Application Centric Infrastructure (ACI)cloudday.momart.hu/Assets/Cisco_Boross_adam_Az...OPEN...

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1

Application Centric Infrastructure (ACI)

Boross Ádám

VMware Cloud Day

2013. November 19.

Mérnök Tanácsadó

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Automation Scale and

Performance Security Simplicity Open

Agility and Visibility

APIC

Agenda

1. Emerging Data Center Requirements

2. Application Centric Infrastructure (ACI) Introduction

3. ACI Fabric

4. Nexus 9000 Hardware


Business Models

Service Models

Operational Models

Management Models

Consumption Models

AIl About the Application Shifts that are re-defining IT - at all levels

WEB ECONOMY APP ECONOMY

ON PREMISE /

TRADITIONAL IT

SERVICES

INFRASTRUCTURE

AS A SERVICE

DEVELOPMENT

VS. OPERATIONS

BOX-

CENTRIC

CLOUD BASED

SERVICES

APPLICATION

AS A SERVICE

DEV OPS

INTEGRATION

APPLICATION-

CENTRIC

TODAY FUTURE


Evolution to Application Centric Infrastructure

IP

CONVERGENCE

DATA

VOICE

VIDEO

NETWORK

VIRTUALIZATION

COMPUTE

NETWORK

STORAGE

2010 2005 TODAY – APP ECONOMY

APPLICATION CENTRIC

INFRASTUCTURE

APPLICATIONS,

NETWORKING, AND

SCALE WITH SECURITY

CHANGE


Requirements Requirements Requirements

Layer 2-7 Data Center Challenges … Business demand

for a new Web App

Web Developer App Developer DBA

Requirements Requirements Requirements

Compute Team Storage Team Network Team

Infrastructure

Team


Compute

Team

Storage

Team Network

Team Infrastructure

Team

Compute

Team

Storage

Team

Network

Team

Web

Server App

Server

DB

Server

Web

Storage App

Storage

DB

Storage

Layer 2-7 Data Center Challenges – timing perspective


Compute

Team

Storage

Team

Network

Team

Web

Server App

Server

DB

Server

Web

Storage App

Storage

DB

Storage

Layer 2-7 Data Center Challenges – timing perspective


Expanding to multiple network services …

Web VLAN App VLAN DB VLAN

Web Subnet App Subnet DB

Subnet

Security Services Routing





APIC

Agenda



3. ACI Fabric


OPEN RESTFUL APIS

CENTRALIZED POLICY MODEL

OPEN SOURCE

CONTROLLER

APIC

ACI Building Blocks Next Generation Nexus — Traditional Networks

POLICY MODEL

ACI

BUILT-IN LINE RATE

END POINT DIRECTORY

INTEGRATED OVERLAY

40G NON-BLOCKING FABRIC

SIMPLE, SECURE

>_ >_

50% SIMPLER CODE BASE

FUTURE PROOF UPGRADABLE

TO ACI

PROGRAMMABILITY AND AUTOMATION

NETWORK VIRTUALIZATION

SUPPORT

RESILIENCY: IN SERVICE PATCHING,

UPGRADE, FAST RESTART

ACI Building Blocks Future Proof — Software Upgradable To ACI

NEXUS 9500 and 9300 INNOVATIONS IN SOFTWARE HARDWARE AND SYSTEM DESIGN

PRICE POWER EFFICIENCY PROGRAM MABILITY PORT DENSITY PERFORM ANCE

OPTIMIZED NX-OS SCALE OUT WITHOUT COMPROMISE

COMMON BUILDING BLOCKS - ACCESS AND CORE

APIC


ACI policy model brings the concept of End-Point Group (EPG)

HTTPS

Service

HTTPS

Service

HTTPS

Service

HTTPS

Service

HTTP

Service

HTTP

Service

HTTP

Service

HTTP

Service

EPG - Web

EPGs are a grouping of end-points representing application or

application components independent of other network constructs.

POLICY MODEL


Application Network Profiles (ANP)

Inbound/Outbound

Policies Inbound/Outbound

Policies

Application Network Profile

Application Network profiles are a group of EPGs and the policies that define the

communication between them.

