Cisco ACI Terminology ACI Terminology 2

Similar documents
ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Cisco ACI Multi-Site Fundamentals Guide

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Cisco APIC in a Cisco ACI Multi-Site Topology New and Changed Information 2

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access.

Modeling an Application with Cisco ACI Multi-Site Policy Manager

Cisco ACI with Red Hat Virtualization 2

Cisco ACI Simulator VM Installation Guide

Virtual Machine Manager Domains

New and Changed Information

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking

Layer 4 to Layer 7 Design

Cisco ACI Virtual Machine Networking

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service

Cisco ACI vcenter Plugin

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking

Cisco ACI Multi-Site, Release 1.1(1), Release Notes

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Cisco HyperFlex Systems

Cisco ACI with Cisco AVS

Use Case: Three-Tier Application with Transit Topology

Management Tools. Management Tools. About the Management GUI. About the CLI. This chapter contains the following sections:

Cisco ACI Simulator Release Notes, Release 1.1(1j)

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Service Graph Design with Cisco Application Centric Infrastructure

Cisco Application Centric Infrastructure

Microsegmentation with Cisco ACI

Cisco Application Policy Infrastructure Controller Data Center Policy Model

Intra-EPG Isolation Enforcement and Cisco ACI

Intra-EPG Isolation Enforcement and Cisco ACI

Quick Start Guide (SDN)

Cisco ACI and Pivotal Cloud Foundry Integration 2

Question No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric?

Cisco ACI App Center. One Platform, Many Applications. Overview

Schema Management. Schema Management

Cisco Mini ACI Fabric and Virtual APICs

Intra-EPG Isolation Enforcement and Cisco ACI

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Cisco IT Compute at Scale on Cisco ACI

Quick Start Guide (SDN)

Provisioning Core ACI Fabric Services

Using Cisco APIC to Deploy an EPG on a Specific Port

Design Guide for Cisco ACI with Avi Vantage

Configuring Cisco Nexus 9000 Series Switches in ACI Mode (DCAC9K) v3.0

Virtualization Design

Cisco Application Centric Infrastructure (ACI) Simulator

Cisco ACI vpod. One intent: Any workload, Any location, Any cloud. Introduction

F5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Layer 4 to Layer 7 Service Insertion, page 1

ACI Transit Routing, Route Peering, and EIGRP Support

Configuring APIC Accounts

Cisco ACI Multi-Pod and Service Node Integration

SharkFest 16. Cisco ACI and Wireshark. Karsten Hecker Senior Technical Instructor Fast Lane Germany. Getting Back Our Data

Configuring Policy-Based Redirect

Cisco ACI Multi-Site Architecture

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

Routing Implementation

Cisco ACI and Cisco AVS

Cisco NSH Service Chaining Configuration Guide

Cisco CCIE Data Center Written Exam v2.0. Version Demo

Intuit Application Centric ACI Deployment Case Study

Cisco ACI Simulator Release Notes, Release 2.2(3)

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

Cisco Application Centric Infrastructure Release 2.3 Design Guide

Cisco UCS Director and ACI Advanced Deployment Lab

Configuring Layer 4 to Layer 7 Resource Pools

Cisco ACI Simulator Release Notes, Release 3.0(2)

Working with Contracts

Network Programmability with Cisco Application Centric Infrastructure

Configuring Policy-Based Redirect

Principles of Application Centric Infrastructure

Configuring Policy-Based Redirect

Provisioning Overlay Networks

DevNet Technical Breakout: Introduction to ACI Programming and APIs.

