aci and full stack automation -...
TRANSCRIPT
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
AbstractACI and Full Stack Automation provides the attendee with a view on how network and application constructs can be delivered in an automated manner to an ACI network.
We will take a look at the tools required to provision the full stack from network provisioning through to application delivery.
Technologies discussed will include Cisco Application Policy Infrastructure Controller (APIC), UCS Director and Cisco Cloud Center (Formerly CliQr).
The focus will be on providing structured methodologies that can be used to satisfy the requirements and desires of both infrastructure admins and application developers alike.
BRKACI-2770 3
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Session objectives
• Provide you with an understanding on ACI networking constructs
• Explain how UCS Director can be used to Automate ACI
• Explain how Cisco Cloud Center can interact with ACI
• Provide you with a clear understanding where to use the different tools available
BRKACI-2770 4
• Why Automate?
• ACI Primer
• Infrastructure as a Service with UCS Director
• Controlling ACI with Cisco Cloud Center
Agenda
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
There are actually many different reasons:
• Cost reduction
• Simplicity
• Consistent configuration (Policy conformance, elimination of human error)
• Reduction in maintenance windows
• Structured changes during the business day
• Service Catalogue for IT services
• UCSD – IaaS
• Cisco Cloud Center – Hybrid Cloud Management
BRKACI-2770 9
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network centric, Server centric, Application centric
• Switch Interfaces
• Tenants
• VRFs
• Bridge Domains (L2)
• VLAN Extension
• Bridge Domains (L3)
• External L3
• Application Network Profiles
• Endpoint Groups
• Contracts
• VMware Portgroups
• Firewall Configuration
• SLB Configuration
• Multi server deployment
• Application containers
• Server Configuration (BIOS etc)
• Virtual Machine Deployment
• Load balancers
• Database
• Storage LUNs
• Storage zoning
• Server Configuration (BIOS etc)
• Bare Metal Deployments
• Operating System
• Virtual Machine Deployment
BRKACI-2770 11
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
OSPF Area 30 OSPF Area 20
OSPF Area 10 (stub)
CPoC – Large Financial Organisation
APIC
APIC
APIC
Spirent Test
Center
Spirent Test
Center
Spirent Test
Center
ESX-01ESX-02
c3850
n7706 n9504n7706-01 n7706-02
n5672-01 n5672-02
L2
L3
OSPF Area 0
e1/3
e1/1 e1/2 e1/1 e1/2
e1/7 e1/8
e1/15 e1/15 e1/15e1/5 e1/6 e1/11 e1/12
BRKACI-2770 14
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Provisioning
Manual
setup
Quick Start
wizard
BRKACI-2770 16
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Switch Policies
Leaf Profiles
Leafs_101_and_102
Interface Policies
Policies
CDP_enabled
LACP_Active
Interface Policies
Leaf Policy Groups
vPC_to_UCS_FI_A
SVI_to_outside
AAEP
(Allowed VLANs)
vCenter-01-DVS-01
UCS-phys-svrs
Outside-Fabric
Pools
VLAN/VXLAN
vCenter-01-DVS-01
UCS-phys-svrs
Outside-Fabric
Virtual Machine
Domains
(vSwitches)
vCenter-01-DVS-01
Phy/Out Domains
(VLAN mgmt)
UCS-phys-svrs
Outside-Fabric
Policy Defined Network
Concrete Model
Logical Model
APIC
APIC
APIC
Interface Selector
1/21
Leaf Profile
vPC_to_UCS_FI_A
Security Domain
(optional)
Interface Policies
Leaf Profiles
BRKACI-2770 17
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Interface Policies can be reused across any interface type
• Leaf Policy Groups for “Access” ports can be used by different Leaf Profiles
• Leaf Policy Groups for PC/vPC cannot be used by different Leaf Profiles
• Leaf Profiles can be used by different Switch Profiles
Notes to remember:
BRKACI-2770 18
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Example Rack Layout
Row ID
A Rack ID A1 A2 A3 A4 A5 A6 A7 A8 A9 A10
ToR ID 101 103 105 107 109 111 113 115 117 119
ToR ID 102 104 106 108 110 112 114 116 118 120
B Rack ID B1 B2 B3 B4 B5 B6 B7 B8 B9 B10
ToR ID 121 123 125 127 129 131 133 135 137 139
ToR ID 122 124 126 128 130 132 134 136 138 140
C Rack ID C1 C2 C3 C4 C5 C6 C7 C8 C9 C10
ToR ID 141 143 145 147 149 151 153 155 157 159
ToR ID 142 144 146 148 150 152 154 156 158 160
