Cisco, in its quest to embrace programmability, has created what is called the ACI Toolkit, which is basically a combination of an NX-OS like CLI and some custom python scripts. Although this toolkit doesn’t allow you to do all configurations within ACI, it can be used to create and show the common configuration and administrative actions that may be used daily. It’s also great for someone who is just starting to migrate to a more programmatic way of doing things, as it’s easily understandable to folks used to common networking commands.
If you’re not familiar with ACI, check out this short video to get a brief understanding of some of the basic constructs used and for a deeper dive go to www.cisco.com/go/aci. These concepts will help you to understand some of the configuration options available with the ACI Toolkit.
The toolkit’s python libraries are all available on GitHub.com and it’s fairly simple to access. All you need to do is open a terminal window on your computer and enter the following command:
git clone https://github.com/datacenter/Simple-ACI-Toolkit
This command will download the necessary libraries to use the ACI Toolkit syntax. Then to run CLI commands from your APIC type:
python acitoolkitcli.py -l admin -p password -u https://APIC_IP
This will connect you to your APIC so you may run commands that will help you build your application network profiles as shown in the three tier application in the picture above. We can do things such as switching tenants, creating contexts, creating bridge domains, and creating end point groups (EPGs).
Here are some examples of the common commands we might use to create these logical objects.
Switch to a tenant configuration mode:
- fabric# switchto tenant <tenant-name>
- fabric-tenant# switchback
Create a Context and don’t enforce contracts on it:
- fabric-tenant(config)# [no] context <context-name>
- fabric-tenant(config-ctx)# [no] allow-all
Create a bridge domain and assign it to a context:
- fabric-tenant(config)# [no] bridgedomain <bd-name>
- fabric-tenant(config-bd)# [no] context <context-name>
Create a subnet under the bridge domain:
- fabric-tenant(config-bd)# [no] ip address <ip-address>/<masklength> [name <subnet-name>]
As you can see from these examples the syntax will be very familiar to network engineers. We can also use the ACI Toolkit combined with the Python SDK to actually script these things. It makes scripting a little easier because we’re again using simpler syntax. Below is an example of configuring a tenant using Python in conjunction with the toolkit:
from acitoolkit import *
from credentials import *
tenant = Tenant (‘Customer1’)
context = Context (‘customer1-router’, tenant)
bd = BridgeDomain(‘BD1’, tenant)
app = AppProfile(‘web-and-ordering’, tenant)
vlan10 = EPG(‘VLAN10’, app )
vlan20 = EPG(‘VLAN20’, app )
Currently the ACI Toolkit may not be used to create service graphs, VMM Domains, SPAN, Atomic Counters, and or to see most telemetry and health score information. However, the toolkit still gives us a lot to work with and automate as far as basic configurations go. For more information please see the guide found here (http://datacenter.github.io/acitoolkit/).
Tags: ACI, Cisco, python, toolkit
Cancun in November is not your ideal spring break destination, but it feels that way as many of us are heading there next week as part of a big contingent to host Cisco Live Cancun 2014. Beyond fun and tourism, lots of excitement awaits Cisco customers on the technology front at Cancun next week.
Cisco Live Cancun 2014 offers two amazing keynotes, 100s of sessions, and the opportunity to network with many of Cisco’s premier partners among major attractions.
Rob Lloyd, Cisco President, kick-starts the event with a welcome address keynote Tuesday, Nov 4. Do not miss the keynote as you will get an insider’s perspective on how Cisco and partner companies will make the Internet of Everything (IOE) a reality, and how today’s emerging technologies will rewrite the rules for the way we connect and collaborate in the future. This year we also feature a Guest keynote on Wednesday, Nov 5, by Jon Steinberg, the CEO of MailOnline America as well as series of solution keynotes on different topics during the course of the event.
My focus for the rest of this blog will be on Application centric Infrastructure (ACI) and related key activities. I am sure most of you think of ACI as the most happening technology in today’s Data Centers, and therefore, are eagerly waiting for deep-dive ACI breakout sessions. I’d recommend Cisco Distinguished TME Maurizio’s breakout session on “Integration of Hypervisors and L4-7 Services into an ACI Fabric / Operations” as a must-attend. This session provides a technical introduction to how the ACI fabric handles single and multi-hypervisor environments and how the ACI controller provides integration into different Virtual Machine Management domains.
