© 2013 Cisco and/or its affiliates. All rights reserved. 1
Cisco SDN解决方案ACI的基本概念
Presented by:
Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC
Aug 26th, 2015
© 2013 Cisco and/or its affiliates. All rights reserved. 2
78% Network is even more critical
to delivering applications
than a year ago*
Type Big data, distributed, mobile
Consumption Cloud – public, private, hybrid
Delivery Any where, any time, any device
* Cisco Global IT Impact Survey
© 2013 Cisco and/or its affiliates. All rights reserved. 3
5 YEARS
2.5
YEARS
Faster SERVER Refresh Cycle
2-3 YRS
NETWORK refresh cycle of 5 yrs. should
cover two server refresh cycles
Intel Haswell
(2 Sockets x 12
Cores)*2
10G
LOM/FlexLoM
Shipping *4
New Server Platforms Enabling
Higher I/0 Throughput
Big Data
Increasing East-West Traffic
DATA CENTER
IP TRAFFIC
GROWTH
25% CAGR
(2012-2017)*3
*1 IDC Worldwide Virtual Machine 2013-2017 Forecast *3 Cisco Global Cloud Index: Forecast (2012-2017)
HYPERVISOR
VM VM VM VM VMVM
Virtual Machine Density
Driving I/0 Performance
24VMs/ Server*1
*4http://h30507.www3.hp.com/t5/Coffee-Coaching-HP-
and-Microsoft/HP-FlexibleLOM-for-Gen8/ba-p/108515
*2 Intel Xeon E5 Spec
© 2013 Cisco and/or its affiliates. All rights reserved. 4
Networks are complex!
They are the next silo to experience major shift 1st Gen SDN solutions look to meet the new
technical challenges.
© 2013 Cisco and/or its affiliates. All rights reserved. 5
Automation & Programmability
Centralized Provisioning &
Visibility
Simplification/
Abstraction
App
Agility
Deliver New Revenue
Streams Faster
Risk and OpEx Reduction
Lowered OpEx
Reduced Risk
Reduced CapEx
APIC
© 2013 Cisco and/or its affiliates. All rights reserved. 6
APPLICATION LANGUAGE
?
NETWORK LANGUAGE
• VLAN
• IP Address
• Subnets
• Firewalls
• Quality of Service
• Load Balancer
• Access Lists
• Application Tier Policy and
Dependencies
• Security Requirements
• Service Level Agreement
• Application Performance
• Compliance
• Geo Dependencies
• Tenants
© 2013 Cisco and/or its affiliates. All rights reserved. 7
SIM CardIdentity for a Phone
Service ProfileIdentity for a Server
UCS Service ProfileUnified Device Management
Network Policy
Storage Policy
Server Policy
Application ProfileIdentity for the Network
© 2013 Cisco and/or its affiliates. All rights reserved. 8
WAN
Firewall
LB to Group 2
Connect to EPG 3
Connect to Group 2
High Priority
Group Policy Model
Topology/ Service Graph
GROUP 1 GROUP 2 GROUP 3
PRODUCTION
PODDMZ
SHARED
SERVICES
1 Profile
VLAN 1 VXLAN 2
VLAN 3
100s of Profiles
DEV TEST
PROD
10s of Profiles
WEB APP
DB
1000s of Profiles
Level of Segmentation/ Isolation/ Visibility
© 2013 Cisco and/or its affiliates. All rights reserved. 9
EXISTING 3-TIER DESIGNS PROGRAMMABLE SDN OVERLAY
MODEL
APPLICATION PROFILES & POLICIES
VXLAN Bridging & RoutingApplication Centric
Infrastructure
Existing 2-Tier & 3-Tier
Designs
DC
PODs
DC Core
Open API: Programmability
Modernized Operating System
Nexus OS
Integrated Network Virtualization
OpenFlow Support
No VM Tax: Any Hypervisor
Physical & Virtual
