migration from classic design to aci fabric - alcatron.net live 2014 melbourne/cisco live... ·...
Post on 12-Mar-2018
218 Views
Preview:
TRANSCRIPT
Migration from Classic Design to ACI Fabric BRKDCT-2642
Kannan Ponnuswamy
Solution Architect
Cisco Advanced Services
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Acronyms
3
IOS
AAA VDC
ISE STP
FTP UCS
ToR
QoS OTV
PIM
CDP
vPC
FEX
ASA
RIP TAC
BGP
VSG
CPU
ARP Network Programmability
IaaS PaaS SaaS
SECaaS
XaaS
MTIaaS
VRF
ACI
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Icons and Terms
Cisco Nexus 9500 Cisco Nexus 9300
Router Load Balancer Firewall
APIC
Application Policy Infrastructure Controller
(APIC)
Storage VMware
vCenter
Nexus 5000 Nexus 7000 Nexus 2000 / FEX Nexus 1000
Virtual Machine
4
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Agenda
Application Centric Infrastructure (ACI) Overview
Planning for the future with Nexus 9000
Migration to ACI
Network Centric
Hybrid Approach
Application Centric
5
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Overview
6
Physical
Virtualisation
Networking
APP DB POLICY WEB
HYPERVISOR HYPERVISOR HYPERVISOR
APIC Application
External Network POLICY POLICY
Polic
y D
riven
Merc
hant+
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Nexus 9000 Series
Open, Flexible, & Choice
of Programmability
Modes
Per-Box
Programmability
Policy Controller,
Centralised Fabric
Programmability
1/10/40/100GE
Common Platform
Network Ops Driven, Switch
Automation
User Driven, Policy Based Fabric
Automation
APIC
7
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Migration Paths to ACI
8
ACI Fabric
Current DC
Infrastructure
Classic mode • Growth – Addition
• Network refresh
ACI Integration • New environments
• Service Chaining
• Dev, Test
ACI Migration • Business drivers
• Security, Compliance, TCO,
Programmability, Operations etc.
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Agenda
Application Centric Infrastructure (ACI) Overview
Planning for the future with Nexus 9000
Migration to ACI
Network Centric
Hybrid Approach
Application Centric
9
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Classic Mode Adoption – Nexus 9000 Series
10
vPC
N9500
N5K
N2K
Layer 3
Layer 2
vPC
vPC
N7K
N9300
VM
#4
VM
#3
VM
#2
Layer 3
Layer 2
New access POD or Catalyst Replacement
Aggregation Catalyst Replacement
VM
#4
VM
#3
VM
#2
N2K
New Aggregation, Access POD
vPC
VM
#4
VM
#3
VM
#2
N2K
vPC
vPC vPC
N9500
N9300
Layer 3
Layer 2 C6500
10
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Classic Mode Adoption - VxLAN on Nexus 9000 Series
VXLAN Overlay
Workload mobility
L2 Multipathing
VXLAN Gateway (VXLAN to VLAN)
VXLAN Bridging (VXLAN to VXLAN at L2)
VXLAN Routing
Routing between VXLANs and VLAN to VXLAN
Anycast Gateway for vPC setup
11
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Classic Mode Tools for Nexus 9000 Series
12
On CCO: Catalyst 6500/4500 IOS to Nexus 9000 NX-OS Configuration Converter
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Open Source for Nexus 9000 Series
Community contributed code and samples
Sample scripts for automation, operations and
general use
Python Modules to aid in rapid development
For custom use cases, development could be
done by your in-house team
https://github.com/datacenter/nexus9000/tree/master/nx-os
Cisco Advanced Services 13
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Nexus Deployment Assistant
POD builder questionnaire
• Select technology you would like to deploy
• Select aggregation, access devices, line cards
• Select connectivity requirements
• Select protocol settings and other configuration
Cisco AS
Best
Practices
14
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Nexus Deployment and Migration Tool
15
Nexus Deployment Assistant + Selective Catalyst IOS to Nexus 9000 config migration
Current Device Module Selected Interfaces
Access Switch #1 WS-X6548-GE-TX GigabitEthernet1/1
GigabitEthernet1/2
GigabitEthernet1/3
GigabitEthernet1/4
Access Switch #2 WS-X6748-GE-TX GigabitEthernet3/1
