Cisco Application Centric Infrastructure (ACI)
Cisco ACI is taking Datacenter to next level, by using software define network and automation. Cisco ACI disassociates the control plane from the Dataplane. No more configurations are changed across an endless number of devices. As a result, the ACI architecture automates IT tasks, enhances business agility and accelerates the data center. Cisco ACI is an actual intent-based datacenter.
Cisco ACI uses the concept of endpoints and policies. The endpoints are virtual machines (VMs) or physical servers. In network architecture designs, several endpoints have the same requirements, so they can be grouped together under endpoint groups. Then policies can be defined to determine with whom endpoints groups can communicate. The policy also defines other key parameters, such as which endpoints groups can access each other or not, as well as quality of service and other services parameters.
Benefits of ACI
- Centralized policy-defined automation management
- Realtime visibility and application health score
- Open and comprehensive end to end security
- Application agility
Two main components of Cisco ACI –
1. cisco Application Policy Infrastructure Controller (APIC)
2. cisco Nexus 9000 series Spine and Leaf switches for Cisco ACI (CLOS)
An ACI Fabric can interact with Cisco Adaptive security virtual appliances firewall, Cisco Application Virtual Switch (AVS), VM Managers such as VMWARE vCenter, Microsoft system center Virtual Machine manager (SCVMM), application delivery controllers from companies such as F5 and Citrix and cloud orchestration system such as OpenStack.
Cisco Application Policy Infrastructure Controller (APIC)
APIC is the main architectural component of the Cisco ACI solution. APIC is the unified Point of Automation and management for the cisco ACI fabric, Policy enforcement, and health monitoring.
- Controller Optimizes performance, manages and operates a scalable multitenant Cisco ACI fabric.
- Minimum 3 infrastructure controllers are configured in a cluster to provide control of the scale-out Cisco ACI fabric.
- Cisco recommends that you have at least three active APICs in a cluster, along with additional standby APICs. A cluster size of three, five, or seven APICs is recommended. A cluster size of four or six APICs is not recommended.
- Disregard cluster information from APICs that are not currently in the cluster; they do not provide accurate cluster information.
- Cluster slots contain an APIC ChassisID. After you configure a slot, it remains unavailable until you decommission the APIC with the assigned ChassisID.
- When an APIC cluster is split into two or more groups, the ID of a node is changed, and the changes are not synchronized across all APICs. This can cause inconsistency in the node IDs between APICs, and also the affected leaf nodes may not appear in the inventory in the APIC GUI.
- When you split an APIC cluster, decommission the affected leaf nodes from the APIC and register them again so that the inconsistency is in the node IDs is resolved.
- Ensure all the APIC cluster nodes are running the same firmware version.
Fig: Cisco ACI Fabric
All the switch nodes contain a complete copy of the concrete model. When an administrator creates a policy in the APIC that represents a configuration, the APIC updates the logical model. The APIC then performs the intermediate step of creating a fully elaborated policy that it pushes into all the switch nodes where the concrete model is updated.
The APIC is responsible for fabric activation, switch firmware management, network policy configuration, and instantiation. Although the APIC acts as the centralized policy and network management engine for the fabric, it is completely removed from the data path, including the forwarding topology. Therefore, the fabric can still forward traffic even when communication with the APIC is lost.
Note
The Cisco Nexus 9000 Series switches can only execute the concrete model. Each switch has a copy of the concrete model. If the APIC goes offline, the fabric keeps functioning, but modifications to the fabric policies are not possible.