D Rack ID D1 D2 D3 D4 D5 D6 D7 D8 D9 D10
ToR ID 161 163 165 167 169 171 173 175 177 179
ToR ID 162 164 166 168 170 172 174 176 178 180
BRKACI-2770 20
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Example Naming Approach• VLAN Pool
• Domains (L2, L3, Phys)
• AAEP (allowed VLANs)
• Interface Polices (settings)
• Leaf Policy Groups (aggregated settings)
• Leaf Profiles (settings mapped to interfaces)
• Switch Profiles (interfaces mapped to switches)
• Tenant_Name
• Tenant_Name
• Tenant_Name
• Enabled/Disabled
• PortSpeed_PortType_Usage
• Rack_ID/Switch_ID_to_ConnectedDevice
• Rack_ID or Rack_ID_SwitchID
BRKACI-2770
• Customer_A_01
• Customer_A_L3_01
• Customer_A_01
• 10G, CDP_enabled
• 10G_access_c3850-01
• 101_to_c3850-01
• A1_101
21
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesCDP_enabled
VLAN PoolCustomer_A_01
External Routed
DomainCustomer_A_L3_01
AAEPCustomer_A_01
Leaf Policy Group10G_acc_c3850
Interface Policies10G
Leaf Profileli07_to_
ld04-c3850-01
Leaf ProfileLeafs_101_and_102
Interface Selector1/3
10G_acc_c3850
Concrete Model
Logical Model
BRKACI-2770
Rack/Switch to
connected device
Interface setting
group
24
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesCDP_enabled
10G_acc_n7706
VLAN PoolCustomer_A_01
External Routed
DomainCustomer_A_L3_01
AAEPCustomer_A_01
Leaf Policy Group10G_acc_n7706
Interface Policies10G
Leaf Profileli07_to_
lg05-n7706-01
Leaf ProfileLeafs_101_and_102
Interface Selector1/7
Concrete Model
Logical Model
BRKACI-2770
Rack/Switch to
connected device
Interface setting
group
25
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesCDP_enabled
10G_acc_n9504
VLAN PoolCustomer_A_01
External Routed
DomainCustomer_A_L3_01
AAEPCustomer_A_01
Leaf Policy Group10G_acc_n9504
Interface Policies10G
Leaf Profileli07_to_
lg11-n9504-01
Leaf ProfileLeafs_101_and_102
Interface Selector1/8
Concrete Model
Logical Model
BRKACI-2770
Rack/Switch to
connected device
Interface setting
group
26
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesLLDP_enabled
10G_vPC_esx_li07-c220m4-01
VLAN PoolCustomer_A_01
Physical DomainCustomer_A_Phys_01
AAEPCustomer_A_01
Leaf Policy Group10G_vPC_esx_
li07-c220m4-01
Interface Policies10G
Leaf Profileli08_to_
li07-c220m4-01
Leaf ProfileLeafs_103_and_104
Interface Selector1/11
Interface PoliciesLACP_active
Concrete Model
Logical Model
BRKACI-2770
Rack/Switch to
connected device
Unique Interface
setting group
28
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesLLDP_enabled
10G_vPC_esx_li07-c220m4-02
VLAN PoolCustomer_A_01
Physical DomainCustomer_A_Phys_01
AAEPCustomer_A_01
Leaf Policy Group10G_vPC_esx_
li07-c220m4-02
Interface Policies10G
Leaf Profileli07_to_
li07-c220m4-02
Leaf ProfileLeafs_101_and_102
Interface Selector1/12
Interface PoliciesLACP_active
Concrete Model
Logical Model
BRKACI-2770
Rack/Switch to
connected device
Unique Interface
setting group
29
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesCDP_enabled
10G_acc_ c3850 | n7706 | n9504
Leaf ProfileLeafs_101_and_102
VLAN PoolCustomer_A_01
External Routed
DomainCustomer_A_L3_01
AAEPCustomer_A_01
Interface Policies10G
Leaf Profileli07_to_
lg11-n9504-01
Leaf Profileli07_to_
lg05-n7706-01
Leaf Profileli07_to_
ld04-c3850-01
Leaf ProfileLeafs_101_and_102
Leaf ProfileLeafs_101_and_102
Interface Selector1/3
Interface Selector1/7
Interface Selector1/8
Leaf Policy Group10G_acc_c3850
Leaf Policy Group10G_acc_n7706
Leaf Policy Group10G_acc_n9504
All Leaf Policy Groups use the
same Interface Policies
(Settings and allowed VLANs)
Concrete Model
Logical Model
BRKACI-2770 32
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesCDP_enabled
10G_acc_to_external_L3_switch
Leaf ProfileLeafs_101_and_102
VLAN PoolCustomer_A_01
External Routed
DomainCustomer_A_L3_01
AAEPCustomer_A_01
Interface Policies10G
Leaf Profileli07_to_
lg11-n9504-01
Leaf Profileli07_to_
lg05-n7706-01
Leaf Profileli07_to_
ld04-c3850-01
Leaf ProfileLeafs_101_and_102
Leaf ProfileLeafs_101_and_102
Interface Selector1/3
Interface Selector1/7
Interface Selector1/8
Leaf Policy Group10G_acc_to_external_
L3_switch
Consolidated Leaf Policy Group
for Interfaces which use the
same Interface Policies
(Settings and allowed VLANs)
Concrete Model
Logical Model
BRKACI-2770 33
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesCDP_enabled
10G_acc_to_external_L3_switch
Leaf ProfileLeafs_101_and_102
VLAN PoolCustomer_A_01
External Routed
DomainCustomer_A_L3_01
AAEPCustomer_A_01
Interface Policies10G
Leaf Profileli07_to_
lg11-n9504-01
Leaf Profileli07_to_
lg05-n7706-01
Leaf Profileli07_to_
ld04-c3850-01
Leaf ProfileLeafs_101_and_102
Leaf ProfileLeafs_101_and_102
Interface Selector1/3
Interface Selector1/7
Interface Selector1/8
Leaf Policy Group10G_acc_to_external_
L3_switch
Multiple Leaf Profiles / Interface
Selectors consume the same
Leaf Policy Group
(Settings and allowed VLANs)
Concrete Model
Logical Model
BRKACI-2770 36
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface PoliciesCDP_enabled
10G_acc_to_external_L3_switch
VLAN PoolCustomer_A_01
External Routed
DomainCustomer_A_L3_01
AAEPCustomer_A_01
Leaf Policy Group10G_acc_to_external_
L3_switch
Interface Policies10G
Leaf Profileli07_to_external
L3_switch
Leaf ProfileLeafs_101_and_102
Interface Selector1/3, 1/7, 1/8
Consolidated Leaf Profiles /
Interface Selectors consume
the same Leaf Policy Group
(Settings and allowed VLANs)
Concrete Model
Logical Model
BRKACI-2770 37
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2770
Automating “Access Policies” abstracts the naming rules
away from APIC thus ensuring configuration
conformance
38
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2770
In large organisations having an automated approach to
interface configuration could allow the “rack/stack”
team to configure the switches from a simple IT
services catalogue
39
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Consumption
BRKACI-2770
Quick Start
wizard
Tenants
41
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• A Tenant is just an Administrative boundary
• A VRF is a VRF as you know it today
• A Bridge Domain is a L2 segment where flooding rules apply – think VLAN but without a VLAN ID
• A Bridge Domain is the scope of one or more subnets – think SVI and IP Secondary
• An EPG is just a logical grouping of devices – think interfaces and VLANs
• An EPG is a Port Group in VMware
• An EPG can contain different VLANs, e.g. when mixing dynamic Virtual Port Groups and Physical machines – think hardware VTEP
• Devices in an EPG are allowed to communicate (by default)
• Isolated EPGs block communication within the EPG – think PVLAN
• Micro Segmentation (µSeg) EPGs are used to dynamically move devices from a “base” EPG into a more specific EPG
• An Application Network Profile is a group of one or more EPGs – remember an EPG can only be inside one ANP
• Communication between EPGs and/or from devices off the ACI fabric require Contracts (ACLs)
ACI Nomenclature Refresher
BRKACI-2770 42
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Leaf Profiles
(Target Switches)
Leafs_101_and_102
AAEP
(Allowed VLANs)
UCS-phys-svrs
Interface Policies
CDP_enabled
LACP_Active
VLAN/VXLAN
(Pools)
UCS-phys-svrs
VLAN mgmt
(Phy/Out Domain)
UCS-phys-svrs
Network Interfaces must be configured first!
Concrete Model
Logical Model
APIC
APIC
APIC
Interface Selector
1/21
Security Domain
(optional)
ANP: My_App
EPG: Web
Domain: Production_Svrs
Path: vPC_to_UCS_FI_A
VLAN_10
Path: vPC_to_UCS_FI_B
VLAN_10
Interface Selector
1/22
Leaf Policy Group
vPC_to_UCS_FI_A
Leaf Policy Group
vPC_to_UCS_FI_B
Leaf Profile
vPC_to_UCS_FI_A
Leaf Profile
vPC_to_UCS_FI_B
Leaf Profiles
BRKACI-2770 43
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
EPG Tag: DB (VLAN 12)
Security Zone
EPG Tag: App (VLAN 11)
Security Zone
EPG Tag: Web (VLAN 10)
Security Zone
Option 1: Single EPG on a Single BD with a Single Subnet – “standard networking”
ANP:
My_App
APIC
APIC
APIC
Tenant: My_Tenant
Communication allowed within EPG Communication allowed within EPGCommunication allowed within EPG
BD:192.168.30.xHardware Proxy: No
ARP Flooding: Yes
Unknown Unicast Flooding: Yes
IP Routing: No
BD: 192.168.10.XHardware Proxy: No
ARP Flooding: Yes
Unknown Unicast Flooding: Yes
IP Routing: No
VRF: 01 (Anycast gateway)
192.168.20.11/24 192.168.20.12/24 192.168.30.11/24 192.168.30.12/24192.168.10.11/24 192.168.10.12/24
BD: 192.168.20.xHardware Proxy: No
ARP Flooding: Yes
Unknown Unicast Flooding: Yes
IP Routing: No Endpoints in EPG identified by
Switch/Interface and VLAN ID
BRKACI-2770 45
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