Open API’s & Controller
APIC
© 2013 Cisco and/or its affiliates. All rights reserved. 10
OPEN SOURCE
OPEN STANDARDS
OPEN INTERFACES
OpFlexNSH VXLAN
JSON XML OpFlexREST
© 2013 Cisco and/or its affiliates. All rights reserved. 11
OPFLEX PROTOCOL + ECOSYSTEM
APIC
OPFLEX
OPEN SOURCEOpen source OpFlex agent will be available
to anyone
OPEN ECOSYSTEMBroad, growing support including from
hypervisor, network, and L4-7 vendors
OPEN STANDARD
P/V SWITCH ROUTERS L4-7 SERVICES
Co-authors for IETF submission
© 2013 Cisco and/or its affiliates. All rights reserved. 12
Automate
Compliance,
Centralized Audit
Visibility,
Analytics,
Forensics
Policies Track
Workloads
Lifecycle
Management
Security
Expressed in
Application
Language
Distributed Security Across Physical and Virtual
Centrally Managed & Fully Automated
© 2013 Cisco and/or its affiliates. All rights reserved. 13
DBAPPADC
WEBF/W
ADC
ESX
MGMT VMOTION
Bare
Metal
Linux
Container
ACI Integrated Security - Open, Flexible, Policy Driven
Consistent Audit, Logging, & Visibility – FIPS / CC / PCI / RBAC
© 2013 Cisco and/or its affiliates. All rights reserved. 14
APIC
NOV 6th 2013
THE JOURNEY BEGAN ON THE NORTHBOUND
© 2013 Cisco and/or its affiliates. All rights reserved. 15
1. Leverage Existing Nexus/ IP Network
2. Deploy ACI: New Pods For Cloud Build Outs
3. Extend ACI Model. Preserve - IP networks, L4-7 Services, Hypervisors
Existing Network
PoDs
(Nexus, etc.)
ACI POLICY
ACIFabric
Nexus9500 / 9300
Nexus9300
Nexus7000DCI
PROFILE
—Augment with Nexus 9300
Nexus9300
ESX Hyper-V OVSBare Metal
AVS
Bare Metal
ESX Hyper-VOVS
AVS
© 2013 Cisco and/or its affiliates. All rights reserved. 16
Infrastructure Models
Policies
SAP BW on SAP
HANA
SAPBusiness Warehouse
HANA HANA HANA
SAP BW on SAP HANA
Application Models
SAP BW on SAP HANA
Deployed on Cisco ACI
APPLICATION NETWORK PROFILE
BWHANA
BWCITier BWCITier BWCITier HANA
StorageTie
rHANADBTierHANAStorageBWDITier BWCITier
SapHanaSql… NfsUdp SapBW SapBWCI
PublicBW
Contracts
ACI + VNOMICS + SAP BW ON SAP HANA
SAP STACKS FOR VBLOCK, FLEXPOD, VSPEX
SOLUTION
BENEFITS
RAPID ANALYSIS, TROUBLESHOOTING OF SAP LANDSCAPE
SCALE SAP APPLICATION CAPACITY WITHOUT COMPLEXITY
MONITORING AND AUTOMATIC REMEDIATION
ACCELERATE DEPLOYMENT OF SAP BW ON SAP HANA + CISCO ACI
EXTEND ACI TO 20 DIFFERENT SAP APPLICATIONS
© 2013 Cisco and/or its affiliates. All rights reserved. 17
STARTING AT
200 PORTS SCALING
TO
100K+PORTS
64KTENANTS
57640G PORTS WIRE-RATE (PER SPINE)
1MIPV4 / IPV6
END POINTS
60 TBPS
CAPACITY(PER SPINE)
8KMULTICAST
GROUPS (PER LEAF)
$100KSTARTING
BUILT FOR THE GROWING COMMERCIAL ENTERPRISE TO THE LARGEST SERVICE PROVIDERS
© 2013 Cisco and/or its affiliates. All rights reserved. 18
“It’s critical that we are able to deliver hundreds of thousands of
transactions per second, so latency and 40G throughput is a number
one concern. After evaluating numerous vendor solutions, Cisco's
Nexus 9000 switching platform provided us with the best
performance to support our evolving data centers, while protecting
existing IT investments."
