2015-04-02 - cisco aci

SDN & Cisco ACI

A brief introduction

Agenda

● Networking trends and challenges

● What is SDN?

● OpenFlow

● Introducing Cisco ACI

● Nexus 9k Series

● ACI architecture

● Summary

● Q&A

Trends & Challenges • SDN • OpenFlow • ACI Intro • Nexus 9k • ACI Architecture • Summary • Q&A

April 17, 2023 Business Unit Meeting: System Engineering 2

Business Unit Meeting: System Engineering

Computing trends are driving network change

● Changing traffic patterns

● One-to-one mapping between server and application is disappearing

● Lots of east-west traffic, sometimes globally distributed

● Growing need for bandwidth on demand

● BYOD

● Requires networks to be both flexible and secure

● Cloud services

● On-demand access to applications (SaaS), infrastructure (IaaS), …

● Big data

● More data = more bandwidth

● Lots of parallel sessions for data processing

April 17, 2023 3



Limitations of current technologies

● Complexity that leads to stasis

● Network changes are often• Complex• Time-consuming• A lot of manual work with a high risk of mistakes

● Result: changes are discouraged “If it ain’t broke, don’t fix it”

● Inconsistent policies across devices

● Inability to scale

● Link oversubscription based on predictable traffic patterns What if traffic becomes unpredictable?

● Vendor dependence

● Lack of standard and open interfaces

April 17, 2023 4



A simple mistake can have a huge impact…

April 17, 2023 5



What is SDN?

● Software Defined Networking

● Goal: simplify networking

● Directly programmable

● Agile

● Centrally managed SDN-controller

● Programmatically configured

● (Vendor-neutral)

● Approach: abstract lower-level functionality

● Decouple control plane and data plane

April 17, 2023 6



What is SDN?

● SDN Layer

● Applications that deliver services

● Drivers to communicate with the NBI of the controller

● Physical network

● Physical network devices

● Controller

● Most critical element of SDN

● Removes control plane from the physical layer and runs it as software

● Facilitates automated network management

April 17, 2023 7



Benefits of SDN

● Service provisioning speed and agility

● Setting up a network can be as easy as deploying a VM

● Lower hardware and operating costs

● Better scalability

● Increased uptime

● Individual devices are less error sensitive

● Improved management and planning

● One single point of configuration

● More fine-grained security

● Better control of network flows

April 17, 2023 8



OpenFlow enables SDN

● Protocol originally developed at Stanford University

● Now managed by the Open Network Foundation

● Supported by many large companies, including:

● Google

● Cisco

● VMWare

● Goal: create a common “language” for programming network switches

● Interaction between the control and the data plane

April 17, 2023 9



Cisco ACI: The basics

● Application Centric Infrastructure

● Creates networks from an application point of view

● Cisco’s implementation of SDN, released July 2014

● Differs from traditional SDN

● Implementation is partly in hardware, instead of only in software

● More than just network virtualization: focus on shaping network infrastructure to the needs of specific applications• SDN: “How can a network be virtualized?”• ACI: “How can networking be transformed to revolve around an application’s needs?”

● Policy based approach

● Foundation devices:

● Application Policy Infrastructure Controller (APIC)

● Nexus 9000 Series switches

April 17, 2023 10



Imperative vs Declarative

● Imperative control:

● Controller has full intelligence or state

● Controlled entities follow exact rules or instructions

● Controller knows how to control all entity types

● Good for:• Small systems• Simple problems• All controlled entities are the same

April 17, 2023 11




● Declarative control:

● Controller stores or distributes desired state

● Controlled entities receive desired state and make changes

● Good for:• Large scale• Complex problems• Disparate controlled entities

April 17, 2023 12




April 17, 2023 13


Shell script (imperative) Puppet config (declarative)


Network provisioning today

April 17, 2023 14



Intent driven provisioning

April 17, 2023 15



Policy layers in ACI

● Application policies

● Fabric policies

● Fabric interface policies

● Fabric load balancing policies

● Firmware and maintenance policies

● …

● Access Policies

● Interface policies

● vPC

● QoS

● …

April 17, 2023 16



Application policies

● Logical networking

● How does A talk to B?• Switched, routed, inside to outside, …?

● Terminology:

● Tenant: Logical separation for administrative domains

● Private network: separate routing instances (≈ VRF)

● Bridge domain: Layer 2 segment (≈ VLAN, but without VLAN ID)

● Subnet: Layer 3 address associated to a bridge domain (≈ SVI)

April 17, 2023 17



Application Network Profiles

● Logical network: how does A talk to B?

● ANP: should A talk to B?

● Which protocols?

● QoS?

● Additional L4-7 services required?

● Defined by contracts

April 17, 2023 18



Application Network Profiles

April 17, 2023 19



Endpoint group membership

● Physical port

● VLAN ID on a port/switch

● VXLAN VNID on a port/switch

● Subnet

● Virtual Machine Manager grouping:

● Port Group (VMWare)

● VM Network (Hyper-V)

● Neuron Network (OpenStack)

● …

April 17, 2023 20



ACI Open APIs and Ecosystem

● Northbound REST API

● Open to the network engineer

● Accessible via a large number of tools• Web GUI Config + monitor + troubleshoot• ACI Toolkit: Python library available on GitHub• No more “conf t”!

● Resides on APIC

● Southbound API

● Integrates with products of major vendors

● Resides on devices

● APIC

● Application Policy Infrastructure Controller

● Physical appliance

April 17, 2023 21



Nexus 9000 Series

● Cornerstone of ACI

● Can operate in two modes:

● Standalone• Direct access to Bash Enables automation with Puppet, Chef, …

● ACI• Configured via APIC

● Offers basically less features than N5k and N7k

● No FCoE, MPLS, DC-Interconnect

● Cheaper!

April 17, 2023 22



ACI architecture

April 17, 2023 23



ACI architecture

● Spine-and-Leaf

● Spine: Nexus 9500

● Leaf: Nexus 9300

● All spines connected to all leafs

● No direct connections between 2 spines or leafs

● Maximum 3 elements between any 2 devices

● Reduced chance for traffic bottlenecks

● Difference with classic 3-tier:

● Every leaf is only two hops away from every other leaf (east-west traffic!)

● Easy to add more switches scalability

April 17, 2023 24



VXLAN overlay

● Inside fabric: L3 VXLAN overlay

● Decoupling endpoint address from location

● Forwarding between VTEPs

● Full mesh

● Loop-free No need for STP

● VTEP knows destinations

● No need for broadcasts

April 17, 2023 25



VXLAN overlay

April 17, 2023 26



Summary

● Application models evolving

● Traditional networking approaches often not efficient enough

● SDN makes abstraction of physical layer

● Automation becomes possible

● Cisco ACI is more than just SDN

● Application centric

● Policy-driven

● Two cornerstones:• APIC• Nexus 9k Series

April 17, 2023 27


Title of the slide


April 17, 2023 Business Unit Meeting: System Engineering 28

2015-04-02 - cisco aci

Documents

sdn cisco aci

cisco aci nexus

sdn protocol

system engineering

business unit meeting

managed sdncontroller

sdn layer applications

critical element of