#CiscoLiveLA

ACI Anywhere with

DEVNET

Mayuri Kulkarni, Senior Product Manager

@mayurikulkarni
DEVNET-4001

#CiscoLiveLA
 Overview
Agenda
Agenda
ACI Anywhere

ACI Operations

ACI Integrations
Application Centric Infrastructure Building Blocks
Built on the Nexus 9000

Centralized Policy Model,

Network Automation

Flexible - Modular and Fixed

Single Open API Spine Options
for Entire System
Non-Blocking 40/100/400G
Integrated Overlay, 40/100/400G Non- Fabric, CLOS Fabric
Blocking Fabric, Distributed Gateway
(Industry Leading: Price, Performance, Port-Density,
Programmability, Power Efficiency) Built-in Distributed Stateless
Firewall, Multi-Tenant Security

Physical, Virtual WAN IP Storage Network

and Container Interconnect Service
Workloads Appliances

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Anywhere
ACI Anywhere
Accelerates Journey
to Multicloud

• Operational Simplicity: Same Container

s
Hypervisor

“look and feel” as On-

Premise
ACI Anywhere
• Automated Policy Translation:
Consistency across the entire
data center Cloud
Exchange
• Common Governance: Data
Center
End-to-end discovery,
visibility and troubleshooting
On Premises
Cloud
IOT Edge

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Anywhere Architecture
Any Cloud, Any Application, Any Platform, Anywhere

ACI Anywhere
Remote Leaf / Virtual PoD IP WAN APIC / Multi-Site IP WAN Multicloud Extensions

Remote Location On Premise Public Cloud

Automation Security Mobility Visibility

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Cisco ACI Multi-Site Orchestrator

Cisco Virtual ACI (Virtual Edge)

Cisco ACI Cisco ACI Physical Remote Leaf

Key Components
Cisco Virtual ACI (Virtual Pod)

Cisco Cloud ACI

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Shipping
ACI Multisite Multisite Orchestrator
Consistent Policy across sites
Single Point of Orchestration
Fault Isolation

Scale

Site A
Site C

Site D
Site B
VM VM VM

VM VM VM

VM VM VM

VM VM VM

Policy Single Point Of Availability Scale

Consistency Orchestration Fault Isolation
#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Shipping
ACI: Physical Remote Leaf
Extend ACI to Satellite Data Centers

On-Prem DC IP Network
(WAN Core – IPv4, MPLS, SR, etc …)
Remote
Locations

VM VM VM VM VM VM VM VM VM VM VM VM VM VM

Zero Touch Auto Two Remote Leaf vPC Pair Multi-site Support All benefits of ACI visibility
Discovery of Remote Leaf Up To 32 Remote Locations Stretch Tenant, EPG, etc Health Scores, Stats

#CiscoLiveLA
Presentation ID © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
 Shipping
Virtual ACI: Virtual Pod
Extend ACI to Bare Metal Clouds and Remote Data Centers
IP Network

Policy extension from

On-premise DC

VM VM VM VM VM VM VM
Hypervisor

On-premises ACI Data Center Remote location

VM VM VM VM VM VM VM

Bare Metal Clouds Remote Data Co-location Brownfield

(IBM, OVH, etc.) Centers Facilities Deployments
(Equinix, CoreSite etc.)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 Shipping
ACI: Mini ACI Fabric
ACI Fabric For Small Scale Deployments – 5RU System
Cloud
Physical APIC 1

APIC Virtual APIC 2

No. of Leafs 2-4
Spine 2
No. of Spines 2
Spine 1
No. of Tenants 25
Leaf 2 – 48 ports VM
No. of EPs 20,000
Leaf 1 – 48 ports
VM No. of BDs 1000
No. of EPGs 1000
No. of VRFs 25

Co-Location DC | SMB DC | SP Micro-DC

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
ACI Extensions To Multi-Cloud
ACI Multi-Site
Appliance

Site A
Site C
Site B
Site D
VM VM VM

VM VM VM

Region(s)
VM VM VM

VM VM VM
Region(s)
ACI – On Prem
Consistent Network and Seamless Workload Single Point of Secure Automated
Policy across clouds Migration Orchestration Connectivity
#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Shipping
ACI Extensions to AWS
Multi-Site

