco ACI

Cisco ACI Virtual Machine Networking

EZ Cloud Reference Material EZ Cloud Type 1: Release 1 Use Cases

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

Cisco Tetration Analytics

Building NFV Solutions with OpenStack and Cisco ACI

Cisco HyperFlex Systems

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

APPLICATION CENTRIC INFRASTRUCTURE

Cisco ACI Multi-Site, Release 1.1(1), Release Notes

Introducing Cisco Network Assurance Engine

Real World ACI Deployment and Migration

Modeling an Application with Cisco ACI Multi-Site Policy Manager

Health Scores. Understanding Health Scores

Cisco Unified Data Center Strategy

Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601

Contiv installation and integration with ACI

DATACENTER POWER SESSION: UNIFYING THE DATACENTER

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Configuring Policy-Based Redirect

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

Virtual Machine Manager Domains

Configuring Layer 4 to Layer 7 Resource Pools

Layer 4 to Layer 7 Design

Customer s journey into the private cloud with Cisco Enterprise Cloud Suite

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access.

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Configuring APIC Accounts

Microsegmentation with Cisco ACI

Microsegmentation with Cisco ACI

Cisco ACI Simulator Release Notes, Release 1.1(1j)

Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud

Contiv installation and integration with ACI. LTRCLD-2003

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

F5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures

Title DC Automation: It s a MARVEL!

Configuring Policy-Based Redirect

Cisco ACI Simulator VM Installation Guide

Cisco ACI Virtual Machine Networking

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

Intra-EPG Isolation Enforcement and Cisco ACI

Cisco Application Centric Infrastructure

Cisco ACI Simulator Release Notes, Release 2.2(3)

Routing Implementation

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Tetration Hands-on Lab from Deployment to Operations Support

Exam Questions Demo Cisco. Exam Questions

Intra-EPG Isolation Enforcement and Cisco ACI

Configuring Policy-Based Redirect

Borderless Networks. Tom Schepers, Director Systems Engineering

Cisco Cyber Threat Defense Solution 1.0

Integration of Hypervisors & L4-7 Services with ACI

Cisco Wide Area Bonjour Solution Overview

Transcription:

Cisco ACI - Application Policy Enforcement Using APIC Azeem Suleman Solutions Architect

House Keeping Notes Tuesday April 15, 2014 Thank you for attending Cisco Connect Toronto 2014, here are a few housekeeping notes to ensure we all enjoy the session today. Please ensure your cellphones / Laptops are set on silent to ensure no one is disturbed during the session A power bar is available under each desk in case you need to charge your laptop You have RDP client and JAVA support on your laptops All the lab task will be done on a jump box 3

What Are We Solving? 4

Overloaded Network Constructs Basic Network Policy SLAs L4-7 Services Subnet Subnet Subnet VLAN VLAN VLAN Network constructs are overloaded with unintended functionality.

Application Language Barriers Developers Infrastructure Teams Application Tiers Provider / Consumer Relationships VLANs Subnets Protocols Ports Developer and infrastructure teams must translate between disparate languages.

Who is insieme? $100M+ INVESTED BY CISCO 250+ EMPLOYEES 20 YEAR EXECUTION HISTORY IN SOFTWARE AND ASIC S INSIEME

What is ACI? OPEN RESTFUL API S CENTRALIZED POLICY MODEL OPEN SOURCE CONTROLLER POLICY MODEL NETWORK CONNECTS TO ALL COMPONENTS OF DATA CENTER POLICY MODEL CONTROLS NETWORK AND INFORMATION FLOW ACI

Two types of language NETWORK LANGUAGE APP LANGUAGE VLAN Subnets Bridging Routing IP Addresses Human Translator WEB APP DB

APP-Centricity for access control WEB APP DB CLEAR, SIMPLE DESCRIPTION OF HOW TIERS ARE ALLOWED TO COMMUNICAT E

APP-Centricity for Service deployment F/W ADC WEB ADC APP DB ANY SERVICE CAN BE ADDED BETWEEN TIERS

App-centricity for troubleshooting and Monitoring HEALTH SCORE 82% The Network Knows the App Structure and Components LATENCY Easy to Follow 3-Tier Apps Around Application the DC Traditional 10 Microsecond(s) APPLICATION NETWORK PROFILE Visibility into the Health of the Infrastructure for the App DROP COUNT 25 Packets Dropped VISIBILITY VMs Servers APPLICATION NETWORK PROFILE APPLICATION NETWORK PROFILE APPLICATION NETWORK PROFILE Ports Switches Services Faults

Application policy infrastructure controller (APIC) Single API/ Open/ Restful XML/JSON Reliable Application Centric Scalable ENABLES THE APPLICATION CENTRIC INFRASTUCTURE

ACI Policy Model 15

Defining Terms Tenant - Logical separator for: Customer, BU, group etc. separates traffic, admin, visibility, etc. Private-L3 - Equivalent to a VRF, separates routing instances, can be used as an admin separation Bridge Domain - NOT A VLAN, simply a container for subnets, CAN be used to define L2 boundary End-Point Group - (EPG) Container for objects requiring the same policy treatment, i.e. app tiers, or services

Logical Model Overview root\uni Tenant A Tenant B Private-L3 A Private-L3 B Private-L3 A Bridge Domain Bridge Domain Bridge Domain Bridge Domain Subnet A Subnet B Subnet A Subnet B Subnet C Private-L3 and subnets are independent between tenants

Logical Model Overview (cont.) root\uni Coke Pepsi Dev/Test Prod Web Services Dev/Test-BD Prod-BD Web-BD App-BD 10.1/24 20.1/24 100.1/16 20.1/24 L2 Enabled = Yes 21.1/24 L2 Enabled = Yes L2 Enabled = Yes Private-L3 and subnets are independent between tenants

Defining Terms Contract - Definition of policy. Defines how an EPG communicates with other EPGs. Subject - Something being discussed. Used to build definitions of communication between EPGs. Contains: filter, action, and optional label. Filter - Identifier for a subject, i.e. the traffic do you want to take action on. Required within a subject. Action - Action to be taken on the filtered traffic with a subject. Required within a subject.

Applications and Conversations Application communication can be defined as who is allowed to talk to whom. Users Web Farm App Servers DB Farm Communication between objects on the network can be thought of as one or two way conversations (monologue/dialogue.)

The Provider Consumer Relationship Users Provides Web Services Web Farm Provides App Services App Servers Consumes Web Services Consumes App Services Provider consumer relationships define application connectivity in application terms. All objects can provide, consume, or both.

Contracts for Policy Contracts are used to define relationships.

Policy Definition Current Policy Definition Policy Based on Contracts Rules SLAs Actions L4-7 Security QoS

Defining Provider Consumer Relationships DB Farm

Defining Provider Consumer Relationships DB Farm

LAB TIME 26

How to access Pod URL: https://labops-out.cisco.com/labops/ilt/ Register your username and select Pod. Classname: azesulem_v6399 Once Login to RDP you should see a PDF lab guide on the desktop Follow the instructions on the lab guide. 27

Call to Action Visit:- Cisco Campus Technical Solutions Clinics Meet the Engineer 28

Complete Your Paper Session Evaluation Tuesday April 15th Give us your feedback and you could win 1 of 2 fabulous prizes in a random draw. Complete and return your paper evaluation form to the Room Attendant at the end of the session. Winners will be announced today at the end of the session. You must be present to win! See the Room monitor to redeem your prize

Questions? 30

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback