𝔖 Scriptorium
✦   LIBER   ✦
📁

Cisco ACI: Zero to Hero: A Comprehensive Guide to Cisco ACI Design, Implementation, Operation, and Troubleshooting

✍ Scribed by Jan Janovic

Publisher
Apress
Year
2022
Tongue
English
Leaves
625
Edition
1st ed.
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

It doesn’t matter if you are completely new to Cisco ACI or you already have some experience with the technology, this book will guide you through the whole implementation lifecycle and provide you with a comprehensive toolset to become confident in any ACI-related task.

In the beginning, it’s very important to build strong fundamental knowledge about Cisco ACI components. We'll go through underlay networking based on Nexus 9000 switches and describe the APIC controller cluster acting as the management plane of ACI. By building Access Policies, you'll see how to optimally connect servers, storage, routers, switches, or L4-L7 service devices to ACI. Then we'll properly design and implement Logical Application Policies. You will understand all the fabric forwarding behavior when using different ACI settings and architectures while getting a toolset on how to verify and troubleshoot eventual problems.

This book also covers external L2 and L3 connectivity in ACI, more advanced features like integration with virtualization hypervisors and Kubernetes, service chaining of L4-L7 devices using Service Graphs, or practical approach to using REST API automation based on Python and Ansible/Terraform.

Cisco ACI: Zero to Hero can additionally be used as a valuable source of theoretical and practical knowledge for all candidates preparing for CCIE DC v3.0 Written or Lab exams.

What You'll Learn

  • Understand network evolution and Cisco ACI components
  • Underlay ACI networking based on Nexus 9000 switches, APIC controllers, and Application Policy Model
  • Integrate ACI with virtualization hypervisors and Kubernetes
  • Dynamically and seamlessly include L4-L7 service devices in communication between ACI endpoints
  • Build ACI Anywhere: ACI Multi-Tier, Stretched Fabric, Multi-POD, Multi-Site, and Remote Leaf
  • Utilize ACI REST API with Python, related Cobra SDK, Ansible or Terraform, to develop automation and scripts on top of the ACI platform

Who This Book Is For

Network engineers, architects, network developers, administrators or NOC technicians.

✦ Table of Contents

Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Chapter 1: Introduction: Datacenter Network Evolution
From Traditional to Software-Defined Networking
Traditional Three-Tier Network Architecture
Let’s Go Virtual
Transition to Leaf-Spine Architecture and VXLAN
Need for Network Automation
Cisco Application Centric Infrastructure (ACI)
Summary
Chapter 2: ACI Fundamentals: Underlay Infrastructure
Cisco Nexus 9000 and CloudScale ASICs
CloudScale ASIC Architecture
CloudScale ASIC Buffering
Nexus 9500: Modular Chassis Switches
Chassis-Specific Components
Fabric Module
Fan Module
Common Chassis Components
Switch Supervisor Engine
System Controller
Power Supply Unit
Line Cards
Nexus 9300: Fixed Switches
ACI Underlay Networking
ACI Leaf-Spine Fabric Topology
ACI Underlay Cabling Options
ACI Control Plane and Data Plane Overview
ACI Architecture
Multi-Tier ACI Fabric
ACI Stretched Fabric
ACI Multi-Pod Architecture
Inter-Pod Network (IPN)
ACI Multi-Site Architecture
Nexus Dashboard Orchestrator
Cloud ACI
ACI Remote Leaf
Application Policy Infrastructure Controller
Hardware Equipment
Connecting APIC Nodes to the Network
APIC High Availability
ACI Licensing
High-Level ACI Design
Summary
Chapter 3: Fabric Initialization and Management
Nexus 9000 in ACI Switch Mode
Conversion From NX-OS to ACI Mode
APIC Cluster Initialization
Graphical User Interface Overview
Fabric Discovery and Registration
ACI Switch Discovery
Multi-Pod Fabric Discovery
ACI Switch Discovery Troubleshooting
ACI Management Access
Fabric Out-of-Band Configuration
Fabric In-Band Configuration
APIC Connectivity Preference
Initial and Best Practice Fabric Configuration
Network Time Protocol
Internal ACI MP-BGP
Domain Name System
Securing Fabric Management Access
Fabric-Wide Best Practice Configuration
ACI Fabric Monitoring and Backup
Simple Network Management Protocol
Logging in ACI Syslog
Faults
Events
Audit Logs
Session Logs
Syslog Configuration
NetFlow
NetFlow Exporter
NetFlow Record
NetFlow Monitor
ACI Fabric Backup
ACI Multi-Pod Configuration
Inter-POD Network Configuration
Nexus 9000 Features
IPN VRF Instance
OSPF/eBGP Process
L3 IPN Interfaces Facing ACI Spines
PIM Bidir Multicast Configuration
DHCP Relay Agent Configuration
Quality of Service for ACI Control-Plane in IPN
APIC Multi-Pod Wizard
ACI Multi-Pod Verification and Troubleshooting
Summary
Chapter 4: ACI Fundamentals: Access Policies
Switch Policies
Switch Protocol Policies and vPC
Switch Policy Group
Switch Profile
Interface Policies
Interface Protocol Policy
Interface Policy Group
Interface Profile
Attachable Access Entity Profile
Physical and External Domains
VLAN | VXLAN | VSAN Pools
Practical Example for Access Policies
Access Policies Naming Convention
Summary
Chapter 5: ACI Fundamentals: Application Policy Model
Application Policy Model Overview
ACI Tenants
Tenant Security and Access Control
System Tenants
Tenant common
Tenant infra
Tenant mgmt
User Tenants
Tenant Monitoring
Virtual Routing and Forwarding
Bridge Domains
Bridge Domain Subnets
ARP Handling
Application Profiles
Endpoint Groups
Mapping EPGs to Interfaces
Static EPG to Interface Mapping
Static EPG Path Mapping to AAEP
Dynamic EPG to Interface Mapping
Endpoint Learning Verification
EPG Design Options
Network Centric
Application Centric
Microsegmentation uEPGs
Endpoint Security Groups
ACI Contracts
Consumer and Provider EPGs
Contract Configuration
Contract Scope
Contract Subject
Contract Filter
Contract Application to EPGs/ESGs
Contract Zoning Rules on Leaf Switches
Endpoint Classification and Zoning Enforcement
EPG/ESG Preferred Groups
VRF vzAny Object
Intra-EPG Isolation and Contracts
Zone Rules Verification and Troubleshooting
show system internal policy-mgr stats
show logging ip access-list internal packet-log deny
APIC contract_parser.py
Contract Policy TCAM Utilization
Naming Convention for ACI Application Policies
Summary
Chapter 6: Fabric Forwarding (and Troubleshooting)
ACI Data Plane - iVXLAN Encapsulation
1) Outer MAC Header
2) Outer IP Header
3) UDP Header
4) VXLAN Header
5) Original Layer-2 Frame
Fabric Control Plane Mechanisms Reviewed
ACI Forwarding Scenarios
Layer 2 Forwarding
Multi-Destination (ARP) Forwarding in a Layer 2 Bridge Domain
Known Layer 2 Unicast
Unknown Layer 2 Unicast
Bridge Domain in Flood Mode
Bridge Domain in Hardware Proxy Mode
Layer 2 Forwarding Summary
Layer 3 Forwarding
ARP Processing in a Layer 3 Bridge Domain
Unknown Layer 3 Unicast
Known Layer 3 Unicast
External Forwarding in a Layer 3 Bridge Domain
Layer 3 Forwarding Summary
Multi-Pod Forwarding
Multi-Pod Control Plane
Multi-Pod Data Plane
Multi-Destination Traffic Delivery
Multi-Site Forwarding
Name-Space Normalization (Translation)
Additional Troubleshooting Toolset for Fabric Forwarding
Endpoint Tracker
Embedded Logic Analyzer Module
fTriage
Switch Port Analyzer
SPAN Configuration
Visibility & Troubleshooting Tool
Interface Drops Analysis
Summary
Chapter 7: External Layer 2 and  Layer 3 Connectivity
Layer 2 External Connectivity
Bridge Domain Extension
Endpoint Group Extension
Spanning Tree Protocol and ACI
Extending STP Domain to ACI
Best Practices for STP-Related Configuration
Topology Change Notification (TCNs)
Be Aware of Overlapping VLANs!
Layer 3 External Connectivity
Main L3OUT Components
L3OUT Related Access Policies
L3OUT Root Object
Logical Node and Interface Profiles
Routing Protocol Interface Profile
External EPG
L3OUT Subnet Scope
External Subnets for External EPG (default)
Shared Security Import Subnet
Export Route Control Subnet
Import Route Control Subnet
Shared Route Control Subnet
Aggregate Export & Import
Aggregate Shared Routes
External Route Propagation
Multi-Protocol BGP Operation
Internal Bridge Domain Subnet Advertisement
Subnet Scope - Advertised Externally
Association of L3OUT to Bridge Domain
L3OUT ExtEPG Configuration
Filtering Using Route Profiles (Route Maps)
Contract Application to External EPG
Dynamic Routing Protocols in ACI
OSPF
OSPF Protocol Verification
EIGRP
EIGRP Protocol Verification
BGP
BGP Peer Configuration Options
BGP Protocol Verification
Static Routing with L3OUTs
ACI Transit Routing
VRF Route Tagging in ACI
Route Profiles (Route Maps)
Summary
Chapter 8: Service Chaining with L4-L7 Devices
To Use or Not to Use Service Insertion
Service Graph Overview
L4-L7 Device Deployment (Design) Modes
Traditional Service Graph Designs
Policy-Based Redirect Service Graph Designs
L4-L7 Policy-Based Redirect
VRF Sandwich vs. Policy-Based Redirect
Endpoint Learning for PBR Device
PBR Configuration and Verification
Service Bridge Domain(s)
L4-L7 PBR Policy
L4-L7 Device
Service Graph Templates
Applying a Service Graph Template to a Contract
PBR Service Graph Deployment Verification
PBR Contracts Programming
Traffic Flow Between EPGs with PBR
Symmetric PBR
Summary
Chapter 9: Integrating ACI with Virtualization and Container Platforms
Virtualization platform Integration
VMware Integration Overview
Access Policies for ESXi Hosts
To Use LLDP/CDP or Not to Use LLDP/CDP
ACI VMM Domain
vDS Uplink to ESXi Mapping
VMM Domain to EPG Binding
VM to Port Group Association
Container Integration to ACI
Kubernetes Platform Overview
Kubernetes Control Plane Components
Kubernetes Worker Node Components
Kubernetes Networking Overview
Preparing ACI and Kubernetes Integration
Kubernetes Server Nodes Network configuration
Kubernetes Installation
ACI CNI Components
Demo YELB Application with ACI L4-L7 Service Graph and EPG segmentation
Summary
Chapter 10: ACI Automation and Programmability
ACI Programmability Introduction
REST APIs
REST HTTP Response Codes
Data Encoding Formats
XML
JSON
YAML
ACI Object Model
Managed Object Discovery Tools
ACI Documentation
APIC URL/Debug Info
Save-As Feature
Visore
API Inspector
APIC CLI
ACI REST API
URL and Body Format
REST API Authentication
Direct REST API Access
Linux Command Line – cURL
Postman
Python Requests Library
Cobra Software Development Kit
Cobra SDK Installation
Using Cobra SDK for Querying and Creating ACI Objects
Automating ACI Using Ansible
Ansible Component Architecture
Playbook Structure
Inventory File
Ansible Variables
Ansible Roles
ACI Ansible Collection and Installation
Practical Example 1 – Create and Query ACI Objects
Practical Example 2 - CSV Based ACI Automation
YAML Tenant Structure Definition
BD and EPG Automation from CVS Data
Automating ACI Using Terraform
Terraform Config and State Files
Terraform Commands
terraform init
terraform plan
terraform apply
terraform destroy
ACI Terraform Provider Authentication Options
Terraform Config Drift
Sample Terraform Configuration File for ACI
Advanced ACI API Features
Presigned REST API Calls
ACI Object Subscriptions
Subscription Sample Python Application
Summary
Useful Cisco ACI Resources
Index

📜 SIMILAR VOLUMES

Cisco ACI: Zero to Hero: A Comprehensive
📁 Cisco ACI: Zero to Hero: A Comprehensive Guide to Cisco ACI Design, Implementation, Operation, and Troubleshooting
✍ Jan Janovic 📂 Library 📅 2022 🏛 Apress 🌐 English

<p><span>It doesn’t matter if you are completely new to Cisco ACI or you already have some experience with the technology, this book will guide you through the whole implementation lifecycle and provide you with a comprehensive toolset to become confident in any ACI-related task. </span></p><p><span

Cisco ACI Cookbook
📁 Cisco ACI Cookbook
✍ Stuart Fordham 📂 Library 📅 2017 🏛 Packt Publishing 🌐 English

<h4>Key Features</h4><ul><li>Confidently provision your virtual and physical infrastructure for application deployment</li><li>Integrate Cisco ACI with hypervisors and other third party devices</li><li>Packed with powerful recipes to automate your IT operations</li></ul><h4>Book Description</h4><p>C

Cisco IP telephony: planning, design, im
📁 Cisco IP telephony: planning, design, implementation, operation, and optimization
✍ Ramesh Kaza, Salman Asadullah 📂 Library 📅 2005 🏛 Cisco Press 🌐 English

Cisco IP Telephony: Planning, Design, Implementation, and Operation of the IP Telephony Network, is a guide for network engineers as they go through the deployment of a Cisco IP telephony (IPT) solution. Although an IPT system brings several benefits to an organization, understanding all the compone

Mastering 5G Network Design, Implementat
📁 Mastering 5G Network Design, Implementation, and Operations: A comprehensive guide to understanding, designing, deploying
✍ Shyam Varan Nath | Ananya Simlai | Oğuzhan Kara 📂 Library 📅 2023 🏛 Packt Publishing Pvt Ltd 🌐 English

Learn 5G network design and implement advanced apps using standalone, non-standalone, and private 5G networks with expert guidance from industry leaders Key Features Gain a comprehensive understanding of the 5G end-to-end network architecture Build a foundation to successfully design, implement

Cisco Switching Black Book: A Practical
📁 Cisco Switching Black Book: A Practical In-Depth Guide to Configuring, Operating and Managing Cisco LAN Switches
✍ Sean Odom, Hanson Nottingham 📂 Library 📅 2000 🏛 Coriolis Group Books 🌐 English

Written by experienced professionals, Coriolis Black Books provide immediate solutions to global programming and administrative challenges, helping you complete specific tasks, especially critical ones that are not well documented in other books. The Black Book’s unique two?part chapter format—thoro