what is ACI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2017 02:02 AM - edited 03-01-2019 05:15 AM
Hi Folks
I have read many definitions of ACI but still not sure what 'exactly it is'..can someone give me high level view (not technical) of ACI..
why one uses and where ?
Thanks
Abhishek
- Labels:
-
Cisco ACI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2017 05:59 AM
Hi Abhishek,
Basically ACI is a data center network. More specifically its a data center fabric which means is uses a leaf and spine topology which has many benefits and it is managed by a central controller (3 - 5 APIC controllers). So at the physical layer think of Nexus 9Ks in this leaf and spien topology managed by 3 -5 UCS C220 "servers" that are purpose built to manage all of these N9ks as a unit or single fabric with a unique "operating system"
This "operating system" or ACI essentially does for a network what VMware/vSphere does for computing. it lest you define virtual objects and move them around and apply them as you need to.
So with ACI, say you have 8 top or rack "leafs" and you need them to each support 10 vlans (same vlans) you no longer have to configure 10 vlans on 8 switches. You configure the "objects" that make up your vlans (EPGs and Bridge Domains) once and apply them anywhere across those 8 leafs.Think of contracts as ACLs and you have the same behavior there. Configure you Contract once and apply as many time as you need to between EPGs.
There are many other benefits including visibility, true hitless upgrads as long as everything is redundantly connected etc.
You can migrate to ACI with your existing vlan/subnet design and your firewalls and LBS all still work and you have several ways of "integrating" them into the fabric.
Here is one of my favorite use cases for ACI:
I have a /23 network of all kinds of servers providing all kinds of functions.
I have all my domain/dns/dhcp servers with servers that other administrators mange and I'd really like to protect the. They are spread out across all 8 of my top of rack switches. I don't have time to change their IPS as that would be a huge undertaking.
In a "classic" ethernet network I can do things like put ACLs on each switch.
In ACI, I can move the "subnet" over as is (the /23) and I can create 2 Endpoint Groups (EPGs), INFRA-SERVERS-EPG and SERVERS-OTHERS-MANAGE-EPG. I put my important infrastructure servers in the INFRA-SERVERS-EPG and everything else goes into the "OTHERS" EPG and I put a contract in place for just those ports and protocols I need. (I don't have to do that day 1, I can do that later after the move when there is more time - but now I have the option do tightening security easily without changing IPs). This concept applies to Virtual Machines as well as physical machines so there is another key benefit with ACI.
Hope this helps a little bit!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2025 11:20 PM
When thinking about networking, our brains might be wired a certain way, and we become familiar with ways to configure things. Cisco ACI is very different; We will need to re-wire our brains and change our perspective on how networking is configured and managed. There are a lot of new things to learn. It is a different approach to networking. Refer to learn ACI easily and deeply:
