Scribd
Upload
78 views22 pages

M11 - AppNetCentric

Uploaded by

Nguyen Mai Phuong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
78 views22 pages

M11 - AppNetCentric

Uploaded by

Nguyen Mai Phuong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Cisco ACI

Application Centric and Network


Centric Deployments
www.lumoscloud.com
learning@lumosconsultinginc.com
Agenda

 Cisco ACI Logical Model Options


 Network Centric Deployments
 Application Centric Deployments
 Simultaneous Deployments
Application Centric Model
vs.
Network Centric Model
Logical Model Options
Application Centric Network Centric
• Many EGPs per Bridge • One EPG per Bridge Domain
Domain You don’t have to choose! You can run
• One Bridge Domain/EPG
both on the same ACI fabric, even
• Contracts between EPGs per VLAN
both in the same tenant/VRF
• Modern networking • Traditional networking
Bridge Domain: VLAN 10
Web Tier App Tier DB Tier Subnet: 10.1.10.0/24
QoS
End Points QoS
End Points QoS
End Points
External
Network
Service Service Service

Filter Filter Filter

Application Network Profile (ANP) EPG: VLAN 10


Network-Centric Deployment
Model
Traditional Networking Constructs
Back-to-back vPC SVIs (default
(MLAG) to avoid gateways)
STP blocking
L3
L2 Many small
Layer 2 domains

Layer 2: VLANs
Layer 3: SVI (Switch Virtual Interfaces)
ACI Network Centric Constructs
Leaf-spine topology
underlay/overlays (no
STP running in fabric)

• Tenants
• VRFs
• Bridge Domains
1 VLAN = 1 • Subnet
BD/Subnet/EPG • EPGs

1 VLAN = 1 vSwitch
Port Group
Traditional Network Design
L3
L2

VLAN ID Network/Mask SVI Address


(default gateway)
VL10 VL30
10 10.1.10.0/24 10.1.10.1
VL20
20 10.1.20.0/24 10.1.20.1
30 10.1.30.0/24 10.1.30.1
ACI Network Centric Design
Tenant: Coke
VRF: VRF1
Bridge Domain: VLAN_10 Bridge Domain: VLAN_20 Bridge Domain: VLAN_30
Subnet: 10.1.10.1/24 Subnet: 10.1.20.1/24 Subnet: 10.1.30.1/24
ANP: VLAN_10 ANP: VLAN_20 ANP: VLAN_30
EPG: VLAN_10 EPG: VLAN_20 EPG: VLAN_30

VLAN ID SVI/Mask
10 10.1.10.1/24
20 10.1.20.1/24
30 10.1.30.1/24
Network Centric: Pros/Cons
Network Centric: Pros Network Centric: Cons
• Easy to implement and • Traditional security model
migrate • Lower design flexibility
• No special knowledge of • Reduced opportunity for
applications needed advanced features (service
• Closest to traditional graphs, contracts, etc)
networking constructs • IP dependent
App-Centric Deployment Model
Application Centric Design
Tenant: Coke
L3_Out (0/0)
VRF: VRF1 Each EPG would
be assigned to a
Bridge Domain: BD_Coke
VLAN (or IETF
ANP: Coke ANP: Sprite ANP: CokeZero
EPG: Web_Tier EPG: Web_Tier EPG: Web_Tier VXLAN)
Subnet: 10.10.0.0/22

EPG: App_Tier EPG: App_Tier EPG: App_Tier

With VMware,
each EPG would
Contract also map 1:1 to a
EPG: DB_Tier EPG: DB_Tier EPG: DB_Tier

vSwitch Port Group


Application Centric: Pros/Cons
Application Centric: Pros Application Centric: Cons
• Granular application security • Requires understanding of
• Full enforcement of how application
application communication communicates
• Dev/Ops style security model • Converting from traditional
(based on application, based network can be labor and time
on tier) intensive
• Superior security model • Generally requires new IP
• High design flexibility schema
• Application level visibility • Generally requires more time
for migration
Attributes of Successful AppCentric
Deployments
• Requires knowledge of communications
dependencies
• Requires good co-ordination of networking and
application/server teams
• Lends itself well to self-service networking
environments
• Lends itself well to DevOps/Agile/CI-CD
environments
Simultaneous Deployments
• It’s not required to choose one or the other
• Both models can be implemented at the same
time
• Can be separated out by Tenants, by VRFs, or
even just Bridge Domains
App/Net Centric Separated by Tenant
Tenant: Coke Tenant: Pepsi
VRF: Coke_VRF VRF: Pepsi_VRF
Bridge Domain: VLAN_100 Bridge Domain: VLAN_200 Bridge Domain: Pepsi_BD
Subnet: 10.1.100.1/24 Subnet: 10.1.200.1/24 Subnet: 10.10.0.0/22
ANP: VLAN_100 ANP: VLAN_200 ANP: Pepsi ANP: PepsiMax
EPG: Web_Tier EPG: Web_Tier
EPG: VLAN_100 EPG: VLAN_200

EPG: App_Tier EPG: App_Tier

EPG: DB_Tier EPG: DB_Tier


App/Net Centric Separated by VRF
Tenant: Coke Tenant: Pepsi
VRF: Coke_VRF VRF: Sprite_VRF
Bridge Domain: VLAN_100 Bridge Domain: VLAN_200 Bridge Domain: Coke_BD
Subnet: 10.1.100.1/24 Subnet: 10.1.200.1/24 Subnet: 10.10.0.0/22
ANP: VLAN_100 ANP: VLAN_200 ANP: Sprite ANP: SpriteZero
EPG: VLAN_100 EPG: VLAN_200 EPG: Web_Tier EPG: Web_Tier

EPG: App_Tier EPG: App_Tier

EPG: DB_Tier EPG: DB_Tier


App/Net Centric Separated by Bridge Domain
Tenant: Coke Tenant: Pepsi
VRF: Coke_VRF
Bridge Domain: VLAN_100 Bridge Domain: VLAN_200
Subnet: 10.1.100.1/24 Subnet: 10.1.200.1/24 Bridge Domain: Coke_BD
Subnet: 10.10.0.0/22
ANP: VLAN_100 ANP: VLAN_200
EPG: VLAN_100 EPG: VLAN_200
ANP: Coke ANP: CokeZero
EPG: Web_Tier EPG: Web_Tier

EPG: App_Tier EPG: App_Tier

EPG: DB_Tier EPG: DB_Tier


Successful Deployments
 Lumos has successful installs in every vertical: Healthcare, financial,
retail, manufacturing, government & education
 Every success story is built around all players working towards a
common purpose
 Change in mentality from traditional silo environments to DevOps
mindset
 Some industries more open to this than others
 Examples:
 Retail
 Manufacturing
 Education
ACI Migration Scenario
 Brownfield vs Greenfield
 Typical Brownfield Migration Walkthrough
 Order of Operations
 Phase Planning
 IP addressing
 Default Gateway
 ARP Timeout
 Scripting
L3

L2

.1
.1

You might also like