Professional Documents
Culture Documents
Cisco public
Cisco ACI is an industry-leading SDN solution that provides policy-driven Optimize your network
automation through an integrated underlay and overlay, is hypervisor • Operational simplicity, with common policy, management, and operation
agnostic, and extends policy automation to any workload — including virtual models across application, network, and security resources
machines, physical bare-metal servers, and containers.
• A flexible and yet highly available network that allows agile application
Cisco ACI Anywhere is a comprehensive solution: with one intent, using any deployment within a site, across sites, and across global data centers while
hypervisor, for any workload, in any location, and in any cloud. removing the need for complex Data Center Interconnect (DCI) infrastructure
• Centralized network management and visibility with full automation and
Cisco ACI Anywhere offers a set of capabilities that enable seamless
real-time network health monitoring
connectivity between the on-premises data center, remote small-scale data
centers, and geographically dispersed multiple data centers under a single • Seamless integration of underlay and overlay
pane of policy orchestration. In future, these capabilities will extend to public • Open northbound APIs to provide flexibility for DevOps teams and
cloud as well. ecosystem partner integration
With Cisco ACI, you can build a better network anywhere. • A cloud-ready SDN solution
Figure 1. Cisco ACI differentiated business benefits • Common platform for managing physical and virtual environments
Protect your business
Cisco ACI | Architecture • Business continuity and disaster recovery
Any Cloud, Any Application, Any Platform, Anywhere • Secure networking with a zero-trust security model and innovative security
Cisco ACI Anywhere features such as microsegmentation
Cisco Nexus 9000 Series spine and leaf switches for Cisco ACI
Cisco Application Policy Infrastructure Controller (APIC)
Cisco Nexus 9300 and 9500 platform switches support Cisco ACI.
The infrastructure controller is the main architectural component of the Organizations can use them as spine or leaf switches to take full advantage
Cisco ACI solution. It is the unified point of automation and management for of an automated, policy-based, systems management approach.
the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC
appliance is a centralized, clustered controller that optimizes performance Cisco Nexus 9000 Series Switches include modular and fixed 1, 10, 25,
and unifies the operation of physical and virtual environments. The controller 40, 50, and 100 Gigabit Ethernet switch configurations that are designed
manages and operates a scalable multitenant Cisco ACI fabric. to operate either in NX-OS mode for compatibility and consistency with the
current Cisco Nexus switches (using Cisco NX-OS Software) or in ACI mode
The main features of the APIC include the following: to take full advantage of Cisco ACI application-policy-based services and
• Application-centric network policies infrastructure automation features. This dual-function capability provides
• Data-model-based declarative provisioning customers with investment protection and ease of migration to Cisco ACI
through a software upgrade.
• Application and topology monitoring and troubleshooting
• Change control across multiple fabrics, allowing staging, testing, and if and complexity in managing multicloud deployments. It provides a single
required, clean backout of any policy changes management console to configure, monitor, and operate multiple disjoint
• Automatic configuration and management of fabric network interconnects environments spread across multiple clouds. At the time of writing, Cloud
across an IP backbone ACI was available on AWS and Microsoft Azure.
Figure 4. Cisco Multi-Site Orchestrator Figure 5. Cisco Cloud ACI Example
• Cisco Cloud Services Router 1000V • Cisco ACI Virtual Edge benefits:
Cloud ACI uses the Cisco Cloud Services Router (CSR) 1000V as the cloud -- Hypervisor-independent distributed service virtual machine that
router for connectivity between on-premises and cloud environments. leverages the distributed virtual switch of the hypervisor
Cisco Virtual ACI (Virtual Pod) -- ACI policy model for virtual workloads and policy consistency with
physical environment
• Cisco ACI Virtual Pod
-- Seamless workload mobility
The Cisco ACI Virtual ACI is an extension of the ACI architecture in the
virtual infrastructure space. A Virtual Pod consists of a management -- Ability to secure east-west traffic using microsegmentation
cluster (Virtual Spines [vSpines], Virtual Leafs [vLeafs]) and ACI Virtual -- Maintain distributed firewall policies across virtual machine moves
Edge (AVE) instances that are deployed on a hypervisor infrastructure. Figure 6. Cisco Virtual ACI
The main use-case of ACI Virtual Pod is the ability to extend an existing
ACI policy domain in a location that cannot accommodate the addition
of a physical ACI component. These locations can be bare-metal cloud IP network
extensions, brownfield deployments, remote locations and colocation
facilities. Virtual Pods are managed by the APIC in the on-premises data
center. The Virtual Pod interconnects with the physical ACI fabric using Virtual pod
Logical connection to spine
a generic IP network (IPN). Thus the Cisco ACI Virtual Pod deployment (BGP-EVPN)
APIC APIC APIC
remains functionally a single fabric, with all the nodes deployed across the vSpine vSpine
physical and virtual pods under the control of a single APIC cluster.
