Cisco ACI Part 1 | What is Cisco ACI?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey so i'm really looking for a solution for my data center network i mean it's really going to be a pain to manage and and particularly around the vxlan side of things and keeping track of all the vteps the vnids i really need some sort of a platform or some sort of a system really to manage that well have you considered cisco aci well we we can't deploy a whole new network solution yeah all right i i get it uh but what you're really looking for is centralized management for your data center vxlan right yes that's exactly what we need all right so let me show you cisco's solution for a vxlan environment with centralized policy-based management great what's it called yeah it's called cisco aci so once you understand cisco aci you find it's a really simple solution hi i'm rich welcome to the rich tech guy channel and in this video we're going to dive into cisco aci now this is actually going to be the first part of a multi-part series of cisco aci so go ahead and hit the like button if you like this content and hit that subscribe button so you can follow along as the other parts of this video get released all right so let's have an overview of cisco aci now aci is cisco's solution to software-defined networking for the data center networking environment now what's that mean well back when i first heard it it meant absolutely nothing to me so this is essentially in a nutshell what software defined networking does when you have a traditional networking environment and you want to make a change to how something operates on your network you have to identify the necessary devices and then you have to go to each of those devices and manually configure that change this is a time-consuming process and it's also prone to errors so you you miss a command or you incorrectly type a command and somehow the switch actually thinks it's another command then suddenly stuff breaks it's no longer working for you now with software defined networking all you got to do is you make that change one time in the software defined networking environment and then it pushes out the configuration change to the necessary devices so what does cisco aci stand for well i'm only going to say this once all right cisco aci stands for application centric infrastructure and now that i've said it i honestly i want you to just forget about it okay aci is and what it stands for is really a horrible name for it in my own opinion and it really provides no information as to the benefit that aci brings to a data center network now before we dive any deeper into aci i'm going to give you some prerequisite study material if you notice from my intro skit aci and vxlan actually go hand in hand with each other so if you haven't seen my videos on vxlan i encourage you to go watch them right now i'll link them down below and also i'll have the link to the very first one in the series up here so the reason why aci and vxlan go hand in hand well the short answer really is that aci is built on vxlan now the reason for this is vxlan is a great solution for the data center what you can do with vxlan is you can have multi-tenancy you can link multiple sites across a wan environment through vxlan and you can have end-to-end multi-link redundancy in a vxlan environment now vxlan of course is not without its drawbacks so as your vxlan infrastructure grows you're going to run into management challenges and keeping track of your your feed taps your your vmids as your infrastructure grows bigger and bigger and you have more devices on it that can grow to be more and more of a challenge so cisco has introduced aci as a man as a way to manage that infrastructure in a centralized way and in fact the way i often refer to cisco aci is cisco enhanced vxlan there it is that is the the easy way to think about cisco aci and essentially what that is is if you have a vxlan environment and you bolt on a centralized policy-based management that's cisco aci now while aci does run essentially on vxlan there are some noticeable differences that you need to keep in mind so when you're looking at a legacy or traditional vxlan environment it's based off of the ietf standard rfc 7348 and as a result of that vxlan does not run specifically on cisco devices it can run on any network device that supports that standard aci on the other hand is a cisco proprietary solution so it only runs on cisco switches and more specifically it only runs on the cisco nexus 9300 or 9500 series switches now aci is set up in a spineleaf topology and the way the switches operate in aci is you have dedicated spine switches and dedicated leaf switches this is actually based off of the hardware run on the aci or on the nexus switches also these switches have to be dedicated to aci mode as opposed to the traditional nx os mode of the switches now when you're looking at the nexus 9000 line the 9300s are generally going to be leaf switches there are a couple of options for nexus 9300 spine switches which can be used in smaller aci deployments but uh the general use of the spine switches in aci for a larger deployment would be the nexus 9500 switches and those are only going to be spine switches you cannot set up a nexus 9 500 as a leaf switch now as we have that spine leaf topology like in vxlan the thing that we need to keep in mind is there are some some differences here and for starters the spine switches will only connect to leaf switches there are going to be a few exceptions on this for extended aci topologies but as we're covering in this particular video the basic setup of cisco aci the it basically the spine switches will only connect to leaf switches the second rule that we need to be aware of is that the leaf switches do not connect to other leaf switches they only connect to spine switches and the device is in your network if you recall from my vxlan part 2 video i had a virtual port channel or a vpc setup which required a peer link between the two between two of the lead switches in aci you can do a virtual port channel but the pure link connection actually goes through the spine connections to create a system of policy-based management what you need to add to this spineleaf topology is apex and [Music] the best practice is actually to vpc virtual port channel them to your leaf switches aci is going to require a minimum of three apex and the number of apex must always be odd now this is kind of to resolve any policy disputes kind of like in minority report so aci comes in two forms there are physical apex which are built on the cisco ucs c220 servers and there are virtual apex which can deploy into a vm environment the rule here is you need one physical apec minimum and then any combination of physical or virtual apex afterwards keeping in mind you do need the odd number of apex now this is because when aci is deployed it's going to need that physical connection to build out the network and i'll get to that in a minute and then the virtual apex can be added in once you've got some policy configured so what happens if your apex lose connectivity to the network or you lose the ability to access your apex the apex go down whatever well the short answer is nothing the network will continue to handle traffic based on the most recent policy set by the apex that policy cannot be changed until your apec connectivity is restored but apex do not affect the data plane traffic and so if you lose your apex your data will still cross the network as it was according to your most recent policy now once we have our network set up and we've got the apex in place and connected and we start to turn it on this is how the process is going to work so the leaf switches are going to start looking for a connected apic and the way they're going to do that is through cdp this is why we actually need at least one physical apec in an aci deployment once this connection is established what's going to happen is the apec will push necessary updates to the leaf and then it will push policy out to the leaf now if this is a new deployment there's not going to be much policy applied after the leaf switches are set up or at least one leaf switch is set up you're going to have the spine switches which are going to be reaching out and when they have connectivity to the leaf they will report to the apec and receive updates and policy once the spines are set they start looking for any leaves that have not been discovered out there and will facilitate the connectivity for those leaves to connect and reach the apex and get their updates in their policy application and finally once all the apex are able to communicate with each other they will sync up and vote on any policy variations this is why we need the odd number of apex all right so now that we've got a aci network set up and it's all powered on and everything's synced up and policy's been pushed out let's look at what's actually happening on the network now when a when we're looking at a vxlan network traditionally it's going to be running mpbgp aci on the other hand uses a different protocol set and you know i often joke that this sounds like it came out of a marvel movie but it's actually a real protocol set run on aci and it's called the council of oracle protocols also known as coupe and the way the council of oracle protocols work is the spine switches are designated as the oracles and when a leaf switch learns of a new endpoint what it does is it sends that up to the spine switches as the saying hey i've got this endpoint here it's attached to me the spine switches then maintain their database of where all the endpoints are so if a leaf switch needs to send traffic to an unknown endpoint really all it does is it just sends it up to the spine switches and lets the the spines sorted out now does bgp play a role in it actually yes it does and the way bgp works in aci is when you want to route externally so if you're doing an external layer 3 connection you are going to be attaching either a router or layer 3 switch into your aci environment and the leaf switch connected to that is going to start receiving routes so this is where you're going to want to have bgp or you can also set up ospf inside of your aci environment to begin to have the uh or to receive that route information now when you're looking at bgp in with aci you're going to configure that you're going to define the autonomous system number for your aci environment and then you're going to set up your spine switches to be the root reflectors which is just like in a traditional vxlan environment now in my next video i'm going to go over the policy configuration that you do in aci so go ahead and hit that subscribe button so you'll be able to see that one when it comes out and also if you like this content go ahead and hit that like button and i'm going to go ahead and sign off here with keep learning keep studying keep improving thank you you

Info

Channel: RichTechGuy

Views: 221

Rating: 5 out of 5

Keywords: Cisco, ACI, Data Center, Networking, CCIE, SDN, Software Defined Networking, VXLAN

Id: Imdipzb3IH4

Channel Id: undefined

Length: 13min 31sec (811 seconds)

Published: Fri Sep 10 2021