On-Premise DC Public Cloud

AWS Region

IP
EPG
Contract
EPG EPG Network
Web APP Contract
DB
SG SG SG
SG Rule SG Rule
Web APP DB
VXLAN / BGP EVPN

CSR
IPSec VPN Tunnel (Underlay) 1000v

VM VM VM Customer Premise
Router

Common Discovery Policy Monitoring & Single Point Operational

Governance & Visibility Translation Troubleshooting Of Orchestration Consistency
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
ACI Multi-Cloud (Cloud Only)
ACI Multi-Site
Orchestrator
In AWS (AMI)

Site 1 Site 2
Site 3

VM VM VM

VM VM VM VM VM VM

Region: UK South
Region: us-east-1 Region: ap-northeast-1

Multi-Cloud with AWS and Azure Cloud Sites supported in 2H-CY19

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud ACI Anywhere
Public Cloud
Public Cloud Public Cloud Bare Metal Cloud B

Container Hypervisor
s
ACI Anywhere ACI Virtual
ACI
ACI Anywhere ACI
Data Center Anywhere

Internet
Compute Edge
(Branch)
MPLS

Cloud
On Premises Exchange
Cloud

Automation Security Mobility Visibility

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Operations
 Supported
February 2019
from
ACI 4.1
4.2

Network Insights

Apps Network insights resources Network Insights Advisor*

Platform App hosting framework App Hosting Framework

App store App Store
DCNM APIC

Data collection Data correlation Data visualization

and ingestion and analysis and action

Visibility Insights Proactive Troubleshooting

Learn from your network See problems before Find root cause faster with
and recognize anomalies your end users do granular details

* Network Insights Advisor will be available in early June

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Supported
February
< Text
2019
from>
Network insights <ACI
Text4.2
4.1
>

Enables proactive action

Sources of Ingest Derive Suggest
telemetry data and process insights action

Config file
Syslog
Anomaly Flows
Tech-support
Metadata
RIB extraction
FIB
Accounting logs
Debug logs Correlate
against dBase
Streaming telemetry
Predictiv Root
Environmental
e failure cause
Event history
Complex
Cores correlation
Consistency checkers

Increase availability, performance, and simplify operations

Leverage knowledge base of digitized known issues | ACI | NX-OS
#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Protect Your Infra February 2019
ACI 4.1

with Pro-active Advisory

Impact Analysis Impact Analysis Notify

Audit Notify
Network
Audit Automated with NIA Operations

Notification Proactive Advisory

Network Remediate NIA Remediate

Operations

Network Insights:
Advisor

PSIRTS | Hardening Anomalies | Field notices

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Supported from
ACI 4.2

Cisco Application Services Engine

Modern Scale-out application services stack to host Day-2 Operations applications

Network Network
3rd Party apps
insights Assurance Engine

2.2 GHz 10 core CPU x 2

256 GB memory
2.4 TB x 4 HDD
10G/25G/40G connect

Network automation Scale-out cluster SE-CL-L3

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Integrations
 01 02 03 ACI

AWS Region West AWS Region East

Los Angeles

Application San Francisco

ACI Data Center
Branch
New York
ACI Data Center

Security:
App Groups
Identity access User Groups Automated Mapping
management from
user to applications
DNA ISE
Campus/Branch
Center Controller
DNA-C / ISE (Identity Services Engine) Users

• Integrate ACI’s application-based micro-segmentation in the data center with

Cisco SD-Access user group-based segmentation across the campus and branch.
• Automate the mapping and enforcement of segmentation policy based on the user’s
security profile as they access resources within the datacenter.
• Enables security administrators to manage end to end, user-to-application,
segmentation seamlessly
• Provide a common and consistent identity based micro-segmentation capability from
the user through to application
#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 September 2019
ACI 4.2

ACI to SD-WAN (Viptela) Integration

vManage
NEW !!!
ACI 4.2
Branch to DC path
DC to Branch Path Selection
Los Angeles Chicago Selection
Branch Branch