EPG Tag: DB (VLAN 12)
Security Zone
EPG Tag: App (VLAN 11)
Security Zone
EPG Tag: Web (VLAN 10)
Security Zone
Option 2: Multiple EPGs on a Single BD with a Single Subnet – µSegmentation in IP space
VRF: 01 (Anycast gateway)
Bridge Domain: 192.168.10.X_24
Gateway: 192.168.10.1
ANP:
My_App
Bridge DomainHardware Proxy: Yes
ARP Flooding: No
Unknown Unicast Flooding: No
IP Routing: Yes
APIC
APIC
APIC
Tenant: My_Tenant
192.168.10.11/24 192.168.10.12/24 192.168.10.13/24 192.168.10.14/24 192.168.10.15/24 192.168.10.16/24
Endpoints in EPG identified by
Switch/Interface and VLAN ID
Communication allowed within EPG Communication allowed within EPGCommunication allowed within EPG
Layer 2 Segment
BRKACI-2770 46
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
EPG Tag: DB (VLAN 12)
Security Zone
EPG Tag: App (VLAN 11)
Security Zone
EPG Tag: Web (VLAN 10)
Security Zone
Option 3a: Multiple EPGs on a Single BD with Multiple Subnets – IP secondary
VRF: 01 (Anycast gateway)
Bridge Domain: multiple_subnets
Gateway: 192.168.10.1
192.168.20.1
192.168.30.1
ANP:
My_App
Bridge DomainHardware Proxy: Yes
ARP Flooding: No
Unknown Unicast Flooding: No
IP Routing: Yes
APIC
APIC
APIC
Tenant: My_Tenant
192.168.10.11/24 192.168.10.12/24 192.168.20.11/24 192.168.20.12/24 192.168.30.11/24 192.168.30.12/24
Endpoints in EPG identified by
Switch/Interface and VLAN ID
Communication allowed within EPG Communication allowed within EPGCommunication allowed within EPG
BRKACI-2770 48
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
EPG Tag: DB (VLAN 12)
Security Zone
EPG Tag: App (VLAN 11)
Security Zone
EPG Tag: Web (VLAN 10)
Security Zone
Option 3b: Multiple EPGs on a Single BD with Multiple Subnets – IP secondary
VRF: 01 (Anycast gateway)
Bridge Domain: multiple_subnets
Gateway: 192.168.10.1
192.168.20.1
ANP:
My_App
Bridge DomainHardware Proxy: Yes
ARP Flooding: No
Unknown Unicast Flooding: No
IP Routing: Yes
APIC
APIC
APIC
Tenant: My_Tenant
192.168.10.11/24 192.168.20.11/24 192.168.10.12/24 192.168.20.12/24 192.168.10.15/24 192.168.10.16/24
Endpoints in EPG identified by
Switch/Interface and VLAN ID
Communication allowed within EPG Communication allowed within EPGCommunication allowed within EPG
BRKACI-2770 49
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
EPG Tag: Web (VLAN 10)
Security Zone
Options 1, 2, and 3 – µSegmentation within an EPG/Port Group (no East/West traffic flows)
VRF: 01 (Anycast gateway)
Bridge Domain: 192.168.10.X_24
Gateway: 192.168.10.1
ANP:
My_App
Bridge DomainHardware Proxy: Yes
ARP Flooding: No
Unknown Unicast Flooding: No
IP Routing: Yes
APIC
APIC
APIC
Tenant: My_Tenant
192.168.10.11/24 192.168.10.12/24 192.168.10.13/24 192.168.10.14/24 192.168.10.15/24 192.168.10.16/24
Endpoints in EPG identified by
Switch/Interface and VLAN ID
Communication allowed within EPG
Layer 2 Segment
BRKACI-2770 51
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
EPG Tag: All_Web_Servers (VLAN 10)
Security Zone
Options 1, 2, and 3 – µSegmentation within an EPG/Port Group based on machine attribute
VRF: 01 (Anycast gateway)
Bridge Domain: 192.168.10.X_24
Gateway: 192.168.10.1
ANP:
My_App
Bridge DomainHardware Proxy: Yes
ARP Flooding: No
Unknown Unicast Flooding: No
IP Routing: Yes
APIC
APIC
APIC
Tenant: My_Tenant
192.168.10.11/24 192.168.10.12/24 192.168.10.13/24 192.168.10.14/24 192.168.10.15/24 192.168.10.16/24
Endpoints in EPG identified by
Switch/Interface and VLAN ID
Layer 2 Segment
Name Contains:
Web_1
Name Contains:
Web_2
Name Contains:
Web_3
Communication allowed within uSeg EPG
BRKACI-2770 52
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Option 1: Same VLANs Outside/Inside (No Contract Required)
ANP:
Outside_VLANs
Bridge DomainHardware Proxy: No
ARP Flooding: Yes
Unknown Unicast Flooding: Yes
IP Routing: Yes
vPC_to_UCS_a
vlan-10
vPC_to_UCS_b
vlan-10
EPG: Host-Mgmt
192.168.10.11 192.168.10.10
vPC_to_n5ks
vlan-10
vlan-10
APIC
APIC
APIC
Tenant: My_Tenant
VRF: 01 (Anycast gateway)
Bridge Domain: outside_vlan_10
Gateway: 192.168.10.1
Communication allowed within EPG
BRKACI-2770 54
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Option 2: Different VLANs Outside/Inside(Contract Required)
ANP:
Outside_VLANs
EPG
Bridge DomainHardware Proxy: No
ARP Flooding: Yes
