DGTL Psodcn 1119

#CiscoLive
ACI Anywhere
Building the Future of Networking
David Keith, Senior Product Marketing Manager

Mayuri Kulkarni, Senior Product Manager, ACI
Tom Bakita, Senior Product Manager, ACI
DGTL-PSODCN-1119
#CiscoLive
Steps for filling in session IDs
• Once you have entered your Session ID on the Title Slide:
• Copy the Session ID
• Insert / Header & Footer / Paste the Session ID into the Footer box
• Ensure Slide number and Footer checkboxes are marked
• Click “Apply to All”
#CiscoLive DGTL-PSODCN-1119 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Industry Trends
• ACI Anywhere
• What’s New
• Cloud ACI, Use Cases
• Cloud ACI Licensing Made Simple
• Benefits
Applications are evolving
Operations are getting more distributed
Multicloud governance & management is new

reality
Enterprise adoption of
Multicloud
92% 50% 36%
Have workloads installed Production applications Cloud-native

in hybrid cloud on public cloud applications
Top Priorities
Compliance and regulatory mandates
Consistency in operations and tools
Automation for efficiency and speedy delivery
IDC, Cloud Pulse 1Q19: Executive Summary, Doc # US45419119, Aug 2019
End user behavior driving change
Application simplicity Cloud Advantage Apps on-premise & cloud
New generation of cloud,
Technology has enhanced how Cloud is and has always been container, virtual workloads
we shop, bank, and vacation - about innovation, disruption move around fast and go where
all from our phones or laptops. and competitive pressure. the resources reside
IT Ops Complexity Multicloud Hurdles Wide Attack Surface

Data Centers have to Security, compliance, Compromised security posture
deliver with no room for migration, cost control, due to inconsistent policies and
error or downtime to performance, lock-in, skills not enough resources to
support these innovations. gaps…. focus on malware and breaches
“I need 80 VMs on prem, but with on-
demand DR in the cloud... By tomorrow
! Oh, and by the way, can you make
sure we lock it down on cloud as much
as we do on prem ?”
Application Developer
“Are you kidding me ! I have not even seen

your applications, how can I write the
correct policy, how about security,
compliance?”
Network Admin
o How will we be profitable?
o I have board meeting coming up
o How do we improve customer
satisfaction scores?
o Competition is stronger than ever
o I am expanding operations globally
ACI Anywhere
Cisco ACI Anywhere
Any Workload, Any Location, Any Cloud
ACI Anywhere
Remote Leaf / Virtual PoD APIC / Multi-Site Public Cloud Environment Extensions
IP IP
WAN WAN
Remote Location On Premise Cloud
Security Everywhere Analytics Everywhere Policy Everywhere
Universal simplified management
What’s New
ACI 5.0
Service provider Industry
Multicloud Feature
Cisco
Application Centric Ease of use
Infrastructure (ACI) Security

5.0
Key release capabilities
Automation
Extensibility and future proofing
DGTL-PSODCN-1119 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
NEW ACI 5.0
ACI solution for service providers April 2020

ACI 5.0
Key challenges: Solutions:
Automation of policy across Enable new 5G/Telco DC with ACI and SR-MPLS
data center and transport integration
network
Extend Policy orchestration from datacenter to transport
Scalability of network network
resources
Scalable Distributed DC
Investment Visibility
Benefits: Automate Secure
Protection and scale
ACI service provider SR-MPLS solution April 2020
ACI 5.0
Cisco Multi-Site Orchestrator
Mini ACI
ACI Remote Leaf ACI Fabric ACI Fabric
SR-MPLS SR-MPLS SR-MPLS SR-MPLS SR-MPLS SR-MPLS

interworking interworking interworking interworking interworking interworking
Internet
SR/MPLS
IP/MPLS/SR IP/MPLS/SR
Pre-aggregation Central office (CO)/ Regional DC Central DC Peering/ Public cloud

aggregation / headend (HE) Co-Lo provider
Building consistent end to end policy across DC and SP transport networks
Cloud ACI—transit GW automation (AWS) April 2020
ACI 5.0
Cisco Multi-Site
Orchestrator
Policy orchestration
On-Premises DC – Cisco ACI Cloud
Router Region AWS Transit

Gateway VPC 1
Shared services VPC
VPC 2
CSR1kv
VPC 3
VM VM VM
End-to-end
Network Policy Enhanced
Benefits: automation of both
isolation segmentation performance
network and policy
April 2020
ACI 5.0
Upgrades ACI 5.0 New Day 0 wizard for UI

