Submitted by dash on Tue, 01/09/2018 - 21:33

Cisco ACI Test Drive v4.0

This week, I had the pleasure of sitting in on a 2 day course, ACI Test Drive, that Cisco hosted at their Overland Park, KS office.  This course was put on by Firefly and presented by Neill Craven.  Neill was an excellent instructor and I must say that I was very impressed with his knowledge and sense of humor.  This was a great opportunity and I highly suggest anyone who has the opportunity to take this 2 day top down approach to the current state of Cisco ACI, to take full advantage of it.

When first doing introductions, I introduced myself as a network engineer for Tortoise Capital Advisors.  I noted that at Tortoise in 2017, we successfully implemented ACI fabric in 3 data centers.  Neill quickly asked why we were in this introductory course and I explained that we had gone through the NX-OS to ACI migration and were in Network Centric mode.  We are quickly approaching a load balancing implementation and considering migrating to a policy driven infrastructure as a part of that project to migrate from network centric to application centric.

I'll take this time to say that migrating from NX-OS to network centric ACI was the best approach to getting ACI in our network.  This was easily done by using the default application profile, the common tenant, an EPG and a Bridge Domain for each vlan we had in our NX-OS database, a single L3 OUT, with a single VRF.  There is an L2 vPC for each switch that connects to the leafs, and an L2 vPC for the fabric interconnects.  This is about as simple of a migration as you can have.  This was much simpler than trying to design out all the applications that were running in our environment (internal and external), integrating with our hypervisor, and implementing L4-L7 policy from ACI from the inception of ACI in our environment.

ACI-TD covered every aspect of ACI from an overview and holistic approach.  We went over everything from the ground up (with the exception of obtaining licenses, but we did cover when and where to apply them).  The outline of the course is;

  • Lesson 1: Cisco Nexus 9000 Series Switch Hardware Cisco Nexus 9000 Series Switches Cisco Nexus 9500 Series Chassis Cisco Nexus 9500 Series Supervisor Modules and System Controllers Cisco Nexus 9500 Series Fabric Modules Cisco Nexus 9500 Series Line Card Modules Cisco Nexus 9500 Series Fans and Power Supplies Cisco Nexus 9300 Series Switches Cisco Nexus 9000 Series FEX Support in the ACI Optics Supported by the Cisco Nexus 9000 Series Switches in ACI Mode
  • Lesson 2: The Cisco Nexus 9000 Series Switch ACI What Is ACI and Why It Is Needed ACI Concepts and Principles Differences Between the Policy and the Network Application Logic Defined Through Policy Advantages of Policy-Driven Data Center Design
  • Lesson 3: The ACI Fabric Leaf and Spine Single-Site Topology Fabric Initialization and Discovery Using LLDP The Use of Overlays in ACI Unicast Forwarding Multicast Forwarding Flowlet Dynamic Load-Balancing Health Scores Faults and Events
  • Lesson 4: Configuring the APIC What Is the APIC Configuration of Endpoint Groups and Endpoints Application Profiles Configuration of Contracts, Subjects, and Filters Tenants Contexts Bridge Domains
  • Lesson 5: Configuring Layer 4 Through Layer 7 Services Service Insertion and Redirection Implementation of Service Graphs Configuring Application Profiles Specific to Layer 4 to Layer 7 Services ACI Programmability Options of Layer 4 to Layer 7 Services Cisco ACI Test Drive™
  • Lesson 6: Configuring APIC Hypervisor Integration Policy Coordination with VM Managers Cisco Application Virtual Switch Management Networks (mgmt Tenant) Configuring ACI Integration with VMware
  • Lesson 7: Configuring ACI Connectivity to Outside Networks Inside and Outside Network Policies Configuring a Layer 3 Connection Outside the Network Configuring a Layer 2 Connection Outside the Network Migration from External Networks to ACI
  • Lab 0: Accessing the Remote Lab Environment
  • Lab 1: Familiarize Yourself with the GUI
  • Lab 2a: GUI - Configure Basic Network Constructs
  • Lab 2b: XML - Configure Basic Network Constructs
  • Lab 3a: GUI - Configure External Layer 3 to Internal ACI Communication
  • Lab 3b: XML - Configure External Layer 3 to Internal ACI Communication
  • Lab 4a: GUI - Attach Internal Compute Resources and Create Access to the External Network
  • Lab 4b: XML - Attach Internal Compute Resources and Create Access to the External Network
  • Lab 5a: GUI - Create a Two-Tier Application
  • Lab 5b: XML - Create a Two-Tier Application
  • Lab 6a: GUI - Create the Virtual Machine Manager Domain and Configure the Application Profile for the Lab App
  • Lab 6b: XML - Create the Virtual Machine Manager Domain and Configure the Application Profile for the Lab App

 

In this course, my blinders were on how the material was going to help my organization move from the network centric migrated state we were in, to an application centric model fully integrated with our VMWare ESXi hypervisors and our NGFW Firepower Threat Defense firewalls managed by Firepower Management Center Virtual Appliances.

This course addressed all of my focal points and covered all the major points that anyone would need to know to migrate to Cisco ACI.  This course covered a lot of topics that I had no idea were going to be covered in regards to multi-site, multi-pod, the requirements for each topology, including hardware specifics at the time of presentation.

The course material was well presented, easily accessed, labs worked, and just an over all great experience.  I want to thank Lisa Valenti @ Cisco for the opportunity to sit in on this class.  We are going to try to get Cisco to host a KC ACI User Group to meet once a month to help the ACI user base in the greater Kansas City area.  Cisco did this for the collaboration efforts years ago and it was very helpful for that market.  Automation in the network is not new, but it's definitely still growing.

-Dan Ash