Академический Документы
Профессиональный Документы
Культура Документы
#clmel
Open + Secure
On-Premises + Cloud
Cisco Public
Enable Connectivity
(The Network)
BRKACI-2001
Cisco Public
Application Requirements
Dynamic provisioning of
connectivity explicitly defined for
the application
Infrastructure Teams
Application
Tiers
Provider /
Consumer
Relationships
VLANs
Subnets
Protocols
Ports
BRKACI-2001
Cisco Public
F/W
ADC
APP
ADC
DB
SLA
QoS
CONNECTIVIT
Y POLICY
Security
SECURITY
POLICIES
Load
QOS
Balancing
APPLICATION
L4..7
SERVICES
STORAGE
AND
COMPUTE
APP PROFILE
HYPERVISOR
BRKACI-2001
HYPERVISOR
Cisco Public
HYPERVISOR
BRKACI-2001
Cisco Public
AVS
vSwitch
BRKACI-2001
AVS
vSwitch
Interconnect to existing
DC Networks
Cisco Public
VTEP
VXLAN
IP
VTEP
BRKACI-2001
IP Transport
Payload
VTEP
VTEP
VTEP
vSwitc
VTEP
h
vSwitc
VTEP
h
VTEP
VTEP
Directory (Mapping) service for EID (host MAC and IP address) to VTEP lookup
2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
VXLAN Based
Fabric
VTEP
VXLAN Enabled
Hypervisor
VTEP
VTEP
VXLAN Enabled
Hypervisor
Service Interconnect to
ASR9K/N7K WAN/DCI
VTEP
MP-BGP EVPN based control plane for external VTEP connectivity (post FCS)
BRKACI-2001
Cisco Public
VTEP
Telemetry Policy
AVS
BRKACI-2001
VTEP
Flags
VNID
MAC
IP
Payload
VTEP
Cisco Public
SRC
Group
Eth
MAC
Eth
IP
Payload
Payload
802.1Q
IP
Payload
Outer
IP
NVGR
E
IP
Payload
Outer
IP
VXLAN
Eth
IP
Payload
BRKACI-2001
Cisco Public
IP Forwarding:
MAC Forwarding:
10.1.3.11
10.1.3.35
10.6.3.2
10.6.3.17
Forward based on destination IP Address for intra and inter subnet (Default Mode)
Bridge semantics are preserved for intra subnet traffic (no TTL decrement, no MAC
header rewrite, etc.)
Non-IP packets will be forwarded using MAC address. Fabric will learn MACs for non-IP
packets, IP address learning for all other packets
BRKACI-2001
Cisco Public
10.1.1.10
10.1.3.1
1
10.6.3.2
10.1.3.35
10.1.1.10
10.1.3.1
10.6.3.2
1
10.1.3.35
ACI Fabric supports full layer 2 and layer 3 forwarding semantics, no changes required to applications or end point IP
stacks
ACI Fabric provides optimal forwarding for layer 2 and layer 3
Fabric provides a pervasive SVI which allows for a distributed default gateway
Layer 2 and layer 3 traffic is directly forwarded to destination end point
IP ARP/GARP packets are forwarded directly to target end point address contained within ARP/GARP header
(elimination of flooding)
BRKACI-2001
Cisco Public
10.1.3.1
10.1.3.1
1
10.6.3.2
10.1.3.35
10.6.3.1
10.1.1.10
Pervasive SVI
10.1.3.1
1
10.6.3.2
10.6.3.2
10.1.3.35
Cisco Public
Leaf 3
Proxy A
10.1.3.11
Port 9
BRKACI-2001
Proxy
Proxy
10.1.3.11
Proxy
10.1.3.35 Leaf 3
10.1.3.11 Leaf 1
fe80::8e5e Leaf 4
fe80::5b1a Leaf 6
10.1.3.35
fe80::462a:60ff:fef7:8e5e
fe80::62c5:47ff:fe0a:5b1a
The Forwarding Table on the Leaf Switch is divided between local (directly attached) and
global entries
The Leaf global table is a cached portion of the full global table
If an endpoint is not found in the local cache the packet is forwarded to the default
forwarding table in the spine switches (1,000,000+ entries in the spine forwarding table)
Cisco Public
BRKACI-2001
Cisco Public
You still have full access to all forwarding, adjacency, ..., information via
CLI and debug commands when you want them
BRKACI-2001
Cisco Public
BRKACI-2001
Cisco Public
ACI Diagram
https://github.com/cgascoig/aci-diagram
BRKACI-2001
Cisco Public
21
ACI
A Policy Based IP Network
IP Network & Integrated
VXLAN
Proxy (Directory)
Services
VTEP
VTEP
VXLAN
IP
Payload
VTEP
VTEP
VTEP
VTEP
AVS
AVS
WAN/DCI
Services
Cisco Public
Policy
Evolution
Policy Zone B
Policy Zone C
vPC
Component
Evolution
Application Container
vPC
vPC
BRKACI-2001
Cisco Public
App
App
App Element
App
App Element
App
Element
App Element
App
Element
App Element
App
Element
App Element
App
Element
App Element
Element
App Element
Element
Element
Interconnect existing network PODs with new ACI PODs via standard
Layer 2 extensions (VLAN or VXLAN) or via standard Layer 3 routing
(OSPF, BGP)
BRKACI-2001
Cisco Public
Layer 2 and Layer 3 interoperation between ACI Fabric and Existing Data Centre builds
Layer 3 interconnect via standard routing interfaces,
OSPF, Static, iBGP (FCS)
MP-BGP, EIGRP, ISIS (Post FCS_
vPC
Interconnect at
Layer 3
vPC
vPC
BRKACI-2001
Cisco Public
vSwitch
AVS
Hyper-V
Layer 2
Layer 2
Lets Look at
the Links
2. Create a L2 connection to outside network. Extend bridge domain beyond ACI fabric. Allow contract
between EPG inside ACI and EPG outside of ACI
TECACI-2009
Cisco Public
Any to Any
VTEP
Localised
Encapsulation
VXLAN
VNID = 5789
802.1Q
VLAN 50
VXLAN
VNID = 11348
NVGRE
VSID = 7456
All traffic within the ACI Fabric is encapsulated with an extended VXLAN header
External VLAN, VXLAN, NVGRE tags are mapped at ingress to an internal VXLAN tag
Forwarding is not limited to, nor constrained within, the encapsulation type or
encapsulation overlay network
External identifies are localised to the Leaf or Leaf port, allowing re-use and/or translation
if required
BRKACI-2001
Cisco Public
28
VXLAN
IP
Payload
Eth
MAC
Payload
Eth
IP
Payload
802.1Q
IP
Payload
Outer
IP
NVGRE
IP
Payload
Outer
IP
VXLAN
Eth
IP
Payload
Normalisation of Ingress
Encapsulation
Layer 2
VLAN 30
VLAN 20
100.1.1.3
BD
Existing
App
100.1.1.99 100.1.1.7
EPG
100.1.1.5
100.1.1.3
The same subnet, bridge domain, EPG can be configured as a different VLAN on each leaf
switch
TECACI-2009
Cisco Public
VLAN 10
VLAN 10
VLAN 30
VLAN 10
Layer 2
VLAN 20
EPG
100.1.1.3
TECACI-2009
100.1.1.5
100.1.1.99 100.1.1.7
100.1.1.3
BD
Existing
App
Leverage vPC for interconnect (diagram shows a single port-channel which is an option)
Cisco Public
TECACI-2009
Cisco Public
TECACI-2009
Cisco Public
Layer 2
VLAN 10
100.1.1.3
VLAN 10
VLAN 10
EPG
Outside
100.1.1.99 100.1.1.7
VLAN 30
VLAN 20
EPG
Inside
100.1.1.5
BD
Existing
App
100.1.1.3
External EPG (policy between the L2 outside EPG and internal EPG)
Leverage vPC for interconnect (diagram shows a single port-channel which is an option)
L2 outside forces the same external VLAN << fewer operational errors
TECACI-2009
Cisco Public
TECACI-2009
Cisco Public
TECACI-2009
Cisco Public
TECACI-2009
Cisco Public
TECACI-2009
Cisco Public
APIC
Same L2 Outside
EPG
(e.g. VLAN 10)
STP Root
Switch
TECACI-2009
Cisco Public
APIC
LLDP Loop
Detection
MCP Loop
Detection
(supported with
11.1 release)
STP Loop
Detection
Layer 2
VLAN 10
100.1.1.3
VLAN 10
VLAN 10
EPG
Outside
100.1.1.99 100.1.1.7
VLAN 20
VLAN 30
EPG
App 1
100.1.1.5
BD
Multi
EPG
EPG
App 2
100.1.1.3
In a classical network traffic is flooded with the Bridge Domain (within the VLAN)
You have more control in an ACI Fabric but need to understand what behaviour you want
TECACI-2009
Cisco Public
ARP
Firewall Configured as
the Default Gateway
ARP Flooding Disabled
(Default)
TECACI-2009
Cisco Public
ARP
Firewall Configured as
the Default Gateway
ARP Flooding Enabled
TECACI-2009
Cisco Public
HW Proxy
Lookup
Proxy
Unknown
Unicast
Unknown Unicast
Lookup via Proxy
TECACI-2009
Cisco Public
Unknown
Unicast
Unknown
Unicast
Flooded
Unknown Unicast
Flooded
TECACI-2009
Cisco Public
Unknown
Multicast
Unknown Multicast
Flooded
TECACI-2009
Cisco Public
Unknown
Multicast
Unknown Multicast
Optimised Flooding
TECACI-2009
Cisco Public
EPG
B
EPG
A
100.1.1.3
100.1.1.99
100.1.1.72
100.1.1.7
EPG
C
100.1.1.5
100.1.1.3
Traffic Type
11.0(x) Behaviour
11.1(x) Behaviour
ARP
Flood or Unicast
Flood or Unicast
Unknown Unicast
Unknown IP Multicast
Flood or OMF
Flood or OMF
Flood
TECACI-2009
Cisco Public
Link Level
BCAST
100.1.1.4
100.1.1.3
EPG A EPG B
Manage
Flooding within
the BD
Cisco Public
100.1.1.7
100.1.1.52
EPG A
EPG B
100.1.1.72 100.1.1.5
EPG B
TECACI-2009
100.1.1.99
Dropped
EPG
B
EPG
A
100.1.1.3
100.1.1.72
100.1.1.7
100.1.1.5
100.1.1.3