We are also featuring a multi-hour technical seminar on topic “ACI – Policy Driven Datacenter” complemented by a 2-hour breakout “End-to-End ACI by another Cisco Distinguished SE Carlos Pereira.
If you are challenged for time, we also have short duration ACI presentations at the Cisco Theater in the World of Solutions (WOS). The WOS opens on Tuesday, Nov 4 at 8 PM with a welcome reception. You can enjoy your time at the Cisco Theater where we feature non-stop 15 minute presentations on multiple topics including three repeating sessions on ACI. Specifically, there is a session on each of the following topics: Open ACI Eco-System, ACI for Campus and WAN, and ACI and SDN. This will give you an end-end perspective on ACI architecture and strategy.
As we have seen in other Cisco Live events, demos are a major draw at the WOS. This year’s event will include multiple demos including several ACI solutions with OpenStack, F5 and Citrix eco-system integration, Multi-hypervisor integration featuring VMware and Microsoft, and a number of other SDN solutions for Campus and WAN deployments.
Stop by our Cisco booth at the WOS to engage our subject matter experts for a deep-dive engagement. We can also do architectural white-boarding and walkthroughs to address your specific needs.
If you wondered about entertainment, well I read your mind. To celebrate with you, we are bringing an incredible band Starship at the customer appreciation event, on Thursday, Nov 6. It will be a night to remember.
We also offer in addition, Walk-in labs, a Cloud day featuring new trends in Cisco Intercloud (Monday, Nov 3), Industry summit on Internet of Everything trends (Tuesday, Nov 4), and a networking opportunity to meet the experts at the Expert Area in the Expo Center.
While at the event, follows us via social media on Twitter, Facebook and other outlets. It can be overwhelming to even a regular Cisco Live attendee as the list of activities is vast. If you are new, do not feel overwhelmed and I have been there myself. Our Information desk and reception ambassadors can make you feel at home and help you find the agenda activity of your interest throughout the event duration.
Well, I do not want to share all the fun and excitement and take away the spirit of adventure and discovery from you. Hope to see you at the event and safe travels.
Tags: ACI, ACI eco-system, ACI for campus and WAN, ACI-policy driven datacenter, Internet of Everything (IOE), l4-L7 integration with ACI
For those of you attending Microsoft TechEd Europe in Barcelona, you have an opportunity to hear how Microsoft and Cisco are collaborating to create a shared, elastic resource pool of storage, compute, and networking in Microsoft’s Cloud OS.
Maurizio Portolani, Distinguished Technical Marketing Engineer, will be joining Robert Reynolds, Principal PM Lead, Windows Azure Pack, Microsoft, during the main Windows Azure Pack session Tuesday to show how an application-oriented policy delivers operational simplicity for the infrastructure team and can provide a converged stack for key Microsoft applications.
Read More »
Tags: #TEE14, ACI, ACI Policy Model, Application Centric Networking, Cisco, Microsoft, Microsoft Tech Ed
It’s been almost a year since Cisco publicly unveiled its Application Centric Infrastructure (ACI). As we’ve noted in the past, ACI had to overcome a number of preconceived notions about Software Defined Networking (SDN), and without some detailed explanation, it was hard to get your head around how ACI worked and how it related to SDN. As we continue to clarify the message, there are still a number of ACI myths running around out there that we have to spend a good amount of time dispelling, so I thought I’d summarize them here. (Like Centralized Policy Management, Centralized Myth Handling can lead to greater efficiency and increased compliance. :-)).
1. MYTH: Cisco has limited software expertise and can’t deliver a true SDN solution because ACI requires Cisco switches (hardware) as well as the APIC controller (software).
REALITY: Cisco believes data centers require a solution that combines the flexibility of software with the performance and scalability of hardware. ACI is the first data center and cloud solution to offer full visibility and integrated management of both physical and virtual networked IT resources, all built around the policy requirements of the application. ACI delivers SDN, but goes well beyond it to also deliver policy-based automation.
