01 ACI Intro

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so what does the ACH transfer it is application centric infrastructure application centric C as the word says using an application you're going to control configure not control I can say configure the infrastructure why that will be more scalable more robust easy management you know that's the main purpose and let me make it very short to make you understand why we need a CA if you if you have a CI if you adapt a CI in your data center you need not to go around every single device to configure repeating again when we have a CI infrastructure in our data center we need not to go to every 5k every device and configure something no you need not to do that by going to every single device you can sit on one graphical user interface application in which you can define your policy and say this is what I want this is what I expect from my network this is what the output I want so on this is what so-and-so is what can come to so and so these are all the customers I have and these are all the servers I have and these customers can talk to these customers these are all what policy and this is what the VLAN I want and in order all those stuff Qi stuff everything now those policies all those policies you define using graphical user interface which will be like this now you click and then you define the policy you go to you click the policy you will get the policy list interface policy you can configure interface policies VLAN pools you can have number of VLANs in the pools you can have switch policies you know likewise you know you can create many policies and put everything together zip it and push it to the fabric and fabric will start working according to your policy so you wanted to go to every single fridge and apply the policies to the interface or the switches you just configure the policy that you need in this single graphical user interface using which you know you can push what you want and all this switches this three leaf switch and the spine switch will obey you will take the order and configure themselves according to your policy and they will start behaving as you want as you expect so this ACI uses the tool the application tool called epic application policy infrastructure controller this epic is I know a server from Cisco you buy the server and Cisco always recommends you to have three servers epic servers and you connect to this leaf switches we'll discuss about this two-tire architecture finally in some time but now as of now what I am saying is this epics are connected to this switches leaf switches but they do not participate in any control plane or data plane epic is what you know I'm showing you know the graphical user interface that you are seeing now that is like you know that is sitting out of band that is sitting away they are not in between they are not coming in between the traffic flow to control through this epic you define what you want the policy and then you push those policies down to the fabric and fabric will start working at as per your policy as per your wish so epic is not a control plane or data plane no package will come to a peak and ask can I forward this can this guy talk to that guy no it is not no one is going to come and ask permission to the peak if we can separate no you just configure using a pick you go to the Sepik server you say what your policy is what is your layer a layer photo layer seven service policies are and what is your interface policy what is the switch policy you define all those things using this graphical user interface and push it to this fabric and this fabric will configure themselves according to the policy given by epi so the fabric itself has got the control plane and data plane configured according to epics epics no epics order according to what APICS was no recommending so repeating again because of this you need not to go to every single device single port and say switchboard mode axes or switch port mode anything you no need to do anything like that in order to go and configure we lands on the ports and on every switch on every port so in data center this ACI using epic makes the configuration and management simple simplified color initially because we are all CLI guys it will look like you know configuring through epic is more difficult than going through a CLI that is a feeling you will get but when you think about long term you know you will evilly enjoy this epic conferring through a big y-you know the profile that you the policies that you create the profile that you create is reusable its reusable you you just configure a policy for an interface that policy is reusable when you add more and more leaf switches when you add more and more switches or repress features very usable you no need to go and do the job again and again once you need to take some time create policies and then that's it anything you want to change the small change that you make in the policy here in this graphic it is an interface and it gets them first there in the fabric so initially it will be like you know a big job that you do but for long run this is more suffocating more more more easy alright so now going back to our so this just epic is the one which makes this application-centric infrastructure possible ACA is possible because of epic epic epic is a server as I told you from Cisco and because it's very important server Cisco always recommends you to have three epochs three servers for your data center infrastructure now epic sensor application policy infrastructure controller as I already told you and you also saw in the diagram how it looks like I'll show one more diagram so you know the head there are three servers here you can see three epochs three epochs menu configure in one it gets replicated to other to you you know I do repeatedly repeatedly configure other two right initially you will cluster these three when you start the server it is starting a CLI mode and you need to you need to say this is a big one and I have two more epochs now you initially you need to do some basic configuration to cluster them and then you will start getting the GUI of this when you get the GUI of this then it will be like what you saw some time before the GUI of epoch I showed you and when you configure on one it gets synced with the other no need to worry about you know the configuration even if one of the epic goes down there are another to a fixed there so for redundancy it is always recommended to have three bigs again I am Telling You it is not a control plane or data plane but this helps to configure the fabric instead