POLICY MODEL

=


ACI Application Network Profile (ANP) Detailed Policy-Based Fabric Management

• Extend the principle of Cisco UCS® Manager

service profiles to the entire fabric

• Application Network profile: stateless

definition of application requirements

Application tiers

Connectivity policies

Layer 4 – 7 services

XML/JSON schema

• Fully abstracted from the infrastructure

implementation

Removes dependencies of the infrastructure

Portable across different data center fabrics

## App Network Profile: Defines Application Level Metadata (Pseudo Code Example) <Network-Profile = Production_Web> <App-Tier = Web> <Connected-To = Application_Client> <Connection-Policy = Secure_Firewall_External> <Connected-To = Application_Tier> <Connection-Policy = Secure_Firewall_Internal & High_Priority> . . . <App-Tier = DataBase> <Connected-To = Storage> <Connection-Policy = NFS_TCP & High_BW_Low_Latency> . . .

App Tier DB Tier

Storage Storage

Web Tier

Application

The network profile fully describes the application connectivity

requirements


Application Policy Model and Instantiation

All forwarding in the fabric is managed through the application network profile

• IP addresses are fully portable anywhere within the fabric

• Security and forwarding are fully decoupled from any physical or virtual network attributes

• Devices autonomously update the state of the network based on configured policy requirements

DB Tier

Storage Storage

Application

Client

Web Tier App Tier

Application policy model: Defines the

application requirements (application

network profile)

Policy instantiation: Each device

dynamically instantiates the required

changes based on the policies

VM VM VM

10.2.4.7

VM

10.9.3.37

VM

10.32.3.7

VM VM


Application Awareness Application-Level Visibility

Actions: No new hosts or VMs Evacuate hypervisors Re-balance clusters

PetStore Event

PetStore Dev • Leaf 1 and 2 • Spine 1 – 3 • Atomic counters

PetStore Prod • Leaf 2 and 3 • Spine 1 – 2 • Atomic counters

PetStore QA • Leaf 3 and 4 • Spine 2 – 3 • Atomic counters

VXLAN

Per-Hop Visibility

Physical and

Virtual as One

ACI Fabric provides the next generation

of analytic capabilities

Per application, tenants, and

infrastructure:

• Health scores

• Latency

• Atomic counters

• Resource consumption

Integrate with workload placement or

migration

Triggered Events

or Queries


ACI Layer 4 - 7 Service Integration Centralized, Automated, and Supports Existing Model

• Elastic service insertion architecture for

physical and virtual services

• Helps enable administrative separation

between application tier policy and service

definition

• APIC as central point of network control with

policy coordination

• Automation of service bring-up / tear-down

through programmable interface

• Supports existing operational model when

integrated with existing services

• Service enforcement guaranteed, regardless

of endpoint location

Web

Serv er

App Tier

A

Web Server

Web

Serv er

App Tier

B

App Server

Chain

―Security 5‖

Policy Redirection

Application Admin

Service Admin

Se

rvic

e

Gra

ph

begin end Stage 1 …..

Stage N

Pro

vid

ers

inst

inst

…

Firewall

inst

inst

…

Load Balancer

……..

Serv

ice P

rofil

e

―Security 5‖ Chain Defined


Open Ecosystem Framework Full-Featured, Programmable API and Data Model

Object-Oriented

Centralized Automation

RESTful XML / JSON

Open Ecosystem

Framework

Comprehensive

Programmability and

System Access

Northbound API

• Rapid integration with existing

management frameworks

• OpenStack

• Tenant- and application-aware

Southbound API

• Publish data model

• Open source

• Enables application portability

*Only straight chains supported at FCS

System

Management

Hypervisor

Management

Automation

Tools

Orchestration

Frameworks

http://www.hsvsummit.com/images/sponsor_logos/CA_Technologies.JPG

http://www.siia.net/codies/2009/finalists/logos/2-SolarWinds_Logo.JPG





APIC

Agenda



3. ACI Fabric



ACI Fabric IP Network with an Integrated Overlay

• ACI Fabric is based on an IP fabric supporting routing to the edge with an integrated overlay for host routing

‒ All end-host (tenant) traffic within the fabric is carried through the overlay

• The fabric is capable of supporting an arbitrary number of tiers and/or partial mesh if required

• Why choose an integrated overlay?

