A primer to ACI Cisco Application Centric Infrastructure

2 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

•  Evolution of DC Switching Design •  Application Centric Infrastructure

Session Agenda

3 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Switching Evolution

4 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

How Cisco Data Center Switching Has Evolved From the Catalyst 6500 to the existing Nexus 9000 family

Catalyst 6000 / 6500 Flagship Campus and Datacenter switch with 100/1GE market leadership

Nexus 7000 1st product on Nexus family

aimed to transition from Cat6K with 1/10GE focus

Nexus 2K / 5K / 6K Launched as part of the UCS foundation (FEX and FCoE as innovation). Transition to ToR-based designs

Nexus 3K / 3500 Nexus 3064 was the 1st DC

switch with merchant silicon (targeting HFT initially)

Nexus 3548 followed with Cisco ASIC

2000 /

2003 2007 From

2008 2011

Nexus 7700 N7K architecture evolution of bringing higher performance and 100GE

2012 2014

Nexus 9K / ACI Foundation to ACI with focus on 10GE

and 40GE at scale with options for

25/50/100GE

5 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Networking Today

Designed for North / South campus traffic

East / West traffic is inefficient & can be unpredictable

Bandwidth & latency is not deterministic

6 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

How Cisco Data Center Switching Design Has Evolved Fabric Designs - Escaping Spanning Tree

VSS/L3 Access

vPC

FEX

Fabricpath

VXLAN/ACI/SDN

VLANs

RPVST

Workload Mobility/vMotion

OTV

Multi-site/DR Hybrid Cloud Security L4-L7 Services

TRILL MPLS

Discrete L2 Networks Integrated L3 Fabric

East-West Traffic

7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Extending the Switch Fabric

Switch Fabric on Supervisor

Fabric Extender - Nexus 5k/2k Catalyst 6500

10GE Fabric Extension

8 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Distributing the Switch Fabric

Spine Layer ~ Fabric Modules

Leaf Layer ~ Line Cards

40G/100G per Spine Connection 10G/25G/40G per leaf connection

APIC (in ACI) ~ Supervisor

Nexus 7706 Spine-Leaf Fabric

Supervisor: Control Plane/Configuration

Line Cards: Host-facing ports

Fabric Modules: Connectivity between line cards. System bandwidth can be increased by adding or upgrading modules.

SDN technologies such as VXLAN overlays and SDN controllers make distributing the switching components possible. An L3 Spine-Leaf switch fabric eliminates spanning-tree and builds a large virtual L2/L3 switch optimized for East-West traffic flows.

VXLAN

9 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

APIC Controller

Overview of the ACI Fabric

ACI Spine Nodes

ACI Leaf Nodes

ACI Fabric Features - ACI Spine Layer – Provides bandwidth and redundancy between Leaf Nodes

ACI Leaf Layer – Provides all connectivity outside the fabric - including servers, service devices, other networks

Optimized Traffic Flows – Accommodates new E-W traffic patterns in simple, scalable, non-blocking design

Decoupling of Endpoint Identity – Network policies automatically move with VM/Server/Container

Network Innovations – Dynamic load balancing, dynamic packet prioritization, congestion management

ACI Fabric

Industry’s most efficient fabric: - 220k+ 1/10/25/40Gb edge hosts - High-density 40/100G spine - 1 million+ IPv4 / IPv6 endpoints - 64,000+ tenants

10 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

What problem are we solving?

11 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Now let’s imagine a network switch … … at the moment, largely configured on the CLI

12 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

•  Device basics: AAA, syslog, SNMP, PoAP, hash seed, default routing protocol bandwidth …

•  Interface and/or Interface Pairs: UDLD, BFD, MTU, interface route metric, channel hashing, Queuing, LACP, …

•  Fabric and hardware specific design: HW Tables, TCAM, …

•  Switch Pair/Group: HSRP/VRRP, VLANs, vPC, STP, HSRP sync with vPC, Routing peering, Routing Policies, …

•  Application specific: ACL, PBR, static routes, QoS, ...

•  Fabric wide: MST, VRF, VLAN, queuing, CAM/MAC & ARP timers, COPP, route protocol defaults

All nodes are managed and operated independently, and the actual topology dictates a lot of configuration

13 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cisco ACI solves the problem … Interfaces, protocols, TCAM, etc … all represented in an object model, and ALL accessible through an XML/JSON API and CLI (yes, you can still use the cli)

14 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

APIC becomes single point of management for the entire fabric…with a policy-based model

15 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

…and the fabric becomes the Data Center switch

16 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Adding, removing or replacing nodes becomes extremely simple

17 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

And so do network upgrades …

18 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

… and you get best troubleshooting with full physical, virtual and services visibility …

19 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

System Health Scores

Statistics Per App

Endpoint Troubleshooting

Wizard

Contract Deny Logs

Real-time Heat Maps

Endpoint Tracker

ACI – Day 2 Tools for Simplified Operations

20 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

So, the first thing to remember about ACI: it is a programmable fabric with a single point of management.