![Lessons learned
9
• Automate as much as possible as you will learn to dislike part of the infrastructure that is not automated –
OpenStack example
• Start building your architecture by designing it in the new layer of the object abstraction. Define your objects
templates and naming schemes as object ID is it’s name. This is important to avoid unnecessary complicity.
• Don’t be afraid of the ACI fabric and dive in to the fabric CLI to understand what happens in the background –
this is the best way to fully comprehend the ACI fabric
• Remember that the great performance and functionality of the ACI fabric is delivered by specialized Cisco
hardware chips inside N9Ks. As with all hardware, learn how it works and understand its support limits. Even
though its is high enough, unfortunately magic does not exist and everything has its limits. Be safe!
• The Object-oriented model is based on the promise model. Refreshing certain functions might help to enforce it
if some parts of the fabric does not comply with the controller – important with ACI testing and split-brain
scenarios.
• Read the software upgrade manuals and understand which should be part of the ACI fabric should be upgraded
first (switches or controllers) to ensure that your upgraded process runs smoothly! (I obviously always did! :])
• All ports on the Leaf switches are in DOWN/DOWN state by default (for a reason). Remember to test the
connectivity of your Leaf switches to Servers, while simulating a failure. By connecting Servers to the Leaf, ports
state goes to UP/UP state but it doesn’t mean that the ACI object configuration is applied to the Leaf port. If not,
the traffic passed by the Server to the Leaf switches could be blackholed. Servers are not very smart.
• Test your L4-L7 integrations well and always use the latest packages!](https://image.slidesharecdn.com/pulsantacitop5featuresv1-150501121654-conversion-gate01/85/Top-5-favourite-features-of-Cisco-ACI-in-Pulsant-Cloud-Data-Centres-9-320.jpg)
Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres
- 1. Our top 5 favourite features of Cisco ACI Martin Lipka Head of Connectivity Architecture
- 2. The Revolutionary Feature 1 New Layer of the Network Abstraction We often forget about the main goal of any network “connect point A to point B” because of the many standards, solutions, protocols, specialised appliances, available opinions, virtualised and physical workloads etc. Cisco ACI New Layer of Abstractions brings us back to basics, by simplifying the network architecture, operations and management, and exposing a revolutionary and flexible world of objects. At the same time, it fully automates complex tasks and protocols making them invisible in day-to-day operations. Cisco ACI fabric is not magical even though it seems like it. It uses a series of carefully architected and orchestrated, well-known and respected techniques to manage a successful network, while resolving its operational problems through the introduction of different innovations* *more examples next 2
- 3. The Revolutionary Feature 1 New Layer of the Network Abstraction 3 Advantages for Pulsant: • Connects the goals of the Application with the Infrastructure, resulting in a revolutionary ability to surround, complement and host any solution/customer on a shared, secure, simple and fit-for-purpose unified infrastructure • Improves Cloud Operations by introducing a single architecture and language simplifying Network, Storage, Compute Operations • Increases application security by providing more network clarity, visibility and consistency • Ability to run seamlessly the Traditional and new Application architecture on a single and unified infrastructure • Connects the virtual and physical layers redefining, unifying and widening the Pulsant Managed Cloud, Hosting and Network architecture to create the DC network fabric of the future! • Simplifies the network infrastructure by enabling non-network and non-technical staff to operate their network resources through exposing the functions that matter to the ACI user
- 4. The Most Important Feature 2 Simplicity Please be aware that I will be utilising the term of “simple” VERY, VERY often! 4 • Exposes a simple new layer of abstraction concentrating on the Application (but not only) • Powerful Cisco APIC controller with out-of-the-box.. everything! • Provisions and operates a powerful DC fabric utilising a single controller with simple GUI/API • Simplified troubleshooting based in GUI and CLI, configuration and software management • Fabric oriented network to provide switching, routing and L4-7 firewalling out-of-the-box • Removes complicity of managing virtual and physical infrastructure as everything is an EndPoint. • Introduces the world of automatically integrated controllers and appliances • True and flexible multi-tenancy and health score and stats per object • In summary, great hardware and software stability, objects flexibility and powerful next- gen functionality and monitoring operated by.. the The APIC (Team) out-of-the-box! J
- 5. The Most Important Feature 2 Simplicity Advantages for Pulsant: 5 • Delivers instant network visibility for all layers of Pulsant Network, System, Cloud, Provisioning, IS and SA Teams and network go-to place for the new Pulsant Portal • Built-in concept/help data bases of all objects available in the GUI • Unifies Pulsant Networks and Services: DC Distribution/Access, Cloud, SAN, Backup etc • Seamlessly connects Pulsant’s major products: Cloud, Managed Hosting, Colocation • Automates provisioning, monitoring and troubleshooting of the DC network • Merges and unifies the Pulsant virtual and physical infrastructure and workloads • Improves visibility, monitoring, troubleshooting, management and reinforces the configuration consistency • Enables Pulsant Next Generation inter and intra DC products • Simplifies overall Operations and Products in Pulsant DC networks
- 6. The Futuristic Feature 3 The World of Controllers 6 • New definition of openness in Multi-vendor and Multi-service infrastructure • The greatness of your infrastructure is (or will be) defined by the functionality in your controller(s) • Integrates Controllers (Vmware, HyperV, OpenStack) and manages different parts of the infrastructure to allow out-of-the-box automation • Integrates L4-7 services (F5, Cisco ASAv and many others), complementsmodern L1-3 services delivered by the ACI fabric • Provides access to both physical and virtual network through a single controller, instead of management of a number of devices spread across the DC or traditional physical network infrastructure and virtual SDN controller (popular in first phase of SDN movement), • Enforces infrastructure standards by the GUI or API (XML/JSON) templates • Please be prepared to deliver 90% of your operations through the APIC controller, either with the provided GUI/ API/CLI and only 10% of in-depth troubleshooting, while logging in to the switches building the fabric.
