Our  top  5  favourite  features  of  Cisco  ACIMartin  LipkaHead  of  Connectivity  Architecture

The  Revolutionary  Feature  1New  Layer  of  the  Network  Abstraction

We  often  forget  about  the  main  goal  of  any  network  “connect  point  A  to  point  B”  because  of  the  many  standards,  solutions,  protocols,  specialised  appliances,  available  opinions,  virtualised  and  physical  workloads etc.

Cisco  ACI  New  Layer  of  Abstractions  brings  us  back  to  basics,  by  simplifying  the  network  architecture,  operations  and  management,  and  exposing  a  revolutionary  and  flexible  world  of  objects.  At  the  same  time,  it  fully  automates  complex  tasks  and  protocols  making  them  invisible   in  day-­to-­day  operations.  

Cisco  ACI  fabric  is  not  magical  even  though  it  seems  like  it.  It  uses  a  series  of  carefully  architected  and  orchestrated,  well-­known  and  respected  techniques  to  manage  a  successful  network,  while  resolving  its  operational  problems  through  the  introduction  of  different  innovations*

*more  examples  next

2

The  Revolutionary  Feature  1New  Layer  of  the  Network  Abstraction

3

Advantages  for  Pulsant:• Connects  the  goals  of  the  Application  with  the  Infrastructure,  resulting  in  a  revolutionary  ability  to  surround,  complement  and  host  any  solution/customer  on  a  shared,  secure,  simple  and  fit-­for-­purpose  unified  infrastructure

• Improves  Cloud  Operations  by  introducing  a  single  architecture  and  language  simplifying  Network,  Storage,  Compute  Operations  

• Increases  application  security  by  providing  more  network  clarity,  visibility  and  consistency  • Ability  to  run  seamlessly  the  Traditional  and  new  Application  architecture  on  a  single  and  unified  infrastructure  

• Connects  the  virtual  and  physical  layers  redefining,  unifying  and  widening   the  Pulsant  Managed  Cloud,  Hosting  and  Network  architecture  to  create  the  DC  network  fabric  of  the  future!

• Simplifies  the  network  infrastructure  by  enabling  non-­network  and  non-­technical  staff  to  operate  their  network  resources  through  exposing  the  functions  that  matter  to  the  ACI  user

The  Most  Important  Feature  2Simplicity  

Please  be  aware  that  I  will  be  utilising  the  term  of  “simple”  VERY,  VERY  often!

4

• Exposes  a  simple  new  layer  of  abstraction  concentrating  on  the  Application   (but  not  only)• Powerful  Cisco  APIC  controller  with  out-­of-­the-­box..  everything!• Provisions  and  operates  a  powerful  DC  fabric  utilising  a  single  controller  with  simple  GUI/API

• Simplified  troubleshooting  based  in  GUI  and  CLI,  configuration  and  software  management  • Fabric  oriented  network  to  provide  switching,  routing  and  L4-­7  firewalling  out-­of-­the-­box• Removes  complicity  of  managing  virtual  and  physical  infrastructure  as  everything  is  an  EndPoint.  

• Introduces  the  world  of  automatically  integrated  controllers  and  appliances  • True  and  flexible  multi-­tenancy  and  health  score  and  stats  per  object• In  summary,  great  hardware  and  software  stability,  objects  flexibility  and  powerful  next-­gen  functionality  and  monitoring  operated  by..  the  The  APIC  (Team)  out-­of-­the-­box!  J

The  Most  Important  Feature  2Simplicity  

Advantages  for  Pulsant:

5

• Delivers  instant  network  visibility  for  all  layers  of  Pulsant  Network,  System,  Cloud,  Provisioning,  IS  and  SA  Teams  and  network  go-­to  place  for  the  new  Pulsant  Portal  

• Built-­in  concept/help  data  bases  of  all  objects  available  in  the  GUI• Unifies  Pulsant  Networks  and  Services:  DC  Distribution/Access,  Cloud,  SAN,  Backup  etc• Seamlessly  connects  Pulsant’s major  products:  Cloud,  Managed  Hosting,  Colocation• Automates  provisioning,  monitoring  and  troubleshooting  of  the  DC  network• Merges  and  unifies  the  Pulsant  virtual  and  physical  infrastructure  and  workloads• Improves  visibility,  monitoring,  troubleshooting,  management  and  reinforces  the  configuration  consistency  

• Enables  Pulsant  Next  Generation  inter  and  intra  DC  products• Simplifies  overall  Operations  and  Products  in  Pulsant  DC  networks  

The  Futuristic  Feature  3The  World  of  Controllers  

6

• New  definition  of  openness  in  Multi-­vendor  and  Multi-­service  infrastructure• The  greatness  of  your  infrastructure  is  (or  will  be)  defined  by  the  functionality  in  your  controller(s)

• Integrates  Controllers  (Vmware,  HyperV,  OpenStack)  and  manages  different  parts  of  the  infrastructure  to  allow  out-­of-­the-­box  automation  

• Integrates  L4-­7  services  (F5,  Cisco  ASAv and  many  others),  complementsmodern L1-­3  services  delivered  by  the  ACI  fabric

• Provides  access  to  both  physical  and  virtual  network  through  a  single  controller,  instead  of  management  of  a  number  of  devices  spread  across  the  DC  or  traditional  physical  network  infrastructure  and  virtual  SDN  controller  (popular  in  first  phase  of  SDN  movement),

• Enforces  infrastructure  standards  by  the  GUI  or  API  (XML/JSON)  templates• Please  be  prepared  to  deliver  90%  of  your  operations  through  the  APIC  controller,  either  with  the  provided  GUI/  API/CLI  and  only  10%  of  in-­depth  troubleshooting,  while  logging  in  to  the  switches  building  the  fabric.  

The  Open  Feature  4Open  API

• The  new  language  of  modern  infrastructure  • Fully  Open  APIs  of  ACI  define  the  ability  and  level  of  integration  with  other  parts  of  the  infrastructure  both  today  and  in  future

• Fully  Open  Integration  of  well-­known,  home-­build  portals,  data  bases  and  open-­source  controllers  

• Automated  integration  with  other  parts  of  the  infrastructure:  Cisco  ASAv,  F5,  Vmware,  Hyper-­V,  OpenStack  and  many,  many  other  providers  (the  list  of  constantly  expanding!)

• OpFlex (coming  soon)• Please  be  aware  that  APIC  GUI  is  build-­based  on  the  Open  API  calls  available   to  the  user,  therefore  all  functions  of  the  GUI  are  OPEN!

• Super  Simple  API  operations  and  development  supports  JSON/XML/Python  (and  others)  complemented  by:  Visore,  API  inspector,  Save  as/Post  functions,  debugger,  build-­in  API  documentation.  I’m  not  a  developer  but  I  can  teach  you  to  use  it  in  just  30  mins and  you  will  be  able  to  develop  your  API  calls  on  your  own  right  after!  

7

The  Innovative  Feature(s)  5New  and  Unique  functionality    

8

• Powerful  monitoring  of  any  ACI  object• Switching,  Routing,  Firewalling   in  hardware  -­ all  part  of  a  single  fabric• Flowlet switching  and  Dynamic  packet  prioritization  – Big  Data  and  efficiency    • ACI  object  QoS simplifications  – another  example  of  the  great  benefit  of  an  object  abstraction  

• Build-­in  TACACS,  Syslog,  SNMPtrap,  Health  Cost,  Interface  monitoring  and  more• HSRP/VRRP  – out!,  STP  – out!• Optimizing  broadcast  maybe  one  of  the  great  advantages  and  disadvantages  of  traditional  networks  designed  in  1980s  J Sadly  it  doesn't  fit  Next-­Gen  infrastructure  of  2015!

• Troubleshooting  of  the  virtual  and  physical  networks  with  unified  methodology  with  atomic  counters,  SPAN  and  End-­to-­End  traceroutes,  itraceroutes and  ipings

• Simplifies  shared  services  integration  utilizing  External  L2/L3  EPGs• Many  others!

Lessons  learned

9

• Automate  as  much  as  possible  as  you  will  learn  to  dislike  part  of  the  infrastructure  that  is  not  automated  –OpenStack  example

• Start  building  your  architecture  by  designing  it  in  the  new  layer  of    the  object  abstraction.  Define  your  objects  templates  and  naming  schemes  as  object  ID  is  it’s  name.  This  is  important   to  avoid  unnecessary  complicity.

• Don’t  be  afraid  of  the  ACI  fabric  and  dive  in  to  the  fabric  CLI  to  understand  what  happens  in  the  background  –this  is  the  best  way  to  fully  comprehend  the  ACI  fabric

• Remember  that  the  great  performance  and  functionality  of  the  ACI  fabric  is  delivered  by  specialized  Cisco  hardware  chips  inside  N9Ks.  As  with  all  hardware,  learn  how  it  works  and  understand  its  support  limits.  Even  though  its  is  high  enough,  unfortunately  magic  does  not  exist  and  everything  has  its  limits.  Be  safe!  

• The  Object-­oriented  model  is  based  on  the  promise  model.  Refreshing  certain  functions  might  help  to  enforce  it  if  some  parts  of  the  fabric  does  not  comply  with  the  controller  – important  with  ACI  testing  and  split-­brain  scenarios.    

• Read  the  software  upgrade  manuals  and  understand  which  should  be  part  of  the  ACI  fabric  should  be  upgraded  first  (switches  or  controllers)  to  ensure  that  your  upgraded  process  runs  smoothly!  (I  obviously  always  did!  :])

• All  ports  on  the  Leaf  switches  are  in  DOWN/DOWN  state  by  default  (for  a  reason).  Remember  to  test   the  connectivity  of  your  Leaf  switches  to  Servers,  while  simulating  a  failure.  By  connecting  Servers  to  the  Leaf,  ports  state  goes  to  UP/UP  state  but  it  doesn’t  mean  that  the  ACI  object  configuration  is  applied  to  the  Leaf  port.  If  not,  the  traffic  passed  by  the  Server  to  the  Leaf  switches  could  be  blackholed.  Servers  are  not  very  smart.

• Test  your  L4-­L7  integrations  well  and  always  use  the  latest  packages!    

10

Any  questions  or  challenges  ?  J

BY APPOINTMENT TOHER MAJESTY THE QUEEN

HOSTED IT AND DATA CENTRE SERVICESPULSANT LTD

READING, BERKSHIRE

11