Link Local, BCAST & L2 Multicast traffic can be managed on a micro-segment basis
As an example:
TECACI-2009
100.1.1.99
EPG
C
EPG A, EPG B & EPG C - Link Level traffic is flooded only to the endpoints within the
EPG
2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
EPG
B
EPG
A
100.1.1.3
TECACI-2009
100.1.1.99
100.1.1.72
100.1.1.7
100.1.1.5
EPG
C
100.1.1.3
Cisco Public
An Example of
Interconnecting and Migrating
Cat6500
L3 HSRP
L3 HSRP
Logical Design
FEX
P
P
HSRP
Default GW
VM
VM
N7k
VLAN / Subnet
L3 HSRP
N7k
L3 HSRP
VM
VM
vPC
VM
vPC
N5k
N2k
P
TECACI-2009
Cisco Public
N5k
VM
VM
Existing Design
ACI Fabric
HSRP
Default GW
VLAN 10 / Subnet 10
EPG-10 = VLAN 10
TECACI-2009
VM
VM
VM
Cisco Public
Context Red
Bridge Domain 10
Subnet 10
EPG-10
Select Forwarding to be
Custom which allow
Enable Flooding of L2
unknown unicast
Enble ARP flooding
Disable Unicast routing
TECACI-2009
Cisco Public
Migrate Workloads
APIC point of view, the policy model
EPG 10
P
VM
VM
APIC
HSRP
Default GW
VLAN 10 / Subnet A
P
TECACI-2009
VM
VM
Cisco Public
VM
VM
TECACI-2009
Cisco Public
TECACI-2009
Cisco Public
10.10.10.6 10.20.20.31
10.10.10.8
10.20.20.32
10.10.10.9
Any IP - Anywhere
TECACI-2009
Cisco Public
10.20.20.33
Redirect to Preconfigured FW
Redirect to Preconfigured FW
Subnet
Subnet
10.30.30.0/24
Subnet
10.20.20.0/24
10.10.10.0/24
Critical Users
(Outside)
Subnet
10.50.50.0/24
Subnet
10.40.40.0/24
Default Users
(Outside)
Redirect to Preconfigured FW
Subnet
10.20.20.0/24
Subnet
10.30.30.0/24
Subnet
10.10.10.0/24
Redirect to
dynamically
configured FW
Web
Servers
BRKACI-2001
Redirect to dynamically
configured FW
Middle Ware
Servers
Cisco Public
NFS
Servers
DB Contract
Oracle
NFS Contract
Filter
Contracts
Provided
Contracts
consumed
Filter
EPG VLAN 10
VLAN10
Default
ALL
ALL
Default
EPG VLAN 20
VLAN20
Default
ALL
ALL
EPG VLAN 30
VLAN30
Default
ALL
ALL
ALL
VLAN 10
VLAN 20
BRKACI-2001
Cisco Public
VLAN 30
Create Contract
ALL if it doesnt exist
yet
Use filter
common/default
BRKACI-2001
Cisco Public
EPG VLAN 10
provides and
consumes ALL
BRKACI-2001
Cisco Public
10.10.10.6 10.20.20.31
10.10.10.8
10.20.20.32
10.10.10.9
10.20.20.33
BRKACI-2001
Cisco Public
Filter
EPG VLAN 10
VLAN10
Default
EPG VLAN 20
VLAN20
Default
EPG VLAN 30
VLAN30
Default
Contracts
Provided
ALL
VLAN 10
VLAN 20
BRKACI-2001
Cisco Public
Contracts
consumed
Filter
VLAN20
Port 80
ALL
ALL
Default
ALL
ALL
VLAN 30
10.10.10.6 10.20.20.31
10.10.10.8
10.20.20.32
10.10.10.9
10.20.20.33
BRKACI-2001
Cisco Public
Policy
WEB
Policy
APP
Policy
DB
Cisco Public
Packet match on a
redirection rule sends the
packet into a services
graph.
