CCIE Datacenter Training - Cisco ACI Basics from Networkers Home. CCIE Playlist and videos on ACI.

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
alright so from the starting onwards I am gonna give you basically a guidance what are the books what are the materials that you're gonna follow for this classroom trainings are could be for the online trainings also the one that you have to really go through would be double double dot cisco.com slash go slash ACI that would be the way that you would be going to a particular technology lengths from Cisco most of the time it will cisco.com slash go you can write on UCS you can read on ACI and even you can even write on Nexus now we would be trying to understand what is all about application centric infrastructures obviously most of the candidates over here who is participating in this boot camp they have a good understanding from the real scenarios how we build any kind of infrastructures what are the problem that we do face main thing is that we are trying to solve those kind of basic building blocks issues that we might have faced in infrastructure building but yeah this is the first thing like you can just follow right now application centric infrastructures ACI anyway that is the terminologies like most of the sales guys follow while making a sales kind of King kind of scenarios but mostly the ideas that we want to give Sdn infrastructures are to the customers so do like we had got a lot of number of Sdn product line but from Cisco this could be the best answer what I can tell you so what it does offers first thing is automation and agilities obviously automation is one of the very key things that's been coming up in the industry and how we are trying to achieve we'll try to take a look at look on it and obviously like open programmable because if you'll be seeing most of the trends maybe if you might be following LinkedIn or if you might be following the new technology enhancement it's the talk of programmability that we really talk about nowadays so it could be a network program abilities accordingly only we are trying to build and research on the new kind of operating systems so whatever the operating system that you do see that's me running on the hardware which could be on Cisco routers such as even when you talk about engine APIs or even an Arista they are trying to make that kind of voice which can receive some kind of programming skills I'm sorry anyone was talking all right so I think yeah I'll just expect that if everyone can mute from the air end if they have any query they can actually put the questions on the chat box if I'm not able to grab your questions you can just undo it and you can query your question I think thank you thank you yeah so I was talking about on the open and programmable obviously we are going to talk about what kind of program abilities ability we are going to get it out from ACI obviously security analytics this is also one of the very key features that's been coming up like we provide security but what is the analytics play that happens at the back end we need to even understand that stuff but obviously from an infrastructure basis we know that the key fundamental of things would be a security that we should apply but how proper way we can apply that security without doing a lot of number of Han hands on and making a lot of number of changes in their configurations like there would be some sort of artificial intelligence you can think about that's going to play the role and we are going to apply the Security's on it obviously the other thing is the mobility workload mobility we never ever know that where our workloads would be there because as we are building the data centers it's not only located at one locations it might be extended to the another locations of data centers and we need to have proper scenarios where we can have active active kind of data centers so what are the key things that comes up we need to really understand basically from a routing and even from the searching point of view obviously there's a specific report that you can freely follow I don't really waste a lot of number of time on it but this website does have a lot of number of details on it now coming to the building blocks of ACI whenever we talk about it's purely on the nexus 9000 series switches where we build this technologies so usually like this suggests can work as like a poor box programmability devices or maybe you can go with as a bulk or a bunch of number of switches where we can configure it in one shot so that's the answer from Nexus 9000 that you were going to see will see what are the different hard ways that we can follow for the ACI modes the next thing which would be the epoch like when you really see a most of the networking fundamentals nowadays there's a key word that's being called as controller so what is ultimately a controller from Cisco's answer will try to figure it out ultimately this is going to be called as epoch even in the another technologies like in DNA centers we call it as a pick eeehm and when you do see some another vendors they do also have the very similar kind of projects like controllers now the another thing that comes up earlier it's being called as a via switches but nowadays they have enhanced that skills and they call it as a see a virtual edge it's again like in a virtual world how we are trying to push down our policies by which the workloads which is being running in the VMS level they can do the routing they can apply the securities but that has to not go up to the levels or to the securities or to the switches level so we'll try to see up to an extent a cio geologists it's one of the very key new feature that has been enhanced from a cisco ACI but i would be telling this is just a naming convention that they have chained earlier it was called as a via switches and other things like more like from a case studies what are the different partners how we try to deploy the Asya networks basically like building your DC fabric from a greenfield environment or sometimes when we have to migrate form maybe from the environment of catalyst or iOS to the ACI infrastructures similarly like how we migrate there are many kind of case studies that you can get a look obviously there are a bulk number of white papers that is being available and that's good to be always a good documentation that you can use it for your projects where in your projects wherever like AC has been going to come up now the other thing is like automation should be a simple so we know it's one of the very basic pain point of most of the network engineers nowadays like they might be claiming that earlier I was doing OSPF EIGRP conflicts now sudden I have to go into the automation world I must be telling yeah we have to move but obviously cisco is gonna help us a lot maybe with the answer of you see Asst director so and probably in the data center studies you're going to see what is the meaning of uses director how it is going to provide automations but ultimately like we are trying to build that kind of infrastructures which can receive any kind of automation scripts which any basic user can also create it at least he should have an understanding on the infrastructures so we didn't really go to the depth levels of creating the scripts but at least you should know how to run that scripts and apply any or any kind of projects there are many another things guys so I would recommend take a look on it there are different centers like app centers where you can find out the different ACI related apps which you can actually put in your Mobile's which can actually use it for your management of your whole infrastructures similarly like you can get some smaller videos on a sea ice to know about some small key features that's been running at the packet the other thing that's been coming up in ACI is with the new releases is the multi-site how we are going to make two data centers as active active and how the traffic is going to flow obviously there would be a demos that you can take a look from the demos wise I would even give you the ideas from where you can actually use the Cisco's lab called as Adi cloud labs and get more understanding on it and even like other set of products which is being also aligned to be implemented as side-by-side with Cisco a sea ice project like one is the Cisco saturations which is called as a analytic software that is going to analyze the whole infrastructure bundle traffic and accordingly only it is going to guide you what kind of policies that you should be writing it out so it's one of the really revolutionary product that's being now enhanced or you should be telling now I'm going to be put more into the new coming projects that's been coming up from the Cisco side similarly they you out center so it's one of the must thing stuff that he should always take initialization from your studies voice what is all about this stuff obviously this is one again I should be telling a good answer from open surf that's one of the way of implementing any kind of app engines in your infrastructures so they a lot of things guys so that's one thing as a good answer which you can find out a lot of flight papers from an ACS point of view now coming to the books I I highly recommend that you should follow one of the book which I guess I'll just show you which even I have to followed for a while this is the one this is actually Cisco AC at Good Book why I really recommend this book because it does give you a full like process things in a very easy manner very easy language that you can drive this particular book you do find out every topic has been covered very properly a proper set of configurations what are the steps that you should follow probably that might have been given in to point X wasn't right now beyond the three point X was it but this of a Glee there's a lot of number of difference so I would recommend they you should take a look on it but if you want to go to the inside of the policy driven data centers like what is all about policies and that is the thing that we will be talking in this whole boot camp policies we might be knowing like from the networking world it's mostly being applied in the equality of services maybe on security levels or sometime on the routing searching levels also but this time the policies which we are trying to create that is purely on a data centers might be it could be for making a basic connectivities might be it could be providing security things or maybe some time to provide the load balancing as a services so the first one is the best one I should be recommending Cisco ACI cookbook and the other one which you can even follow from this course that's thing called as the and datacenters the other thing that you can even follow would be the VX LAN book from Cisco because anyhow on the ACS back-end it's all about the VX LAN or the evpn that is being running up so how these things are being added up in your infrastructures what are the backend configurations which is being put you can actually get inside of it by going with these specific VX land evpn books I guess they have let me show you this one would be present in Amazon daughter you there's a question of a a beginner level yes exactly it's basically for the beginner level because I must be telling when I started ACI it was one of the very confusing stuff for me the helpful thing was about this book I read through the book first at least I understood what is the theme what we want to achieve and then I had followed those specific steps in my demo laps so after following it then I try to make like why we should be applying this policies what are the different infrastructure problems that we do face and obviously these are the things that you will not see every time it depends upon every company's what are the problem and strategies that they have to run so it's a must read book but obviously when you want to go to the insight of any VX land set of things because ultimately it's all about VX land that is me running at the packet so maybe this VX land here you're going to use it as a bridging or sometime this week's land you can use as for the routing so what's being running at the back end you can take a look on this VX land bgp evpn so it's also a very nice book I hope you know how to really download the free version we are always used to it but yeah try to try to read this book that is the first intention and obviously the other thing is the always easy stuff for any guys who are going for any kind of implementation could be the ACI configuration rights so when you go with the ACI configuration guide which will be defined as epic basic conflation rights so they are different words and that they have mentioned like one is one point X which is a very old one two point ax most of the customer are being running this one and three point X which is being introduced I think in before like six months so in this book you are going to find out it's a book content what are the different authentication basic configurations and how even a provision your fabric services so a lot of number of information that are going to find out on to it but mostly the stuffs that are we going to do it's not from a command that we have to achieve we would be using more the GUI and we need to understand the GUI level things and accordingly only we have try to build the whole infrastop the curriculum from the AC ice basic boot camps where we are going to follow step by step a process like what is the meaning of controllers what is the meaning of Sdn and each and everything so there are lot of number of topics which is behind of AC I will try to see what are the different major topics just to give you a basic intro on it from a topic wise on ACS front it is very much to understand what is ultimately in Sdn technology so Sdn is a lot of number of things that is being written as a component but ultimately from ACI side what we do get and what we try we are trying to achieve from there there's a question is there anything that we should be falling and recommend into the books yes this this is the one that I'm trying to talk about like how the sequences I am going to follow and how you can really follow that particular book also apparently so the first thing is the Sdn what is all about Sdn concepts what is ultimately called as a control plane what is called as a management plane and what's being called as a data plane and what way they issues earlier and what we are trying to achieve with the Sdn technologies obviously we have many companies who have got different kind of answers from Sdn but Cisco they introduce the concepts of ACI so in this stuff what would be the control plane what would be management plane and who is going to play the role of data plane so we are trying to decouple these kind of function abilities so that we do not find out any kind of problems in the running infrastructure all the time there's a question over here is anything that you can follow from the SDA III must be telling like when you go with the global level or the global definitions of Sdn there are many number of books that you can find out in the global internet or maybe on the Safari book subscriptions but I must be telling like when you try to follow Cisco their mantra their fundamentals of Sdn is a little bit different what other windows used to follow so I don't want to really give you a confusion state when you get started from Sdn try to follow Cisco first ok and then probably you can make a comparison with the another windows might be next quarter you are going to study about Juniper control or maybe you want to go with juniper VMware NSX obviously all have got their own way of defining this deal but at this moment just try to stick with the Cisco's curriculum I don't see that they really don't define Sdn properly but yeah they properly tell you about how to really follow their way of defining the Sdn and how to configure and use it for your day-to-day tasks and your infrastructure building but yeah if you want to follow that probably I can give you it's being a long time for me when I read one and couple of STL related books maybe in the next classes I can recommit you or that particular books but probably I can't remember those right now so I was trying to talk about the sequences what we would be following so as the end what is all about it so ultimately it's all about the concepts of creating the epic because over here the epic is going to play the role for our control plane and kind of management plane but I'm going to put a star mark statements on it I'm going to define ultimately what is all about epic if you would be asking me epic it's purely in management plane and it's a controller pushing devices which will see accordingly that where we should write on the policies and accordingly only the quantification will be pushed to the respective such as so the sequence is that how we would be using epic how you initialize the epic for the first time uses obviously this is not the thing that you would be doing every day it's a one-time task so if you are running in a project you would be doing this task only once as similarly like you might have done the stuff for the UCS or maybe for your essay firewalls now after going with the SDN we should be understanding what is the back in term of VX LAN probably I am NOT going to go into the very details of the excellent but we need to really be make a basic understanding from a vehicle and how it is being attached in the AC eyes infrastructures because ultimately if I'm gonna make a communication from one VM maybe to the bare metal services and if I try to put them into one EP G's they might be there in a same VX LAN okay now how this VX LAN is working at the back end even though you do have different subnets but still they will be able to communicate so we will try to take a look on the VX LAN prospective what is all about and what is the complexities of configuring the excellent also because if you are going to ask anyone that then you can for your VX LAN or Cisco devices with the combinations of their control plane called EVP ins they will be telling that's a hell lot lot of number of steps that you have to do and that complexities are being really handled by a CI so you know to do a lot of number of back-end configuration tasks which we might be doing with the Cisco's routers and switches a lot but AC eyes is going to provide you that kind of automations of power on your devices that all this confusion will be done in just one single shot so I I always tell most of the candidates that whenever you study about VX LAN its first thing is that you should be basically known about the basic fundamental of VX LAN why we have introduced the excellent what are the problem that we are trying to solve with VX LAN but when it comes to a CI we need to see the things and answer from has GUI level like in GUI we do have many number of components and we need to understand their functional abilities that is very very important because always remember guys Cisco they really don't want to make the things more complex claiming that a netbook I can only do that networking it's being a platform where all the guys can really participate and if it comes to making a communication between two devices it can be done by any simple users also so they are trying to make a curriculum where you have to get an understanding from a GUI level but obviously when you go with the troubleshooting tactics you have to have understanding on the back inside how the things has been running from a be excellent how we are trying to achieve the multi and in C's in the ACS infrastructure which was one of the major goal of a sea-ice achievements so we'd be going to understand what are the basic levels of our making the understanding on the ACS side yeah I just given the record access to Apple until I can start recording alright guys so that was the thing that would go as a next step the third step that we would be following will be to understand its GUI like what are the different components and GUI that you're gonna find output like what is the meaning of tenants what is the meaning of access policies and many another stuff also so it is very very under it is very very important to understand what are the different Google intervals then if you have made a pacing like I know at least the GUI what are the tasks that we can do at what locations then Mali we can make our major infrastructure building tactics and among them the first and foremost thing that you should be able to understand how to make any kind of infrastructures in VMware world ultimately this is our topic called vmm integrations now EMM integration is not only the stop that the VMware because when it comes to the virtualization cloud it's not only being Ben who is providing the virtualization cloud it's being like hyper-v they are also providing and even in on the way OpenStack is also providing but as the example and one of the devilish net product line from VMware we are going to follow them first so you know being the VMware cloud how you're going to make that things we will try to make a basic understanding on it but obviously some of the Fox might be not very known with VMware some of the tasks that we would be doing some time it would be pretty confusing like whenever we will be telling DVS or very deists ultimate it's a similar stuff but we'll try to take off basic classes on VMware also because I don't want to make situations where people are just blank and what I'm doing on none of the guys are able to understand because I have seen people coming into the Cisco's bag but maybe they might be not having a background of being there also so not claiming that everyone doesn't have but at least I would try to follow this stuff now after making the vmm integrations it is very very important to make the integration to the physical world so we'll try to see how we are going to get connected to the physical world which could be even in Cisco switches which could be cisco routers not only cisco searches it could be a me another band was also whatever the devices who can understand the concepts of VLANs or the concepts of subnetting we can actually attach them so in that regard we would be trying to cover up the major two topics called as l2 out by which we will be trying to do the bridging or you can think about as a switching so will try to switch any bridge network to the another bridge networks maybe through the ACS fabric so that is the main thing that we are going to try to achieve at the l2 out and similarly when I do have any kind of l3 infrastructures we will try to see how the l3 out is going to be configured to it now that's the main thing that we would be trying to see to connect to the physical world but it's not only the physical world which we need to only get connected and that's not the only thing that a CI only gives you as a packages they even give you the another package called l4 to l7 integrations so which is basically going to talk about how you are going to build your infra and provide the different set of services like load balancers maybe firewall and you want to do any kind of third-party integrations so this is one of the things which you would be going to hear a lot like service stitching service chaining or it will sometime I will for l7 integrations or even sometimes third-party integrations it is all everything is going to give you the answer like how we are trying to make other vendors to be compatible with my device set of conflicts so I don't want to go into the f5 load balancer and do the basic configuration I can even do that task even by sitting on the AES level also so ideas that make the things pretty easy back and there a lot of complexity things are being running at least we will try to even try to take understanding on it and we'll try to build our infrastructures now obviously when I am talking about the GUI levels I'm going to even talk about what is the meaning of EPS what is the meaning of EP GS and what is the meaning of contracts so these are the major terminologies that you want to follow a lot guys and accordingly only we will try to make in it and any kind of communications so nowadays like when we talk about in the basic networking we always claim that there is a VLAN that is not communicating through another penis but that's not the way that we will be defining in the AC is we will define in such manner that there's an endpoint or maybe this could be our endpoint group that's not communicating to the another endpoint group so we'll try to take a definitions what are that basic definitions and accordingly malli will try to build our in France so guys this is the way that we are going to follow and accordingly only we will try to complete our bootcamp so try to follow the books and I hope like in the books also they have followed the similar ideas all right so if I'll get started guys this first sections we will talk about mostly on the SDN primer and what is ACI overview you all right so I have critique also okay but they give me to the recording sessions option alright guys so let's get started first with sdn primer and what is all about ACI overview so if you might be following YouTube you might be following Cisco lives or meaning the videos there a lot of number of definitions there are lot of number of things that can really give you the basic definitions everyone has got their own way of defining it but let's try to make the things pretty easy maybe some of the guys who might be working in the infrastructures they know what are the problems that they face accordingly malli will try to find out the the good way of defining an answer to the AC eyes first and foremost thing from the objective eyes what is all about Sdn what is overlay networking primer easy I will use it and their basic terminologies and what are the different application language barriers that we do face and how we try to solve that kind of issues so coming to the first and foremost thing as Dino overlay networking I hope we might have heard about this stuff a lot so when you will be talking about the industry trends so there are lot of number of Windows who are coming up with this answer like Windows Google VMware Amazon they are all building their own specific clouds and their own way of defining and creating any kind of networks it's not only this place even we do find out the rules of DevOps and the rules of public and private clouds that's been coming up because ultimately it's the application which we have to host anywhere and that application hosting has to be a child it has to be scalable and it has to be written and and with the proper management that's the main idea of what we are trying to achieve with data centers so it could be any Wendall's who's providing data center that's least matter for us at this moment what does matter whether my application is in the safe hands or not so maybe that could be placed in private clouds or maybe it can be placed in the public clouds but what are the back-end technologies that's being used that really makes a real play like whether your cloud says scalable or not whether your cloud is elastic or not that really makes a very major differences with the under the windows clouds but when it comes to the networking stuff when we really talk about there's a huge involvement of Sdn technologies that we are training and trying to see and their lot of number a place that has been coming up now among them I must quit telling they are industry-leading Sdn windows that you do find out obviously you can even find out from the Gartner reports also so you do find out you do have VMware you have no ads that's being one of the key windows for your SD SD van product line but these are the basic neo operational models that is been evolving in the application hosting though might be there was a public cloud for a long time but when you do see public cloud early like ten years before and now you do see there's a revolutionary changes and lot of number of services that has been enhanced to it similarly they are some other services like MongoDB cloud data they have really enhanced and making as per the application what is being me he did at this levels and you might be knowing there's a huge involvement of DevOps models which can include like self puppets event like you do have other product lines of divorce which is making the applications more agile at this moment but at this moment like when we talk about molding on the SDN product line when we talk about Sdn there are many definitions that comes up but from a global level people used to tell that we want to really decoupled the function abilities of control plane data plane and management plane now to really understand that things from a very basic level if you see any kind of routers okay when we do have any devices like we do have one server be to have users that is in the cloud that is present and if they have the communication that is been going through the routers there are multiple levels of plane that is involved over here like in this router first of all they should be a proper management maybe that could be done by our console levels or maybe through up of BTY levels basically from our SSH or maybe through tenets but at the back end of this router there would be some specific protocol that might be running like maybe it could be OSPF that's basically called as of a control plane and when it comes to that data plane it is on the chip levels how their data's are moving from one point to the another point but the idea of Sdn is that how we can be couple all these three function abilities now obviously a lot of Windows they came up they gave their own way of developing the things they might have decoupled everything but at one moment we need to see that it's a huge involvement of virtualization that has been coming up but some of the customers will not go purely