Bob Hammond, CTO, Millennial Media
“Symantec is an early adopter of Cisco's ACI, leveraging the
technology within our own Agile Data Center. Cisco ACI brings the
scalability and efficiency we need while enabling us to truly bring next
generation networking capabilities to our customers.”
Jon Sanchez, Director of Data Center
Services, Symantec
© 2013 Cisco and/or its affiliates. All rights reserved. 19
Reduce Network Provisioning
58%Reduce
Management Costs
21%Reduce Power and Cooling
Costs
45%CAPEX Reduction
25%Compute and
Storage Optimization
10–20%
GreaterBusiness Agility
Lower CapitalExpenses
Reduced Costs/Complexity
Lower Operating
CostResource
Optimization
© 2013 Cisco and/or its affiliates. All rights reserved. 20
Tenant
Bridge Domain Bridge Domain Bridge Domain
Subnet ASubnet B
Subnet DSubnet BSubnet F
EPG A
EPG C
EPG B
EPG A
EPG B
EPG C
Customer/ BU/ Group
Context /VRF
L2 Boundary
IP Space(s)
End Point Groups
Private Network Private Network
© 2013 Cisco and/or its affiliates. All rights reserved. 21
Tenant
Bridge
Domain
Private
Network
Subject
Application
Profile
Outside
Network
Subnet
Endpoint
Group
Contract Filter
1
1 1 1
1
1
n n n n n n
1
n
1
n
1
n1
nn
n
n
n
Direct Relationship
Indirect Relationship/Link
1:n – one to many
n:n – many to many
© 2013 Cisco and/or its affiliates. All rights reserved. 22
Logical Representation
© 2013 Cisco and/or its affiliates. All rights reserved. 23
• The bridge domain is not a VLAN, although it can act similar to a VLAN; you instead should think of it as a distributed switch. On each leaf VLANs will be translated with local significance.
• The bridge domain references a VRF instance called a Private Network. The subnets and gateways for the workloads are defined as part of the bridge domain.
23
© 2013 Cisco and/or its affiliates. All rights reserved. 24
Private Network
Application A
EPGEPG
Application B
EPGEPGEPG
Application C
EPGEPG
Application B
Policy Policy
EPGEPGEPG
Tenant
© 2013 Cisco and/or its affiliates. All rights reserved. 25
HTTPS Service
HTTPS Service
HTTPS Service
HTTPS Service
HTTP Service
HTTP Service
HTTP Service
HTTP Service
WebServices_EPG
EPGs are a grouping of application or application components
independent of other network constructs.
© 2013 Cisco and/or its affiliates. All rights reserved. 26
HTTPS Service
HTTPS Service
HTTPS Service
HTTPS Service
HTTP Service
HTTP Service
HTTP Service
HTTP Service
EPG A
EPGs separate the addressing of an application from it’s mapping and policy enforcement on the network.
10.10.10.x
10.10.11.xPolicy/Security
enforcement occurs at
the EPG level
© 2013 Cisco and/or its affiliates. All rights reserved. 27
Inbound/Outbound Policies
(Contracts)Inbound/Outbound Policies
(Contracts)
Application Profile
Application Network profiles are a group of EPGs and the policies that define the communication between
them.
© 2013 Cisco and/or its affiliates. All rights reserved. 28
Tenant
28
Application Profile
• Contracts define what an EPG exposes to other EPGs and how
• Contracts are reusable for multiple EPGs and EPGs can inherit multiple contracts
EPG DBC EPG AppEPG Web CC
Subjects
Filters Lowest Level ACL
Group of Filters. Unidirectional / Bi-direction, QoS & Service Graph Insertion Point
Group of Subjects. Scope Definition (Global, Tenant, AP)Contracts
Thank you.
Top Related