Stage
1
Stage
2
Service
Admin
ASA
5585
Cisco Public
EPG
2
Chain
FW_ADC 1
Begin
BRKACI-2001
Policy-based
Redirection
Netscaler
VPX
End
FW_ADC 1
APIC
Policy
Engine
Event Engine
APIC Script Interface
BRKACI-2001
Cisco Public
Services Chassis
Services Chassis
vSwitch
BRKACI-2001
vSwitch
Cisco Public
vSwitch
10.10.10.6 10.20.20.31
10.10.10.8
10.20.20.32
10.10.10.9
BRKACI-2001
Cisco Public
10.20.20.33
10.10.10.8
10.20.20.32
BRKACI-2001
Cisco Public
10.10.10.8
10.20.20.32
BRKACI-2001
Cisco Public
10.10.10.8
10.20.20.32
Lets connect them the way we should, redundantly (the previous slides showed a simple interconnect
just as an example
BRKACI-2001
Cisco Public
10.10.10.8
10.20.20.32
Cisco Public
BRKACI-2001
Cisco Public
Cisco Public
vSwitch
vSwitch
vSwitch
Cisco Public
vSwitch
vSwitch
vSwitch
Activate the services, leverage the services chaining and dynamic provisioning
Leverage the fabric as the layer 3 gateway for all the other VLANs
BRKACI-2001
Cisco Public
APIC
Endpoints in a Virtualised
EPG
APP
L/B
VM
BRKACI-2001
EPG
WEB
VM
EPG
DB
DB PORT GROUP
VM
Cisco Public
79
VMWare Integration
Three Different Options
Distributed Virtual Switch
(DVS)
vCenter + vShield
+
Encapsulations: VLAN
Installation: Native
VM discovery: LLDP
Software/Licenses:
vCenter with
Enterprise+ License
BRKACI-2001
Encapsulations: VLAN,
VXLAN
Encapsulations: VLAN,
VXLAN
Installation: Native
VM discovery: LLDP
Software/Licenses:
vCenter with
Enterprise+ License,
vShield Manager with
vShield License
Cisco Public
80
VM discovery: OpFlex
Software/Licenses:
vCenter with
Enterprise+ License
APIC
EPG
WEB
F/W
EPG
APP
L/B
EPG DB
APIC Admin
ACI
Fabric
Push Policy
1
Cisco APIC and
VMware vCenter Initial
Handshake
Create VDS
Create Port
Groups
vCenter
Server / vShield
8
VI/Server Admin
Instantiate VMs,
Assign to Port Groups
Attach Hypervisor
to VDS
Web
App
HYPERVISOR
BRKACI-2001
Automatically Map
EPG To Port Groups
Cisco Public
81
DB
Web
DB PORT GROUP
Web
HYPERVISOR
DB
BRKACI-2001
Cisco Public
82
BRKACI-2001
Cisco Public
83
Hypervisor Manager
vCenter
OpFlex
OpFlex
OpFlex
VM
VM
OpFlex
VM
VM
AVS
BRKACI-2001
Cisco Public
VM
VM
VM
VM
AVS
switch learning
Control
(vCenter API)
Control
(OpFlex)
Data Path
Data Path
DVS Host
OpFlex Host
Cisco Public
85
VMM
APIC
EPG
WEB
F/W
EPG
APP
L/B
EPG
DB
APIC Admin
ACI
Fabric
Push Policy
1
Cisco APIC and
VMware vCenter Initial
Handshake
Automatically Map
EPG To Port Groups
OpFlex Agent
Create AVS
VDS
Create Port
Groups
vCenter
Server
8
VI/Server Admin
Instantiate VMs,
Assign to Port Groups
Attach Hypervisor
to VDS
Web
App
HYPERVISOR
BRKACI-2001
Cisco Public
86
OpFlex Agent
DB
Web
DB PORT GROUP
Web
HYPERVISOR
DB
BRKACI-2001
Cisco Public
87
AVS
AVS
OpFlex
AVS
OpFlex