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Microsegmentation with Cisco ACI

Routing Design. Transit Routing. About Transit Routing

Cisco APIC and Static Management Access

Cisco APIC Layer 3 Networking Configuration Guide

Basic User Tenant Configuration

Contents Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 50

Data Center and Cloud Automation

Toggling Between Basic and Advanced GUI Modes

Cisco Application Centric Infrastructure with Splunk Enterprise Solution

Cisco ACI for Red Hat Virtualization Environments

Cisco ACI Multi-Pod Design and Deployment

ACI Fabric Endpoint Learning

Tenant Onboarding. Tenant Onboarding Overview. Tenant Onboarding with Virtual Data Centers

Tenants. ACI Tenancy Models. ACI Tenancy Models, on page 1 Application Profile, on page 3

Cisco SDN 解决方案 ACI 的基本概念

Q-in-Q Encapsulation Mapping for EPGs

Provisioning Overlay Networks

Transcription:

inology ACI Terminology 2

Revised: May 24, 2018, ACI Terminology Cisco ACI Term Alias API Inspector App Center Application Policy Infrastructure Controller (APIC) Application Profile Atomic Counters Alias Approximation of cluster controller Atomic Counters A changeable name for a given object. While the name of an object, once created, cannot be changed, the Alias is a field that can be changed. For more details, refer to "Using Tags and Alias" section under "Using the REST API": The API Inspector in the Cisco APIC GUI provides a real-time display of the REST API commands that the Cisco APIC processes to perform GUI interactions. The Cisco ACI App Center allows you to fully enable the capabilities of the Cisco APIC by writing applications running on the controller. Using the Cisco ACI App Center, customers, developers, and partners are able to build applications to simplify, enhance, and visualize their use cases. These applications are hosted and shared at the Cisco ACI App Center and installed in the Cisco APIC. The Cisco APIC, which is implemented as a replicated synchronized clustered controller, provides a unified point of automation and management, policy programming, application deployment, and health monitoring for the Cisco ACI multitenant fabric. The minimum recommended size for a Cisco APIC cluster is three controllers. An application profile (fvap) defines the policies, services, and relationships between endpoint groups (EPGs). Atomic counters allow you to gather statistics about traffic between leafs. Using atomic counters, you can detect drops and misrouting in the fabric, enabling quick debugging and isolation of application connectivity issues. For example, an administrator can enable atomic counters on all leaf switches to trace packets from endpoint 1 to endpoint 2. If any leaf switches have nonzero counters, other than the source and destination leaf switches, an administrator can drill down to those leaf switches. 2

Attachable Entity Profile Border Leaf Switches Bridge Domain Cisco ACI Optimizer Cisco Application Virtual Switch (AVS) Configuration Zones Consumer Border Leaf Switches Bridge Domain An Attachable Access Entity Profile (AEP) is used to group domains with similar requirements. By grouping domains into AEPs and associating them, the fabric knows where the various devices in the domain live and the Application Policy Infrastructure Controller (APIC) can push the VLANs and policy where it needs to be. Border leaf switches refers to a leaf that is connected to a layer 3 device like external network devices or services such as firewalls and router ports. Other devices like servers can also connect to it. A bridge domain is a set of logical ports that share the same flooding or broadcast characteristics. Like a virtual LAN (VLAN), bridge domains span multiple devices. The Cisco ACI Optimizer feature in the Cisco APIC GUI is a Cisco APIC tool that enables you to determine how many leaf switches you will need for your network and suggests how to deploy each application and external EPG on each leaf switch without violating any constraints. It can also help you determine if your current setup has what you need, if you are exceeding any limitations, and suggests how to deploy each application and external EPG on each leaf switch. Cisco AVS is a distributed virtual switch that is integrated with the Cisco ACI architecture as a virtual leaf and managed by the Cisco APIC. It offers different forwarding and encapsulation options and extends across many virtualized hosts and data centers defined by the VMware vcenter server. Configuration zones divide the Cisco ACI fabric into different zones that can be updated with configuration changes at different times. This limits the risk of deploying a faulty fabric-wide configuration that may disrupt traffic or even bring the fabric down. An administrator can deploy a configuration to a non-critical zone, and then deploy it to critical zones when satisfied that it is suitable. For more details, refer to: Configuration Zones An EPG that consumes a service. 3