Unknown Unicast Flooding: Yes
IP Routing: Yes
L2outvPC_to_n5ks
vlan-10
vlan-10
APIC
APIC
APIC
Tenant: My_Tenant
VRF: 01 (Anycast gateway)
Bridge Domain: outside_vlan_10
Gateway: 192.168.10.1
vPC_to_UCS_a
vlan-100
vPC_to_UCS_b
vlan-100
EPG: Host-Mgmt
192.168.10.10 192.168.10.11
Communication allowed within EPG
Communication allowed to External EPG
BRKACI-2770 55
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
External Routed Connections
Bridge DomainHardware Proxy: Yes
ARP Flooding: No
Unknown Unicast Flooding: No
IP Routing: Yes
L3out: Area0101/1/96: 192.168.30.1/30
102/1/96: 192.168.30.5/30
Outside
Security Import Subnet*
i.e which external subnets can
be accessed through this EPG
APIC
APIC
APIC
EPG0.0.0.0/0
OSPF
Configuration
EPG Tag: App (VLAN 11)
Security Zone
EPG Tag: Web (VLAN 10)
Security ZoneANP:
My_App
192.168.10.11/22 192.168.10.12/22 192.168.10.21/22 192.168.10.22/24
Communication allowed to 10.1.1.0/24
VRF: 01 (Anycast gateway)
Bridge Domain: 192.168.10.x_22
Gateway: 192.168.10.1
Permit access to all
remote subnets:
0.0.0.0/0Tenant: My_Tenant
Communication allowed to all External Subnets
EPG10.1.1.0/24
Permit access to
remote subnet:
10.1.1.0/24
BRKACI-2770 57
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contracts permit communication between EPGs
Tenant: My_Tenant
VRF: 01
ANP: DB
EPG: DB_1
192.168.10.11/24 192.168.10.12/24
EPG: Web_1
192.168.10.11/24 192.168.10.12/24
EPG: App_1
192.168.20.11/24 192.168.20.12/24
ANP: MyApp_2
BD: 192.168.10.X
BD: 192.168.20.x
EPG: App_1 BD:192.168.30.xEPG: Web_1
192.168.10.11/24 192.168.10.12/24 192.168.10.11/24 192.168.10.12/24
ANP: MyApp_1
BRKACI-2770 59
Now that we have a better understanding of ACI, lets consider what customers typically want to automate
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customer Use Cases
Credit Services
• Multi-Tier application Deployments
• Tenants
• VRFs
• Bridge Domains
• Endpoint Groups
• Contracts
• Load Balancing (Citrix)
• VM creation
Media
• Tenants
• VRFs
• Bridge Domains
• Endpoint Groups
• Contracts
• Switch Interfaces
Banking
• VRFs
• Bridge Domains
• Endpoint Groups
• Contracts
• Switch Interfaces
• VM creation
• OS Installation
BRKACI-2770 61
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What should you look to do first?
A. Automate the building of networking infrastructure
B. Automate the consumption of networking resources• Blueprints for Tenants, L2 (EPG/VLAN/VXLAN), L3, L4-7 services
• IP Address Management (IPAM)
• Summary routes into the fabric
• Virtual machine creation
• Containers
• Application Provisioning
• Self service offering
C. Automate both infrastructure and consumption
D. Automate application deployment
BRKACI-2770 62
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sample Network Blueprints
Clients
ACI
Gateway
(not used)
External Router
to WANGateway
192.168.10.1
L2 Fabric (external g/w)
Clients
ACI
Gateway
External Router
to WAN
L3 Fabric
Clients
ACI
Gateway
External Router
to WAN
L3 Fabric with external firewall
BRKACI-2770 64
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sample Network Blueprints
Clients
ACI
Internal Gateway
External Router
to WAN
L3 Fabric with firewall on fabric
ACI
External Gateway
Clients
ACI
Internal Gateway
External Router
to WAN
L3 Fabric with SLB on fabric
ACI
External Gateway
SLB
Clients
ACI
Gateway
External Router
to WAN
L3 Fabric with firewall and SLB
SLB
BRKACI-2770 65
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2770
Let’s consider the consumers of a cloud provider. The
consumers don’t concern themselves with server
connectivity…
66
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2770
They simply concern themselves with the IP
addresses/gateway for their applications, and the
security rules which allow access to those applications
67
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2770
Automating “Tenant” configuration allows teams other
than the network team to consume network services
68
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
How Many of You....
• Are already scripting and automating common tasks?• In my experience, most of us are not
• Are really good at copy and paste?• That’s me that is!!
BRKACI-2770 71
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Congratulations!