Upgrade multi-pod deployments in
parallel UI/UX Prescriptive guided way to complete
Day 0 Configuration for SNMP/Syslog
New upgrade status indicator
New pre-validation checks for upgrades
GUI policy
Powerful upgrade insights Advanced UI Accelerate productivity
Security April 2020
ACI 5.0
Access Role based access control
Multi-tenancy App Center

Two factor authentication Isolate switch to tenant
with Duo for Cisco APIC, App center integration
cAPIC RBAC
Duo authentication
Increased role access Improved security policy for

Improved ACI controller security ACI Applications
for tenants
Multicast Fabric Rendezvous Point (RP)
support with ACI Multi-Site April 2020
ACI 5.0
Multisite Orchestrator
Site 1 Site 2
RP RP RP RP
L3Out L3Out
Fabric Coordinated Flexible deployment

Multicast with Multi-site benefits: Automation options
April 2020
ACI 5.0
VMM scale Breakout scale
Scale to support 34 port breakout support on
15 Virtual DataCenters in the N9K-C9336-FX2 switch
VMware vCenter integration Automation
at scale
Dataplane improvements
For OpenStack support 120 compute
nodes running OpFlex agents
Increased scale for Enhanced and scaled

Increased port density
VMware VM environments OpenStack integration
Microservice deployments April 2020
ACI 5.0
Infrastructure ACI support for

improvements additional platforms
For Kubernetes, support a mix ACI Neutron Plugin support for Bare-
of bare-metal servers and VMs metal Servers with OpenStack
For Kubernetes, expose policy metrics to Support for ACI-CNI with OpenShift
Prometheus (Day 2 Operations) 4.3 on OpenStack and AWS
Support Docker
Enterprise Release 3.0
Increased extensibility Increased capabilities, visibility

Increased support
with Bare-Metal servers and policy for bare-metal servers
April 2020
ACI 5.0
L1/L2 service Source MAC
devices rewrite
Support L1/L2 devices Option to rewrite the source
in cluster mode Policy Based MAC in PBR policy
Redirect (PBR)
Unidirectional PBR
L3Out can be any leg of service node
that has the other leg in BD with PBR
Improved scalability for Additional support for devices that Enhancing existing unidirectional
additional service devices require source MAC based forwarding PBR capabilities
April 2020
ACI 5.0
Futureproof
hardware
ACI supporting 400G Fabric
Module on Nexus 9508
ACI futureproofed to support

400G line cards
ACI is 400G Ready when you are
What’s New
Cloud ACI
ACI Extensions To Multi-Cloud
ACI Multi-Site
Appliance
Site A Site B
Site C
Site D
VM VM VM
VM VM VM
Region(s)
VM VM VM VM VM VM
Region(s)
ACI – On Prem
Consistent Network and Seamless Workload Single Point of Secure Automated
Policy across clouds Migration Orchestration Connectivity
Future
ACI 4.2
ACI Cloud Only, Cloud First

Multi-site
Site 1 Site 2 Site 3
VM VM VM VM VM VM VM VM VM
Region: us-east-1 Region: UK South Region: ap-northeast-1
Multi-Cloud with AWS and Azure Cloud Sites supported w/o ACI Fabric on-Prem
With Out-of-Band
#CiscoLive MSO © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud ACI Azure Enhancements ACI 5.0(2)
Subscription # 1 Region - WestUS

Subscription # 2 • VNET Peering
VNET • Remove 32 character Tenant limit
Peering
CSR1000v CSR1000v
NLB
UDR • Custom Naming support
Cloud ACI Subnet – 172.25.x.x/x VM NSG
0.0.0.0/0 -> FW IP • Inter-VPC NLB services
VM • Security Rule Programming
NSG NSG ASG
VM VM Subnet - 1
Core Services Subnet – Common App Subnet – • NSG Rule at vNIC
172.25.224.0/26 172.25.224.64/26 Virtual Network – 1 (Spoke)
• Infra VNET support with
Subscription # 3 • UDR CIDR
NSG NSG
• Subnets
Backup Subnet – Management Subnet – VNET
172.25.240.64/26 172.25.240.64/26
Peering • Gateway
VM NSG
• Shared Services
ER Gateway NSG NLB • Backup Subnets