Contract SLA DSCP Dest based Classification

Exchange with vManage export to vManage
vEdge SD-WAN Fabric vEdge
vEdge does App policy- vEdge does Dest based path
based path selection selection

FW FW

VPC DB App VPC DB App

server server Web server server Web
server server

Subnet 10.1.1.0/24 Subnet 10.1.1.0/24

Multi-site
Region West San Francisco Data Center New York Data Center Region East

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 01 02 03

Application Network and App

Performance Health Correlation

Monitoring Business IQ Map IQ

Correlate app performance Baseline IQ Diagnostic IQ
and network data

AppDynamics

• Map application and service components to ACI

• Cross launch AppDynamics and ACI-APIC to correlate network and app data
• Baseline app health status in AppDynamics by correlating ACI network health
and faults
• Create micro-segmentation based on app tiers

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI integrations
Observability and
Analysis Public Cloud

ACI
Fabric
Automation ITSM

Workload
ADC Security
Management

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 February 2019

ACI Tool Integrations ACI 4.1

Multi-cloud Extensions – CI/CD and NetOps

Third Party Supported Products Use Case

• Infrastructure as a code
• 55+ ACI modules supported in 2.7, 20+ MSO modules to be
available in 2.8
Cloud APIC APIC MSO • https://bit.ly/2YKMLqv

• Config management
• 30+ APIC and 15+ cloud APIC resources/data sources available
• ACI provider will be up streamed to Terraform during Q3 CY2019
Cloud APIC APIC • https://bit.ly/2UqTUgd

• Auto discovery, CMDB visibility, workflow

CERTIFIED • Discover Cloud APIC entities from ServiceNow ITOM
INTEGRATION • Available ACI App 1.9 onwards
Cloud APIC APIC

* These integrations with Cloud APIC are part of future roadmap

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
 February 2019

ACI Tool Integrations ACI 4.1

Multi-cloud Extensions – CI/CD and NetOps

Third Party Supported Products Use Case

• Map AWS applications and service components to Cloud APIC

• Cross launch AppDynamics and Cloud APIC to correlate network &
app data
Cloud APIC* APIC • Baseline app health status in AppDynamics by correlating Cloud ACI
network health and faults

• Create infrastructure as a code template

• Configure and provision Infra VPC and Inter-VPC resources
• Cross launch AWS CloudFormation within Cloud APIC to configure
Cloud Formation Cloud APIC and provision AWS resources

• Splunk dashboards to monitor cloud APIC

• Drilldown and troubleshooting, CIM Compliance, Syslog parsing
• Cross-tier correlation - gain visibility across the entire data center
Cloud APIC APIC • Ops Analytics, alerting, RCA

* These integrations with Cloud APIC are part of future roadmap

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
#CiscoLiveLA Session ID © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
ACI: Open APIs Enable Broad Ecosystem Integrations
Application Delivery Public Cloud Security

Cisco
Tetration

Cloud Automation
Automation and Orchestration Cisco
CloudCenter

Microservices and Containers Big Data

Infrastructure

App Cloud
Monitoring Application Performance
IPAM ITSM and ITOM

Security

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Resources

• ACI and MSO modules

• https://github.com/ansible/ansible/tree/devel/lib/ansible/modules/network
• https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html
• https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#aci

• ACI Multicloud
• https://cisco.com/go/aci

• Cisco Devnet
• https://developer.cisco.com/
• https://developer.cisco.com/exchange/

• Code Examples:
• https://github.com/datacenter/ansible-role-aci-model
• https://github.com/devarshishah3/Ansible-ACI-Multicloud

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot# DEVNET-4001

by the speaker until November 1st , 2019.

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Continue your education

Demos in the Walk-in

Cisco campus self-paced labs

Meet the engineer

Related sessions
1:1 meetings

#CiscoLiveLA DEVNET-4001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Thank you

#CiscoLiveLA
#CiscoLiveLA
ACI and Devnet at Cisco Live Cancun 2019
Devnet Classrooms Devnet Workshops
Accelerate your IT Services Delivery with Cisco ACI and
ServiceNow Workflow Automation - DEVNET-2615

#CiscoLiveLA DEVNET-4001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36