Академический Документы
Профессиональный Документы
Культура Документы
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Pod and Multi-Site
When to Position One vs. the Other?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
When to Position Multi-Pod?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Pod
Overview
VXLAN
Inter-Pod
Network
Pod ‘A’ Pod ‘n’
MP-BGP - EVPN
…
Up to 50 msec RTT
APIC Cluster
IS-IS, COOP, MP-BGP IS-IS, COOP, MP-BGP
Availability Zone
• Multiple ACI Pods connected by an IP Inter-Pod L3 • Forwarding control plane (IS-IS, COOP) fault
network, each Pod consists of leaf and spine nodes isolation
• Up to 50 msec RTT supported between Pods • Data Plane VXLAN encapsulation between Pods
• Managed by a single APIC Cluster • End-to-end policy enforcement
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Single Management and Policy Domain
Single AZ with with Tenant Isolation
Isolation for ‘Virtual Network Zone and Application’ Changes
Inter-Pod
Network
ACI Multi-Pod
Fabric
APIC Cluster
• The ACI ‘Tenant’ construct provide a domain of application and associated virtual network policy
change
• Domain of operational change for an application (e.g. production vs. test)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
6
ACI Multi-Pod
Most Common Use Cases
▪ Need to scale up a single ACI fabric above
200 leaf nodes supported in a single Pod Pod
▪ Handling 3-tiers physical cabling layout (for Inter-Pod
Leaf Nodes Network
example traditional N7K/N5K/N2K
deployments)
• Alternative to the Multi-Tier fabric Spine Nodes
(supported from ACI release 4.1(1))
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Pod and VMM Integration
IPN
Pod 1 Pod 2
VMM Domain
DC1
HV HV HV vSwitch1 HV HV HV
Pods
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Typical options for an
Multi-Pod and Network Services Active/Active DC use case
Integration Models
ISN
Active Standby
ISN
▪ Independent Active/Standby pairs deployed in separate
Pods
▪ Use of Symmetric PBR to avoid the creation of
asymmetric paths crossing different active FW nodes
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Active/Standby Active/Standby
When to Position Multi-Site?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Site
Overview VXLAN
Inter-Site
Network
MP-BGP - EVPN
Multi-Site
Orchestrator
Site 1 Site 2
REST
GUI
API Availability Zone ‘B’
Availability Zone ‘A’
Region 1
• Separate ACI Fabrics with independent APIC clusters • MP-BGP EVPN control plane between sites
• No latency limitation between Fabrics • Data Plane VXLAN encapsulation across sites
• ACI Multi-Site Orchestrator pushes cross-fabric configuration to • End-to-end policy definition and enforcement
multiple APIC clusters providing scoping of all configuration
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
changes
ACI Multi-Site
Most Common Use Cases
• Scale-up model to build a very • Data Center Interconnect (DCI)
large intra-DC network (above • Extend connectivity and policy between
the number of leaf nodes ‘loosely coupled’ DC sites
supported in an ACI fabric) • Disaster Recovery and IP mobility main use
cases
✓ Tight control on BD extension across sites
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Site Connectivity Options Should be the behavior for the
majority of BDs with Multi-Site
Per Bridge Domain Behavior
Layer 3 only across sites IP Mobility without BUM flooding Layer 2 adjacency across Sites
1 2 3
ISN ISN ISN
Site Site Site Site 2
Site Site Site
1 2 1 2 1 2
▪ Bridge Domains and subnets not ▪ Same IP subnet defined in ▪ Interconnecting separate sites for
extended across Sites separate Sites fault containment and scalability
Support for IP Mobility (‘cold’ and reasons
▪ Layer 3 Intra-VRF or Inter-VRF ▪
communication (shared services ‘live’* VM migration) and intra- ▪ Layer 2 domains stretched across
across VRFs/Tenants) subnet communication across sites Sites, support application
clustering
▪ No Layer 2 BUM flooding across
sites ▪ Layer 2 BUM flooding across sites
vCenter vCenter
Server 1 Server 2
SRM SRM
HV HVVDS1 HV
EPG1 HV HVVDS2 HV
EPG1
WAN WAN
Note: the same consideration applies to both Border Leaf L3Outs and GOLF L3Outs
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployment options fully
Multi-Site and Network Services supported with ACI Multi-Pod
Integration Models
ISN
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Foundational Requirement
Creation of Two Independent Fabrics/AZs
Application
workloads deployed
© 2019 across Cisco
Cisco and/or its affiliates. All rights reserved. availability
Confidential
zones
Foundational Requirement
Creation of Two Independent Fabrics/AZs
‘Classic’ Active/Active
ACI Multi-Site
‘Classic’ Active/Active
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Site
MSO Schema and Templates
Schema
▪ Template = ACI policy definition
(ANP, EPGs, BDs, VRFs, etc.)