AVS
Layer 2
AVS
AVS
Supports a Full multi-hop Layer 2 Network between Nexus 9k and AVS: Investment Protection
Layer 2 network is required to support OpFlex bootstrapping in this phase
BRKACI-2001
Cisco Public
AVS
AVS
OpFlex
AVS
OpFlex
AVS
Layer 2
AVS
Supports VLAN and VXLAN for transport (Recommend VXLAN to automate new workload)
Existing Network need to have 1 Infrastructure VLAN for VXLAN transport
Multicast: Turn on IGMP Snooping
Recommend 1 L2 Multicast group per EPG
BRKACI-2001
Cisco Public
AVS
Spine 2
Fabric
(40Gbps)
Leaf 1
Leaf 2
APIC
APIC
VXLAN
VLAN
ESXi-1
N1
Kv
lan
-vS
Co
i-W
eb
ke
-W
eb
Co
ke
-A
pp
ESXi-1
Pe
ps
i-a
p
pe
ps
lea
f1
ESXi-2
ESXi-3
N1
k-A
PP
N1
k-W
EB
EP
G1
ar
ed
_
Sh
pe
ps
i-d
b
ESXi-4
Nexus 3K (L2)
wi
tch
-
VLAN
APIC
Leaf 3
BRKACI-2001
Cisco Public
BRKACI-2001
Cisco Public
91
APIC
APIC Admin
(Basic Infrastructure)
ACI
Fabric
3
Get VLANs allocated
for each EPG
Push Network
Profiles to APIC
6
5
Create VM Networks
Create Application
Policy
4
1
Instantiate VMs
4
APIC Plugin
SCVMM Plugin
OpFlex Agent
OpFlex Agent
HYPERVISOR
OpFlex Agent
HYPERVISOR
HYPERVISOR
Web
Cisco Public
App
Web
App
DB
Web
Web
DB
NEUTRON
NOVA
OpenStack Tenant
(Performs step 1,4)
Web
Instantiate VMs
EPG
WEB
F/W
L/B
App
Web
HYPERVISOR
EPG
APP
L/B
DB
App
Web
HYPERVISOR
EPG
DB
DB
Web
HYPERVISOR
Automatically Push
Network Profiles to
APIC
APIC
ACI Admin
(manages physical
network, monitors tenant
state)
5
Push Policy
BRKACI-2001
F/W
L/B
Cisco Public
ACI
Fabric
EPG
WEB
L/B
EPG
APP
EPG
DB
App
App
App
App
App
Bins / libs
Bins / libs
Operating
System
Operating
System
Virtual Machine
Virtual Machine
App
App
Bins / libs
Bins / libs
Operating
System
Operating
System
Virtual Machine
Virtual Machine
Hypervisor
App
App
App
Bins / libs
Container
Bins / libs
Operating System
Operating System
Hardware
Hardware
Hardware
Type 2 Hypervisor
Cisco Public
App
Container
Hypervisor
Type 1 Hypervisor
BRKACI-2001
App
http://www.cisco.com/c/en/us/solutions/collater
al/data-center-virtualization/application-centricinfrastructure/white-paper-c11-732697.html
BRKACI-2001
Cisco Public
EXTERNAL
DMZ ACI
Policy
Virtual Machines
FW
ADC
WEB
Docker Containers
Trusted
ACI
Zone
APP
Policy
DB
ACI
Tier
Policy
Bare-Metal Server
DB
SECURITY
HYPERVISOR
BRKACI-2001
Cisco Public
96
HYPERVISOR
HYPERVISOR
96
3/1
3/9
3/3
1/97
1/1
1/97
1/2
1/3
KVM
1/2
1/3
1/4
Docker
ESX1
BRKACI-2001
1/1
1/97
Cisco Public
1/6
KVM
ESX2
LxC
1/2
1/1
HyperV
BareMetal
ESX3
Docker
vSwitch
vSwitch
vSwitch
Cisco Public
Cached EID
Entry
Three data plane functions required within the core of an ACI fabric
Multicast Root: Root for one of the 16 multicast forwarding topologies (used for optimisation of multicast load
balancing and forwarding)
