Tuesday, 4 November 2014

Now i would like to share again what is APIC ( cisco software defined network) design and implementation consideration etc....

I have reference this information from my training and some from white paper.

Cisco APIC Leaf/Spine Architecture

The fabric is based on a leaf-and-spine architecture.
Cisco ACI topologies have two types of functions: functions for leaf devices and functions for spine devices:
·         Leaf devices: These devices have ports connected to Classic Ethernet devices (servers, firewalls, router ports, and so on)
·         Spine devices: These devices exclusively interconnect leaf devices
The leaf is also the place where policies are applied to traffic. All leaf devices connect to all spine devices, and all spine devices connect to all leaf devices, but no direct connectivity is allowed between spine devices or between leaf devices.

The Cisco ACI fabric is a 40-Gbps IP fabric that supports routing to the edge (100-Gbps capable
The Cisco ACI fabric is designed to provide a zero-touch operation experience with:
●   A logically central but physically distributed controller for policy, bootstrap, and image management
●   Easy startup with topology autodiscovery, automated configuration, and infrastructure addressing using industry-standard protocols: IS-IS, LLDP, and Dynamic Host Configuration Protocol (DHCP). After LLDP discovery, Cisco APIC learns all neighboring connections dynamically.
●   A simple and automated policy-based upgrade process and automated image management

Cisco APIC 

Cisco APIC is a physical server appliance on Cisco UCS C220 M3 server with two 10 Gigabit Ethernet interfaces that must be connected to any two leaf switches. The Cisco Application Centric Infrastructure Fabric (ACI) fabric includes Cisco Nexus 9000 Series switcheswith the APIC to run in the leaf/spine ACI fabric mode. These switches form a fat-treenetwork by connecting each leaf node to each spine node; all other devices connect to the leaf nodes. The APIC manages the ACI fabric. The recommended minimum configuration for the APIC is a cluster of three replicated hosts. It is also central point of management but no centralized control plane.

 ACI Terms 

·         Bridge Domain: A bridge domain is a container for subnets that can act as a broadcast or flooding domain .The bridge domain is not a VLAN, although it can act similar to a VLAN. The bridge domain references a VRF instance called Layer 3 Network. The subnets and gateways for the workloads are defined as part of the bridge domain.Whenever you create an EPG, you need to reference a bridge domain.
·         Contract: EPGs can only communicate with other EPGs according to contract rules. contract uses labels, subjects, and filters to differentiate how communications occur among different EPGs that require HTTP or HTTPS (Layer 4 protocol).
·         End-Point Group(EPG): An EPG is a managed object that is a named logical entity that contains a collection of endpoints. Endpoints. Endpoint examples include servers, virtual machines, network-attached storage, or clients on the Internet. Endpoint connectivity in the virtual network is defined by carving the bridge domain into EPGs and associating these EPGs with either a virtual machine manager or a physical server (static binding).
·         Application Network Profile:  Application network profile is the end-to-end components that make up a business application. An application network profile is a collection of EPGs, contracts and connectivity policy. In other words is a collection of groups of workloads that together form what the administrator defines as the application.

The bridge domain references a VRF instance called Layer 3 Network. The subnets and gateways for the workloads are defined as part of the bridge domain.Whenever you create an EPG, you need to reference a bridge domain.The relationships among the various objects are as follows: the EPG points to a bridge domain, and the bridge domain points to a Layer 3 network.

 How to communicate with outside network with APIC 

Outside network are currently running as OSPF routing protocol with Area 0 backbone area.
When new APIC network infrastructure build up and connect back to current outside network. We propose new ospf area  Design.APIC Fabric infrasturctre will be running as MP-BGP connection and border leaf switches is the point  of intercommunication between current datacentre network and new APIC infrastructure network.  Border leaf switch will perform mutual redistribution between OSPF and BGP. So that current outside network can manage to learn APIC network information. as external OSPF route (O E2)  route.