BRKACI-2770 72
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Being Serious For A Moment
• We talk to a lot of partner and customer engineers all over the world
• It is clear that some knowledge of programming concepts is quite valuable these days
• The top question is always “Do I need to learn programming to keep doing my job?”
• I’ve got some good news for you...
• In a nutshell, the answer is No....
• But only if you learn to consume the easy-to-use tools and processes out there
BRKACI-2770 73
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is ACI?It is all about the API and Object Model
APIC
APIC
APIC
BRKACI-2770 75
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI and REST API
BRKACI-2770
• REST is fundamental to APIC interaction
• All other tools are built around it
• Understand REST, understand ACI automation
• The second time you need to do something, think about automating it instead!!
76
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Using REST
• HTTP(S) to the URL or Address of an object
• Select an Action to perform (GET, POST etc)
• Send the Payload (in XML or JSON format)
BRKACI-2770 77
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Common (Free) Tools For The Network EngineerUse these to automate things in ACI
• Postman Plugin for Google Chrome
• API Inspector
• APIC GUI
• COBRA SDK
• Python IDE (Pycharm, Atom, others)
• Git / Github
• ARYA
• ACI Toolkit
• Many Others
BRKACI-2770 78
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Engineers, Different Tools
APIC CLI
APIC GUI
REST APISDK
Powerful/Complex
Simple/Rigid
BRKACI-2770 79
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
API Inspector – a REST API Sniffer
• Record your GUI interaction as JSON
• Modify and replay with tools like Postman
BRKACI-2770 80
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
API Inspector – a REST API Sniffer
• Record your GUI interaction as JSON
• Modify and replay with tools like Postman
BRKACI-2770 80
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Postman Plugin for Google Chrome
BRKACI-2770 82
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Python SDK (aka “Cobra”) + ARYA• Full featured access to entire APIC
REST API
• Native ACI language – configure in GUI and turn into Cobra SDK
• Contributors include: Business Unit Engineers, Technical Services Engineers, Advanced Services Engineers
• Complete user use cases all possible
• http://github.com/datacenter/cobra
• http://github.com/datacenter/arya
XML/JSON
arya.py
Python code
{"fvTenant":{"attributes":{"dn":"uni/tn-
Cisco","name":"Cisco","rn":"tn-
Cisco","status":"created"},"children":[{"fvBD":{"attribut
es":{"dn":"uni/tn-Cisco/BD-
CiscoBd","mac":"00:22:BD:F8:19:FF","name":"CiscoBd","rn":
"BD-
CiscoBd","status":"created"},"children":[{"fvRsCtx":{"att
ributes":{"tnFvCtxName":"CiscoNetwork","status":"created,
modified"},"children":[]}},{"fvSubnet":{"attributes":{"dn
":"uni/tn-Cisco/BD-CiscoBd/subnet-
[10.0.0.1/8]","ip":"10.0.0.1/8","rn":"subnet-
[10.0.0.1/8]","status":"created"},"children":[]}}]}},{"fv
Ctx":{"attributes":{"dn":"uni/tn-Cisco/ctx-
CiscoNetwork","name":"CiscoNetwork","rn":"ctx-
CiscoNetwork","status":"created"},"children":[]}}]}}
fvTenant = cobra.model.fv.Tenant(topMo, name='Cisco')
fvCtx = cobra.model.fv.Ctx(fvTenant, name='CiscoNetwork')
fvBD = cobra.model.fv.BD(fvTenant,
mac='00:22:BD:F8:19:FF', name='CiscoBd')
fvRsCtx = cobra.model.fv.RsCtx(fvBD,
tnFvCtxName=fvCtx.name)
fvSubnet = cobra.model.fv.Subnet(fvBD, ip='10.0.0.1/8')
BRKACI-2770 83
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Practical example of tool usage
BRKACI-2770 83
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Practical example of tool usage
BRKACI-2770 83
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• https://github.com/datacenter
• https://github.com/datacenter/ACI
• https://github.com/datacenter/aci-examples
• https://github.com/datacenter/sparci
• https://github.com/datacenter/acitoolkit
Cisco on Github
BRKACI-2770 86
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ONE Enterprise Cloud SuiteInfrastructure Management
Cisco UCS Director(Infrastructure)
Physical
VirtualHypervisor
• Builds and manages Private Cloud Infrastructure• Physical and Virtual, including ACI
• In pure IaaS deployments provides VM provisioning• E.G. Through vCenter for ESX and SCVMM for HyperV
• Provides a end-user self service portal for IaaS provisioning
Build and run a Private Cloud
BRKACI-2770 91
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCS
Nexus
Physical & Virtual
Infrastructure
UCS Director Topology and Optional Components
BRKACI-2770 92
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Orchestrating with UCS Director
• Object, not script, based
• ~2,000 infrastructure tasks included
• Graphical Design Interface
• Logical processing of Conditionalsand Loops
• Versioning Support
Model Based Orchestration
BRKACI-2770 91
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Orchestrating with UCS Director
• Object, not script, based
• ~2,000 infrastructure tasks included
• Graphical Design Interface
• Logical processing of Conditionalsand Loops
• Versioning Support
Model Based Orchestration
BRKACI-2770 91
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
BRKACI-2770 93
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Network Admins
ACI Fabric Provisioning
BRKACI-2770 93
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Network Admins
ACI Fabric Provisioning
BRKACI-2770 93
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Network Admins
ACI Fabric Provisioning
BRKACI-2770 93
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Network Admins
ACI Fabric ProvisioningNetwork Administrator Tasks
Create VLAN Pool
Create Domain and Bind to VLAN Pool
Create AAEP and Bind to Domain & Leaf Policy Group
Create Leaf Profile and Bind to Switch Profile
Create Interface selector and Bind to Leaf Profile &Leaf Policy Group
Create Switch Profile
BRKACI-2770 93
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Tenant Admins
ACI Tenant Operations
BRKACI-2770 94
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Tenant Admins
ACI Tenant Operations
BRKACI-2770 94
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Tenant Admins
ACI Tenant Operations
ACI Tenant Administrator Tasks
Create New Tenant
Create VRF & Bind to Tenant
Create L3out & Bind to VRF
Create Bridge Domain (L2) & Bind to VRF
Create Bridge Domain (L3) & Bind to VRF
Create EPG & Bind to Bridge Domain
Create Contract & Filter & Bind to EPGs