2. MYTH: ACI requires an expensive “forklift upgrade”– Cisco customers must replace their existing Nexus switches with new ACI-capable switches.
REALITY: ACI is actually quite affordable due to the licensing model we use and because customers can extend ACI policy management to their entire data center by implementing a “pod” with a cost-effective ACI starter kit. On July 29, Cisco announced four ACI starter kits which are cost effective bundles that are ideal for proof-of-concept and lab deployments, and to create an ACI central policy “appliance” for existing Cisco Nexus 2000-7000 infrastructure to scale out private clouds using ACI. Customers who compare ACI to SDN software-only solutions discover that operational costs, roughly 75 percent of overall IT costs, are substantially lower with ACI — so the total cost of ownership is compelling. Along with the fact that the existing network infrastructure can still be leveraged.
3. MYTH: The ACI solution is not open; Cisco doesn’t do enough with the open community.
REALITY: Openness is a core tenet in ACI design. We see openness in three dimensions: open source, open standards, and open APIs. This naturally fosters an open ecosystem as well. Several partners like F5 and Citrix already are shipping device packs for joint deployments. Customers experience tremendous benefits when vendors come together to provide tightly integrated solutions engineered to work together out of the box.
ACI is designed to operate in heterogeneous data center environments with multiple vendors and multiple hypervisors. ACI supports an open ecosystem covering a broad range of Layer 4-7 services, orchestration platforms, and automation tools. One of the key drivers behind this ecosystem is OpFlex, an open standards initiative that helps customers achieve an intelligent, multivendor, policy-enabled infrastructure. Additionally, through contributions to OpenStack Neutron with our Group-Based Policy model, we are offering a fully open source policy API available to any OpenStack user. Cisco is also working with open source Linux vendors like Red Hat and Canonical to distribute an ACI Opflex agent for OVS, and contributing the Group-based Policy model to Open Daylight.
4. MYTH: Customers want SDN solutions for their data center networks, but ACI is not an SDN solution.
REALITY: We believe that SDN or even software defined data centers are not the sole results customers are looking for – it is the policy-based management and automation provided by ACI that delivers tremendous benefits to application deployment and troubleshooting– and provides a compelling TCO by cutting operational costs. Channel partners agree with us: a recent study by Baird Equity Research surveyed 60 channel solution providers and found that they would recommend the Nexus 9000 portfolio and ACI to their customers.
5. MYTH: Cisco can’t compete against cheap commodity “white box” switches – they are the future of data center networks.
REALITY: The truth is that only a handful of companies can effectively deploy white boxes because they require a great deal of operational management and troubleshooting, which is more expensive than the upfront costs of non-commodity hardware. Deutsche Bank published a report last year titled “Whitebox Switches Are Not Exactly a Bargain” which explains how the total cost equation changes when you take into account operational costs. In addition, white boxes don’t include the rich features and capabilities that most companies want. Channel solution providers know this very well. The same Baird Equity Research study of 60 channel solution providers cited above indicated that only 2% would recommend NSX running on white-box or non-Cisco networking gear.
In the data center, “one size does not fit all”, so Cisco offers a variety of switch configurations to match customer needs. For example, customers can start with merchant silicon-based line cards and migrate to an ACI environment with ACI-capable line cards and APIC, if and when they wish.
BOTTOM LINE: We believe that Cisco will continue to win with our partners in the data center by delivering innovation through a highly secure and application centric infrastructure. Through training, support, and new certifications, we are empowering over two million networking engineers and thousands of channel partners worldwide to succeed with ACI in the data center and cloud.
Tags: ACI, APIC, Application Centric Networking, Nexus 9000, Open Daylight, OpenStack, OpFlex, SDN
The tenth OpenStack release codenamed Juno was released on October 16, 2014. This press release provides a good summary of what to expect in Juno. It also discusses important new capabilities included in the more than 340 new enhancements built in to Juno and highlights different usecases that showcase the diversity of workloads supported on OpenStack.