▪ Schema = container of Templates
sharing a common use-case
• As an example, a schema can be dedicated
to a Tenant
t1 t1 t1 t2 t1 t2
▪ Single Template associated to Prod ▪ Separate Template associated to Prod ▪ Single Template associated to Prod
and DR Sites and DR Sites and DR Sites
▪ Any change applied to the template ▪ Changes made to a template can be ▪ Capability of independently apply
is pushed to both sites applied only to the mapped site changes to each site
simultaneously
▪ Requires sync between the two ▪ Brings together the advantages of
▪ Easiest way to keep consistent
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
templates (manual or performed by an the previous two options
policies deployed across sites higher level Orchestration tool)
How to Define Schemas, Templates
and the Mapping to ACI Sites?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Schema Design
One Template per Site, plus a Common Template
Schema
ANP1 Site 1
Template
Site 1
EPG1 EPG2 BD1 BD2
Site 2
ANP1
Template
Site 2
EPG3 EPG4 BD3 BD4
ANP1 VRF
BD7 C1 C2
EPG7
Contracts
▪ All objects defined inside the schema are visible and can be referenced via the
drop-down list
• This is not the case for object referenced across schemas for those it is required to digit at least 3
letters of their names to be displayed and then create references
▪ Current support limited to 5 templates per schema
• With four sites you could have a template per site and one stretched template (would not scale to support
other combinations)
▪ Be aware of the maximum object limit in the same schema (500 objects is the
current limit)
• Every object that can be defined in a template counts (EPGs, BDs, VRFs, Contracts, etc.)
• May make sense to locally define on APIC objects that are only used locally in a site
▪ Note: increasing both the number of templates and number of objects in a schema
is planned for a future ACI release (2HCY19)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multiple Schemas Design
One Application per Schema, plus a Schema for Common Objects
App1 APN 1
Schema
Site 1
Template
Site 1
EPG1 EPG2 BD1 BD2
App2
Site 3
APN 3 Site 2 & 3
Schema Template
EPG5 EPG6 BD5 BD6
Contracts
Common Template
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multiple Schemas Design
Deployment Considerations
▪ Allows to easily identify application in the schema window and verify their health in
the MSO dashboard
▪ Applications can easily be localized or stretched across sites
▪ Less likely to hit the current 500 objects limit per schema
▪ Cross-schema objects can’t be referenced through the drop-down menu, need to
perform a manual search (using at least 3 letters from their name)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How to Define the Policies inside a
Template for a Given Tenant?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Site Orchestrator
Defining Policies in a Template
Green Field Deployment Import Policies from an Existing Fabric
Site 1
Site 1 Site 1 Site 1
1a 1b 2b
2a
Site 2
Site 2 Site 2 Site 2
2 2 1
2a 2b
Site 2
Site 2 allow diff/merge operations on policies from
different APIC domains
1 1 ▪ It is still possible to import policies for the
3 same tenant from different APIC domains,
under the assumption those are no
conflicting
Site 1 Site 2 • Tenant defined with the same Name
Existing Fabric Existing Fabric • Name and policies for stretched objects are
1. Import existing tenant policies from site 1 and site 2 to new
also common
common and site-specific templates on ACI MSO
2a. Associate the common template to both sites (for stretched objects)
2b. Associate site-specific
© 2019 Cisco templates
and/or its affiliates. to each
All rights reserved. site
Cisco Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Site
Where to Go for More Information
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential