Home > Store

Policy Driven Data Center with ACI, The: Architecture, Concepts, and Methodology

Add To My Wish List

Policy Driven Data Center with ACI, The: Architecture, Concepts, and Methodology

By Lucien Avramov, Maurizio Portolani
Published Jan 2, 2015 by Cisco Press. Part of the Networking Technology series.

Safari PTG

Your Price: $69.99

Not for Sale

Description

Sample Content

Updates

Copyright 2015
Dimensions: 7-3/8" x 9-1/8"
Edition: 1st

Safari PTG
ISBN-10: 0-13-358943-9
ISBN-13: 978-0-13-358943-6

Use policies and Cisco® ACI to make data centers more flexible and configurable—and deliver far more business value

Using the policy driven data center approach, networking professionals can accelerate and simplify changes to the data center, construction of cloud infrastructure, and delivery of new applications. As you improve data center flexibility, agility, and portability, you can deliver far more business value, far more rapidly.

In this guide, Cisco data center experts Lucien Avramov and Maurizio Portolani show how to achieve all these benefits with Cisco Application Centric Infrastructure (ACI) and technologies such as python, REST, and OpenStack. The authors explain the advantages, architecture, theory, concepts, and methodology of the policy driven data center. Next, they demonstrate the use of python scripts and REST to automate network management and simplify customization in ACI environments.

Drawing on experience deploying ACI in enterprise data centers, the authors review design considerations and implementation methodologies. You will find design considerations for virtualized datacenters, high performance computing, ultra-low latency environments, and large-scale data centers. The authors walk through building multi-hypervisor and bare-metal infrastructures, demonstrate service integration, and introduce advanced telemetry capabilities for troubleshooting.

Leverage the architectural and management innovations built into Cisco® Application Centric Infrastructure (ACI)

Understand the policy driven data center model
Use policies to meet the network performance and design requirements of modern data center and cloud environments
Quickly map hardware and software capabilities to application deployments using graphical tools—or programmatically, via the Cisco APIC API
Increase application velocity: reduce the time needed to move applications into production
Define workload connectivity instead of (or along with) subnets, VLAN stitching, and ACLs
Use Python scripts and REST to automate policy changes, parsing, customization, and self-service
Design policy-driven data centers that support hypervisors
Integrate OpenStack via the Cisco ACI APIC OpenStack driver architecture
Master all facets of building and operating multipurpose cloud architectures with ACI
Configure ACI fabric topology as an infrastructure or tenant administrator
Insert Layer 4–Layer 7 functions using service graphs
Leverage centralized telemetry to optimize performance; find and resolve problems
Understand and familiarize yourself with the paradigms of programmable policy driven networks