Context or VRF Instance Contract Distinguished Name (DN) Endpoint Group (EPG) Fabric Filter GOLF L2 Out Virtual Routing and Forwarding (VRF) or Private Network Approximation of Access Control List (ACL) Approximation of Fully Qualified Domain Name (FQDN) Endpoint Group Approximation of Access Control List and approximation of Firewall Bridged Connection A virtual routing and forwarding instance defines a Layer 3 address domain that allows multiple instances of a routing table to exist and work simultaneously. This increases functionality by allowing network paths to be segmented without using multiple devices. Cisco ACI tenants can contain multiple VRFs. The rules that specify what and how communication in a network is allowed. In Cisco ACI, contracts specify how communications between EPGs take place. Contract scope can be limited to the EPGs in an application profile, a tenant, a VRF, or the entire fabric. A unique name that describes a MO and locates its place in the MIT. A logical entity that contains a collection of physical or virtual network endpoints. In Cisco ACI, endpoints are devices connected to the network directly or indirectly. They have an address (identity), a location, attributes (e.g., version, patch level), and can be physical or virtual. Endpoint examples include servers, virtual machines, storage, or clients on the Internet. The Cisco ACI fabric includes Cisco Nexus 9000 Series switches with the Cisco APIC controller to run in the leaf/spine Cisco ACI fabric mode. These switches form a fat-tree network by connecting each leaf node to each spine node; all other devices connect to the leaf nodes. The Cisco APIC manages the Cisco ACI fabric. Cisco ACI uses a whitelist model: all communication is blocked by default; communication must be given explicit permission. A Cisco ACI filter is a TCP/IP header field, such as a Layer 3 protocol type or Layer 4 ports, that are used to allow inbound or outbound communications between EPGs. The Cisco ACI GOLF feature (also known as Layer 3 EVPN Services for Fabric WAN) enables much more efficient and scalable Cisco ACI fabric WAN connectivity. It uses the BGP EVPN protocol over OSPF for WAN routers that are connected to spine switches. A bridged connection connects two or more segments of the same network so that they can communicate. In Cisco ACI, an L2 Out is a bridged (Layer 2) connection between a Cisco ACI fabric and an outside Layer 2 network, which is usually a switch. 4

L3 Out Label Managed Object (MO) Management Information Tree (MIT) Microsegmentation with Cisco ACI Multipod Routed Connection MO MIT Microsegmentation, micro-segmentation A routed Layer 3 connection uses a set of protocols that determine the path that data follows in order to travel across multiple networks from its source to its destination. Cisco ACI routed connections perform IP forwarding according to the protocol selected, such as BGP, OSPF, or EIGRP. Label matching is used to determine which consumer and provider EPGs can communicate. Contract subjects of a given producer or consumer of that contract determine that consumers and providers can communicate. A label matching algorithm is used determine this communication. For more details, refer to: ACI Fundamentals Guide An abstract representation of network resources that are managed. In Cisco ACI, an abstraction of a Cisco ACI fabric resource. A hierarchical management information tree containing all the managed objects (MOs) of a system. In Cisco ACI, the MIT contains all the MOs of the Cisco ACI fabric. The Cisco ACI MIT is also called the Management Information Model (MIM). Microsegmentation with the Cisco Application Centric Infrastructure (ACI) provides the ability to automatically assign endpoints to logical security zones called endpoint groups (EPGs) based on various network-based or virtual machine (VM)-based attributes. Multipod enables provisioning a more fault-tolerant fabric comprised of multiple pods with isolated control plane protocols. Also, multipod provides more flexibility with regard to the full mesh cabling between leaf and spine switches. For example, if leaf switches are spread across different floors or different buildings, multipod enables provisioning multiple pods per floor or building and providing connectivity between pods through spine switches. Multipod uses MP-BGP EVPN as the control-plane communication protocol between the Cisco ACI spine switches in different pods. For more details, refer to the Multipod White Paper: 5