Proxy Lookup: Data Plane based directory for forwarding traffic based on mapping database of EID to VTEP bindings
BRKACI-2001
Cisco Public
http://tools.ietf.org/html/draft-moreno-lisp-datacenter-deployment-00
BRKACI-2001
Cisco Public
Infrastructure VRF
Extended
VTEP
VTEP
VTEP
VTEP
L2 or L3
Lets Look at
the Details
Direct Attach
Endpoints
vSwitch
Hypervisor Attached
Endpoints (VLAN or
VXLAN)
VTEP
AVS
BRKACI-2001
Cisco Public
VTEP
AVS
Infrastructure VRF
Extended
VTEP
VTEP
VTEP
VTEP
VTEP
AVS
VM
VM
10.9.3.123
10.2.4.19
VTEP
VTEP
vSwitch
AVS
VM
VTEP
VM
VTEP
10.9.3.38 10.2.4.32
VM
DVS
AVS
BRKACI-2001
VTEP
Lets Look at
the Details
Cisco Public
VM
10.9.3.37 10.2.4.7
VM
10.9.3.89
VM
10.2.4.74
VTEP
VTEP
Group
Policy
VNID
Tenant Packet
VTEP
VTEP
VTEP
AVS
VM
VM
10.9.3.123
10.2.4.19
VTEP
VTEP
vSwitch
AVS
VM
VTEP
VM
VTEP
10.9.3.38 10.2.4.32
VM
DVS
AVS
BRKACI-2001
VTEP
Cisco Public
VM
10.9.3.37 10.2.4.7
VM
10.9.3.89
VM
10.2.4.74
VTEP
VTEP
VTEP
VTEP
VTEP
AVS
VM
VM
10.9.3.123
10.2.4.19
VTEP
VTEP
vSwitch
AVS
VM
VTEP
VTEP
VM
VTEP
10.9.3.38 10.2.4.3
2
AVS
VTEP
Cisco Public
VM
VM
10.9.3.37 10.2.4.7
vSwitch
DVS
VM
10.2.4.74
VM
10.9.3.89
VTEP
VTEP
VTEP
VTEP
VTEP
AVS
VM
VM
10.9.3.123
10.2.4.19
VTEP
VTEP
vSwitch
AVS
VM
VTEP
VTEP
VM
VTEP
10.9.3.38 10.2.4.32
AVS
VTEP
Cisco Public
VM
VM
10.9.3.37 10.2.4.7
vSwitch
DVS
VM
10.2.4.74
VM
10.9.3.89
Unknown MAC/IP
Known MAC/IP
(Cache Entry Exists)
VTEP
VTEP
VTEP
VTEP
VTEP
AVS
VM
VM
10.9.3.123
10.2.4.19
VTEP
VTEP
vSwitch
AVS
VM
VTEP
VTEP
VM
VTEP
10.9.3.38 10.2.4.3
2
AVS
VTEP
Cisco Public
VM
VM
10.9.3.37 10.2.4.7
vSwitch
DVS
VM
10.2.4.74
VM
10.9.3.89
VTEP
VTEP
VTEP
VTEP
VTEP
VTEP
vSwitch
AVS
VM
VTEP
VTEP
VM
VTEP
10.9.3.38 10.2.4.32
AVS
ACI services insertion and full L4-L7 policy are supported via
the AVS
BRKACI-2001
VTEP
Cisco Public
VM
VM
10.9.3.37 10.2.4.7
VTEP
AVS
VM
10.2.4.74
vSwitch
VM
10.9.3.89
Multi-Site Fabrics
VTEP
IP
Group
Policy
VNID
Tenant Packet
Fabric A
Fabric B
Multi-Site
Traffic
mBGP - EVPN
DB
Web/App
Web/App
Policy Context is carried with packets as they traverse the transit IP Network
BRKACI-2001
Cisco Public
App
DB
QoS
QoS
QoS
Service
Filter
Filter
Outside
(Tenant VRF)
Web
DB
vPC
App
QoS
QoS
Service
Filter
vPC
vPC
DB Outside EPG
QoS
Filter
BRKACI-2001
Cisco Public
ACI
Its an IP Network
Directory/Proxy
Service Nodes
ACI Enabled L4-7
Virtual and Physical
Services (Support for
Existing and New
Services Instances)
Border Leaves
APIC Policy
Controller
ACI Leaf
Nexus 9000
AVS
vSwitch
AVS
Extending ACI Policy and Automation into the Existing Data Centre
BRKACI-2001
ACI Services
extended in to any
existing IP
enabled Data
Centre
Cisco Public
Recommended Readings
BRKACI-2001
Cisco Public
113
Cisco Public