Create a BD/EPG with Flooding Enabled & a Static Binding to a VLAN
BRKACI-2770 94
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Network Operations
ACI Service Expansion
BRKACI-2770 95
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Network Operations
ACI Service Expansion
BRKACI-2770 95
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Different Catalogues for Different User Types
Network Operations
ACI Service Expansion
Network Operations Tasks
Add additional Interface to a L3out
Add Subnets to existing L3out
Add Ports to an existing Filter
Add Filters to an existing Contract
Add an additional EPG to a Bridge Domain
Add an additional Domain to an EPG
Add a Static Binding to an EPG
Add new vSwitch to Virtual Center
BRKACI-2770 95
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 96
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 96
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 96
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 96
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 96
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 96
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 97
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 97
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 97
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 97
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 97
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating a New Workflow/Catalogue Entry
BRKACI-2770 97
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 98
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 98
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
This creates a
new
ACI Interface
Leaf Profile
BRKACI-2770 98
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
…with the following
Interface Selectors
BRKACI-2770 98
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 99
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 99
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 99
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
Select the ACI switch
policy leaf profile to
associate Interface
Leaf Profile to
BRKACI-2770 99
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
...and select the
Interface Leaf Profile
that was created in
the previous request
BRKACI-2770 99
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 100
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 100
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 100
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
Select the physical
switch port to
connect the new host
to the BMA EPG
BRKACI-2770 100
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 100
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure ACI Network via UCS Director
BRKACI-2770 100
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Create New ACI Tenant, VRF, BD and Subnet
BRKACI-2770 101
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Create New ACI Tenant, VRF, BD and Subnet
BRKACI-2770 101
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Create New ACI Tenant, VRF, BD and Subnet
BRKACI-2770 101
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Create New ACI Tenant, VRF, BD and Subnet
BRKACI-2770 101
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Create New ACI Tenant, VRF, BD and Subnet
BRKACI-2770 101
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCSD Access via its Northbound API
BRKACI-2770 107
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCSD Access via its Northbound API
BRKACI-2770 107
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCSD Access via its Northbound API
BRKACI-2770 107
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCSD Access via its Northbound API{
"param0": "Add Device to ACI Fabric",
"param1": {
"list": [
{
"name": "Device Type",
"value": "r01_1G_acc_WIBBLE_ESX"
},
{
"name": "Enter Interface(s)",
"value": "1/79"
}
]
},
"param2": -1
}
BRKACI-2770 107
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCSD Access via its Northbound API
UCS
Nexus
Physical & Virtual
Infrastructure
BRKACI-2770 107
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
Service Request
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
Service Request
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
Service Request
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
Service Request
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
Service Request
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
Service Request
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Automation Models
vCenter
BRKACI-2770
ITSM
Service Request
APIC
APIC
APIC
109
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
APIC API Inspector
BRKACI-2770 111
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
APIC API Inspector
BRKACI-2770 111
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
APIC API Inspector
BRKACI-2770 111
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
APIC API Inspector
BRKACI-2770 111
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCS Director ACI JSON Convertor
BRKACI-2770 112
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCS Director ACI JSON Convertor
BRKACI-2770 112
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCS Director ACI JSON Convertor
BRKACI-2770 112
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UCS Director ACI JSON Convertor
BRKACI-2770 112
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Useful Links
• Cisco Communities ( >300 Examples ) https://communities.cisco.com/docs/DOC-56419
• APIC Inspector to UCS Director Workflow Task Convertor
• Convertor Script: https://cisco.box.com/s/zexj4r4unkcotykq1u5a1vl0dan6e05w
• Baseline WF Template: https://cisco.box.com/s/6phyf2rvv11qd7db3a0haynbxrr4zcni
• HowTo Video: https://cisco.box.com/s/w1vi4fce1wo6n14svih9pn5uf1f15c6d
BRKACI-2770 167
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Preview: HTML5 Admin Interface
BRKACI-2770 115
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Preview: HTML5 Admin Interface
BRKACI-2770 115
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Preview: HTML5 Admin Interface
BRKACI-2770 171
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Preview: HTML5 Admin Interface
BRKACI-2770 117
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Preview: HTML5 Admin Interface
BRKACI-2770 117
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
A widening Cloud Gap
Cloud
applications
Cloud
Gap
IT capabilities
• People
• Processes
• Tools
…and what IT is capable of reliably and confidently
supporting today.
