There's no special guide specifically for backup traffic. Your backup solution vendor will likely have recommendations that can be implemented, but it's the backup solution that should dictate the design more than the infrastructure.
There's no need to run a separate external backup network outside of ACI - that's exactly what ACI is for - traffic segmentation & security. With ACI you have some options which come down to your existing design.
There would be some questions to be answered:
Are all clients & targets directly attached to ACI?
How many user Tenants do you have? If all your application profiles & EPGs are using a single tenant, then there's no issue putting a "BackupClient_EPG" and "BackupServer_EPG" in that same tenant. I would put them in their own Bridge Domain. If the backup clients and targets use non-overlapping IPs (unused elsewhere in your environment) then you can even use the same VRF in your user tenant. If you have multiple Tenants (ie. QA, Prod, Dev etc), then you can optionally locate these EPGs in the Common tenant, which would allow you to have clients across multiple EPGs be able to backup to the shared target.
From an endpoint connectivity perspective, typically your backup clients will have a dedicated physical or virtual interface for backup traffic. This would be attached to the corresponding "BackupClient_EPG". To harden the security of this EPG I'd suggest enabling "IntraEPG Isolation" on this EPG - which will prevent your backup clients from communicating with each other (only allow them to communicate with the target). Your backup server/target would have its backup network interface(s) attached to the "BackupServer_EPG" (no need for isolation on this EPG). Then you'd add a contract between the Client & Server EPGs allowing whatever traffic you wish - you can limit this to the specific ports & protocols used by your backup solution software.
Having your backup traffic contained within it's own EPG is the equivalent of separating the traffic in a legacy network by VLAN. If you really need QoS, that can also be implemented, but ACI is typically far more robust from a capacity perspective (40G/100G fabric Uplinks) that we don't see too many customer need to worry about QoS for backup/restore traffic.
Whatever backup design you would implement in your legacy environment, ACI can replicate it.
Good afternoon Friends, these days I was accessing the DNAC manager and my surprise is that I did not have access, after a basic analysis I observed that the equipment was operational, but without being able to access it via DNA GUI (browser) I also ident...
Today we are going to talk about how to configure backups in the Cisco ACI APIC Dashboard. As you might know APIC is a UCS based CIMC controller and we can check the configuration backups on the Cisco ACI APIC Dashboard. Remember that the HA solution mus...
Listen: https://smarturl.it/CCRS9E14 Follow us: https://twitter.com/CiscoChampion
Organizations are undergoing digital transformation like never before. Global spending on digital transformation of business practices, products, and organization...