Scribd Logo
Upload

Welcome to Scribd!

  • Devnet 2618 Aws Aci

    Uploaded by

    paulo_an7381
    8 views24 pages

    Original Title

    DEVNET-2618-AWS-ACI

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views24 pages

    Devnet 2618 Aws Aci

    Uploaded by

    paulo_an7381

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Automating ACI on AWS

    Automate cloud APIC operations on AWS


    through programmability

    Nicolas Vermande, Technical Marketing Engineer


    @nvermande

    DEVNET-2618
    Cisco Webex Teams

    Questions?
    Use Cisco Webex Teams to chat
    with the speaker after the session

    How
    1 Find this session in the Cisco Events Mobile App
    2 Click “Join the Discussion”
    3 Install Webex Teams or go directly to the team space
    4 Enter messages/questions in the team space

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
    Agenda

    • ACI Anywhere and AWS


    • cloud APIC
    • Demo: cloud APIC Config and operations the old school way
    • Programmability Options
    • Demo: cloud APIC Config and operations through APIs and Terraform
    • Summary & Resources
    • Q&A

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
    ACI Anywhere and AWS
    ACI Anywhere and AWS
    Fabric and Policy Domain Evolution
    ACI Single Pod Fabric ACI Multi-Site ACI Multi-Cloud
    ISN
    Fabric ‘A’ Fabric ‘n’

    MP-BGP - EVPN

    … ACI 3.1/4.0 - Remote


    ACI 2.0 - Multiple
    Networks (Pods) in a Leaf and vPod extends an
    single Availability Zone Availability Zone (Fabric)
    (Fabric) to remote locations

    ACI 1.0 - ACI 3.0 – Multiple ACI 4.1 – ACI Extensions


    ACI Multi-Pod Fabric Availability Zones (Fabrics)
    ACI Remote Leaf
    Leaf/Spine Single to Multi-Cloud
    Pod Fabric in a Single Region ’and’
    IPN Multi-Region Policy
    Pod ‘A’ Pod ‘n’
    Management
    MP-BGP - EVPN


    APIC Cluster

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
    Let’s demystify AWS
    Cloud Core
    Infrastructure & Services

    Traditional Data Center AWS


    Firewall Security Groups
    Access Control Lists (ACLs) Security Network ACLs (NACL)
    Administrators Identity and Access Management (IAM)

    Router / Host Routers (CSR1kv) Virtual Private Cloud (VPC)


    Switch Networking Gateways (VGW,IGW, TGW)
    Load Balancer Elastic Load Balancing (ELB)

    On-Premise images (ISO/OVA) Amazon Machine Image (AMI)


    Virtual Machines (VM)
    Servers /
    Amazon EC2 Instances
    Containers Management Compute Elastic Container Service (EKS)

    SAN Elastic Block Store (EBS),


    Storage &
    NAS, NFS Elastic File System (EFS), S3
    RDBMS Databases Amazon RDS

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
    Policy Mapping - AWS
    User Account Tenant
    Virtual Private Cloud VRF

    VPC subnet BD Subnet

    Tag / Label EP to EPG Mapping

    Security Group EPG


    Network Access Control List Taboo
    Security Group Rule Contracts, Filters
    Outbound rule Consumed contracts
    Source/Destination: Subnet or IP or Any or ‘Internet’
    Protocol
    Port
    Inbound rule Provided contracts
    EC2 Instance

    Network Adapter End Point (fvCEp)

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
    ACI Extension to AWS
    Architecture
    Multi-Site Orchestrator
    (MSO)
    On-Premise Public Cloud

    • Single or group of multiple


    regions in AWS represents
    an ACI site
    Infra VPC
    AWS Instances
    • Each Region in AWS is
    User VPC
    similar to ACI POD in the
    Region 1
    Site A cloud
    Site B • Cloud APIC will be spin up in
    the infra VPC at each site.

    Infra VPC AWS Internet Gateway


    CSR-1000V
    AWS Instances (IGW)

    User VPC Cloud APIC


    Region 2

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
    Cloud APIC
    Cloud APIC Resources

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
    Demo:

    cloud APIC Config and


    operations the old school way
    This is what we will be configuring in the demo

    Attach to Cloud
    CloudContextProfile
    Region

    Attach to Cloud
    Cloud CIDR Cloud Subnet
    Context (VRF) Zone

    CloudApp
    Tenant Cloud EPG Cloud EP Selector

    Contract
    ContractSubject

    Filter

    Relationship
    Partial representation of the Cloud Object Model to object
    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
    Programmability Options
    ACI Network Programmability Scripting

    Direct API
    Software
    Pros:

    Development Kit
    Limitless options Infrastructure-as-Code
    • Any language/method Pros:
    Pros:
    • Language Wrapper of API
    Cons: • Easy to consume modules
    • • Simplifies Syntax and
    Raw API syntax • Multi vendor support
    Management
    • Session Management Cons:
    Cons:
    • Individual Atomic • Availability
    Actions • Availability
    • Atomic API Interactions

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
    Demo:

    cloud APIC Config and


    operations using Terraform
    Summary & Resources
    Summary & Resources

    ACI Programmability Workshop REST API Documentation


    DEVNET-1236 http://cs.co/ACI_API
    ACI Terraform Workshop PyACI Documentation
    DEVWKS-1334 https://github.com/datacenter/pyaci
    ACI Programmability Learning Labs Cobra SDK Documentation
    http://cs.co/DevNet_ACI https://cobra.readthedocs.io
    Always-On ACI Sandbox ACI Ansible Documentation
    http://cs.co/ACI_SBX http://cs.co/ansible_net
    ACI on DevNet Terraform-ACI Provider and GO SDK
    https://developer.cisco.com/aci Terraform ACI Provider
    Code Samples ACI Go Client
    https://github.com/datacenter/aci
    Cloud APIC Deployment
    cloud APIC Walkthrough
    Cloud APIC demo

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
    Q&A
    Complete your
    online session
    survey • Please complete your session survey
    after each session. Your feedback
    is very important.
    • Complete a minimum of 4 session
    surveys and the Overall Conference
    survey (starting on Thursday) to
    receive your Cisco Live t-shirt.
    • All surveys can be taken in the Cisco Events
    Mobile App or by logging in to the Content
    Catalog on ciscolive.com/emea.

    Cisco Live sessions will be available for viewing on


    demand after the event at ciscolive.com.

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
    Continue your education

    Demos in the
    Walk-In Labs
    Cisco Showcase

    Meet the Engineer


    Related sessions
    1:1 meetings

    DEVNET-2618 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
    Thank you

    You might also like