Between what cloud applications require…
Lo
Bre
qu
irem
en
ts
Time
Traditional
applications
BRKACI-2770
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CloudCenter Unique ValueModel Once. Deploy and Manage Anywhere.
Data
Center
DEPLOY
MANAGE
MODEL
Public
Cloud
Private
Cloud
One Integrated
Platform
Lifecycle
Management
New and Existing
Applications
BRKACI-2770
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What Does “Model Once” Mean?
Infrastructure-Centric
Cloud-Specific
workflows and Scripts
Labor /Services
IntensiveUnique
Script /
Workflow
Application-Centric
Cloud-Agnostic
Low TCOUnique
Script /
Workflow
Unique
Script /
Workflow
Script-Based Application Profile-Based
BRKACI-2770 178
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• An application profile is comprised of services.
• The services define a function of the application (e.g.- web, firewall, database, etc.)
• Services are instantiated using packages and customized using artifacts.
• Artifacts can consist of scripts, code snippets, applications.
• Repositories contain the artifacts and can contain packages.
Application
Profile
Serv
ices
Repositories
0101
1011
1101
0011
bash
sqlperl
package
Artifacts
CloudCenter Terminology
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Topology Modeling UI
BRKACI-2770 180
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Center and ACI
CloudCenterModel-Based Approach
ACIPolicy-Based Approach
Application Network Profile
Seamless Integration
“Zero Touch” automation
Powerful Benefits
• Application Security
• Ops Efficiency
• User Agility
BRKACI-2770
Application Profile
182
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Center Automation of ACI
Bridge DomainHardware Proxy: Yes
ARP Flooding: No
Unknown Unicast Flooding: No
IP Routing: Yes
L3out: Area0101/1/96: 192.168.30.1/30
102/1/96: 192.168.30.5/30
APIC
APIC
APIC
EPG0.0.0.0/0
EPG Tag: App (VLAN 11)
Security Zone
EPG Tag: Web (VLAN 10)
Security ZoneANP:
My_App
192.168.10.11/22 192.168.10.12/22 192.168.10.21/22 192.168.10.22/24
Communication allowed to 10.1.1.0/24
VRF: 01 (Anycast gateway)
Bridge Domain: 192.168.10.x_22
Gateway: 192.168.10.1
Permit access to all
remote subnets:
0.0.0.0/0Tenant: My_Tenant
Communication allowed to all External Subnets
EPG10.1.1.0/24
Permit access to
remote subnet:
10.1.1.0/24
BRKACI-2770
Communication allowed to App
CloudCenter
Manager
CloudCenter
Orchestrator
183
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Resources
Title Description
CloudCenter Overview Videohttps://www.youtube.com/watch?v=2ghFe5vwBK8 - Learn how CloudCenter enables IT organizations to put the
right workload in the right environment to take advantage of hybrid IT.
CloudCenter and ACI Automation Videohttps://www.youtube.com/watch?v=35ssaqhF8tw - Get the full power and scale of SDN with Cisco CloudCenter
and ACI together.
CloudCenter with ServiceNow Videohttps://www.youtube.com/watch?v=0u0ofdkUHNs - Leverage your ServiceNow investment to get the benefits and
controls of ITSM with the power of Cisco CloudCenter.
Cisco dClouddCloud.cisco.com provides fully working environments of Cisco products, search for “Cisco CloudCenter 4.5 - Install,
Configure, and Manage Lab v1”
CloudCenter Installation Videohttps://www.youtube.com/watch?v=kM-fiVlbB9A - Once you’ve purchased CloudCenter, steps to perform a basic
installation of the platform.
For more details, please visit: http://www.cisco.com/go/cloudcenter
Questions? Speak with your Cisco account team
BRKACI-2770 185
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Other Sessions of Interest
• BRKACI-2301 – Practical Applications of Cisco ACI µSegmentation
• LTRACI-2800 - ACI microsegmentation deployment techtorial lab
• LABACI-1234 - ACI Micro Segmentation Lab
• LTRSEC-3001 - Deep Dive Lab on ASA, FTD, and Firepower in ACI
• BRKACI-2307 - Real World ACI L4-L7 Service Integration Design
• LTRSEC-2800 - Integrating Cisco TrustSec and Cisco ACI Together
• BRKACI-3403 - ACI and Container Networking
BRKACI-2770 188
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
BRKACI-2770 189