DEVNET-2603

ACI Anywhere with Cloud

APIC on AWS

Devarshi Shah, Technical Marketing Engineer

Anil Kumar Sirikande, Technical Marketing Engineer
Agenda

• Objective
• What is ACI Anywhere?
• How does it all fit together for your application (Demo)?
• Workshop
• Resources
• Q&A

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Objective

• Understand ACI Anywhere Architecture

and the components on AWS

• Take a closer look at Cloud APIC

• Get hands on with programmability on

Cloud APIC
What is ACI Anywhere?
ACI Extensions to Multi-Cloud
Multi-Site Orchestrator

VM VM VM
VM VM VM
VM VM VM

Region(s) On-Premises Region(s)

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cloud Core
Infrastructure & Services

Traditional Data Center AWS

Firewall Security Groups
Access Control Lists (ACLs) Security Network ACLs (NACL)
Administrators Identity and Access Management (IAM)

Router / Host Routers (CSR1kv) Virtual Private Cloud (VPC)

Switch Networking Gateways (VGW,IGW, TGW)
Load Balancer Elastic Load Balancing (ELB)

On-Premise images (ISO/OVA) Amazon Machine Image (AMI)

Servers /
Virtual Machines (VM) Amazon EC2 Instances
Containers Management Compute Elastic Container Service (EKS)

SAN Elastic Block Store (EBS),

Storage &
NAS, NFS Elastic File System (EFS), S3
RDBMS Databases Amazon RDS

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Policy Mapping - AWS
User Account Tenant
Virtual Private Cloud VRF

VPC subnet BD Subnet

Tag / Label EP to EPG Mapping

Security Group EPG

Network Access List Taboo
Security Group Rule Contracts, Filters
Outbound rule Consumed contracts
Source/Destination: Subnet or IP or Any or ‘Internet’
Protocol
Port
Inbound rule Provided contracts
EC2 Instance

Network Adapter End Point (fvCEp)

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
ACI Extensions to AWS Multi-Site

On-Premise DC Public Cloud

IP
EPG
Contract
EPG
Contract
EPG Network
Web APP DB
SG SG SG
SG Rule SG Rule
Web APP DB

VM VM VM AWS Region

Consistent Policy Enforcement Automated Inter-connect Simplified Operations

on-Premise & Public Cloud provisioning with end-to-end visibility

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
ACI Extension to AWS
Architecture
Multi-Site Orchestrator
(MSO)
On-Premise Public Cloud

• Single or group of multiple

regions in AWS represents
an ACI site
Infra VPC
AWS Instances
• Each Region in AWS is
User VPC
similar to ACI POD in the
Region 1
Site A cloud
Site B • Cloud APIC will be spin up in
the infra VPC at each site.

Infra VPC AWS Internet Gateway

AWS Instances CSR-1000V
(IGW)

Region 2 User VPC Cloud APIC

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Cloud APIC Resources
• Cloud APIC AMI will be available from AWS marketplace
• Cloud Formation Template does:
• Launch Cloud APIC EC2 Instance
• Create management and Infra Interface with IP address from Infra VPC pool
• Assign elastic IP to the management interface to enable communication with the Internet
• Create Internet Gateway on the Infra VPC and setup the route table to point to Internet
Gateway
• Program security group rules on management interface to allow https / ssh access from
configured external networks

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Demo Time!
Workshop
https://github.com/devarshishah3/CiscoLive-cAPIC-Workshop
What we’re going to do
(Hint: bring up an Application!)

• Test if a Tenant is present in ACI

• Create VRF, Cloud Context Profile, and attach
to VRF
• Add Cloud Context Profile CIDR and subnet
• Create an 2-Tier Application Profile with EPGs
and contracts
• Attach EPGs to VRF
• Deploy EC2 instance and attach them to
corresponding EPGs
• Test connectivity
Resources

• ACI Anywhere on Cisco.com

• Cloud APIC workshop

• Solution Overview

• Walkthrough video

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
 Cisco Webex Teams

Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

cs.co/ciscolivebot#BRKACI-2690

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations

Don’t forget: Cisco Live sessions will be available for viewing

on demand after the event at ciscolive.cisco.com

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Continue Your Education

Demos in Meet the Related

Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings

DEVNET-2603 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Thank you