Episode 3 - Introduction to ACI Network Design Options

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so having looked at the the building blocks of how we build out tenants and PGs let's look at that in a bit more detail there are really a few basic ways that customers build out the network and we'll start with what I call is standard networking so this is option one so just basic networking I've got a vrf again that's going to sit inside a tenant I've got a subnet so bridge domain and then I've got an EPG or VLAN attached to this so this is your standard building block every customer every I see our customer builds exactly like this to start with because this is what they've always got in their network today today they always have a VLAN which is at this layer and they always have a subnet which is at this layer and a vrf at the top so they always have this so your standard networking just adds on to this I've got a vrf I add a second subnet a second EPG a third one and so on and so on so this is very basic this is really taken exactly what customers have today and replicating that on an ACI fabric so the nice thing with your option one your your standard approach is it's very simple to explain to customers because it just builds on things they know and as I mentioned before what is different with ACI is that if I want to talk from Group one to group two I need to put an access list or a contract as it's known in ACI I need to put a contract in place that allows me to talk from Group one VLAN 1 to a PG 2 redone - so I have to have this in place before any communication is allowed on the network so option 1 it is very straightforward very simple every customer is going to build this option to is is slightly different so with option 2 what I can do is if I remove this quick very quickly option 2 allows me to have multiple groups of servers on the same subnet so this is counterintuitive for most Network people most Network people would think I've got a VLAN I've got a subnet that's a one-to-one match in a CI we can build this though we can build multiple EP G's multiple groups of servers all sitting on the same subnet so an example where this is useful I had a one of the universities in the city in London they had a requirement they had all of their web servers sitting on a single subnet and what they wanted to do was break those web servers into different groups of web servers so a group for application while a group of application to and so on and so on so they didn't want to allow cross talk between those groups of servers and with a CI that's that's very simple I build my subnet they've already got that in operation anyway all I need to do is apply 3e pgs to the network and attach my servers to these EP G's and now they can't communicate they can talk out through their default gateway up here and if they want to talk to the next chair of the application but we simply put a contract in place that allows this EPG to talk to a different EPG and that's it I've now got connectivity across the network and again the missing part is I'm going to draw a box around all of these EP G's and these would form what's known as the application profile and when customers are deploying a network they they often get concerned or confused around how they should call their application profiles there's no right or wrong way it's really a case of what makes most sense for the customer so in this case I've not given my application profile and a name or anything like that but if we think about this how I could construct this I could have an app profile for me so it's my app and underneath my app I've got an EPG from my web tier my apps here and my DB tier and I would call that Steve's out I'll turn to view though I could call this you know Steve's up and I've got VLAN 10 redone 11 and being on twelve so it's just the naming convention that you need to help the customers decide upon if they can name their network constructs by on an application name as we've got here then it makes much more sense for them from an auditing perspective of configuration management perspective and knowing the rules of data flows across their network however if I name it you know VLAN 10 V 911 B 912 there's nothing wrong in that it just means that they need to take that name VLAN 10 and relate that back to the services that are presented on VLAN 10 so it's just another step they need to do again no right or wrong just two different options that they have so if not here option one and option two and I'll share a slide with you now so you can actually see this in a lot cleaner picture you
Info
Channel: Cisco UKI
Views: 13,129
Rating: undefined out of 5
Keywords:
Id: eZxQdfCXMok
Channel Id: undefined
Length: 5min 34sec (334 seconds)
Published: Thu Sep 13 2018
Related Videos
Episode 4 - Introduction to ACI Microsegmentation
Cisco UKI
10K
Episode 1 - Introduction to ACI physical topology
Cisco UKI
21K
Episode 5 - Introduction to ACI External Connectivity
Cisco UKI
9.2K
Episode 2 - Introduction to ACI Tenants, VRFs, Bridge Domains, Application Profiles, EPGs and Contra
Cisco UKI
30K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Module 1 - Episode 3: ACI Switch Discovery
Cisco Data Center and Cloud Made Easy
3.7K
Cisco ACI Part 1 | What is Cisco ACI?
RichTechGuy
1.2K
How Devices Connect to the Fabric: Understanding Cisco ACI Domains
Tech Field Day
366K
Introduction to IT Infrastructure
German Retana
467K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
Professor Wool - Introduction to Microsegmentation
AlgoSec
5.5K
How not to take things personally? | Frederik Imbo | TEDxMechelen
TEDx Talks
10M
CCIE Datacenter Training - Cisco ACI Basics from Networkers Home. CCIE Playlist and videos on ACI.
NETWORKERSHOME
70K
VRF Overview & Configuration - Cisco CCNP ENCOR 350-401
MixedNetworks
5.6K
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.