VM
Gateway Subnet – Cisco FTDv Firewall
172.25.240.128/28 Subnet - 2 ASG • Management Subnets
Virtual Network – 2 (Spoke) • Third Party Firewall
Infra Virtual Network (Hub) – 172.25.224.0/19
Internet
Cloud ACI Use Cases
Active-Disaster Recovery Data Center
ACI Multi-Site Orchestrator
On-Premises
Cloud APIC
Stretched
Tenant1 APIC Tenant1
Prod Web
VRF1 Stretched DR Web
Routing
Domain
Prod DB
(VRF1)
DR DB
Prod App DR App
Cloud Burst
ACI Multi-Site Orchestrator Carry Security Policies
from On-Prem config
On-Premises
Cloud APIC
APIC
Web
Web
App
DB
App
Shared Services On Premises
On-Premises
Cloud APIC
APIC Application 2
Shared Services
Policy
DNS Service Active Directory
Route Table Route Table

Policy Application 3
Application 1
Enforce Corporate Internet Access Policy On Prem
Configure policies to access
On-Premises Internet via Firewall On-
Premises
APIC
CSR CSR
Policy Policy
Internet
Access Cloud Native Services
Access native services on
On-Premises AWS via Policies
APIC
AWS
Region 1 Internet
Gateway
CSR1000v
VGW AZ-1
Service
Graph Policy
Application
Load
Balancer
AZ-2
Infra VPC User VPC Amazon S3
Cloud ACI Licensing
ACI Software Licensing For Cloud Extensions
On Premise + Cloud Extensions
Add Ons Multiple Policy
Domains in Cloud
Phase one + Day 2 Operations
ACI Premier
Network Assurance Engine Multiple Policy
Network Insights Domains in Cloud Advanced Operations
and Analytics
ACI Advantage
Single Policy
ACI Multi Site
Remote Leaf
Domain In Cloud
Multiple cAPIC
VPN Fabric
One cAPIC
ACI Essentials Scope:
ACI Base Multiple Policy Advantage Cloud
ACI Multi-Pod Domains In Cloud
Telemetry One or More Regions
Layer 3 Routing
Fabric Management
Scope:
PTP Essentials Cloud
Single Policy Domain in Cloud
Network Services
Nexus 9K ACI or NX-OS

Essentials Cloud Advantage Cloud Premier Cloud *
(switch SW included in NX-OS)
* Premier Cloud is part of future roadmap

February 219
ACI 4.1
Cloud ACI Extension Licensing Model
Unit of Licensing
Charge Model Term (BYOL)
in Public Cloud
Per VM Instance on cloud Bring Your Own License Subscription Only
cAPIC from CCW 1, 3, 5 Years

CSR1kv from CCW
Benefits
Cisco Cloud ACI Solution Capabilities
Consistent operations, Common policy

visibility and control for next abstraction, governance
generation applications and compliance
Hybrid workload Business continuity and

Resource Elasticity disaster recovery
migration #CiscoLive DGTL-PSODCN-1119 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Thank you
#CiscoLive
#CiscoLive

DGTL Psodcn 1119

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DGTL Psodcn 1119

Uploaded by

Copyright:

Available Formats

#CiscoLive

David Keith, Senior Product Marketing Manager

Operations are getting more distributed

Multicloud governance & management is new

Have workloads installed Production applications Cloud-native

IT Ops Complexity Multicloud Hurdles Wide Attack Surface

“Are you kidding me ! I have not even seen

Remote Location On Premise Cloud

Security Everywhere Analytics Everywhere Policy Everywhere

Infrastructure (ACI) Security

Extensibility and future proofing

ACI solution for service providers April 2020

Key challenges: Solutions:

ACI Remote Leaf ACI Fabric ACI Fabric

SR-MPLS SR-MPLS SR-MPLS SR-MPLS SR-MPLS SR-MPLS

Pre-aggregation Central office (CO)/ Regional DC Central DC Peering/ Public cloud

Building consistent end to end policy across DC and SP transport networks

On-Premises DC – Cisco ACI Cloud

Router Region AWS Transit

Upgrades ACI 5.0 New Day 0 wizard for UI

Powerful upgrade insights Advanced UI Accelerate productivity

Access Role based access control

Multi-tenancy App Center

Increased role access Improved security policy for

Fabric Coordinated Flexible deployment

Increased scale for Enhanced and scaled

Infrastructure ACI support for

Increased extensibility Increased capabilities, visibility

ACI futureproofed to support

ACI is 400G Ready when you are

ACI Cloud Only, Cloud First

Site 1 Site 2 Site 3

Region: us-east-1 Region: UK South Region: ap-northeast-1

Subscription # 1 Region - WestUS

ER Gateway NSG NLB • Backup Subnets

Prod App DR App

Route Table Route Table

Nexus 9K ACI or NX-OS

* Premier Cloud is part of future roadmap

Cloud ACI Extension Licensing Model

cAPIC from CCW 1, 3, 5 Years

Consistent operations, Common policy

Hybrid workload Business continuity and

You might also like