of we going to every switch now what you see here is a spinal leaf architecture that is what ACI has cut that's what our next point is so ACA there is no there is no core layer aggregation layer access layer no more those stories are over those are old stories you know we used to have access layer code layer and then write for redundant CV is to have lot of stuffs we used to do those things are no more what we have is is finally for Kotecha now what is the difference what is the difference what is the advantage of having spine and leaf the advantage is too many actually but for as of now I want to make it simple short as as we start learning more and more deeper you believe let you learn more the advantage in the previous approach the three-tier architecture approach we used to go between top to bottom north to south meaning if a traffic wants to go from one villain to another villain it needs to go to the aggregation layer and aggregation layer will decide how to go will route the packet if some wants to go from one segment to the other segment it needs to go through the core core has to decide so it was you know communication between south to north and north to south whereas in spinal if architecture we have left to right so there is no vertical instead we have what horizontal approach horizontal approach what do I mean by that I mean this I mean once again I mean this if someone in 10.0.0.0 once to talk to 20 dot 0 dot 0 & 1 subnet I no need to good to anyone I can go straight like this and I can go I myself can now figure out where 20 dot 0 dot 0 dot oneness and I can I can go and reach the 20.000 at one I know need a aggregation layer to decide on my path selection or for routing I myself can reach the other other other side I myself can route it using overlay concept me excellent we'll talk about this so it is it is you know left it is between east and west not not south and north east and west so what is the spine and what is this architectures leaf architecture what it is actually what is the advantage or what it is actually you know we have done a CCA data center staff where we learn fabric part fabric part here there also we saw this final leaf were do the approach same like that here this leaves are the one which is connected down to the server's email server or you know it may be connected to 5k or a normal classical switch form a layer 2 switch alright now this is the one which is connected to another routing device right so like this you know so you don't you don't connect any server or a switch or a router to this spine switch they are not meant for that you cannot connect a host to a spine switch if you connect that port will get disabled automatically automatically get disabled now then why we need this point for you to understand why we need spine I would like to give you one nice example in OSPF why do you have area 0 it's the same story it's the same story now the server that is connected to this leaf chutes let me call this as leaf one leaf to leaf three leaf four five and six so a server is going to leave six and the IP address is 10.00 and the MAC address is ABCD this they learnt said and informs this guy now why are this so every spine knows about this and it is a spine the one which is going to propagate this to the others points sorry other leaves now this leaf one knows that if I want to go to 10.0.0.0 hundred or 0.01 if I want to go to 10.0.0.0 six how lefur knows about it because it was propagated from spy from leaf six to the spine and spine has propagated the information of the server connected in leaf six to the other leaves so that's the main job of spine spine is like you know the super brain on the top super brain on the top to which no host will be connected no hosts should be connected to the spine no hosts spine will be always like you know kind of designated router in an in a in a broadcast domain in OSPF it would be like a designated router you know getting information from dr other router and giving the information to all the other routers likewise no leaves can be connected like this cannot connect leaves like this no spines can be connected like this as of now as of now this is how it is you cannot connect leaf to leaf you cannot connect spine to spine that is other design goes you cannot connect spine and spine even leaf leaf has to be connected to spine and spine connected back to the leaf that sound that is how it is and epochs are connected to any of this leaf it can be connected to any one of this leaf or any three of this leaf your wish so I big is again you know a controller as we already saw so you know this this coin is not going to have any host all the hosts are going to be connected to leaf only and every leaf we know who is connected to other leaves right that is taken care by the spine there on the top all right this also does you know equal cost multi path thing all the steps are supported here is is protocol is in picture now almost looks like a fabric path but it is not fabric but it is something bigger than that and we have multiple multi paths all the equal cost say for example you know if someone here a wants to go to see here it will go when this way another this way so you know energy all are cost the same because there is only two links the cost is same the load balancing will happen automatically ASA's is then the bit in the in the in the back bed in the backbone you know same same like fabric but yeah few things are same like fabric path we will will discuss those differences later in detail but this is something amazing you know you will see few things that we are going to learn is no way matching with our today's understanding according to us traffic from one we let cannot talk each other or a computer devices in one subnet cannot talk to the device in another subnet you know we have V for security we started using VLANs VLAN the purpose vielen is to just to provide a broadcast domain but we started using it as a security feature even the IP address you know 10.0.0.0 dot zero network they don't talk each other so we started using that as a security parameter if I don't want these two guys to talk each other I'll put them in different subnet but that is not actually the IP addresses meant for IP address is meant for identification to identify a device in a group that is what it is meant for so you know a few things which you are annoyingly doing for long years is no more we will have proper approach towards VLAN proper approach towards the IP address and so on you know those details are coming in our next let's go back again so we have instead of vertical