• Cisco ACI Virtual Edge vLeaf vLeaf
Policy extension
Cisco ACI Virtual Edge is the next generation of the Cisco Application from on-premises ACI Virtual Edge
data center
Virtual Switch for ACI environments. Cisco ACI Virtual Edge is a
hypervisor-independent distributed service virtual machine that leverages Hypervisor
the natively distributed virtual switch that belongs to the hypervisor. Cisco
ACI Virtual Edge runs in user-space, operates as a virtual leaf, and is
managed by the Cisco Application Policy Infrastructure Controller (APIC).
On-premises Cisco ACI data center Remote location
• Main features include the following:
-- Purpose-built, virtual network edge for Cisco ACI fabric architecture Cisco ACI Physical Remote Leaf
-- Integration with the Cisco ACI management and orchestration platform With Cisco ACI Physical Remote Leaf, customers can place a regular leaf
to automate virtual network provisioning and application services switch in a remote or satellite location and connect back to the spine switch
deployments in the main (on-premises) location and in turn extend ACI policy into the
-- High performance and throughput remote/satellite location. By doing so, customers can also take advantage
-- Integrated visibility of both physical and virtual workloads and of all the benefits of the Physical Remote Leaf from diverse interfaces to
network paths superior performance and scale and built in encryption.
Cisco Network
On-premises Cisco ACI data center Remote location Insights
With the introduction of Cisco ACI Mini Fabric customers can now leverage Third-party applications
(Splunk, F5, etc.)
an optimized ACI solution for their small-scale deployments. This solution
comprises APIC-CLUSTER-XS (one physical and two virtual controllers)
along with two spines and a minimum of two and a maximum of four leafs.
Cisco Network Insights
Figure 8. Cisco ACI Mini Fabric
Network Insights - Resources
Physical APIC 1
Cisco Network Insights – Resources (NIR) is a Day-2 Operations tool that
Virtual APIC 2 provides time-series visibility of network-wide flows, events, and anomalies;
APIC APIC
No. of leafs 2-4 insights using correlation between the telemetry data; and remediation to
take corrective actions for proactive troubleshooting.
Spine 2 No. of spines 2
Spine 1 No. of Tenants 25 NIR highlights unexpected occurrences in the network and helps network
administrators with capacity planning, compliancy with audits, and keeping
Leaf 2 - 48 ports No. of EPs 20,000
track of infrastructure uptime.
APIC
For example, traffic from a stock trader in a branch office in Chicago can be
Cisco Nexus Cisco Nexus Cisco Nexus Cisco Nexus automatically sent over the fastest possible WAN link to access the trading
9500 Series 9500 Series 9500 Series 9500 Series application hosted in a data center in New York, based on the application
policies and the SLAs configured.
Figure 11. Cisco ACI to SD-WAN (Viptela®) integration
vManage
Cisco Nexus Cisco Nexus Cisco Nexus Cisco Nexus Cisco Nexus Cisco Nexus
9300 Series 9300 Series 9300 Series 9300 Series 9300 Series 9300 Series
APIC APIC APIC APIC APIC APIC
VPC VPC
Cisco ACI
Region west San Francisco Multi-Site New York Region east
Orchestrator
data center data center
Case studies
Walkthrough Demonstrations
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other
countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.
The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C22-741487-01 10/19