Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6634
Views
5
Helpful
1
Replies

what is ACI

Arjun Dabol
Level 1
Level 1

‎06-14-2017 02:02 AM - edited ‎03-01-2019 05:15 AM

Hi Folks

I have read many definitions of ACI but still not sure what 'exactly it is'..can someone give me high level view (not technical) of ACI..

why one uses and where ?

Thanks

Abhishek

Labels:
0 Helpful
1 Reply 1

Claudia de Luna
Spotlight
Spotlight

‎06-14-2017 05:59 AM

Hi Abhishek,

Basically ACI is a data center network.  More specifically its a data center fabric which means is uses a leaf and spine topology which has many benefits and it is managed by a central controller (3 - 5 APIC controllers).   So at the physical layer think of Nexus 9Ks in this leaf and spien topology managed by 3 -5 UCS C220 "servers" that are purpose built to manage all of these N9ks as a unit or single fabric with a unique "operating system"

This "operating system" or ACI essentially does for a network what VMware/vSphere does for computing.  it lest you define virtual objects and move them around and apply them as you need to.

So with ACI, say you have 8 top or rack "leafs" and you need them to each support 10 vlans (same vlans) you no longer have to configure  10 vlans on 8 switches.  You configure the "objects" that make up your vlans (EPGs and Bridge Domains) once and apply them anywhere across those 8 leafs.Think of contracts as ACLs and you have the same behavior there. Configure you Contract once and apply as many time as you need to between EPGs.    

There are many other benefits including visibility, true hitless upgrads as long as everything is redundantly connected etc.  

You can migrate to ACI with your existing vlan/subnet design and your firewalls and LBS all still work and you have several ways of "integrating" them into the fabric.

Here is one of my favorite use cases for ACI:

I have a /23 network of all kinds of servers providing all kinds of functions.

I have all my domain/dns/dhcp servers with servers that other administrators mange and I'd really like to protect the.  They are spread out across all 8 of my top of rack switches.  I don't have time to change their IPS as that would be a huge undertaking.

In a "classic" ethernet network I can do things like put ACLs on each switch.

In ACI, I can move the "subnet" over as is (the /23) and I can create 2 Endpoint Groups (EPGs),  INFRA-SERVERS-EPG and SERVERS-OTHERS-MANAGE-EPG. I put my important infrastructure servers in the INFRA-SERVERS-EPG and everything else goes into the "OTHERS" EPG and I  put a contract in place for just those ports and protocols I need.  (I don't have to do that day 1, I can do that later after the move when there is more time - but now I have the option do tightening security easily without changing IPs).  This concept applies to Virtual Machines as well as physical machines so there is another key benefit with ACI.

Hope this helps a little bit!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License