Foreword xx

Introduction xxi

Chapter 1 Data Center Architecture Considerations 1

Application and Storage 1

Virtualized Data Center 2

Introduction 2

Definition and Virtualization Concepts 3

Network and Design Requirements 6

Storage Requirements 7

Big Data 7

Definition 7

Network Requirements 9

Cluster Design with the Hadoop Building Blocks: the POD 10

Storage Requirements 11

Design Considerations 11

High-Performance Compute 14

Definition 14

Network Requirements 14

Storage Requirements 14

Design Considerations 14

Design Topologies 15

Ultra-Low Latency 16

Definition 16

Network Requirements 17

Storage Requirements 18

Design Considerations 18

Design Topologies 19

Massively Scalable Data Center 21

Definition 21

Network Requirements 23

Storage Requirements 24

Design Considerations 24

Design Topologies 25

Design Topologies Examples 25

The POD-based Designs 26

The POD Model or the Data Model for Shared Infrastructure and Cloud Computing 26

The FlexPod Design 28

Data Center Designs 29

End of Row 29

Middle of Row 30

Top of Rack: The Modern Data Center Approach 30

Single-Homed Servers Design 32

Logical Data Center Design with the Spine-Leaf ACI Foundation Architecture 33

Summary 35

Chapter 2 Building Blocks for Cloud Architectures 37

Introduction to Cloud Architectures 37

Network Requirements of Clouds and the ACI Solution 39

Amazon Web Services Model 41

Automating Server Provisioning 43

PXE Booting 43

Deploying the OS with Chef, Puppet, CFengine, or Similar Tools 44

Chef 45

Puppet 46

Orchestrators for Infrastructure as a Service 47

vCloud Director 47

OpenStack 48

Project and Releases 48

Multi-Hypervisor Support 49

Installers 49

Architecture Models 50

Networking Considerations 51

UCS Director 51

Cisco Intelligent Automation for Cloud 52

Conciliating Different Abstraction Models 55

Summary 56

Chapter 3 The Policy Data Center 57

Why the Need for the Policy-Based Model? 57

The Policy Theory 59

Cisco APIC Policy Object Model 61

Endpoint Groups 63

Cisco APIC Policy Enforcement 66

Unicast Policy Enforcement 66

Multicast Policy Enforcement 69

Application Network Profiles 70

Contracts 71

Understanding Cisco APIC 79

Cisco ACI Operating System (Cisco ACI Fabric OS) 79

Architecture: Components and Functions of the Cisco APIC 80

Policy Manager 81

Topology Manager 81

Observer 82

Boot Director 82

Appliance Director 83

VMM Manager 83

Event Manager 83

Appliance Element 84

Architecture: Data Management with Sharding 84

Effect of Replication on Reliability 84

Effect of Sharding on Reliability 85

Sharding Technology 86

User Interface: Graphical User Interface 87

User Interface: Command-Line Interface 87

User Interface: RESTful API 88

System Access: Authentication, Authorization, and RBAC 88

Summary 89

Chapter 4 Operational Model 91

Introduction to Key Technologies and Tools for Modern Data Centers 92

Network Management Options 92

REST Protocol 93

XML, JSON, and YAML 94

Python 96

Python Basics 96

Where Is the main() Function? 97

Functions Definition 97

Useful Data Structures 98

Parsing Files 99

Verifying Python Scripts 101

Where to Run Python 101

Pip, EasyInstall, and Setup Tools 101

Which Packages Do I Need? 101

virtualenv 102

Git and GitHub 103

Basic Concepts of Version Control 103

Centralized Versus Distributed 104

Overview of Basic Operations with Git 104

Installing/Setting Up Git 105

Key Commands in Git 105

Operations with the Cisco APIC 106

Object Tree 108

Classes, Objects, and Relations 109

Naming Conventions 113

Object Store 114

Using REST to Program the Network 114

Tools to Send REST Calls 115

REST Syntax in Cisco ACI 117

Modeling Tenants in XML 119

Defining the Relationship Among EPGs (Providers and Consumers) 120

A Simple Any-to-Any Policy 121

ACI SDK 122

ACI Python Egg 122

How to Develop Python Scripts for ACI 123

Where to Find Python Scripts for ACI 124

For Additional Information 124

Summary 125

Chapter 5 Data Center Design with Hypervisors 127

Virtualized Server Networking 128

Why Have a Software Switching Component on the Server? 129

Overview of Networking Components 132

Virtual Network Adapters 132

Virtual Switching 133

Endpoint Groups 133

Distributed Switching 133

Hot Migration of Virtual Machines 134

Segmentation Options 134

VLANs 134

VXLANs 134

VXLAN Packet Format 135

VXLAN Packet Forwarding 136

VXLANs Without Multicast 137

Microsoft Hyper-V Networking 137

Linux KVM and Networking 141

Linux Bridging 142

Open vSwitch 143

OVS Architecture 143

Example Topology 145

Open vSwitch with OpenStack 146

OpenFlow 147

VMware ESX/ESXi Networking 149

VMware vSwitch and Distributed Virtual Switch 150

VMware ESXi Server Traffic Requirements 151

VXLAN Tagging with vShield 151

vCloud Director and vApps 152

vCloud Networks 153

Cisco Nexus 1000V 155

Port Extension with VN-TAG 158

Cisco ACI Modeling of Virtual Server Connectivity 160

Overlay Normalization 160

VMM Domain 161

Endpoint Discovery 162

Policy Resolution Immediacy 162

Cisco ACI Integration with Hyper-V 162

Cisco ACI Integration with KVM 163

Cisco ACI Integration with VMware ESX 164

Summary 165

Chapter 6 OpenStack 167

What Is OpenStack? 167

Nova 168

Neutron 169

Swift 173

Cinder 173

Horizon 174

Heat 174

Ironic 174

OpenStack Deployments in the Enterprise 176

Benefits of Cisco ACI and OpenStack 177

Cisco ACI Policy Model 178

Physical and Virtual Integration 179

Fabric Tunnels 179