GigabitEthernet3/2
GigabitEthernet3/3
GigabitEthernet3/4
Target
Device Module
Target
Interfaces
vPC Pair
NewAccess1
NewAccess2
N9K-X9564TX Ethernet1/1
Ethernet1/2
Ethernet1/3
Ethernet1/4
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Nexus Deployment and Migration Tool
16
• Automate Nexus 9000 deployment and configuration
• Catalyst and Nexus 9000 integration and end device migration
• Migrate any Catalyst 6500 topology to any Nexus 9000 topology
Deployment Assistant
Catalyst Environments
Si Si Si Si
Si Si Si Si
Si Si Si Si
VSS
Si Si Si Si
Nexus Deployment
Cisco AS
Best
Practices
Cisco Advanced Services
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Agenda
Application Centric Infrastructure (ACI) Overview
Planning for the future with Nexus 9000
Migration to ACI
Network Centric
Hybrid Approach
Application Centric
17
Deploying an ACI POD
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Fabric
ACI Fabric Initialisation
19
APIC APIC APIC
ACI Fabric supports discovery, boot, inventory
and systems maintenance processes via the APIC
• Fabric Discovery and Addressing
• Image Management
• Topology validation through wiring diagram
and systems checks
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Tenant
Bridge Domain One
ACI Forwarding Model
20
EPG_N EPG_1
VRF_Context_One
Bridge Domain One
EPG_N EPG_1
VRF_Context_N
192.168.1.0/24
10.10.0.0/16
Bridge Domain N
EPG_Legacy
Non-IP, L2 forwarding only
• A collection of end-points form an end-point
group(EPG). EPG associates to a BD.
• EndPoints Identified by: • Physical or Virtual Switch ports, VLAN ID, VNID
• Future - NVGRE (VSID), DNS hostname, IP address
• A Tenant refers to one or more VRFs/Contexts
• A Context/VRF is referred to by one or more
Bridge Domains (BD)
• Bridge Domains identify properties influencing
forwarding behaviour. One or more subnets,
ARP handling, Multicast etc.
10.10.0.0/16
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Tenant
ACI Policy Model
Application Profile
C Contracts define what an EPG
exposes to other EPGs and how
Contracts are reusable for
multiple EPGs and EPGs
can inherit multiple
contracts
C
C
EPG NFS
EPG MGMT
EPG DB EPG App EPG Web C C C
21
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Policy Model – What is a Contract
Allows to specify rules and policies on
groups of physical or virtual end-points
without understanding of specific
identifiers and regardless of physical
location.
…
filter action
filter action
filter action
filter action
identifier to which
actions will be
applied
L4 port ranges
TCP options
…
identifies actions to
be applied
Permit
QoS
Log
Redirect to Services …
defined bi-directionally in the “provider” centric way
C
22
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
No Such Thing as Enough Security
23
http://www.pcworld.com/article/2031580/mcafee-warns-of-malware-targeting-point-of-sale-systems.html
McAfee_Labs_Threat_Advisory_EPOS_Data_Theft.pdf
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Adoption Strategies
24
ACI Fabric Model New OPERATIONS Model DESIGN Model = +
New ACI Fabric Operational Model
ACI Fabric
Leverage Known
APPLICATIONS
Constructs (decoupled
from Network)
OPERATIONS DESIGN
Leverage Known
NETWORKING
Constructs OPERATIONS DESIGN
HYBRID: Leverage BOTH
APPLICATIONS &
NETWORKING
Centric Constructs
OPERATIONS DESIGN
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Agenda
Application Centric Infrastructure (ACI) Overview
Planning for the future with Nexus 9000
Migration to ACI
Network Centric
Hybrid Approach
Application Centric
25
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Classic
Access Switches
APIC
Network Centric Deployment Example 1 VRF + 1 VLAN
VLAN 10
.101
.102
1.1
.1.0
/30
1.1
.1.1
2/3
0
1.1
.1.0
/30
1.1
.1.1
2/3
0
.3 .2
Bridge Domain Blue_1
10.10.10.1/24
Blue Tenant
and Context
External EPG
Exchange
Routes (Blue)
Tag 10
.102
Policies
EPG blue_1
10.10.10.1/24
VRF Blue
•Routing
•VLAN 10
•HSRP
•Access List
•QoS etc.
Classic mode shown here for Reference ACI Fabric
.101
Tag could be VLAN ID or VNID
26
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Classic Access VLAN 10
(10.10.10.0/24)
Vlan 10,11
1.1
.1.0
/30
1.1
.1.1
2/3
0
1.1
.1.0
/30
1.1
.1.1
2/3
0
BD Blue_1
(10.10.10.1/24)
Blue Tenant
and Context
External EPG
Exchange
Routes (Blue)
Tag 10
Policies
EPG
blue_1
VLAN 11
(10.10.11.0/24)
Tag 11
BD Blue_2
(10.10.11.1/24)
EPG
blue_2
ACI Fabric
Network Centric Deployment Example 1 VRF + 2 VLANs – Option 1
Classic mode shown here for Reference
27
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Classic Access
28
VLAN 10
(10.10.10.0/24)
Vlan 10,11
1.1
.1.0
/30
1.1
.1.1
2/3
0
1.1
.1.0
/30
1.1
.1.1
2/3
0
BD Blue_1
10.10.10.1/23
Blue Tenant
and Context
External EPG
Exchange
Routes (Blue)
Tag 10
Policies
EPG
blue_1
VLAN 11
(10.10.11.0/24)
What if different policies between two groups mandated separate VLANs in Classic Networks.
EPG
blue_2
Tag 11
ACI Fabric
Network Centric Deployment Example 1 VRF + 2 VLANs – Option 2
1. Policies are based on EPG
2. Forwarding is based on BD attributes
X
Classic mode shown here for Reference
28
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Classic Access
Network Centric Deployment Example 1 VRF + 2 VLANs – Option 3
29
VLAN 10
(10.10.10.0/24)
Vlan 10,11
1.1
.1.0
/30
1.1
.1.1
2/3
0
APIC
1.1
.1.0
/30
1.1
.1.1
2/3
0
BD Blue_1
10.10.10.1/23
Blue Tenant
and Context
External EPG
Exchange
Routes (Blue)
Tag 10
Policies
VLAN 11
(10.10.11.0/24)
What if two VLANs was only due to ARP broadcast concerns.
ACI Fabric 1. Forwarding based on destination IP Address for intra and inter subnet (Default Mode)
2. Hardware based directed ARP forwarding
EPG blue_1
Classic mode shown here for Reference
29
Network Centric ACI Migration
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Access
.102
Network Centric Migration Example VRF + 2 VLANs
VLAN 10
(10.10.10.0/24)
Vlan 10,11
1.1
.1.1
2/3
0
APIC
1.1
.1.0
/30
BD Blue_1
Blue Tenant
and Context
External EPG
Tag 100
Policies
EPG
blue_1
Migration
Tag 101
BD Blue_2
10.10.11.1/24
EPG
blue_2
Layer 2 vPC Trunk
Layer 3 Routing
Static, OSPF, BGP
• STP compatibility with Classic Network
• VLAN 10 maps to BD Blue_1
• VLAN 11 maps to BD Blue_2
• Classic Devices are still the Default Gateway
• Equally applicable to L4-7 services (FW/LB)
in the Classic Network
• Flooding enabled on ACI BDs during
migration
• Once migration completed, insert needed
services and move Default Gateway ACI BDs
L2_
Out L2_
Out
Tag could be VLAN ID or VNID.
.101
VLAN 11
(10.10.11.0/24)
31
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Confidential
ACI Fabric
ACI Integration and Migration
10G/40G to ACI
Layer 3
Layer 2 - 1GE
Layer 2 - 10GE
10 GE DCB
10 GE FCoE/DCB
4/8 Gb FC
32
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Confidential
ACI Integration and Migration
10G/40G to ACI
Layer 3
Layer 2 - 1GE
Layer 2 - 10GE
10 GE DCB
10 GE FCoE/DCB
4/8 Gb FC
ACI Fabric
L3
L2
Forwarding Flow
Migration Path
• Default Gateway moves to ACI Leaf layer
• EPG = VLAN / Subnet (initial step)
• Host / FEX can migrate to Leaf (overtime)
33
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Many Migration Options
Option 1:
Migrate FEX to
9300 Option 2:
Migrate 5500 +
FEX to 9300 Option 3: Interconnect
existing POD to Fabric
APIC
34
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Agenda
Application Centric Infrastructure (ACI) Overview
Planning for the future with Nexus 9000
Migration to ACI
Network Centric
Hybrid Approach
Application Centric
35
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Access
AppThree’s
WebServer AppTwo’s
WebServer
AppOne’s
WebServer
Deployment Example – Hybrid Approach
VLAN 10 (10.10.10.0/24)
APIC
.3 .2
Blue Tenant
and Context
External
EPG
Exchange
Routes (Blue)
Policies
AppOne’s
WebServer
AppTwo’s
WebServer
AppThree’s
WebServer
External Network
External Network
VLAN 11
(10.10.11.0/24 Tag 2011
EPG 11
BD Blue_1
10.10.10.1/24
BD Blue_2
10.10.11.1/24
EPG
One-web EPG
Two-web
EPG
Three-web
Tag 101
Tag 102
Tag 100
Classic mode shown here for Reference
36
Hybrid (Network and Application Centric) ACI Migration
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Access
AppTwo’s
WebServer
AppThree’s
WebServer
ACI Migration for Hybrid Approach
APIC
Blue Tenant
and Context
External
EPG
Exchange
Routes (Blue)
Policies
VLAN 11
(10.10.11.0/24 Tag 2011
EPG 11
BD Blue_1
BD Blue_2
EPG
One-web EPG
Two-web
EPG
Three-web
Tag 101
Tag 102
Classic L2 Extension.
• STP compatibility with Classic Network
• VLAN 10 maps to BD Blue_1
• VLAN 11 maps to BD Blue_2
• Classic Devices are still the Default
Gateway
• Flooding enabled on ACI BDs during
migration
• Equally applicable to L4-7 services
(FW/LB) in the Classic Network
• Once migration completed, insert
needed services and move Default
Gateway ACI BDs
AppOne’s
WebServer
VLAN 10 (10.10.10.0/24)
Tag 100
38
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Virtual Environment Migration Example
L3
L2
N5500 N5500
N7K N7K ACI Fabric
VMware vSwitch, DVS, N1kV
L3 L3
L3 L3
“APIC Created” VMware DVS / Cisco N1kV
vCenter
vShield
L2 L2 L2 L2
vMotion / Cold Migration
“APIC Created” VMware DVS / Cisco N1kV
39
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Virtual Migration Assistant
• User and Workflow driven
• Multiple scenarios
• vSwitch ACI
• DVS ACI
• N1kv ACI
• Any Combination ACI
Cisco Advanced Services
40
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
APIC
Agenda
Application Centric Infrastructure (ACI) Overview
Planning for the future with Nexus 9000
Migration to ACI
Network Centric
Hybrid Approach
Application Centric
41
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Application Centric Migration Building the Application Profile – an Example
Oracle Internet Expenses
42
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
C Intranet EPG
@ Border Leaf
C
Other
Applications
TCP: *,443
Application Centric Migration Building the Application Profile – an Example
43
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Intranet EPG
@ Border Leaf
C
C
Expenses EPG
Extranet EPG
@ Border Leaf
Oracle
RAC DB
C
C
Application Centric Migration Building the Application Profile – an Example
44
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Confidential
ACI Introduction L3
L2 Spine
Leaf
ACI Deployments for Known Application Profiles
N7K N7K
N9K N9K
N9300 N9300 N9300 N9300 N9300 N9300 N9300 N9300
Integrated L4-L7 Services
Physical & Virtual
V
Internet WAN / DCI ACI POD for Greenfield or well understood applications
45
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Defining Profiles for Applications in Use
Common Customer Challenges
• Lack of confidence on existing information • CMDB, Single Source of Truth (SSOT), IPAM etc.
• Not knowing End-Point (EP) details • Identification
• In-use vs decommissioned
• Unsure on App ↔ Host association
• List of L4 ports: Client or Server
• EPs classification and Application grouping assignment • Customer needs guidance
• Application End Point Groups and associated policies 46
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Application Network Profile Discovery Unknown Application Network Profiles
47
Web Tier
FW
LB
APP 1 DB 1 F/W
LB
WEB 1
FW
LB
APP 3 DB 3 F/W
LB
WEB 3
FW
LB
APP 2 DB 2 F/W
LB
WEB 2
App Tier DB Tier
F/W
LB FW
LB
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Application Network Profile Explorer Tool (Post Network Centric Migration)
48
User
Changes
Analysis &
ANP Proposal
Network Data Analysed: • Device Configurations
• Protocol State
• Traffic Capture
FW
LB
APP 2 DB 2 F/W
LB
WEB 2
APIC
Cisco Advanced Services
Commit APIC Profile changes
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Application Network Profile Explorer Tool (Pre Migration)
49
User
Changes
Analysis &
ANP Proposal
Network Data Analysed: • Device Configurations
• Protocol State
• Traffic Capture
FW
LB
APP 2 DB 2 F/W
LB
WEB 2
APIC
Cisco Advanced Services
Commit ANP
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Deployment Assistant (Post Network Centric Migration)
Network Discovery: • Device
Configurations
• Protocol State
• Traffic Capture
Server Discovery: • Servers
• Process
• Network Stats
Application Dependency Analysis • Network and Server data
correlation
• Application fingerprinting
• Customer input
HYPERVISOR HYPERVISOR HYPERVISOR
APIC
• Comprehensive Application Dependencies
• Multiple Application Network Policies
• Application, Server Mapping
• Automate APIC Profile changes Cisco Advanced Services
50
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Deployment Assistant (Pre Migration)
Network Discovery: • Device
Configurations
• Protocol State
• Traffic Capture
Server Discovery: • Servers
• Process
• Network Stats
Application Dependency Analysis • Network and Server data
correlation
• Application fingerprinting
• Customer input
HYPERVISOR HYPERVISOR HYPERVISOR
APIC
• Comprehensive Application Dependencies
• Multiple Application Network Policies
• Application, Server Mapping
• Automate Physical, Virtual Migration Cisco Advanced Services
51
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
ACI Migration Summary
52
• ACI designed from the ground-up to be Application Centric
• Flexible and customisable to fit your business needs
• A phased approach: Grow, Integrate, Migrate
• Solution flexible to be Network Centric, Application Centric or a Hybrid approach
Thank You!!
Q & A
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2642 Cisco Public
Complete Your Online Session Evaluation
Give us your feedback and receive a Cisco Live 2014 Polo Shirt!
Complete your Overall Event Survey and 5 Session Evaluations.
Directly from your mobile device on the Cisco Live Mobile App
By visiting the Cisco Live Mobile Site www.ciscoliveaustralia.com/mobile
Visit any Cisco Live Internet Station located throughout the venue
Polo Shirts can be collected in the World of Solutions on Friday 21 March 12:00pm - 2:00pm
Learn online with Cisco Live!
Visit us online after the conference for full access
to session videos and presentations.
www.CiscoLiveAPAC.com
54
top related