In the first part of the Cisco and Openstack Juno Release blog, I covered Cisco’s OpenStack team contributions to the Neutron project. Here I’ll provide details of our contributions to other OpenStack projects as well highlight our development efforts on StackForge. Cisco was the sixth top code reviewer for the Juno release across all projects in Juno release and is Foundation’s fifth largest company in terms of OpenStack membership.
This Nova blueprint was completed in Juno and provides support for configuration and provisioning of instances with SR-IOV port connectivity. The implementation generates SR-IOV specific libvirt domain and network configuration XML for the instances as well as includes the capability to schedule instances based on the compute nodes SR-IOV capabilities. One of the key use-cases for SR-IOV is Network Function Virtualization (NFV) that requires high performance traffic throughput in and out of a virtual machine providing network services (Virtual Network Function or VNF).
We proposed and implemented support for metering Network Services in Neutron using Ceilometer. This included new pollsters and notification handlers for Load Balancer as a Service (LBaaS), Firewall as a Service (FWaaS) and VPN as a Service (VPNaaS). The metrics are categorized into Provider or Service Level, providing different level of details. Provider level metrics help determine the type of implementation and its feature, whereas the Service level metrics provide more granular metric details on the service health and consumption. Separately, instance metrics were enhanced as part of this blueprint to support read and write metrics per instance disk device.
In the Cinder project, Fibre Channel Zone Manager allows FC SAN Zone/Access control management in conjunction with Fibre Channel block storage. It has a pluggable architecture and we contributed the Cisco FC Zoning plugin that automates creation, deletion and modification of zones in zonesets. Zones are configured automatically as part of the active zone set for the specified VSAN in the FC SAN to provide a more flexible and secure way of controlling access.
Enhancements to Horizon to enable configuration of IPv6 subnet modes is also part of the Juno release. This allows tenants to configure address and Route Advertisement (ra) mode for their subnets through the user dashboard. Neutron supports multiple IPv6 address configuration modes including SLAAC and DHCPv6 (both Stateful and Stateless modes).
The Cisco OpenStack team has been actively developing across different projects on StackForge as well. This provides an excellent platform for OpenStack related projects to make use of OpenStack project infrastructure and also continue to collaborate in the open.
OpenStack Services Puppet Modules -- One of challenges that we hear about from our OpenStack customers is how to make OpenStack more manageable and deployable. There are several different deployment options for OpenStack and we have tremendous experience with automating the underlying system and service configuration via Puppet. We work with customers, partners and the community to enhance Puppet modules for OpenStack services and integrate with Cisco infrastructure as well. We also recently announced, in collaboration with RedHat, Cisco UCS Integrated Infrastructure that combines Cisco’s server, switching and management technologies with Red Hat’s enterprise-grade OpenStack platform.
Group Based Policy (GBP)– Currently staged on StackForge, this project aims to provide policy abstractions that extend the current Neutron API resources and introduces a declarative policy driven connectivity model that presents application-oriented interfaces to the user. The Group Based Policy framework implementation provides the flexibility for new API resources – End Points, End Point Groups, Contracts and Classifiers – that can be mapped to existing Neutron resources or passed directly to a third party controller. In addition to a mapping driver that supports all existing Neutron plugins, Cisco will also be releasing a driver to directly integrate GBP with its Application Policy Infrastructure Controller.
Nova Solver Scheduler – For resolving complex constraints based on policies and business rules, we have been collaborating with the community to develop a smart Nova Scheduler driver that models compute placement as a supply and demand problem. The intent is for the Solver Scheduler to integrate with the Gantt project that is aiming to separate out the Nova scheduler as a standalone project.
Cisco’s OpenStack team contributions are across numerous projects in OpenStack. Our aim is to work with the community, with our customers and partners to enable more successful OpenStack User Stories, resulting in a win-win situation. We are going to be presenting several general sessions that were selected as part of the community voting process at the upcoming Kilo Summit in Paris. You can find more details in this blog post and we look forward to seeing you there!
You can also download OpenStack Cisco Validated Designs, White papers, and more at www.cisco.com/go/openstack
Tags: ACI, Cinder, Cisco, horizon, IPv6, NOVA, OpenStack, Puppet, StackForge