Cisco ACI and Nexus 9000 Executive Briefing and Technical...

© 2013 Cisco and/or its affiliates. All rights reserved. 1

Cisco SDN解决方案ACI的基本概念

Presented by:

Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC

Aug 26th, 2015


78% Network is even more critical

to delivering applications

than a year ago*

Type Big data, distributed, mobile

Consumption Cloud – public, private, hybrid

Delivery Any where, any time, any device

* Cisco Global IT Impact Survey

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=QRwHkYTlKuLpiM&tbnid=ZfX0GQCRhLUUyM:&ved=&url=http://www.underconsideration.com/brandnew/archives/facebooks_radically_new_f_logo.php&ei=1AhMUs-xHcWziwLJ4IGoDQ&psig=AFQjCNHnu55E--eGnHmCy7jj2oIGOmmCfg&ust=1380801108598169

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=QRwHkYTlKuLpiM&tbnid=ZfX0GQCRhLUUyM:&ved=&url=http://www.underconsideration.com/brandnew/archives/facebooks_radically_new_f_logo.php&ei=1AhMUs-xHcWziwLJ4IGoDQ&psig=AFQjCNHnu55E--eGnHmCy7jj2oIGOmmCfg&ust=1380801108598169


5 YEARS

2.5

YEARS

Faster SERVER Refresh Cycle

2-3 YRS

NETWORK refresh cycle of 5 yrs. should

cover two server refresh cycles

Intel Haswell

(2 Sockets x 12

Cores)*2

10G

LOM/FlexLoM

Shipping *4

New Server Platforms Enabling

Higher I/0 Throughput

Big Data

Increasing East-West Traffic

DATA CENTER

IP TRAFFIC

GROWTH

25% CAGR

(2012-2017)*3

*1 IDC Worldwide Virtual Machine 2013-2017 Forecast *3 Cisco Global Cloud Index: Forecast (2012-2017)

HYPERVISOR

VM VM VM VM VMVM

Virtual Machine Density

Driving I/0 Performance

24VMs/ Server*1

*4http://h30507.www3.hp.com/t5/Coffee-Coaching-HP-

and-Microsoft/HP-FlexibleLOM-for-Gen8/ba-p/108515

*2 Intel Xeon E5 Spec

http://h30507.www3.hp.com/t5/Coffee-Coaching-HP-and-Microsoft/HP-FlexibleLOM-for-Gen8/ba-p/108515

http://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v2-spec-update.html?wapkw=2697v2


Networks are complex!

They are the next silo to experience major shift 1st Gen SDN solutions look to meet the new

technical challenges.


Automation & Programmability

Centralized Provisioning &

Visibility

Simplification/

Abstraction

App

Agility

Deliver New Revenue

Streams Faster

Risk and OpEx Reduction

Lowered OpEx

Reduced Risk

Reduced CapEx

APIC


APPLICATION LANGUAGE

?

NETWORK LANGUAGE

• VLAN

• IP Address

• Subnets

• Firewalls

• Quality of Service

• Load Balancer

• Access Lists

• Application Tier Policy and

Dependencies

• Security Requirements

• Service Level Agreement

• Application Performance

• Compliance

• Geo Dependencies

• Tenants


SIM CardIdentity for a Phone

Service ProfileIdentity for a Server

UCS Service ProfileUnified Device Management

Network Policy

Storage Policy

Server Policy

Application ProfileIdentity for the Network


WAN

Firewall

LB to Group 2

Connect to EPG 3

Connect to Group 2

High Priority

Group Policy Model

Topology/ Service Graph

GROUP 1 GROUP 2 GROUP 3

PRODUCTION

PODDMZ

SHARED

SERVICES

1 Profile

VLAN 1 VXLAN 2

VLAN 3

100s of Profiles

DEV TEST

PROD

10s of Profiles

WEB APP

DB

1000s of Profiles

Level of Segmentation/ Isolation/ Visibility


EXISTING 3-TIER DESIGNS PROGRAMMABLE SDN OVERLAY

MODEL

APPLICATION PROFILES & POLICIES

VXLAN Bridging & RoutingApplication Centric

Infrastructure

Existing 2-Tier & 3-Tier

Designs

DC

PODs

DC Core

Open API: Programmability

Modernized Operating System

Nexus OS

Integrated Network Virtualization

OpenFlow Support

No VM Tax: Any Hypervisor

Physical & Virtual

Open API’s & Controller

APIC


OPEN SOURCE

OPEN STANDARDS

OPEN INTERFACES

OpFlexNSH VXLAN

JSON XML OpFlexREST


OPFLEX PROTOCOL + ECOSYSTEM

APIC

OPFLEX

OPEN SOURCEOpen source OpFlex agent will be available

to anyone

OPEN ECOSYSTEMBroad, growing support including from

hypervisor, network, and L4-7 vendors

OPEN STANDARD

P/V SWITCH ROUTERS L4-7 SERVICES

Co-authors for IETF submission


Automate

Compliance,

Centralized Audit

Visibility,

Analytics,

Forensics

Policies Track

Workloads

Lifecycle

Management

Security

Expressed in

Application

Language

Distributed Security Across Physical and Virtual

Centrally Managed & Fully Automated


DBAPPADC

WEBF/W

ADC

ESX

MGMT VMOTION

Bare

Metal

Linux

Container

ACI Integrated Security - Open, Flexible, Policy Driven

Consistent Audit, Logging, & Visibility – FIPS / CC / PCI / RBAC


APIC

NOV 6th 2013

THE JOURNEY BEGAN ON THE NORTHBOUND


1. Leverage Existing Nexus/ IP Network

2. Deploy ACI: New Pods For Cloud Build Outs

3. Extend ACI Model. Preserve - IP networks, L4-7 Services, Hypervisors

Existing Network

PoDs

(Nexus, etc.)