on to the virtualization levels so they have to have hard waste itself and that capabilities probably you can find out the Juniper or maybe by Cisco so Cisco they came up with their own way of Sdn answer really they came up juniper came up and even Arista came up but who's been leading it all depends what about on the basis of the function abilities what they are providing to the end whose customers and to their partners even it taught to tree depends upon their support levels what they provide us but we can't claim that what is much better what is bad that is not the best way of giving any kind of technology differences so the idea of Sdn is that when we try to see how we can make our management plane very different and the control plane will be sitting on the another boxes and similarly that data plane will be sitting on the other boxes maybe we can have a redundancies of all this place one by one so earlier a single router was being working we were to be sending that traffic's through it but it was a full involvement of a single router to make the traffic storrow now there could be a situations where this hard we can fail maybe from a best best best design you can switch that traffic's to the another path but the idea is that why we will be going with this kind of complexities we need to always hire a guy who would be a best with OSPF who would be good with the hard way levels of this routers and there would be a guy who would be good with the design levels so the idea is that how we are going going to make our applications to be hosted in a very safer hands and to manage it to provide the control plaining functionalities at the backend and to provide the data flow with the redundant way that is the main thing which we are trying to achieve from a Software Defined Networking now in this case is obviously as we are claiming all the time the routers as a hardware now it could be even a software so you can define that things from a software levels but again as I was keep on telling every window we will try to apply this Sdn technologies or Sdn methodologies in their own way so you can't think about like a Cisco's going out of the boxes of hardware's they would be still going to develop the hardware but they want to make that hard ways to known with these kind of back-end processes so that's the mean thing that we are going to achieve and try trying to make our applications to be hosted with a proper way so at this back in now control plane might be running in the different boxes and they will be running the redundant way of OSPF because ultimately what how those PF is trying to guide us how to say in the traffic's so maybe that could be asked by some another boxes maybe the data plane that school run on the chipsets so there would be some switches who would be running the traffic's but that such as will be programmed by some control planes and that management plane will try to define that how we are going to send that traffic from one point to the another point so manual plane will just be you like how how you're gonna trying to develop your applications and how you're going to make a provider securities to them so it could be a lot of number of different definitions that we can provide to us but obviously like this is the whole idea of the Sdn there are you achieve at this format so it's not being only implemented in the data center world when it is being coming up in the routing switching world even in the it's been coming in the sub quite a world also so how quickly and how the different windows are coming up with the new product line it is very very important for as an end user or end engineers we should be aware about what are the thing that is been running at the package so at this one moment I think the best example could be open flow such as which is a software level switches which can be run on any kind of operating system but obviously this should be as some specific words which can be given as a support level they can have the ideologies of defining the control pins and data plates similarly in the data center volt or in the SD fan world we do have the two leaders that's being running up in the network virtualization one is one is the Ashera which is the acquired company by vmn and now the same project is being called as nsx new h as well as willow cloud or you can even claim we have another company who has been acquired by cisco which really purely work on the SD band technologies so how they try to make the van traffic's to be optimized and go with the redundant way that we will be trying to achieve with the network virtualization without any kind of involvement of a pure or heavy hardware's and obviously the program abilities that's the one thing that you couldn't even find out one of the really great thing about some one of be another switches that you do see nowadays like switches could be of any hard ways but you can write on any particular operating systems to them maybe that could be a vice versa also so different different ways that we are trying to acquire over here but ultimately the things that we try to achieve most commonly would be the overlay Network and overly is not the thing that has been really enhanced at this moment overlay was being running from a long time might be it was being given as a name called GRE then later on we had to provide securities on those tunnels so we call it as IPSec tunnels similarly the network was growing a lot we had like a lot of number of remote customers so we had a different kind of VPNs might be a site-to-site VPN or maybe a ezv pins but this is all the role play of a virtualizations as well as overlay networking what we were trying to achieve but what was the major requirement to have overlays in the data center that we need to understand very properly so there could be a lot of number of examples to have overlay networking so if I'll talk about among them the first and very foremost thing when you talk about overlay networking it could be used maybe from between the DC 1 to DC to connectivity's maybe from DC 1 to DC - we do have a specific service provider maybe that could be of multiple service provider but when it comes to have a specific application that could be running the infrastructures like in the V motions we motion is of the way by which we try to move an app from one location to the another locations they need to have a proper l2 networks now might be the definitions have been changed nowadays maybe they can run even in the l3 networks with the newer versions of VMware but the idea is that how we will try to make an applications to really see on the other side that they are really in the same data center at each other's so that we are trying to achieve with the help of l2 networks which we will try to create with the help of overlay networking's so even though you're present in one location might be it would be chennai and that would be Bangalow but the network that you are trying to extend might be there with the l2 net so ultimately this is also one of the very great examples of your overlay overlay networking which we might be using from a longer times obviously these things we might have achieved by multiple ways it could be done maybe with the help of VPLS ok maybe it could be done with the help of a Tom that is any transport over MPLS and even in the DC environment we are being doing with the help of OTV or maybe it could be the help of lists now the similar things we are also going going to do but obviously when we go with these specific things they do have a proper design methodologies that you have to follow we can have a new inclusion that could be of the extent at this moment so when it comes to these kind of conflicts obviously they a lot of number of complexities as I claimed earlier also like you have to create a control plane you have to write on the configurations that should be able to understand that languages and then will try to make that connectivity's but today what we are trying to do we are trying to make a multi-site apologies I think the same one I was trying to explain somewhere over here IKEA is a multi-site that's the one thing that we would be trying to achieve out over here with the SDL technologies at this moment so the complexities which were like configuring it lot of things that were and what we are trying to solve that kind of problems at this moment so that's the one thing guys that you would try to take a look from a DC world when it comes to DC to be another DC's communications now when we talk about in the introduce II so this is one of the example of entities E but within the introduce E's you can have a lot of number of cases where you have to create the overlays now anyone who have the ideas that why we should be creating our overlay networking within the data centers anyone may be on the chat box you can write on that things I'll give you a moment guys one minute meanwhile I'll just grab a cup of water okay and just let me know where in what situation we should be using overlay networking within the data centers you alright guys so I see a couple of answer that has been coming up the first answer is to load balance their applications over to have a failover over from a production to a disaster recovery day doesn't yeah exactly that could be one of these case scenario where we have to move over every workloads to the other datacenters so obviously we should have a overlay networking and that that's being one of the ticking that we are trying to achieve from DC to DC communications now there could be another question there's another answer massive skilling exactly now I would be telling like how many guys have actually used AWS Amazon Web Services or maybe you might have used the Google Cloud or Azure cloud how many guys have used it at least they might have experienced what you do get right I think pratik has used it anyone so it's only pratik who has been using AWS okay which now is being there and the list okay guys so I see we have a small section of people they might have used or they have experienced what the services that AWS provides but obviously you guys remember that AWS what they have done they have created a lot of number of data centers so one of the one which you find out in India they have constructed their data center in Mumbai locations so ultimately what they are trying to achieve in Mumbai is location so always take and visualization as as an effect like we are trying to create a public cloud and try to think that we are trying to give our infrastructures as a service or to the different customers so let it be in the Mumbai raised locations we have pratik we have Venkatesh we have mean another Fox like ABC so they are coming as a different customers and they try to use the same data centers now obviously you as a customer always claim that I need to have that number of PC twos so if the guys who doesn't know what is the meaning of easy to sit is actually a VMs that we try to create in the public cloud spaces now there are a lot of number of advantages of public cloud as compared to private cloud we don't really go into that things but what we are trying to achieve with ACI is to create the similar kind of infrastructures like if anyone has a stomach and use the same infrastructure what the owner the customers are been using but their applications what they have hosted might be very different to the application which is being hosted by the another customer they will never interact to each other's ever until unless there is no any kind of requirement and the similar things is being done even by the aid of those guys also so thinking about like pratik might have created a vm number one in his location and it has provided an elastic IPS and then it is day going through the outside world so it is being a hosting that is being done on the these particular infrastructures similarly we have V m2 that might be created by Venkatesh and might be we have created a Direct Connect or maybe they have created IPSec VPN to their own frame devices and that's being hosted also with the same way but remember guys all these things is being running and where they are anything in the same infrastructures so you never know that they might be sitting on the same servers all these beams back in virtualization they might be using some back-end virtualizations but as an end user you are not being exposed what is being running at the backend so that's the beauty of public clouds but when it comes to creating a private cloud we need to know about those kind of a scale abilities how it is being achieved and how we try to segment that traffic's with the one customers to the another customer because ultimately are sitting on the same boxes but you never ever know that there's another VM switches being sitting because remember critique is being paying a one dollar only to host one particular VMs so they doesn't claim that you are claiming one full blade service so you might be a part of that very blade servers and there could be another users who might be using it so what are the back end things which is making the segmentations to be occurred so remember guys freely segment all this traffic's from a basic networking what we should be doing any idea so guys who might have not done the public our experience or at least from the basic level if you're trying to talk about if I have to segment this traffic how we will be doing that kind of segmentations exactly we do have VLANs but we do have some limitations with violence right we do have a number up to four thousand ninety four and even like four thousand ninety four numbers some of the numbers have been already being reserved even some of the stitches will be not able to capable to run that number of VLANs also so it's not only four thousand customers have been coming up in your infrastructures it's being a lot of number of customers who's was going to come to your environment so obviously in that cases we have to go with the complexities of VRS so we are of again it will be having a limitations obviously if we'll take a look on any of the product lines how many number of VRS we can create at least they would be some sort of limitations and this was the major pain point which we were facing not running the public cloud even in the private clouds also so if I am providing a cloud services to different customers how we are going to segment that traffic's though we had a VLAN concepts but it was still not enough for us because one VLAN might be we are going to give to one customer but again that customer will again create multiple numbers of our again and again some sort of VLANs because it's not only singular applications it's not only the walk off your a single applications there are a lot of number of things like they could be a cluster of web VMS there would be cluster of DBMS and they would be clustered of IBM's so accordingly you have to provide that inference plus you have to make it sure that there is no any kind of sharing of the subnets but you can't really tell to our particular customer that bro that this is the subnet that I'm just giving to you you have to use only the sobbed net so that flexibilities you are not providing earlier but now with the introductions of concepts of VX LAN we will try to give that kind of achievement okay but ultimately the vehicle and that we tried to create between each other that has still been called as what kind of technology that is still overlay technologies now why we tell it as overlay remember guys if a customer is being there today think about that there are three blades okay now when we have a three blades a customer come up and he creates his whole vm's maybe I'm gonna draw the VM of customer number one as a red one so he has created first VM second day he created another VM and third day he might have created on other VMs so you will be not able to claim a particular blades it can go to any particular locations right it depends upon the availability now on the basis of the availability all this particular VL get attached to the respective blades but now if I have to connect each other with these devices because always you have to always think about some of the another customers who would be also running the things right they could be a green color customer I should be riding too so you have not make the traffic's to go from one customer to another customer think about there is a full fabric network that is already being present on the top now when we tell that it is the fabric it could be even what a LAN network or even it could be a sand network so when we talk about in a land network when we talk about from a data obtained point to be we need to have a proper segmentations that whenever we create a segmentation for this customer only these very VMS will get connected to each other when we do have another customer we would be having a different overlay that would be created and accordingly only they will be allowed outside of this public environment so this is being also one of the very basic requirement from the overlay place that you have to really achieve in any such kind of data centers talking about one cluster at this moment there could be multiple number of cluster per customer which we call it as a poor tenant so whenever we tell that it's a tenant tenant think about just like a custom of what I'm talking about okay so the number what we were trying to get from VLANs that was still not enough so we had to go with the evolving technologies of VX land and it had to do that stuff for us guys just give me one minute okay you I'm sorry guys I'm back yeah Kashi nada I'll send you the recording no issues but meanwhile you can even start the recording let me just allow you to record alright guys so this was one of the example what I can tell you about the overlay at this moment so when I talk about the fabric at the side you would see that it's not only the involvement of only one switch or router there could be multiple set of routers that would be present at the top but obviously nowadays we do go with the best set of designs and that design that we do follow is the leaf and spine or sometimes we call it as a glass fabric now leaf is fine kind of infrastructures is of you if you if you have been coming up from the routing searching background we might have heard about mostly like a cold air searches distribution layer switches and then we had a access layer switches but when we go in with Rita architecture there's a lot of number of complexities that we do see as compared to the things which we try to achieve with the help of spine and leave infrastructures now usually this finally devices what you do find out that we would be having a a core kind of such as a huge number of switches on this final levels and you would be having a distributed infrastructures of your leaf switches like leaf 1 leaf 2 and leaf number 3 now from the basic connectivity wise you would find out this connections of spine will go to each and every Leafs even from the end of the spine so the idea is that you should have all the Leafs connected to all the spines but there would be no any kind of spine to spine connections that we try to achieve because we try and don't try to send the traffic from one spine to another spine ever because all the workloads of your blade servers because this could be blade servers it could be even routers or even it could be a citrus so this could be searches so all these connectivities we try to get connected to our Leafs with the redundancies and these routers would be also getting connected to our leaf levels we never ever connect our spine to any and other devices until unless we don't have a special kind of design that would be on a multi side kind of environment so when we go with this kind of infra it's just one of the tested way of design in the telephony networks when you talk about the cloths kind of fabric it has been not originated from the IP networking it has actually evolved from the telephony networking and they claim that whenever you go with cloth fabric you can have more switching paths as compared to the path that you do get in the core distribution and access layer and ultimately this is the thing that we want to achieve we want to make any of the VM traffic or any bare metal traffic's to go from each other in a redundant fashion so when we try to send any traffic from particular VMs in this very way it would be a full involvement of your leaf which can no share their traffic's and this spine will send the traffic's to above bare metal and this whole traffic flow if one of the spine still goes down you would see there would be vaguely any kind of differences in the traffic flows so obviously they would be a bandwidth decree meant that you would see but ultimately the traffic is going to flow over the full redundancies so this is one of the way of telling that how the leaf and spine is going to get connected so it could be a routing Network or it could be a switching Network but mostly we try to achieve it through the routing we'll see what in the later courses what is the meaning why we would be going with routing and why we should shouldn't be going to this searching word but at this moment if I would have been using a switching Network between leaf and spine what can be the problem that we can face anyone who can actually tell I'm sorry I don't have any kind of gifts that I can provide you but yeah if we can make the classes more interactive it would be really nice could you yeah the question was that if I had got relief is fine okay so is it good to have routing on the top or is it going to good to have a switching on the top I think if we put in switching then how do we segregate the vrf and customers different different attack because this will be shared Connect shared leaves right one leaf will be sort of like mana cost enough no actually that's the worst thing like I wanted to know about that stuff only so is it like a leaf we are going to share to a particular customer no this leaf will be only present in the infra a customer will never ever have a hands on to their respective leaves customers their basic requirement is to do what to host their application provide the security create the villains or any kind of segment whatever they want to create it right but do we see that a SS provider switch to us or a blade to us they never ever give us that things so it's not like that we are going to provide leaves to our particular customers never we do that things we try to give our infrastructures over it you are going to build over or VLANs but we will be telling that we have no create VX LAN over there so in that context when we talk about whenever there's a leaf communication to the spine what kind of communication it should be is it good good to have switching or is it going to have good to have routing I'm just making a questions over here not purely from a data center point of view but yeah if I see two devices being connected in this fashion is it good to have switching or is it good to have I just want to understand I want to just get an answer from there okay there's a question there's answers switching now can you tell me the best thing we can switch in wire speed without the lookup delay in routing here to do a two kind to lookups and there a benefit yeah that's one of the good exactly yeah that could be one other thing that it can really come up with an answer yeah maybe there could be a latency issue or many kind of other stuff because when we talk about routing when we talk about routing a router will get it traffic okay it would be encapsulated with meaning another encapsulations and has to decribe so late right and there could be a problem of Latin sees where remember when we talked about routers Latin sees while doing encapsulation and decapsulation x' it totally depends upon the hardware and what is the chipset that you're trying to use it so they are some scenarios when the customers will be claiming that whenever we use Juniper devices it is much faster as compared to Cisco's devices so there's always a like lot of number of cases that used to come up and according to it moly the customer will tell that no maybe in the next cycles we would go only with juniper devices but guys remember we are in now in the era where we will be not telling to this window that who is much better from the hardware said at one point what I'm trying to achieve what I am trying to tell you as an answer that nowadays every company is capable to create an hardware which will not see these kind of problems ever I'm still telling that switching would be much faster as compared to the routing and we might be seeing this kind of problem maybe five years or six years before but today whatever the hardware that is being developed they are being aware about these kind of issues and it can still do the routing with a fly speed what we usually get achieved whenever we used to switching so we should not tell nowadays that they could be a latency issues or all those things if you seem from the global answer when you talk about searching the one of the major issue that we would find out is the looping for the loop Prevention's we always go with what protocol spanning tree and whenever we go the spanning tree it will just show us how many paths only one single path so in this whole scenario when you talk about when we do a spine connections to the Leafs think about this is the route maybe this is a standby route but still it is a standby route okay maybe you might have done Route four even VLANs you have done routes for this odd VLANs might be adding the load sharings right but still you do have how many paths that is being used for the traffic flows for even Bonanza will be using spine one for odd VLANs you will be using it's fine too but you are still not using both the paths you get just making only one flow of traffic's right we are never ever doing a stuff called ecmp that is called equal cost multi pathing and this equal cost multi pathing would be always our necessities that we do require over here because if let it be there is a huge traffic on the even violence all this traffic has been going and this has been congested but still if you have to send another even VLAN traffic you have to use that path only you can't really switch over to the another path but when it comes to the routing at this moment whatever the number of spine that you do connect maybe you have got four ways so you need to have four spine switches so you would try to achieve for equal cost multi pathing and that equal cost multi path you can only achieve with the help of routing not with the switching so in this case is routing will be much better but again the comp cities that he can come up through with the routing that you have to do a lot of number of configuration right when it comes to routing you need to have expert on OSPF Oh maybe be GPS right and whenever we talk about five six years or ten years before that do you know BGP I know like most of the people will be telling that okay it's pretty tough technology's right what are the different loop Prevention's and there lot of number of question that is been coming up on BGP side so we need to have expert levels on the routing side right but over here only the great advantage of switching that II would get such as does it require a proper or proper configurations no it's a single line of conflict just put a cables connect them spanning tree protocol is gonna run you don't do anything that's the automatic process but routing it has to be configured properly so in that context a could be a lot of number of tug-of-war between routing and switching which is being much better but again what we want to achieve that we have to achieve maybe with the help of automations nowadays like today the routing which we have to configure will be doing some short of automations because in this case is this a simple set of conflicts that we might be writing but it has to be repeated so when i'm gonna write on a repeat set of conflicts i can automate that things okay so i just wanted to give you some overview guys how these things is going to work so at least if you do have any questions let me know but i know people would be claiming all the time routing is much better okay or switching is much better it depends is the answer from arm smith routing for better control and load balancing exactly but complex it is that it has to be configured properly okay so I think I've been talking a lot so that was the software overlays guys now the overlays that we try to create it has to be overlays now that overlays might be we can achieve with the help of NB GRE or maybe it could be VX LAN now at this moment cisco AC ad does both of the technology and we GRE this is one of the very common technologies from hyper-v or of Windows level and VX planet is being accepted by most of the windows at this moment so when you go with KVM OpenStack a VMware they all do support VX LAN so now the industries that are being moving not at this level only from a searching level even when you do have a VMware Glades okay maybe this is a VMware blade maybe you have installed the ESX eyes see ESXi is the operating system which you install on the blades are on the rack mount service and that what flash and layers would be created on it so the idea is that even the overlays can be a soft face so you can actually create a particular VM kernel similarly like how you create a SV eyes and you can create an overlay networking from one to the other devices in this case is the role of these leaf switches in a spine switches is to just provide an fabric like just to make them to connect to each other so these are actually an IP based communication that happens from one VM kernel to get another VM kernel but at the back end there would be a VX lani encapsulations that will be provided by the vmware operating system itself so this could be one of the another cases that you can think about guys a lot of number of things that's being evolved but wheels missing from our scope what are the achievement that we would be doing from a CI world so in this whole topic the whole idea is that when you want to achieve the overlay networking it is good to have the clause infrastructures so whenever you go with class infrastructures you can have more switching paths as compared to the core distribution or the access layer kind of designs all right so let's move to the ACS overview and terminologies what are the different things that you do get now whenever we talk about a CRE okay in most the PowerPoint he would be seeing this particular term like stateless computing of UCS so some of the folks they might be knowing what is UCS and they they might have experienced it what is all about this stuff I must be telling this is one of the very revolutionary product from Cisco on this server blade side like how to manage more number of servers and blades and how you can make some sort of virtualization to come into the effects so people who might be not knowing about UCS this is a way how you try to define how the server would be connected how the server will be built and what would be the capacity of those particular blades like today if I have many number of blades that's been hanging in our data centers right now if a customer claimed that today I need around full number of NIC cards now might be this number of name card they will be using for different applications maybe they would be doing a NIC teaming and whatever the VMS or the application they are gonna run they want to send it traffic's in this very Bay but there could be some like necessities for the another blades where they would be needing maybe two steps of HP adapter so maybe there would be four V's and that he wanted to get it connected but always the question would be arise that if I have to make these kind of customized settings obviously I need to send a field engineer to the data centers and I have to give him the capabilities to provide that number of Nick and HP he has to install to that hard waste and do that some set of configurations if I have to do any kind of settings to them maybe I have not got the proper connectivities he need to have connections of kvms and then on the blades he has to connect his laptop and do the set of conflicts so it has been a very very tough task for most of the server guys visiting data center day-to-day and doing these kind of activities usually these things can be better now being achieved with the help of useless stateless computing idea is that if I have to do any kind of things on storage side like today if I have to create and storage in the service maybe it could be a long set of settings of defining a processes binding why whatever the data is that I have set maybe if I have to connect to a particular set of V sans or maybe it could be a server related configurations or even it could be a network related configurations so whenever we tell that the stateless computing the idea is that we would be having the blade's we will discover all these blades with the help of devices like Cisco of ice that has been called as fabric interconnects and we would be telling to the useless fabric interconnect with the help of service profile so service profile would be having all sort of information about the server's configurations like how server would be running how many number of NIC kadhi would be having might be we require tune a card for HP a cards it has to be getting connected to a respective wheel dance it has to have a particular bias settings so all those things he would write down that things as a service profile which is just an XML file but again you are not do the coding of XML that GUI process you're going to get in a vise itself so as number of servers what you do need that number of service profile that customized configurations you will create as a part of service profiles so today if I need these kind of setups I will just push that particular conflict was server itself and the servers will be going to create as for the demand what we have requested in the service profile itself so you have to add send any kind of field engineers to the data centers and make that kind of customized conflicts it's all the logics and all the magic playoff service profile which is going to do all this kind of tasks so it's being like how we need a server that way that we are going to create with the helper service profiles ok now the same thing is being also being seen nowadays from a networking itself today if I had to create a service we now create Cisco's guys are more now exposed how to use UCS how to create this kind of service profile and the same ideology they thought that why don't we put that things in there networking basically in the data centers because ultimately when you talk about in the data centers you do have a particular set of config that you have to always do and to really achieve that set of confusion there is a lot of number of teams a lot of number of human efforts that is being required to make that kind of connectivity sets so this is one of the very best example what you do see at this moment like if I see any application and even when you talk to any application guy they have their own world of thinking I must be telling because I've been talking most morph like most of the developer guys and whenever we tell that I have to put a application they will always think that this application has to talk to web servers this has to talk to database and then it has to go to Internet they have that kind of visibilities but as we are a networking guy we know that what are the problem that and what are the tasks that we have to do so that to make that kind of connections right now if you see this particular model this is a three tower architecture model of application which is a very common thing that you do see most of the time like they would be our web applications there would be app application and then there would be cluster of databases so whenever a user which could be me and if I have got maybe networkers home.com website today I mean I'm being hosting it to a particular data centers so you are going to come as outside user okay so whenever we are coming from an outside user obviously we need to provide some sort of security right in our infrastructures so maybe we are going to provide a stateless or state full kind of firewalls again into pootie depends upon you so as an architect you have to give ideologies you have to give architectures how this traffic is going to hit from service point into your routers or to your firewalls and then you will try to sum andhra traffic's to the respective applications or the web service but it's not really the firewall that is going to only be used over here it could tell load balancers also because if you are using maybe a windows mobile phone or maybe another user is being using Apple mobile phone they might be getting some different different servers okay but it would be a single set of IP which will be load balanced to a cluster of many number of web VMs or of web service that's been running at the backend but before making that traffic's again it has to come as a keyword as a rule filter as a rule which is again of security rules that we to provide and then we would be having some sort of services like load balancers or maybe it could be a wast services and then we try to send that traffic's to the respective cluster applications okay now when this traffic's comes to your data centers obviously you're going to find out one of the fab servers to you now this web service you have to tell that maybe you want to make them to communicate to each other which we would be doing mostly right but whenever an web application it has to always query the things to which guide the app applications now they could be a lot of situations where you would see that one of the hacker comes to the web servers and he can pull out all the databases so you need to have a proper security to move the traffic from one cluster of traffic's to the another cluster of traffic's same way when the app will provide that data it has to always query to the database clusters which could be of could be of Oracle could be of MongoDB is it depends as for your architectural designs but again whenever you try to send the traffic's it has to involve a different services you have to find a filters between them and then you would see that your applications will provide you the of the webpage of any particular website or maybe any specific application which would be running internally to your networks or maybe external to your networks so this is the flow of traffic which will be always being present in DC's environment and when you come up from an infrastructure point of view we know what is a pain to make these kind of connect agrees right and there is a lot of number of involvement of lot of number of components to provide Agility's redundancies and provide secured traffic's so that is the pain point which we will be trying to solve it from the ACS world but again as I was claiming all the time like as seem like a saw for UCS we will try to have a stateless computing similarly we will be having a stateless provisioning of this application sets so as like an application developer guide now we have to attest and in a networking like today if I have to have create of web will create quickly of web epcs so today if I am telling that this is a cluster we would be calling this is a group of many many devices which will be having a same properties so whatever the EPG is that we create at this moment maybe this is a web a PT's so whoever is the web application VM start being present they will be part of this particular groups now it doesn't matter that they do have different set of IP you can have different IP you can have different VLANs doesn't matter at this moment so in this heart of the design when you try to see maybe there is a particular blade which is being running web similarly there is another virtualizations where you do have a particular VM for your web similarly the same one is being running an app for your applications okay but in this conditions which are the one which has the common property this is the one we'll have a common property this will be having a common property and this will be having our sale ep geez so you can think about any pieces just like a family what you do get okay a same set of families and accordingly only we try to provide the policies to them because today if I have to apply a policies telling that whoever which has been coming up from port number 80 or 443 they are being money allowed I don't allow traffic which has been coming from a port number one two three if I have to apply this kind of securities what are the thing that we have to do like if I have to apply the second it is on the server levels or on the VM levels we have to do a lot of number of tasks right we have to go into this respective servers apply that kind of securities but if I would be applying that kind of policies on an EP G's level telling to the family whoever our web apply that policies everyone maybe that is a bare-metal virtualized servers they are going to apply that kind of policies to them so that's the policy model which we are trying to talk about applying it more easily okay but we need to know the fundamental some of the terminologies of a CIS at this mericans so when we call it out as a filter or service we are trying to claim a specific process in ACI right and what are the policies is being created that would be created with the help of epic and it will decide that what kind of policies will go on what switches okay like this time web and web is Molly connected on these switches so the policy should be written only we're only on these switches it should only be written on the other set of switches okay so that controlling fee functions and function abilities we are going to just provide to the apik device only he would actually take monitoring services like what are the switches which is we had to apply that policy is how the VMS are being moving accordingly we are going to move the policies also with them so as you move your devices the policy will also move accordingly but again remember guys it's not only for one customer we are creating for multiple customers these kind of orders and the same infrastructures even you can use in your enterprise network as claiming that maybe you do have to create a test environment DB or many things but but did you understand what is the what is the scope what we are trying to create at this moment I would open the time for your query if you do have any query we can take down the questions otherwise we'll take a small break we'll come back and then we will consider the topic but anyone does have any kind of cautious we shake it when when we apply this this endpoint group policy and we say that web can only access application and it will be only accessing certain force or some so in the background all the below level stuff will be taken care of is it yeah exactly so that's not the thing that you have to go ahead as end-user and have to verify that would be automatically done by the epical is folly and this is one of the again of pain point mostly people who had been working in the infrastructure like if I have to apply a security policies it has to go to the respective web devices only any when the pain point that we would discuss in the later sections also if we change the VLANs the lot of number of changes that we have to do right but that are the not the thing which we would see as tied in a CI we don't apply the policies on a VLAN or IP subnet basis we apply the policies as for the family of EP Jesus so that's that's but the question I think was that whether the policies will be applied do we have to verify that things I would be telling 99% we should be not going to see that things that we applied automatically okay all right so if anyone has the another set of questions let me know I'll just wait for another 1 minute and then we'll take a good break and we'll come back and then we will continue with the topic we shake this isn't a zero yeah and re Sdn I'm sorry Nazir I hope the question was that is it a data center full bootcamp you are talking about it is or is it for these just for Sdn is it that the question yes yes at this moment we are just taking first of all Sdn okay after completing the SDM then we would move to the different topics this one is you see any data center is that no it's basically a for CCI you see how you yeah we are actually making it show that you do get the fundamentals of Na and NP but the boot and what we are trying to claim that even though you don't have proper knowledge I'm trying to get you to understand on CCNA level c c and b as well as on CCR levels so i am going with from a proper basics then we will go to the higher levels also this one he said CCIE data center track for today's session we are just covering basic topic just to make a start exactly okay guys so if you do have any questions put that instant chat box or we'll take around 10 minutes of break let's meet at 7:15 okay we'll assembly back grab a cup and cup of coffee okay hey talk to your family and then we'll meet up at 7:15 you hey guys welcome back for this once again I hope everyone is there alright so let me first of all go back again and talk about what we were trying to achieve so ultimately we talked about how we ever create the networking profiles now it's not like similarly like how we make creating the networks piece by piece a is creating the VLANs applying the subnets and applying the Securities and routings to them we are trying to put up food packages now as a network profiles whenever we have to apply any kind of applications so now the idea is that if I have to really create all this kind of setups where we would be having outside networks that's going to come inside to the data centers applying a related securities on it okay then applying that things as like a web PPG's traffic then similarly how a verb will talk to an app and an app will talk to our particular DB's okay so when we go with this whole flow we can right now write this as a full package called as a application profile or maybe you can write down as a networking profiles so whatever the thing that you have written over here this will be written in a coding formats maybe it could be written in the XML formats or maybe it can be even a ten in the JSON formats so ultimate is a configuration backups what we nowadays take it's not a very similar conflicts that we pack up in a basic routers nowadays be a backup all those things from an XML or maybe from an API is pointing to you so that's the one thing that's being shown out in this particular PowerPoint where it is basically explaining the full package as one set of networking profiles which would have all sort of things like what are the different application tires so it could be vector after debate on how the connectivity policies would be created like in this case I am NOT making web to talk to B B's directly it has to go with a proper flow similarly how it is going to be going through an elf or to l7 services because at this moment at the middle it's a full involvement of particular security things that's been coming up and accordingly only the traffic is going with the proper policies so this is just an abstraction of your infrastructures which is being created and now the things is becoming pretty easy now what we try to achieve in the infrastructure building so the application policy model is all about this stuff only like what I want to achieve so that we are going to build as per our architectural view usually this is the architectural view that we created at this moment and when we apply that things ultimately it is going to be applied on our leave and to the spine searches so this is a policy installations that we are trying to do that each device will have a dynamic instance that required the changes based on the policies and this is the point that I was trying to talk about like when we had a where beams which was connected to only search number one but there was some VM switch where part of be B or maybe of act accordingly only the policies would be distributed so that distributions will be taken care by the epoch appliances obviously this appliances will be not a virtualized one it would be Hardware boxes that you have to buy from Cisco so I'll talk about it how these very hard ways looks like but I'm just trying to give you the fundamental understanding what we are trying to achieve now the another thing that you would also come across when you see at the bottom most the IP reserved for portable anywhere within the fabric now this is one of the very pain point that most of the infrastructure guys comes all across when able it it P if I have to define I piece to a particular infrastructure we have to obviously or take a look on averse Sheetz find out that what would be the IEP that we can define in this particular VLANs and accordingly only we try to provide that IP right that's a way that we here might be following but this time it's actually you can have any IPS at anywhere at the locations it doesn't matter until unless it doesn't come up with the duplications in the same PPG's so the idea is that you can have any subnet any IP that doesn't matter so the idea is that if you do have your web applications usually in the real infrastructures how we do create it we try to define a specific VLANs to them like maybe we line number 10 is only for the exact s and accordingly we try to define the subnets maybe 10.1.1.10 before is only and only reserved for VLAN 10 so this is the coupling function abilities that we always define that a VLAN will be always mapped to a particular subnets and accordingly only we try to define the IP addressing same way the app will be having alkene another set of VLAN may be villa number 20 and we would define 20 dot one dot 0/24 service to them so this is the back end process that we always follow and we try to define conflicts to that and obviously when it comes to the security rules that has to come up into the place from web to app we always tell that whatever the traffic that is going from this subnet to the subnet we would be applying the security policies but now the things is being quite changed you can have a mix of the subnets anywhere at any of the locations at this moment it doesn't matter in the ACI walls you can have a mix off 10.0 to 10.1.1.1 evap as well as you can have 20 and 10 at the same time the things that is being applied over here that's being done on the epin g's basis that's been not applied on the subnet or in the VLAN basis so that's the one thing we'll try to see in the US proper laps how it is being achieved so obviously when we try to go in that very weight we are trying to decouple that from some abilities of our securities as well as of our body earlier like if I had to make any traffic's to flow from VLAN number 10 to 20 or have to apply securities we apply on the subnet basis but this time we are applying that things on our EP G's level basis like whatever the guys who are part of web whatever the traffic that is going to act they would be having a proper policies what an end user would be creating so that's the one thing which is going to always save us from these scenarios where we have to make a proper changes because remember when ena infrastructure's if I have to change a wheel man or a subnet we have to do a hell lot of number of changes in our infrastructures so we can some time think about we can never ever think about to make any kind of major changes what has been done in these kind of configuration changes policies so thing is that devices are autonomously update the state of the network based on the configured policy requirements so obviously these devices will demand that I do have now web devices connected so accordingly the policies will be distributed to the such as at this level so this is being called as an application policy model and on that basis only that traffic's is going to behave and customers will be running their workloads behind the ACS fabric so Asya fabric is all about the combinations of your leaf and spine switches connected through your epping devices and the downside the workload is all depend upon what kind of work would locations or the traffic's that you say they which could be a VM base traffic could be a bare metal device traffic could be a layer two hour traffic's or could be a layer three traffic's so it could be any kind of traffic's and it all depends upon your topological design or you're going to architect that kind of traffic flows right so on the abysses this is the one of the figures that you would always see in the system how these things are being getting connected so as I was keep on telling the fabric which we call it out as a single combo switches where the spine and leaf will be having a combined effect of making the traffic's to flow so in this case is that downside the workloads which you do find out could be a external layer 2 and layer 3 which could be a connectivities to your service providers all right or maybe it could be a legacy environment of your layer 2 environment so those environments are going to get connected to your leaf devices and accordingly you are going to transfer that traffic's to the respective customer tenant interfaces or the tenant vmstat ISNA gramming as the blade service or maybe the bare metal service which is being there now even when you do have some devices like your sa firewalls like in this cases this is one of the firewall which you have got it connected if it could be even the poly Walter could be Citrix firewall and if you have to have a traffic's to flow from web map it has to go through this very firewall you can't even write on that kind of policies to them so to just to give you an overview if I do have this kind of system ok and I do have a policies that I have to write down accordingly ok so when we talk about design let me just take a example from a design basis ok so this is one of the physical figure that I have got but let it be the architect has created a logical diagrams where the users will be sitting outside which is going to come up from the internet ok so these are the internet based traffic that is going to hit to our data centers and that is going to hit first to our web applications but before web applications we need to have a a say firewall ok I hope this is the way that we try to build the infrastructures most of the time now this is a firewall getting connected maybe to the load balances right and this load balancer would be getting connected to our respective VLANs so now this VLANs will be a part of a web applications so when we do have a web applications right now sitting over here there will be a part of our particular groups so this could be called as like a EP geez at this moment now from the web we would be having a similar infra like maybe we would be having a firewall again maybe that could be a safe r1 and again we would be talking to our app traffic's okay now from app again we would be sending that traffic's to a firewall AAS a firewall and then we would be sending that traffic's to our database so this is the usually the flow that we try to build we try to define the respective VLANs defining the subnets but the ideologies are not going to be going to be pretty different the ideology is going to be pretty same again but all these things we are trying to achieve through the ACI policy models so now if I try to see the traffic's to flow from an external world so this is an internet-based traffic which has been coming up over here now whose external present over here this is a service border router which you have to connect to one of the leave devices so from here only the Internet traffic is going to hit to the routers okay and in this conditions you have to have some models like l3 out so that the outer subnet traffic can hit into your data centers so from AC illogic so you have to basically attach these pieces by pieces so whenever we talk about l3 out it is basically a flow of one subnet or the outside l3 networks is coming inside of the another networks okay where we are trying to involve any kind of routing protocols so in a very layman language when we have an involvement of outside routing protocol then we would be going with l3 out but remember this internet based traffic's we are trying to define as one set of EP G's and it to only we are going to ride on the policies like maybe port number 80 and 443 only we want to apply to it so this policy is where we are going to right now that be able to ride on on our firewall so the thing is that from internal point of view this traffic will go first of all to sa firewall and then it will go come outside after processing the firewall policies what we have written over here so whatever the policy that we have written on the ACA firewall as like our filtering logics which we can achieve with the help of l 4 and l 7 kind of integrations so in this cases you have not tell to the searches that you have to send that traffic to that firewall that would be done automatically by the l 4 and l 7 kind of integrations they would be defined in this very very way that whenever this are internet-based traffic it has to first of all go with the physical firewall similar way if let it be you to have your load balancer appliances that you have also connected maybe f5 now the next thing that is been coming up is what load balancer so when this flow came outside it has to go again through the f5 load balancers ok and then accordingly the load balancing terminologies will be applied and the web traffic will be going to head to the respective VMs so maybe that web beams might be sitting over here or might be busy sitting over here doesn't matter now this traffic will go accordingly and it will head to the respective web VMs ok and that very web geum's will process that very traffic's and again it would might go with a safe are wall if it is your wish from the architectural levels so again this traffic will go from your a say firewall and this traffic will go to your database or application and see in kind of weight the things that you have as your program the traffic is going to go again and again so the thing that we are trying to achieve out over here with a single firewall with a single load balancers you are giving all the customer that specific services maybe as like firewall as a service or maybe load balancer as a service and entirely this whole infrastructures you are providing as infrastructure as a service or application as a services so you can provide this kind of services in many many ways but what the end users would be doing mostly he has to create these kind of policies one by one so when it comes to web how it is getting connected to the bare metals you need to understand how we would be getting connected to the bare metal devices maybe your app VMs are being present as VMs which is being present in our specific one cloud or maybe it's being present in the VMware cloud or hyper-v cloud you need to make that kind of integrations into it so in this whole thing you have to know how we are trying to do the service chaining how we are trying to do the vmm integrations you guys just give me two minutes okay you hey guys I'm back I'm sorry actually I was searching for my charger because I'm just sort of with my battery let's see I didn't find out I I think I'm I'm not able to get it I think it will still hang on for half an hour alright so what I was trying to explain over here the flow of the traffic's the flow of the different services which is going to be involved in the AC I side so I'm according to it only we have to achieve the task but obviously the guys who have been coming from the infrastructure building side you might be seeing how easily we are going to achieve it and whatever the different things that we wanted to see as a flow of the traffic's is being done not with one proper way like creating an essay putting a particular interfaces over here making that another essay putting that another interfaces on the path legs and similarly on the other apps the same firewall you can use for multiple kind of services so that's the month one of the things which we would achieve not only with the a safe are well it could be even set point or could be a Palo Alto because a CA will provide you the third-party integrations with the another set of load balancers also so if you won't really understand about it you would see there would be l4 l7 services from a CI the third-party interoperability you are going to see a lot of number of Windows who would be there so this is a list of solution overview not only with the firewall there would be many another things that you get so you do have a say you do have checkpoint you have Palo Alto 40 net integration modes with the ADC vendo and meaning other things so you can find out this particular list and for what variables you can find out that kind of packages all right so that's being one of the key features guys from the technology and from the architectural view but on this whole part you would see that the epic would be put as a cluster because I want to still form the redundancies from the policies written and we need to apply the policies on to it so epic would be the devices where we would try to log in and we'll try to apply all the set of conflict as one side now whatever the switches that you see at this moment we will see it as a single logical system it will be not like all different such as that's the view logic that you have to think about from your end but obviously we know from infrastructure levels all this would be as such as that is going to be implemented so this is one of the common set of design that you do see over here you can apply the different set of solutions which could involve the integrations of VMware integrations of your checkpoint integration of kubernetes docker solutions and even the open sift so whatever the infrastructure switch you want to achieve it can be done by this particular method nowadays so any questions guys up to this moment just give me a moment guys I think I got my charger so that I can apply otherwise it can I would be dead okay just give me a moment one minute you alright guys there's a question which we are getting from a chat same physical firewall for all three fireballs entering and training the web app TV servers yes you can do that things but if it is your wish okay again 30 depends upon you whether you want to go in that very sense or not but usually if I have to get that opportunity I would be doing with not only with one firewall I will try to cluster the unbury firewalls so basically in the AC I'm going to put a context firewalling kind of concepts there but there is a proper design that you can follow like if you would be doing AAS a firewall design with a CI there's proper design models that you can check it out are you going to apply that models this is one single this is doomed this is the failover one so it's being clustered over here so you would find out that all the workloads will be going through the firewalling mechanisms and that going to be run by this single firewalls but still I am going to apply the failure was to them but this is one of the corner cases that you can get it out it's a nice design that you can follow okay so when it does have the new set of firewalls which can be supported by it so if you might be knowing what is the new firewall from a sa from Cisco anyone who's coming from the security background next-gen firewall key the next-gen firewall that's from Cisco it's sorry I think what the mean yeah firepower correct that's the firepower so this is a next-generation firewall when it has been compatible with the Cisco ACI so extinct commonly being implemented a lot but again its customers wish if they're more used to Palo Alto they can still do that things you do have a proper packages apply that packages whatever the conflict that you want to ride on need not to go to Palo Alto you can apply that things from an AC I think slowly because nowadays everything is being running on a API it's not an AC I remember its API logics API is again like a programming levels or it's the communication channels that's the new way of doing the configurations on any set of devices so that's the channel that we can really implement in the AC are words alright so the next topic which we would see would be the application language barriers obviously guys there will be a lot of number of theory that we have to understand because it's being of very new things and people get a lot of number of confusion I would recommend if you do have a lot of questions put that questions on the chats at least people would get the understanding and I know people would be coming up from the physical background some of the guys who would be coming purely from a routing maybe from secretary background but think about from a DC's environment what we have to really achieve and accordingly only we are trying to take down that very theory and then we will see the practical levels how we would be getting connected to them ok so questions are always welcomed now the next thing is the application language is what we have been talking about this is one of the example which we already talked about that whenever we need to write on any kind of network related policies which would be most like comment and I making a marking of the traffic's maybe we have to apply the login function abilities we apply that in sanh mostly on a subnet or maybe a coupled with the VLANs similarly the essays and even the l 4 and l 7 services so there could be a lot of number of things that's being constructed from a networking levels and apply that things on a VLAN or maybe from a subnet levels but now when you talk about from our developer's point of view they see each and everything from an applications like what is web what is DB what is applications clusters and accordingly only we try to they try to develop the things but whenever we see the things from an infrastructure levels we always see the language of violence subnets protocols and what ports they are to open so we have to always involve the application guys and ask them that what is the application what is a port number we have to open so there is a lot of number of calls that we have to create internally and no one is being hided up over here guys we know that there's always a tussle between the these themes always and always the pain point they will tell that there is a network latency that is being happening and so only my application is not running so I hope most of the guys might have gone those kind of calls ok that's the pain point that we want to solve we want to give developers a pretty easy hand ons hands on on the ACI that they can build the applications they can build the networks accordingly accordingly to the applications so obviously an application guys will be not able to understand what is the meaning and how to create a firewall configurations how to write on the load balancer configuration that's the easy task that is being provided from a CI so if I'm going to give you some particular steps you would be thinking that yeah that's a pretty easy one we might be doing that one by creating a VLANs applying a subnet defining the firewalls it's being a very long journey for me but it's been always a easy task again when you see the ACI GUI it will be easy task for you now there's a question if we are connecting firewall or server to a single leaf how we will achieve high availability for the devices is it like we will configure VPC between Leafs the cushion is that let me put that cushions over here think about this is the firewall okay now if this firewall is being connected to a singles such as definitely reeling this is not the high availability that we will try to achieve obviously you have to put two connections to this very firewall and create a poor from the firewalls so at least from the switch levels you are being connected from two interfaces so this is kind of VP sees that it would create from your end and even from the switching levels also it caused from such a side if I do have to such as if I do have a device I've been connected I'm creating a boot channel thinking that these two switches are seen but ultimately these searches will create a VP sees but remember guys in this kind set of VP sees usually we would not require a peer link or peer keeper I have kind of things so BPC will be little bit different in a CI doesn't set doesn't require a set of conflict which might be doing in nexus 7 k or maybe nexus 5 case but again if you have to do the high availability from the firewall itself like if this Bible goes down how we would get connected to the another firewalls so we can cluster two sets of firewall and telling that these two firewall will be responsible for an active traffic's or maybe the another firewall will be for the standby purposes so the designs which I am just showing you basically it was basically talking about the same stuff how we are going to achieve the higher veil ability I think this is not the one we had some different part this is the one yeah this is the one so this is a dual don't hardly getting connected and that's the proper way we should be able to only not connect to one single leaf we should always connected to the two links between the firewall to leaf will be through classical Internet or through fabric how it is okay actually the question is that just this one question is that if I do have a success if I do have a farm on okay if I do have a connectivity's okay this is a basic porch anise or whatever the cushion is that is it a classical Ethernet or is it going to be a fabric VLANs that's the question I must be telling it's it's it would be a classic internet you can have fabric VLANs okay you can have fabric VLANs in some specific fire world with Palo Alto as far as I know because I've been working with one of the design cases with Palo Alto they mentioned that they they would be using some sort of fabric VLANs but again just to not confuse you guys there would be a set of VLANs which we would be using enough fabric levels okay but again that that's the one thing that we can see let see but mostly 99% it will be classically okay so guys that's the one thing application language barrier so that Bing be one of the pain point and if you see any kind of network diagram Wow and a lot of things that we have to do so traffic has been coming up a lot of things that's been happening not a number of VLANs that is being passing from one level to the another levels and accordingly we have to write down the conflicts now whether we have to do those things when I'm application guy and obviously if I'm an application guy I would be not able to do those things we have to always rely on whistie networking team like if I have to develop any applications I need to always ask that network theme has not yet done they are not created firewall all those stuff okay so it's always a pain point and obviously the delivery of your applications will be getting late that's the one thing okay so that's the one stuff like when we are doing any kind of changes accordingly the policy has to be changed on our physical devices but again that will be again taken care by the ACI stuff so what is an application to the network again as I was telling application is the collections of your all the endpoints when you do have VMs when your bare metals of of a same family like for the functionality wise from the application levels they would be considered to be called as one set of EP G's okay so on that very basis Molly we are going to apply the networking policies to them so this is just an overview guys when you do get any kind of infrastructures on what of other levels that you do work accordingly you only try to visualize your traffic flows and even your workflows so when an application guys see they see the things in this very way when a security guys will see they just see zoning zones configurations they would see how we are going to create firewalls who would be DMZ and when our network guys will see they will see that what VLANs what we excellent they have to configure and cloud admin guys they know how to run the different different applications to them idea is that why don't we provide them a same GUI or the same platform when they can do all the stars with the help of epic so epic is basically a management console to really have a hands-on on all the set of devices and applying your related policies as for your workflow models so when an application guy is there he can create and he can define what are the different applications that I am gonna rock security guys they will be writing the firewalls convicts and network admin guys will tell that what's always been getting connected to what's which boots so accordingly he would write on the but what platform we are going to use its the epic platforms so we are going to create an operational framework in our internal infrastructures but they ask mean like a lot of number of customers they have created their own apps also they have even created their own API is also and accordingly well if they tried to run their operational things now the easier model does give you one another things if anyone who's been coming up from the application development life cycles or even like when you talk about the upgrade process some of the companies will always have a test environment obviously like many we go for go go for any kind of upgrades or whenever the application is thinking of love to test that things we would not put that things purely on the production on the first day will first of all try to test it how it is behaving when we do have a use traffic how it is going to behave what is the performance issues so it's always tough for any particular customer to build these number of involvement so if you have to create that kind of set of replicas it's always a cost thing okay it's a very very cost effective things now really when you talk about an ACI we would try to achieve that things by creating that tenants like we would try to create three kind of tenants maybe there would be a day of model so that would be one of the contexts that we would create he would have test environment and when we would have production environment so we would be having three set of environment replicas to it running on the same platforms so on the top they will have all set of same switches and spinal leaf switches but their traffic will be always different to the traffic what is being created with the help of a sea-ice tenant so whenever we talk about context and networking world we always referred as via ROVs or