Service Chaining 179

Telemetry 179

OpenStack APIC Driver Architecture and Operations 180

How Integration Works 180

Deployment Example 182

Installation of Icehouse 183

Configuration of the Cisco APIC Driver 185

Neutron.conf File 186

ML2_conf.ini File 186

ML2_cisco_conf.ini File 186

Configuration Parameters 187

Host-Port Connectivity 188

External Networks 188

PortChannel Configuration 188

Troubleshooting 188

The Group Based Policy Project at OpenStack 190

Summary 191

Chapter 7 ACI Fabric Design Methodology 193

Summary of ACI Fabric Key Functionalities 194

ACI Forwarding Behavior 194

Prescriptive Topology 194

Overlay Frame Format 196

VXLAN Forwarding 197

Pervasive Gateway 198

Outside Versus Inside 199

Packet Walk 201

Segmentation with Endpoint Groups 202

Management Model 204

Hardware and Software 207

Physical Topology 208

Cisco APIC Design Considerations 210

Spine Design Considerations 211

Leaf Design Considerations 212

Unknown Unicast and Broadcast 213

Use of VLANs as a Segmentation Mechanism 214

VLANs and VXLANs Namespaces 215

Concept of Domain 216

Concept of Attach Entity Profile 217

Multi-tenancy Considerations 218

Initial Configuration Steps 219

Zero-Touch Provisioning 220

Network Management 221

Policy-based Configuration of Access Ports 223

Configuring Switch Profiles for Each Leaf 228

Configuring Interface Policies 228

Interface Policy Groups and PortChannels 228

Interface Policy Groups 229

PortChannels 229

Virtual PortChannels 231

Virtual Machine Manager (VMM) Domains 233

VMM Domain 233

AEP for Virtualized Servers Connectivity 234

Configuring a Virtual Topology 235

Bridge Domain 237

Hardware Proxy 237

Flooding Mode 238

fvCtx 238

Endpoint Connectivity 238

Connecting a Physical Server 239

Connecting a Virtual Server 239

External Connectivity 240

Summary 241

Chapter 8 Service Insertion with ACI 243

Overview of ACI Design with Layer 4 Through Layer 7 Services 244

Benefits 244

Connecting Endpoint Groups with a Service Graph 244

Extension to Virtualized Servers 245

Management Model 245

Service Graphs, Functions, and Rendering 246

Hardware and Software Support 247

Cisco ACI Modeling of Service Insertion 248

Service Graph Definition 249

Concrete Devices and Logical Devices 250

Logical Device Selector (or Context) 251

Splitting Bridge Domains 251

Configuration Steps 252

Definition of a Service Graph 253

Defining the Boundaries of the Service Graph 253

The Metadevice 254

Defining an Abstract Node’s Functions 255

Defining an Abstract Node’s Connectors 257

Abstract Node Elements Summary 258

Connecting Abstract Nodes to Create the Graph 258

Definition of Concrete Devices and Cluster of Concrete Devices 260

Configuration of the Logical Device and Concrete Device 261

Configuration of the Logical Device Context (Cluster Device Selector) 264

Naming Summary 265

Summary 266

Chapter 9 Advanced Telemetry 267

Atomic Counters 267

The Principle 267

Further Explanation and Example 268

Atomic Counters and the APIC 270

Latency Metrics 271

ACI Health Monitoring 272

Statistics 273

Faults 274

Events, Logs, Diagnostics 279

Health Score 280

The Centralized show tech-support ACI Approach 281

Summary 282

Chapter 10 Data Center Switch Architecture 285

Data, Control, and Management Planes 285

Separation Between Data, Control, and Management Planes 286

Interaction Between Control, Data, and Management Planes 287

Protection of the Control Plane with CoPP 288

Control Plane Packet Types 288

CoPP Classification 290

CoPP Rate-Controlling Mechanisms 290

Data Center Switch Architecture 291

Cut-through Switching: Performance for the Data Center 292

Crossbar Switch Fabric Architecture 295

Unicast Switching over Crossbar Fabrics 297

Multicast Switching over Crossbar Fabrics 298

Overspeed in Crossbar Fabrics 298

Superframing in the Crossbar Fabric 299

The Scheduler 301

Crossbar Cut-through Architecture Summary 301

Output Queuing (Classic Crossbar) 302

Input Queuing (Ingress Crossbar) 303

Understanding HOLB 304

Overcoming HOLB with VoQ 304

Multistage Crossbar 305

Centralized Shared Memory (SoC) 306

Multistage SoC 307

Crossbar Fabric with SoC 307

SoC Fabric 308

QoS Fundamentals 309

Data Center QoS Requirements 309

Data Center Requirements 311

Type of QoS Used in Different Data Center Use Cases 312

Trust, Classification, and Marking Boundaries 313

Data Center QoS Capabilities 315

Understanding Buffer Utilization 315

The Buffer Bloat 317

Priority Flow Control 318

Enhanced Transmission Selection 319

Data Center Bridging Exchange 320

ECN and DCTCP 320

Priority Queue 321

Flowlet Switching: Nexus 9000 Fabric Load Balancing 322

Nexus QoS Implementation: The MQC Model 324

Summary 326

Conclusion 329

TOC, 9781587144905, 12/03/2014

Submit Errata

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Privacy Notice

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
Such marketing is consistent with applicable law and Pearson's legal obligations.
Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

As required by law.
With the consent of the individual (or their parent, if the individual is a minor)
In response to a subpoena, court order or legal process, to the extent permitted or required by law
To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
To investigate or address actual or suspected fraud or other illegal activities
To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Email Address