ACI POLICY

ACIFabric

Nexus9500 / 9300

Nexus9300

Nexus7000DCI

PROFILE

—Augment with Nexus 9300

Nexus9300

ESX Hyper-V OVSBare Metal

AVS

Bare Metal

ESX Hyper-VOVS

AVS


Infrastructure Models

Policies

SAP BW on SAP

HANA

SAPBusiness Warehouse

HANA HANA HANA

SAP BW on SAP HANA

Application Models

SAP BW on SAP HANA

Deployed on Cisco ACI

APPLICATION NETWORK PROFILE

BWHANA

BWCITier BWCITier BWCITier HANA

StorageTie

rHANADBTierHANAStorageBWDITier BWCITier

SapHanaSql… NfsUdp SapBW SapBWCI

PublicBW

Contracts

ACI + VNOMICS + SAP BW ON SAP HANA

SAP STACKS FOR VBLOCK, FLEXPOD, VSPEX

SOLUTION

BENEFITS

RAPID ANALYSIS, TROUBLESHOOTING OF SAP LANDSCAPE

SCALE SAP APPLICATION CAPACITY WITHOUT COMPLEXITY

MONITORING AND AUTOMATIC REMEDIATION

ACCELERATE DEPLOYMENT OF SAP BW ON SAP HANA + CISCO ACI

EXTEND ACI TO 20 DIFFERENT SAP APPLICATIONS

Insieme_Short_Video_-_Cisco_Live_-_new_logos.mp4

Insieme_Short_Video_-_Cisco_Live_-_new_logos.mp4


STARTING AT

200 PORTS SCALING

TO

100K+PORTS

64KTENANTS

57640G PORTS WIRE-RATE (PER SPINE)

1MIPV4 / IPV6

END POINTS

60 TBPS

CAPACITY(PER SPINE)

8KMULTICAST

GROUPS (PER LEAF)

$100KSTARTING

BUILT FOR THE GROWING COMMERCIAL ENTERPRISE TO THE LARGEST SERVICE PROVIDERS


“It’s critical that we are able to deliver hundreds of thousands of

transactions per second, so latency and 40G throughput is a number

one concern. After evaluating numerous vendor solutions, Cisco's

Nexus 9000 switching platform provided us with the best

performance to support our evolving data centers, while protecting

existing IT investments."

Bob Hammond, CTO, Millennial Media

“Symantec is an early adopter of Cisco's ACI, leveraging the

technology within our own Agile Data Center. Cisco ACI brings the

scalability and efficiency we need while enabling us to truly bring next

generation networking capabilities to our customers.”

Jon Sanchez, Director of Data Center

Services, Symantec


Reduce Network Provisioning

58%Reduce

Management Costs

21%Reduce Power and Cooling

Costs

45%CAPEX Reduction

25%Compute and

Storage Optimization

10–20%

GreaterBusiness Agility

Lower CapitalExpenses

Reduced Costs/Complexity

Lower Operating

CostResource

Optimization


Tenant

Bridge Domain Bridge Domain Bridge Domain

Subnet ASubnet B

Subnet DSubnet BSubnet F

EPG A

EPG C

EPG B

EPG A

EPG B

EPG C

Customer/ BU/ Group

Context /VRF

L2 Boundary

IP Space(s)

End Point Groups

Private Network Private Network


Tenant

Bridge

Domain

Private

Network

Subject

Application

Profile

Outside

Network

Subnet

Endpoint

Group

Contract Filter

1

1 1 1

1

1

n n n n n n

1

n

1

n

1

n1

nn

n

n

n

Direct Relationship

Indirect Relationship/Link

1:n – one to many

n:n – many to many


Logical Representation


• The bridge domain is not a VLAN, although it can act similar to a VLAN; you instead should think of it as a distributed switch. On each leaf VLANs will be translated with local significance.

• The bridge domain references a VRF instance called a Private Network. The subnets and gateways for the workloads are defined as part of the bridge domain.

23


Private Network

Application A

EPGEPG

Application B

EPGEPGEPG

Application C

EPGEPG

Application B

Policy Policy

EPGEPGEPG

Tenant


HTTPS Service

HTTPS Service

HTTPS Service

HTTPS Service

HTTP Service

HTTP Service

HTTP Service

HTTP Service

WebServices_EPG

EPGs are a grouping of application or application components

independent of other network constructs.


HTTPS Service

HTTPS Service

HTTPS Service

HTTPS Service

HTTP Service

HTTP Service

HTTP Service

HTTP Service

EPG A

EPGs separate the addressing of an application from it’s mapping and policy enforcement on the network.

10.10.10.x

10.10.11.xPolicy/Security

enforcement occurs at

the EPG level


Inbound/Outbound Policies

(Contracts)Inbound/Outbound Policies

(Contracts)

Application Profile

Application Network profiles are a group of EPGs and the policies that define the communication between

them.


Tenant

28

Application Profile

• Contracts define what an EPG exposes to other EPGs and how

• Contracts are reusable for multiple EPGs and EPGs can inherit multiple contracts

EPG DBC EPG AppEPG Web CC

Subjects

Filters Lowest Level ACL

Group of Filters. Unidirectional / Bi-direction, QoS & Service Graph Insertion Point

Group of Subjects. Scope Definition (Global, Tenant, AP)Contracts

Thank you.

Cisco ACI and Nexus 9000 Executive Briefing and Technical...

Documents

Transcript of Cisco ACI and Nexus 9000 Executive Briefing and Technical...