approach we have left to right approach we don't have the aggregation Lee and code layer we have spine leaf fabric approach we don't have the three-tier architecture as we already discussed it is a pick the one application policy infrastructure controller it is the one through which you will be configuring the fabric you are not configuring a single switch single spine or single leaf going to each box rather you open the epoch you open the GUI that I showed you you open the graphical user interface and start configuring the policies you define how the fabric should behave according to your policy you start defining the policies and you put all the policies together and push it and your fabric will start working like that so what I am coming to say is you make this entire setup as what you know as one layer to switch whatever later layer three dip it you make it as a switch and these are the ports for the switch right and this one is acting like a back panel motherboard of the fridge and a pick is the one with through which you configure it and get this done now that is what you know you're getting out of ECI using this implicit so you make multiple leaves and multiple spines to act like one fabric if I want more bandwidth then I'll add one more spine more fast more bandwidth much more again I add one more spine more faster more additional bandwidth here more throughput here I think you started reused you started getting the bigger picture of what this fabric means you know so through a CI this is possible now you no need to really do any alteration on the epoch when you keep adding more spines that's why you know I said it is scalable in order to go to every spine and start configuring you know when you add some some new spines to all that you need to do is map the profiles the policies that's it right you just add spine and the policies get added to it and you will get more throughput more bandwidth so it's more robust so what is a pig it builds the controller to manage the fabric as a single entity so your entire fabric is seen as what single entity so it provides a controller or it provides a controller to manage now complete fabric as a single entity not as ten spines and the twenty leaves not like that you don't see that thirty devices there you see one device there you may have physically thirty device ten spine and the twenty leaf but you don't see like the thirty device there in the fabric you see as a single entity that is provided through this epoch that feeling is provided because you got single controller to manage the entire fabric the controller is what called as application policy infrastructure controller so through this application policy infrastructure controller what you got is a single entity which is called as a CI a single fabric which is called as a CI right now that by default no traffic's are allowed to pass through unless you write a policy so between this fabric no traffic's are allowed to pass through unless you write a policy you have a contract we'll talk about contract we will talk about tenants right we will talk about context vr af-s and so on you know little by little we will be keeping it keep on adding those things so you know unless those policies are defined and put together traffic's cannot pass through so no traffic's are by default going to pass through this fabric unless you have a policy you know how it works you know first I know if a pic is connected to this switch usually disconnected with two interface and one will be standby another will be active so the Sepik will first discover the leaf and then from leaf you will start discovering the spine and the spine will start discovering the other leaves after a point of time the entire topology will be discovered using lldp and CDP the discovery happens and the fabric comes up and the fabric comes up don't expect that traffic from B to a can pass through no they cannot pass through unless you write a policy fabric has come up it is like you know you just brought ash rich and you correct to PC you cannot expect them to communicate you need to go to the port and you need to bring the port up and you need to provide some real and only then you know they talk likewise unless you provide the policies the contract who can talk to whom the communication won't happen so it is a wonderful stuff you know the fabric discovery is also dynamic we will talk about that in detail but let's have some introduction today so the default rule is deny all traffic now what does the ACI provides this ACI provides a CA fabric provides performance optimized stateless infrastructure with a single point of policy management what do you understand from this it's the same terminology we we saw in uses class even uses is also no what about uses des is the uses manager same definition for uses management performance optimized stateless infrastructure what it means is when I when I remove a device the policies are removed when I add a device to the board the policies are enforced stateless so the you don't go and configure anything on the interface everything is on the profile when you connect and say for example in uses when you when you have the blade on the on the slot the server policy works on the blade the blade has got no identity no MAC address nothing everything is on the policy it is stateless the thing is on the blade so in then you have the blade the policy is effective remove the blade the policy is removed likewise you know when I have some policies configured through epic let me make it more clear many have policies configured through epic do not expect that there will be some configuration on this box know you might have written a policy for a port number e one unless you have a device on e one you will not have the policy configured there that is what I mean he had stateless you correct the device you get the policy there you remove the device you lose the configuration you lose the policy there you know so that wonderful it is the dynamic it is now so the performances of Chima optimized here and it is also stateless infrastructure means you don't go and configure and keep everything already there pre-configured and when you when you plug in the interface and it takes it no not like that everything is there configured but it is not on the boxes it is on the epic it is in the application level when necessary devices are hooked up to the fabric then the policies comes into picture then the traffic flow is based on the policies menu many unmount the box the policies also get unmounted dynamically all right so stateless infrastructure so we don't do box