Top

Cisco ACI

IP NetCisco ACI

What is ACI?

The policy model controls network and information flow.

As traditional IT departments are under pressure to provide more agility and better outcomes to the business, a new model for operations has merged, which is called Fast IT. Cisco ACI enables Fast IT by providing a common policy-based operational model across the entire ACI-ready system. This model drastically reduce the cost and complexity.

This system-based approach simplifies, optimizes and accelerates the entire application deployment life-cycle across data application needs. This ability enhances agility and adds business values.

ACI uses a combination of Cisco Nexus 9000 series switches hardware, the Application Policy Infrastructure Controller (APIC), and integration with Cisco and third-party products to build a cohesive end-to-end network solution. ACI uses policy-based automated provisioning to manage end-to-end application connectivity, quality, service level agreement (SLAs), and security requirements. This model is further extensible into compute and storage for complete application policy-based provisioning.

Logical Network Provisioning of Stateless Hardware

ACI views the network from an application perspective and connects the various endpoints by use of contracts over a penalty-free network. This architecture allows for all services for all services to be no more than two hops away.

The APIC is the policy controller. The APIC relays the intended state of the policy to the fabric. The APIC is not the control plane or the path of the traffic. The hardware is a set of three or more servers in a highly redundant cluster.

ACI Design Philosophy

–  System Architecture

– Expand networking from boxes to systems

–  Open source and multivendor

-Innovations published to open source

–  Physical and Virtual

-Traditional, virtualized, and next-generation non virtualized application

–  Velocity

– Abstraction, abstraction, abstraction

–  Cost

– Best of merchant and custom silicon for capital expenses, unmatched automation for operational expenses

The design philosophy behind ACI is to look at the switches, not individual but as a fabric. All the boxes come together to form a system. This architecture allows for a multivendor solution that is open source and allows for traditional, virtualized, and next-generation applications by decoupling the restrictions of classical networking.

 

Application Network Profile

–  Network profile: stateless definition of application requirements

–  Fully abstracted from the infrastructure implementation

ACI extends the principles of the Cisco Unified Computing (UCS) manager service profile to the entire fabric. This ability results in what is called a network profile that is a stateless definition of the application requirements. By abstracting the infrastructure, applications can build stateless policies and define not only the application, but also layer 4 through layer 7 dependency on the infrastructure and makes applications portable.

Application Policy Model and Instantiation

  • All forwarding in the fabric is managed via the application network profile.

–  IP Addresses are fully portable anywhere within the fabric.

–  Security and forwarding are fully decoupled from any physical or virtual network attributes.

–  Devices autonomously update the state of the network based on configured policy requirements.

The application policy model defines application requirements. Based on the requirements, each device will instantiate the required changes. IP addresses are fully portable within the fabric, while security and forwarding are decoupled from any physical or virtual network attributes. Devices autonomously update the state of the network based on the configured policy requirements set within the application network profile.

 

Profile-Based Application Provisioning

Within the ACI, the network is provisioned using application profiles. These profiles act similarly to Cisco Service profiles. The profiles provide a tool for logical configuration that is automatically instantiated down onto the stateless infrastructure. Within ACI, the application profile contains all of the information that is required for application connectivity and policy (quality of service[QoS], security, SLAs, Layer4 to Layer 7 services, logging and so on) for the application end-to-end.

These profiles are automatically instantiated onto the infrastructure below the profiles at the points where the application connects to the network, whether the networks are virtual or physical. If an application moves or scales, the policy is automatically moved and scaled with the application. If an application is decommissioned, then the policy is removed, which frees hardware resources for new applications.

Application-Level Health Scores

The APIC manages and automates the underlying forwarding components and Layer 4 to Layer 7 service devices.  Using visibility into both the virtual and physical infrastructure, and the knowledge of the application end-to-end based on the application profile, the APIC can calculate an application health score. This health score represents the network health of the application across virtual and physical resources including Layer 4 and Layer 7 devices. The score includes jitter, latency, congestion, failures, packet drops, and so on.

The health score provides enhanced visibility on both application and tenants levels. The health score can drive further value by being used to trigger automated events at specific thresholds. This ability allows the network to respond automatically to application health by making changes before users are impacted.

Simplification through Abstraction

Networks have grown very complex with hundreds of thousands of access control lists (ACLs), multiple protocols for redundancy, and multi pathing and strict ties between addressing and policy. To provide a simplified network model, ACI relies first on abstracting the logical configuration of an application from the physical instantiation of the hardware configuration. By starting with the abstraction, ACI can offer rapid application provisioning on a simplified network. The ability is independent of where resources reside, whether that location is virtual or physical or on multiple different hypervisors.