- 7. The Open Feature 4 Open API • The new language of modern infrastructure • Fully Open APIs of ACI define the ability and level of integration with other parts of the infrastructure both today and in future • Fully Open Integration of well-known, home-build portals, data bases and open-source controllers • Automated integration with other parts of the infrastructure: Cisco ASAv, F5, Vmware, Hyper-V, OpenStack and many, many other providers (the list of constantly expanding!) • OpFlex (coming soon) • Please be aware that APIC GUI is build-based on the Open API calls available to the user, therefore all functions of the GUI are OPEN! • Super Simple API operations and development supports JSON/XML/Python (and others) complemented by: Visore, API inspector, Save as/Post functions, debugger, build-in API documentation. I’m not a developer but I can teach you to use it in just 30 mins and you will be able to develop your API calls on your own right after! 7
- 8. The Innovative Feature(s) 5 New and Unique functionality 8 • Powerful monitoring of any ACI object • Switching, Routing, Firewalling in hardware - all part of a single fabric • Flowlet switching and Dynamic packet prioritization – Big Data and efficiency • ACI object QoS simplifications – another example of the great benefit of an object abstraction • Build-in TACACS, Syslog, SNMPtrap, Health Cost, Interface monitoring and more • HSRP/VRRP – out!, STP – out! • Optimizing broadcast maybe one of the great advantages and disadvantages of traditional networks designed in 1980s J Sadly it doesn't fit Next-Gen infrastructure of 2015! • Troubleshooting of the virtual and physical networks with unified methodology with atomic counters, SPAN and End-to-End traceroutes, itraceroutes and ipings • Simplifies shared services integration utilizing External L2/L3 EPGs • Many others!
- 9. Lessons learned 9 • Automate as much as possible as you will learn to dislike part of the infrastructure that is not automated – OpenStack example • Start building your architecture by designing it in the new layer of the object abstraction. Define your objects templates and naming schemes as object ID is it’s name. This is important to avoid unnecessary complicity. • Don’t be afraid of the ACI fabric and dive in to the fabric CLI to understand what happens in the background – this is the best way to fully comprehend the ACI fabric • Remember that the great performance and functionality of the ACI fabric is delivered by specialized Cisco hardware chips inside N9Ks. As with all hardware, learn how it works and understand its support limits. Even though its is high enough, unfortunately magic does not exist and everything has its limits. Be safe! • The Object-oriented model is based on the promise model. Refreshing certain functions might help to enforce it if some parts of the fabric does not comply with the controller – important with ACI testing and split-brain scenarios. • Read the software upgrade manuals and understand which should be part of the ACI fabric should be upgraded first (switches or controllers) to ensure that your upgraded process runs smoothly! (I obviously always did! :]) • All ports on the Leaf switches are in DOWN/DOWN state by default (for a reason). Remember to test the connectivity of your Leaf switches to Servers, while simulating a failure. By connecting Servers to the Leaf, ports state goes to UP/UP state but it doesn’t mean that the ACI object configuration is applied to the Leaf port. If not, the traffic passed by the Server to the Leaf switches could be blackholed. Servers are not very smart. • Test your L4-L7 integrations well and always use the latest packages!
- 10. 10 Any questions or challenges ? J
- 11. BY APPOINTMENT TO HER MAJESTY THE QUEEN HOSTED IT AND DATA CENTRE SERVICES PULSANT LTD READING, BERKSHIRE 11