to box configuration we don't go to every single box and configure the ports with the with the speed and duplex and IP address no we don't do those stories anymore everything is through epic the entire fabric is seen as a single entity as we saw and only through epic you a configure and based on your policy configuration when the devices are hooked up to the fabric the the output will be as per your policy so network policy is created in the epoch and that gets enforced in the fabric right now so so far what we learned is like a CA stands for application centric infrastructure so we we we go from the application point of view now we don't go later by network device by device we we see the job from the application perspective you know and the architecture that ACI has got called spinal leaf architecture finally fabric where instead of going vertically we go horizontally for for the decision-making for routing and so on for switching and routing and so on so it's much more faster and optimized and to configure to have is ACI what we need is a server from Cisco called epic application policy infrastructure controller so cisco recommends you to have three epochs what if I have only one epic can I have the ECI yes you can have but the problem is this you will have a red color a warning message on your epic page when the on the epic page you will have a red clear warning message saying hey you are you supposed to run three but you are running only one continue now ACI it has got epic as we already saw you know it provides you a single entity provides it shows the entire fabric as a single entity to us you know we consider as a single entity and manage them as a single entity I was drawing a border and I was saying oh it looks like a switch to us after we have ACI the filter fabric is considered a switch and be right lot of and we say how the traffic should be handled and who should talk to whom those contract informations those we RF information is those policy informations we write it through epoch we we configure using the GUI of AP but it is the stateless configuration what I am saying is when you say submit when you when you say when you when you say ok you don't assume that you know do not assume that whatever your configured is already applied to the fabric no fabric will get those configurations only when it gets the suitable device is connected to the fabric you know unless see unless there is a need for the policy the policy will not be applied that is what called a stateless infrastructure you know that's the wonderful stuff again I am saying you reminding you something like Zoe Pig is doing like this epic is not a control plane or a data plane epic is not a control plane or data plane so next is you know because of a say we need not to do box by box configuration you have to go to every single box and configure all that we do is we create policies for switches for interfaces for the for the interface switch ports you know forcing every single port will have a policy where the CDP is allowed or not LDP is enabled or not you know all the stuff for receiving LDP is allowed sending LDP is not allowed or sending and receiving both are allowed these are all what policies speed duplex all those things of policies which we create using epoch and then we put all there all of them together we bind VLANs now there are two different types of meal and mapping dynamic wheel and mapping static V and mapping he creates some wheel & poor's using this epoch for the interface to use and we put everything together zip it together and leave it like that when when the devices gets connected to the port the appropriate policy gets kick-started infect you this is what you know the overall picture of how the ECI infrastructure words everything is policy and application you know any other questions now it's a good question what is the default rule denial traffic so no traffic lingo or what so what it means actually is this see if you see this diagram I have an epic here and this epic is connected to the switch maybe another interface actually it always goes with two ports another interface may be connected to this one and they know they start discovering one of the port will be sent by one another one will be actually start discovering once the fabric comes do not expect the fabric to pass traffic no traffic will be allowed by default so you cannot expect the fabric to be up in an hour start start forwarding your traffic it will if you start forwarding where your traffic only based on the policies only based on the policies only if if you have written a policy for the interface to which the devices are connected and if the policies are permitting then only traffic's and a lot yes my question perfect static peeling Sandler's you finish the traffic on go not similarly unless you have a policy and then you have a contract to say this guy can talk to this guy only when the contract only when the policy is matched the traffic's are allowed yeah yeah but like in AAS a firewall no traffic so by default allowed unless they know or zone based firewall no traffic's are allowed to pass through unless you write a class map and policy map and service polished up or the zone pair similarly no okay fine let us warn now there is something called end point groups end point groups eep eep jeez
Info
Channel: Jayachandran
Views: 60,669
Rating: undefined out of 5
Keywords: ACI, cisco, jayachandran, sathiyan, networking, data center, online training, training
Id: ZKnzxRylOJ4
Channel Id: undefined
Length: 39min 13sec (2353 seconds)
Published: Wed Jul 13 2016
Related Videos
02 ACI Creating a Cisco ACI Fabric Automatically
Jayachandran
19K
CCIE Datacenter Training - Cisco ACI Basics from Networkers Home. CCIE Playlist and videos on ACI.
NETWORKERSHOME
70K
Cisco Software Defined Access Evolution
Tech Field Day
19K
The Story of Cisco ACI
John Swartz
55K
How Devices Connect to the Fabric: Understanding Cisco ACI Domains
Tech Field Day
366K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Marty Lobdell - Study Less Study Smart
PierceCollegeDist11
15M
Traffic Flows Through the ACI Fabric
Cisco
27K
Cisco ACI Part 1 | What is Cisco ACI?
RichTechGuy
1.2K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
Multi-Site And Multi-Pod
LumosConsulting
5.6K
Episode 2 - Introduction to ACI Tenants, VRFs, Bridge Domains, Application Profiles, EPGs and Contra
Cisco UKI
30K
Introduction to Cisco Application Centric Infrastructure - What It Is
Tech Field Day
57K
ACI Day1
Jayachandran
2.8K
Cisco ACI: What Is A Bridge Domain
Tony B
48K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.