You are previewing The Policy Driven Data Center with ACI: Architecture, Concepts, and Methodology.
O'Reilly logo
The Policy Driven Data Center with ACI: Architecture, Concepts, and Methodology

Book Description

Use policies and Cisco® ACI to make data centers more flexible and configurable—and deliver far more business value

Using the policy driven data center approach, networking professionals can accelerate and simplify changes to the data center, construction of cloud infrastructure, and delivery of new applications. As you improve data center flexibility, agility, and portability, you can deliver far more business value, far more rapidly.

In this guide, Cisco data center experts Lucien Avramov and Maurizio Portolani show how to achieve all these benefits with Cisco Application Centric Infrastructure (ACI) and technologies such as python, REST, and OpenStack. The authors explain the advantages, architecture, theory, concepts, and methodology of the policy driven data center. Next, they demonstrate the use of python scripts and REST to automate network management and simplify customization in ACI environments.

Drawing on experience deploying ACI in enterprise data centers, the authors review design considerations and implementation methodologies. You will find design considerations for virtualized datacenters, high performance computing, ultra-low latency environments, and large-scale data centers. The authors walk through building multi-hypervisor and bare-metal infrastructures, demonstrate service integration, and introduce advanced telemetry capabilities for troubleshooting.

Leverage the architectural and management innovations built into Cisco® Application Centric Infrastructure (ACI)

  • Understand the policy driven data center model

  • Use policies to meet the network performance and design requirements of modern data center and cloud environments

  • Quickly map hardware and software capabilities to application deployments using graphical tools—or programmatically, via the Cisco APIC API

  • Increase application velocity: reduce the time needed to move applications into production

  • Define workload connectivity instead of (or along with) subnets, VLAN stitching, and ACLs

  • Use Python scripts and REST to automate policy changes, parsing, customization, and self-service

  • Design policy-driven data centers that support hypervisors

  • Integrate OpenStack via the Cisco ACI APIC OpenStack driver architecture

  • Master all facets of building and operating multipurpose cloud architectures with ACI

  • Configure ACI fabric topology as an infrastructure or tenant administrator

  • Insert Layer 4–Layer 7 functions using service graphs

  • Leverage centralized telemetry to optimize performance; find and resolve problems

  • Understand and familiarize yourself with the paradigms of programmable policy driven networks

  • Table of Contents

    1. About This eBook
    2. Title Page
    3. Copyright Page
    4. About the Authors
    5. About the Technical Reviewers
    6. Dedications
    7. Acknowledgments
    8. Contents at a Glance
    9. Contents
    10. Command Syntax Conventions
    11. Foreword
    12. Introduction
      1. Industry Trends
      2. What Is an “Application”?
      3. The Need for Abstraction
      4. What Is Cisco ACI
      5. Cisco ACI Innovations
      6. Book Structure
      7. Terminology
    13. Chapter 1. Data Center Architecture Considerations
      1. Application and Storage
        1. Virtualized Data Center
          1. Introduction
          2. Definition and Virtualization Concepts
          3. Network and Design Requirements
          4. Storage Requirements
        2. Big Data
          1. Definition
          2. Network Requirements
          3. Cluster Design with the Hadoop Building Blocks: the POD
          4. Storage Requirements
          5. Design Considerations
        3. High-Performance Compute
          1. Definition
          2. Network Requirements
          3. Storage Requirements
          4. Design Considerations
          5. Design Topologies
        4. Ultra-Low Latency
          1. Definition
          2. Network Requirements
          3. Storage Requirements
          4. Design Considerations
          5. Design Topologies
        5. Massively Scalable Data Center
          1. Definition
          2. Network Requirements
          3. Storage Requirements
          4. Design Considerations
          5. Design Topologies
        6. Design Topologies Examples
      2. The POD-based Designs
        1. The POD Model or the Data Model for Shared Infrastructure and Cloud Computing
        2. The FlexPod Design
      3. Data Center Designs
        1. End of Row
          1. Middle of Row
          2. Top of Rack: The Modern Data Center Approach
          3. Single-Homed Servers Design
        2. Logical Data Center Design with the Spine-Leaf ACI Foundation Architecture
      4. Summary
    14. Chapter 2. Building Blocks for Cloud Architectures
      1. Introduction to Cloud Architectures
      2. Network Requirements of Clouds and the ACI Solution
      3. Amazon Web Services Model
      4. Automating Server Provisioning
        1. PXE Booting
        2. Deploying the OS with Chef, Puppet, CFengine, or Similar Tools
          1. Chef
          2. Puppet
      5. Orchestrators for Infrastructure as a Service
        1. vCloud Director
        2. OpenStack
          1. Project and Releases
          2. Multi-Hypervisor Support
          3. Installers
          4. Architecture Models
          5. Networking Considerations
        3. UCS Director
        4. Cisco Intelligent Automation for Cloud
        5. Conciliating Different Abstraction Models
      6. Summary
    15. Chapter 3. The Policy Data Center
      1. Why the Need for the Policy-Based Model?
      2. The Policy Theory
      3. Cisco APIC Policy Object Model
        1. Endpoint Groups
        2. Cisco APIC Policy Enforcement
          1. Unicast Policy Enforcement
          2. Multicast Policy Enforcement
        3. Application Network Profiles
        4. Contracts
      4. Understanding Cisco APIC
        1. Cisco ACI Operating System (Cisco ACI Fabric OS)
        2. Architecture: Components and Functions of the Cisco APIC
        3. Policy Manager
        4. Topology Manager
        5. Observer
        6. Boot Director
        7. Appliance Director
        8. VMM Manager
        9. Event Manager
        10. Appliance Element
        11. Architecture: Data Management with Sharding
          1. Effect of Replication on Reliability
          2. Effect of Sharding on Reliability
          3. Sharding Technology
        12. User Interface: Graphical User Interface
        13. User Interface: Command-Line Interface
        14. User Interface: RESTful API
        15. System Access: Authentication, Authorization, and RBAC
      5. Summary
    16. Chapter 4. Operational Model
      1. Introduction to Key Technologies and Tools for Modern Data Centers
        1. Network Management Options
        2. REST Protocol
        3. XML, JSON, and YAML
        4. Python
          1. Python Basics
          2. Where Is the main() Function?
          3. Functions Definition
          4. Useful Data Structures
          5. Parsing Files
          6. Verifying Python Scripts
          7. Where to Run Python
          8. Pip, EasyInstall, and Setup Tools
          9. Which Packages Do I Need?
          10. virtualenv
        5. Git and GitHub
          1. Basic Concepts of Version Control
          2. Centralized Versus Distributed
          3. Overview of Basic Operations with Git
          4. Installing/Setting Up Git
          5. Key Commands in Git
      2. Operations with the Cisco APIC
        1. Object Tree
          1. Classes, Objects, and Relations
          2. Naming Conventions
          3. Object Store
        2. Using REST to Program the Network
          1. Tools to Send REST Calls
          2. REST Syntax in Cisco ACI
          3. Modeling Tenants in XML
          4. Defining the Relationship Among EPGs (Providers and Consumers)
          5. A Simple Any-to-Any Policy
        3. ACI SDK
          1. ACI Python Egg
          2. How to Develop Python Scripts for ACI
          3. Where to Find Python Scripts for ACI
      3. For Additional Information
      4. Summary
    17. Chapter 5. Data Center Design with Hypervisors
      1. Virtualized Server Networking
        1. Why Have a Software Switching Component on the Server?
        2. Overview of Networking Components
          1. Virtual Network Adapters
          2. Virtual Switching
          3. Endpoint Groups
          4. Distributed Switching
        3. Hot Migration of Virtual Machines
      2. Segmentation Options
        1. VLANs
        2. VXLANs
          1. VXLAN Packet Format
          2. VXLAN Packet Forwarding
          3. VXLANs Without Multicast
      3. Microsoft Hyper-V Networking
      4. Linux KVM and Networking
        1. Linux Bridging
        2. Open vSwitch
          1. OVS Architecture
          2. Example Topology
          3. Open vSwitch with OpenStack
          4. OpenFlow
      5. VMware ESX/ESXi Networking
        1. VMware vSwitch and Distributed Virtual Switch
        2. VMware ESXi Server Traffic Requirements
          1. VXLAN Tagging with vShield
        3. vCloud Director and vApps
          1. vCloud Networks
      6. Cisco Nexus 1000V
      7. Port Extension with VN-TAG
      8. Cisco ACI Modeling of Virtual Server Connectivity
        1. Overlay Normalization
        2. VMM Domain
        3. Endpoint Discovery
        4. Policy Resolution Immediacy
        5. Cisco ACI Integration with Hyper-V
        6. Cisco ACI Integration with KVM
        7. Cisco ACI Integration with VMware ESX
      9. Summary
    18. Chapter 6. OpenStack
      1. What Is OpenStack?
        1. Nova
        2. Neutron
        3. Swift
        4. Cinder
        5. Horizon
        6. Heat
        7. Ironic
      2. OpenStack Deployments in the Enterprise
      3. Benefits of Cisco ACI and OpenStack
        1. Cisco ACI Policy Model
        2. Physical and Virtual Integration
        3. Fabric Tunnels
        4. Service Chaining
        5. Telemetry
      4. OpenStack APIC Driver Architecture and Operations
        1. How Integration Works
      5. Deployment Example
        1. Installation of Icehouse
        2. Configuration of the Cisco APIC Driver
          1. Neutron.conf File
          2. ML2_conf.ini File
          3. ML2_cisco_conf.ini File
          4. Configuration Parameters
          5. Host-Port Connectivity
          6. External Networks
          7. PortChannel Configuration
        3. Troubleshooting
      6. The Group Based Policy Project at OpenStack
      7. Summary
    19. Chapter 7. ACI Fabric Design Methodology
      1. Summary of ACI Fabric Key Functionalities
        1. ACI Forwarding Behavior
          1. Prescriptive Topology
          2. Overlay Frame Format
          3. VXLAN Forwarding
          4. Pervasive Gateway
          5. Outside Versus Inside
          6. Packet Walk
        2. Segmentation with Endpoint Groups
        3. Management Model
      2. Hardware and Software
      3. Physical Topology
        1. Cisco APIC Design Considerations
        2. Spine Design Considerations
        3. Leaf Design Considerations
          1. Unknown Unicast and Broadcast
          2. Use of VLANs as a Segmentation Mechanism
          3. VLANs and VXLANs Namespaces
          4. Concept of Domain
          5. Concept of Attach Entity Profile
      4. Multi-tenancy Considerations
      5. Initial Configuration Steps
        1. Zero-Touch Provisioning
        2. Network Management
        3. Policy-based Configuration of Access Ports
          1. Configuring Switch Profiles for Each Leaf
          2. Configuring Interface Policies
        4. Interface Policy Groups and PortChannels
          1. Interface Policy Groups
          2. PortChannels
          3. Virtual PortChannels
        5. Virtual Machine Manager (VMM) Domains
          1. VMM Domain
          2. AEP for Virtualized Servers Connectivity
      6. Configuring a Virtual Topology
        1. Bridge Domain
          1. Hardware Proxy
          2. Flooding Mode
          3. fvCtx
        2. Endpoint Connectivity
          1. Connecting a Physical Server
          2. Connecting a Virtual Server
        3. External Connectivity
      7. Summary
    20. Chapter 8. Service Insertion with ACI
      1. Overview of ACI Design with Layer 4 Through Layer 7 Services
        1. Benefits
        2. Connecting Endpoint Groups with a Service Graph
        3. Extension to Virtualized Servers
        4. Management Model
        5. Service Graphs, Functions, and Rendering
      2. Hardware and Software Support
      3. Cisco ACI Modeling of Service Insertion
        1. Service Graph Definition
        2. Concrete Devices and Logical Devices
        3. Logical Device Selector (or Context)
        4. Splitting Bridge Domains
      4. Configuration Steps
        1. Definition of a Service Graph
          1. Defining the Boundaries of the Service Graph
          2. The Metadevice
          3. Defining an Abstract Node’s Functions
          4. Defining an Abstract Node’s Connectors
          5. Abstract Node Elements Summary
          6. Connecting Abstract Nodes to Create the Graph
        2. Definition of Concrete Devices and Cluster of Concrete Devices
          1. Configuration of the Logical Device and Concrete Device
          2. Configuration of the Logical Device Context (Cluster Device Selector)
          3. Naming Summary
      5. Summary
    21. Chapter 9. Advanced Telemetry
      1. Atomic Counters
        1. The Principle
        2. Further Explanation and Example
        3. Atomic Counters and the APIC
      2. Latency Metrics
      3. ACI Health Monitoring
        1. Statistics
        2. Faults
        3. Events, Logs, Diagnostics
        4. Health Score
      4. The Centralized show tech-support ACI Approach
      5. Summary
    22. Chapter 10. Data Center Switch Architecture
      1. Data, Control, and Management Planes
        1. Separation Between Data, Control, and Management Planes
        2. Interaction Between Control, Data, and Management Planes
        3. Protection of the Control Plane with CoPP
          1. Control Plane Packet Types
          2. CoPP Classification
          3. CoPP Rate-Controlling Mechanisms
      2. Data Center Switch Architecture
        1. Cut-through Switching: Performance for the Data Center
        2. Crossbar Switch Fabric Architecture
          1. Unicast Switching over Crossbar Fabrics
          2. Multicast Switching over Crossbar Fabrics
          3. Overspeed in Crossbar Fabrics
          4. Superframing in the Crossbar Fabric
          5. The Scheduler
          6. Crossbar Cut-through Architecture Summary
          7. Output Queuing (Classic Crossbar)
          8. Input Queuing (Ingress Crossbar)
          9. Understanding HOLB
          10. Overcoming HOLB with VoQ
          11. Multistage Crossbar
        3. Centralized Shared Memory (SoC)
        4. Multistage SoC
          1. Crossbar Fabric with SoC
          2. SoC Fabric
      3. QoS Fundamentals
        1. Data Center QoS Requirements
          1. Data Center Requirements
          2. Type of QoS Used in Different Data Center Use Cases
          3. Trust, Classification, and Marking Boundaries
        2. Data Center QoS Capabilities
          1. Understanding Buffer Utilization
          2. The Buffer Bloat
          3. Priority Flow Control
          4. Enhanced Transmission Selection
          5. Data Center Bridging Exchange
          6. ECN and DCTCP
          7. Priority Queue
          8. Flowlet Switching: Nexus 9000 Fabric Load Balancing
        3. Nexus QoS Implementation: The MQC Model
      4. Summary
    23. Conclusion
    24. Index
    25. Code Snippets