maybe VLANs but whenever we thought of context in ACI we will always refer to tenants like this is one tenant maybe production tenant this could be a day of tenant and this could be maybe a test tenants or developments depends now even we can also provide the same infrastructures to multiple customers so customers calls can be also considered to be called as one set of tenants so it depends what operational things that you are doing accordingly you would be defining your related tenants so the idea is that application models how we can actually apply the same set of rules on different different environment like we do have dev test and production if you have created the same models remember the model I have created with the help of XML files we can just keep on copying it and we can apply our application development teams to develop the things in one different infrastructures they could test it and after the proper life cycles only we are going to put them into the productions so you need not really create a new environment all according to it creating a new firewall I buying a new firewall buying a new set of server or buying a new set of switches you can test in the same kind of infrastructures without giving any kind of blow what's been happening in the production environment so this is again again a very pain point I hope this would be a very great thing that you might be experiencing with a CI so I will welcome any comments if anyone has got who have been coming up with these kind of infra like again when I see other thing upgrades upgrades is always again a pain point for a net for guys so whenever we upgrade we have to always upgrade first of all test environment if it has behaved very well then money will go to the production's right now I can't relate the upgrades very similarly how I have defined the application life cycles okay but you can think about that set of environment 5e to create test environment basically test our application how it is behaving then Molly will put into the productions but without investing a huge investment we can still do the testing the same environment itself so that's the one another achievement that we can do with a CI so that's being one of the first section guys I know that's being a very long theory sections it's always a trouble to really understand a new technology but I am trying to give you the hypothetical way thinking and then only we can head to the main stuff like what are the major building blocks so among them the building blocks will be the nexus 9000 but up to this moment any comments guys any questions then only we can move into the next sections I shake what is the difference between if it like a CIA environment of Pisco and VMware NSX so what is the similarities or in some of the design what I see ACS are integrated with NFC a scope and then success so we do some live for description our differences between both exactly this is one of the very very well used design by most of the customers nowadays because again when you talk about the Sdn product line VMA has got their own product line called nsx now they are lot of number of advantages when you use nsx now there are some another set of advantage which you would find out with a CI now if I'll try to explain they would be again like two three days to really talk about on that set of design but just to give you an overview on it there's a great point that you have really came through because I've been working with the design and I will tell you like 30 to 40 percent of design cases will be purely on nsx over an AC I so this is basically an nsx over an ECI now it's not like that nsx will only run over and easy I it can run on any over fabric it could be even junipers could be restore switches can be anything because nsx only claims that I need to have just switches on the top which can switch the traffic from one ESX eyes to the another ESXi now the idea is that when you do have your ESXi service now usually the ESXi servers we will design accordingly to the nsx basic design topologies we try to create stuff in this very way that we would be having a management cluster MGMT cluster similarly we would be having web cluster we would be having apt cluster and maybe we would be having DB cluster similarly there would be a cluster that has been called as a edge cluster now idea of NSX is that that they can do the routing on be available on a virtual levels it was earlier what they have to always do like many but they had to create a web network similarly the idea 10.1.1.1 T for subnet we have only reserved for the web traffic's app maybe we have defined subnet of 20.0 slash 24 now whenever of web VM has to talk to add VM he has to send the traffic's to him to the router ok the router will send the traffic's back to the AB devices this being being done for a long time because vmware was mostly on the virtual additions that was a server virtualization now what they came up with an idea they came up with an idea called dlr that has been called as a distributed logical router now idea is that why didn't we put a router on every ESX eyes like on every yes excise we would be having a routers now what is gonna do like whenever the web is going to talk to the app the traffic will head to the router that is a local router route that traffic's to the AB devices if app is being sitting in the same ESXi it has to not leave the ESXi and get back again in that case is the traffic will switch over within the ESX eyes level usually these kind of traffic is being called as what east-west traffic's ok like whenever we have to send the traffic from one tire to the another tie east-west traffic even this is a very common term in the physical environment also now to really do this kind of task all these things is being happening at the back end with the help of VX la because whatever the thing that we as web app and DeVita's they are being created as of port groups but these are the Divi port groups but these with Evie port groups will be VX land capitals so that other things that we are trying to achieve with the east-west traffic's but remember when it comes to the traffic which has to really go to the Internet usually that traffic's is being called as a north-south traffic okay so whenever we have or not sow traffic's in that cases we would be having edges so edges is a concept again in the NSX so edges are again like of vm's which is only capable to send the traffic's to the perimeter devices which has been called as like your service provider or maybe it could be that top such as so it's the top of RO rack routers that you have to get it connected so many of these very vm's has to send the traffic's to internet mostly the web traffic has to get to Internet the s devices is going to do that functionalities but again edge is not only for routing this is going to provide you the firewall micro segmentations load balancers IPSec VPNs l 2 VPNs and mininum of the functionalities so a lot of things that you are now trying to achieve with the help of what nsx itself even they do give you some one of the features like guest inspections and even nowadays like even nsx is being over on the aid of less clouds also so if you'll try to search vmware over AWS that's also one of the features that you are going to get but the thing that we are trying to talk about all this vmware cloud is perfectly fine that's fine they need at least one fabric on the top because when it is a vm which is being a part of same ESX eyes they can route the traffic's but when they are part of two different servers it has to be a particular switches on the top now such as as I claimed that this fabric could be of any vendors but when we go with ACI we would be going to achieve that tasks what we are going to get from the ACI also so from the ACA what we're going to get whatever the redundancies that we get it from spine and leaf infrastructures that's the one thing and we see all these things as a bunch off a VMware cloud where we have to create a management traffic tenant sorry not tenant EP geez similarly we have to create a data traffic EP geez and we have to create a EDS traffic's DP geez so whenever we have any kind of a control center this control center will try to get connected to your VC or nsx manager and many other stuff like your controllers and all other stuffs because still you would have the same kind of concepts of controllers in nsx also so that would be our management networks so that management network will be equivalent to your EP G's that you would create in your ACI side similarly whatever the data traffic that is being going from a web app and tea bees that are all data traffic which is being only for nsx specifically so you can define a set of EP G's and to really make that switchover of the traffic from one server blade to the another server blade you are trying to provide a written end path now not just like a single search you are getting connected you are providing an AC environment which can actually utilize that features of a CI itself also so though you are using nsx so from a virtualization world you are using the features of nsx plus when it goes as a data traffic you're using a CI as a features also so if you have to apply some another set of security rules you have to apply the redundancies rule or maybe load balancing rules you can still achieve that things and when it comes to edge traffic like web traffic has to go to the edge so edge is going to send the traffic's as like an odd sound traffic's so again you have to create it as a separate set of EP G's but again as I was telling it's not a small topic it's a big topic how you try to get it connected but until unless you don't have a great understanding on nsx and on a CI at she will not have the proper visualization on the design but the idea is that how we can usually occasionally we can use the features off and SX plus of a CI that's the one thing that we are trying to achieve over here now the other thing which you would find out with the ACI right now this is the nsx cloud same way we can even have hyper-v clouds right now for the ACI the web which is been running in Hana sex and the web that has been running in hyper-v are you going to claim them as two different traffic's or two different families no you have no claim that thinks that these are well doesn't matter they are sitting on hyper-v or some of this things are sitting on the VM bit Klaus so we are going to represent all this all web as a single set of EP G's so when I'm providing any kind of policies from ACL level so this ACL level policies will be even written on the vmware levels and even on the microsoft levels also so my policies is not different from microsoft not different for the vmware clouds also because whoever our web doesn't matter where they are sitting i'm going to apply that same set of policies but now think about the same set of things if you have to do in a multi cloud or multi window cloud you have to always think about this feature is there in vmware might be this feature is not there in hyper-v vaguely there would be a major differences but yeah what we are trying to achieve from a CI is the same infrastructure builds we are trying to apply the same sets of policies which is being distributed to all the devices in one single sets so at least you got the idea what is the meaning of nsx over in ACI and until ICF is very much alright so until this you don't have the understanding more onto the nsx because as like ACI is a proper bootcamp similarly we take nsx bootcamps also so these are two different technologies but the things that we achieved with NSX is pretty much better what we do get with a CI but again a CI what it is going to provide us it can actually make a merging of two different clouds which she would not see with NSX at this moment though like now they are claiming they would be coming up with NSX T but at this moment they would be just going to provide services for ESXi and KVM so this again a multi cloud kind of concepts and a good thing that they would be no any kind of vCenter integrations at this moment you have to really reluctant to the V centers it's a lot of developments that's been happening but one of the great thing that's been really observed from VMware side is the VMware on AWS so this has been called as SD DC's software-defined data centers all right guys so that was one of the question and SX over a CI so I see people are being coming up with that kind of design a lot but I must be telling like I didn't find out most of the customers came up from India at this moment most of the cases we came up from Dubai Middle East from Australia and mostly from Europe and US but a friend the I I didn't find out that kind of design ever came up yeah any of the questions this is another proper document for it if you want to see that's NSX over a CI design guide it's being distributed by Cisco event there is another community that transfer VM there so this is the story from Cisco side how these things will be achieved and the similar kind of story would be given by VM the guy's also so you can see what are the different things they have created all right so guys are not good further on I think it's being a lot of number of theory sections today tomorrow men will meet up we'll try to go with the physical searches understanding what are the different exes nine thousand searches what is epic how we initialized a topic and now we get started for the ACI configurations so these are the topic that we are gonna do that tomorrow I'm not going to really do that high-end hardware properties obviously you can research and this properties is going to keep on changes as per the upgrades of the hardware devices most like this could be a support from leaf and spine such as level and how you're going to see the controllers so policy model what is policy and meaning other things so let's stop over here guys I don't want to really give a a big blow on the first day of class okay I would give a recommendation at least go with the white papers of ACI first and come up with a lot of questions that's very required from the classes at this moment I know there's a but bunch of a lot of number of people's are there alright so I think some of the folks I have already talked earlier
Info
Channel: NETWORKERSHOME
Views: 67,140
Rating: 4.7763157 out of 5
Keywords: ccie videos classes training classroomvideos courses playlists basics, cisco aci basics, cisco nexus 9000 7000 series videos, ccie aci and sdn videos and lab practices, ccie datacenter aci basics, ccie aci sdn videos, aci apic ave videos, cisco ccie aci basics videos and training, cisco ccie aci lab pracrtices, vxlan routing and switching videos, networkers home, ccie data center videos, cisco aci and sdn training videos, cisco aci fundamentals, cisco aci configuration
Id: A10ynOzC7gc
Channel Id: undefined
Length: 166min 5sec (9965 seconds)
Published: Fri Apr 20 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.