‒ Mobility, scale, multi-tenancy, and integration with emerging hypervisor designs

‒ Data traffic can now carry explicit meta data that allows for distributed policy (flow-level control without requiring flow-level

programming)

IP fabric with

integrated overlay Each node will be assigned loopback IP

address(es) advertised through IS-IS

IP un-numbered

40 Gb links


802.1Q VLAN 55

NVGRE VSID 5165

VXLAN VNID 8765

Port 1/4

10.10.11.12 VRF Retail Bank

10.10.11.12 VRF Shared

192.168.11.3 VRF Storage

Port 8/2

• Forwarding is fully decoupled, flattened IP address space

• You can define a Bridge Domain forwarding policy to ‗create‘ standard VLAN behavior where required

True ‘Any to Any’ Connectivity

Forwarding within the Fabric is defined by forwarding policy

defined by the Application Network Profile (EPG) policy, ‘not’ by the VLAN,

VXLAN, Subnet, VRF, …

All single port can support all

encapsulations simultaneously

Forwarding is defined by Policy EPG ‘Web’

can talk to EPG ‘DB’ independent of IP

subnet, VLAN/VXLAN, VRF is Policy says

it should


Policy Coordination with VM Managers

Network policy coordination with virtualization managers

Automatic virtual end point detection and policy placement

Policies consistently implemented in virtual and physical

Network policy stays sticky with VM

Hypervisor Management

Web App DB

Application Profile

Network Policy Coordination

Web App DB

PortGroups VM networks

VM Attach / Detach

notification PortGroup

VM mobility notification

APIC


VMware Integration – App Instantiation

Instantiate VMs

VI / Server Administrator

Fabric

Policy

Download

Create

Application Profile

Web

App

DB

Web

App

DB

Creation of PortGroups

APIC Administrator

vCenter

Map to

PortGroups

2013

APIC


Nexus 1000V Integration Overview

ACI-focused Control protocol

Control channel in Port Channel, VPC modes

VM attach/detach, link states notifications via control channel

vMotion

VEM extension to the fabric

vSphere 5.0 and above (4.1 under consideration)

BPDU Filter/BPDU Guard

SPAN/ERSPAN

Port level stats collection

ACI Fabric Controller

Southbound

API

VM VM VM VM

Cisco Nexus 1000V

vSphere

Hypervisor Manager

APIC





APIC

Agenda



3. ACI Fabric



Merchant+ ASIC Foundation

State of the Art Mechanical

Design

Object Oriented Programmable

OS

Next Gen Development and

Verification Methodology

Two Modes of Operation

Standalone (NX-OS)

Fabric Mode

Built with a Better Switch – Nexus 9000


Modular Switch Platform – Nexus 9500

Nexus 9508 • 13 RU high

• 30Tbps fabric today

• Up to 288p 40G &

1,152p 10G

• Headroom for 100G

densities

(connectors, power)


Fixed Switch Platform – Nexus 9300

Nexus 9396PQ

• 48 port 10G SFP+ & 12 port 40G QSFP+

• 2 RU

ACI Ready Access Uplink Module

Nexus 93128TX

• 96 port 1/10G-T & 8 port 40G QSFP+

• 3 RU

Nexus 9300 - Common

• Redundant FAN and Power Supply

• Front-to-back and Back-to-Front airflow

• 12 port 40G QSFP+

• Additional 40MB buffer • Full VxLAN Bridging & Routing Capability


Problem • 40G Optics are significant portion of network CAPEX

• 40G Optics require new cabling

Solution • Re-use existing 10G MMF cabling infrastructure

• Re-use patch cables (same LC connector)

Cisco Optical Innovation Removing 40G Optics and Cabling Barriers

Cisco 40G SR-BiDi QSFP • QSFP pluggable, MSA compliant

• Dual LC Connector • Support for 100m on OM3 and 125m+ on OM4

• TX/RX on 2 wavelength @ 20G each

Available end of CY 13


Open, Flexible, & Choice

of Programmability Modes

Per-Box

Programmability Centralized Fabric

Programmability

Enhanced

NXOS

Policy Controller

iNXOS

1/10/40/100GE

Common Platform

Network Ops Driven,

Switch Automation

User Driven, Policy Based

Fabric Automation

Q4CY13 Q2CY14

Common Platform & Investment Protection Complete Architecture

APIC

Application Centric Infrastructure (ACI)cloudday.momart.hu/Assets/Cisco_Boross_adam_Az...OPEN...

Documents

Transcript of Application Centric Infrastructure (ACI)cloudday.momart.hu/Assets/Cisco_Boross_adam_Az...OPEN...