Networking Domains A fabric administrator creates domain policies that configure ports, protocols, VLAN pools, and encapsulation. These policies can be used exclusively by a single tenant, or they can be shared. Once a fabric administrator configures domains in the Cisco ACI fabric, tenant administrators can associate tenant endpoint groups (EPGs) to domains. A domain is configured to be associated with a VLAN pool. EPGs are then configured to use the VLANs associated with a domain. You can configure the following domain types: VMM domain profiles (vmmdomp) are required for virtual machine hypervisor integration. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access. Bridged outside network domain profiles (l2extdomp) are typically used to connect a bridged external network trunk switch to a leaf switch in the Cisco ACI fabric. Routed outside network domain profiles (l3extdomp) are used to connect a router to a leaf switch in the Cisco ACI fabric. Fibre Channel domain profiles (fcdomp) are used to connect Fibre Channel VLANs and VSANs. Policy Profile Provider Named entity that contains generic specifications for controlling some aspect of system behavior. For example, a Layer 3 Outside Network Policy would contain the BGP protocol to enable BGP routing functions when connecting the fabric to an outside Layer 3 network. Named entity that contains the necessary configuration details for implementing one or more instances of a policy. For example, a switch node profile for a routing policy would contain all the switch-specific configuration details required to implement the BGP routing protocol. An EPG that provides a service. 6

Quota Management REST API Schema Site Quota Management REST API Site The Quota management feature enables an admin to limit what managed objects can be added under a given tenant or globally across tenants. Using Quota Management, you can limit any tenant or group of tenants from exceeding Cisco ACI maximums per leaf switch or per fabric or unfairly consuming most available resources, potentially affecting other tenants on the same fabric. For example, a user has configured a bridge domain quota of maximum 6 across the entire ACI policy model with a fault action. The code would be: apic1(config)# quota fvbd max 6 scope uni exceed-action fault The Cisco Application Policy Infrastructure Controller (APIC) REST API is a programmatic interface that uses REST architecture. The API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents. The REST API is the interface into the management information tree (MIT) and allows manipulation of the object model state. The same REST interface is used by the Cisco APIC CLI, GUI, and SDK, so that whenever information is displayed, it is read through the REST API, and when configuration changes are made, they are written through the REST API. The REST API also provides an interface through which other information can be retrieved, including statistics, faults, and audit events. It even provides a means of subscribing to push-based event notification, so that when a change occurs in the MIT, an event can be sent through a web socket. In a Cisco ACI Multi-Site configuration, the Schema is a container for single or multiple templates that are used for defining policies. The Cisco APIC cluster domain or single fabric, treated as a Cisco ACI region and availability zone. It can be located in the same metro-area as other sites, or spaced world-wide. 7

Stretched ACI Subject Tags Template Tenant vzany Approximation of Access Control List Template Tenant Stretched Cisco ACI fabric is a partially meshed design that connects Cisco ACI leaf and spine switches distributed in multiple locations. The stretched fabric is a single Cisco ACI fabric. The sites are one administration domain and one availability zone. Administrators are able to manage the sites as one entity; configuration changes made on any Cisco APIC controller node are applied to devices across the sites. The stretched Cisco ACI fabric preserves live VM migration capability across the sites. Objects (tenants, VRFs, EPGs, bridge-domains, subnets, or contracts) can be stretched when they are deployed to multiple sites. In Cisco ACI, subjects in a contract specify what information can be communicated and how. Object tags simplify API operations. In an API operation, an object or group of objects is referenced by the tag name instead of by the distinguished name (DN). Tags are child objects of the item they tag; besides the name, they have no other properties. For more details, refer to "Using Tags and Alias" section under "Using the REST API". In a Cisco ACI Multi-Site configuration, templates are framework to hold policies and configuration objects that are pushed to the different sites. These templates reside within schemas that are defined for each site. A secure and exclusive virtual computing environment. In Cisco ACI, a tenant is a unit of isolation from a policy perspective, but it does not represent a private network. Tenants can represent a customer in a service provider setting, an organization or domain in an enterprise setting, or just a convenient grouping of policies. Cisco ACI tenants can contain multiple private networks (VRF instances). The vzany managed object provides a convenient way of associating all endpoint groups (EPGs) in a Virtual Routing and Forwarding (VRF) instance to one or more contracts, instead of creating a seperate contract relation for each EPG. For more details, refer to the "Contracts and Policy Enforcement" section of ACI Best Practices. 8

Cisco Systems, Inc. All rights reserved.

Americas Headquarters Cisco Systems, Inc. San Jose, CA 95134-1706 USA Asia Pacific Headquarters CiscoSystems(USA)Pte.Ltd. Singapore Europe Headquarters CiscoSystemsInternationalBV Amsterdam,TheNetherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback