As network grow, Software-defined networking (SDN) becomes more popular and meanwhile Cisco ACI changes the way we’ve traditionally thought about networking. Previously, in Traditional networking administrators use commands and to manage different devices locally. Cisco Application Centric Infrastructure (ACI) is a holistic architecture in the data center providing centralized automation and policy-driven application profiles. This solution delivers software flexibility with the scalability of hardware performance. To fully understand the Cisco ACI, we should first get familiar with Spine-and-Leaf architecture.
Spine and Leaf Architecture
In this design, the leaf nodes are connected to the spines in a mesh fashion. This innovative design is a replacement for traditional three-layer architecture and increases in East-West traffic in most modern data centers due to the increase in virtual servers on top of physical hosts. Between the spine and leaf devices is an IP network (layer 3) that uses an optimized IS-IS routing protocol as of the first release. This architecture eliminates the need for Spanning Tree Protocol, which used to cause constant challenges and bandwidth limitation in over the past several years. These serious concerns no longer exist with ACI and makes the network and transport links more reliable.
Hosts, or Endpoints, of all kinds are then connected to the leaf ports, never the spine ports. Both the spine and leaf nodes consist of Cisco Nexus 3000 and Nexus 9000 series switches, though there are ways to integrate other Nexus switches to migrate from your current network to this new ACI model.
White-list policy model used in Cisco ACI, does not allow any packets to flow between applications until it has been specifically allowed access. Endpoint Groups can be set within the ACI for basically any construct, such as applications, virtual port groups, VLANs, etc.
Micro-segmentation within the ACI model can be provided by assigning EPGs to tenants. Multi-tenancy provides complete isolation between tenants and ACI addresses not only fulfill the need for network virtualization but also hardware abstraction to create a stateless network in the entire data center. This matter creates powerful networks that offer great performance in less time than traditional networks because of things like automation and repeatable processes.
Cisco APIC
As a hardware appliance, the Cisco Application Centric Infrastructure Controller (Cisco APIC) is based on a UCS C220 M3 server, running a locked-down and fully encrypted image for security and integrity.
To deploy Cisco ACI effectively, a minimum of three APICs is required to ensure high availability, though additional controllers can be added to enhance scalability. These APICs provide a Web UI interface that allows administrators to configure and manage the various constructs that define an ACI fabric.
Within the APIC interface, administrators can create and manage:
Policies
Endpoint Groups (EPGs)
Contracts
Application Network Profiles (ANPs)
Tenants
And more…
It’s worth noting that the full functionality of APIC and the ACI fabric is dependent on the appropriate Cisco License, which unlocks advanced capabilities and ensures compliance with Cisco’s software-defined infrastructure offerings.
So, let’s dive into what some of these configurations actually do and how they shape an ACI network.
Cisco Nexus 9000 Leaf and Spine Switches
The Cisco Nexus 9500 switches can operate in one the following modes, depending on the operating system loaded and the line cards installed: NX-OS vs ACI mode. Also, the components of the Nexus 9508 chassis are common to both NX-OS and ACI mode: the chassis, the supervisor cards, power supplies, and fabric modules. But the line cards are different in a critical way.