We continue to see great interest and momentum around our Intelligent WAN solution but there is one thing we are hearing loud and clear from our customers; the need for better tools to configure and manage branch sites and associated WAN connections. For those of you familiar with Cisco’s Intelligent WAN there are four main business outcomes that the solution promises to deliver:
- Better Application Experience for Users
- Robust Secure Access for Applications and Users
- Lower IT Costs
- IT Simplicity for Increased Agility
Management falls into the IT Simplicity bucket and many times while presenting our Intelligent WAN solution customers are already thinking about how they are going to reconfigure their network into an Intelligent WAN. One of the main concerns is that the more sites you have the larger the task. Quite often there are limited or no IT resources at the branch and the thought of sending someone onsite (truck rolls) to change or reconfigure the branch router can be an expensive proposition. So what can you do to take advantage of the cost savings provided by an Intelligent WAN?
Read More »
Tags: ACI, APIC, APIC-EM, IWAN, IWAN App, IWAN Design Guide, Prime Infrastructure
In the world of Cisco ACI, there is never a shortage of excitement and action. Today, we are pleased to bring to your attention news about the latest Cisco APIC software release. If you wonder what’s hot of the press in APIC SW release 1.0(3f) for Nexus 9000 series ACI mode, there are quite a few.
The Stretched Fabric feature captures the headlines. For quite some time now customers have been asking for an ACI Fabric that can stretch across datacenters and over long distances. The new software allows for each leaf and spine, that participate in creating a fabric, to be located up to 30 KMs apart. It also removes the restriction for every leaf to be connected to all spines. Let us take a close peek at the stretched fabric feature.
Stretched ACI fabric is a single fabric. It is a partially meshed design that connects ACI leaf and spine switches distributed in multiple locations. Typically, an ACI fabric implementation is a single site where the full mesh design connects each leaf switch to each spine switch in the fabric. This yields the best throughput and convergence. In multi-site scenarios, full mesh connectivity may be not possible or may be too costly. Multiple sites, buildings, and rooms can span distances that are not serviceable by enough fiber connections, or are too costly to connect each leaf switch to each spine switch across the sites. Diagram below illustrates the stretched fabric architecture.
Transit Leaf Switch Guidelines
Transit leaf refers to the leaf switches that provide connectivity between two sites. Transit leaf switches connect to spine switches on both sites. There are no special requirements and no additional configurations required for transit leaf switches
The key benefits of stretched fabric include workload portability and VM mobility.The stretched ACI fabric behaves the same way as a regular ACI fabric, supporting full VMM integration. For example, one VMWare vCenter operates across the stretched ACI fabric sites. The ESXi hosts from both sites are managed by the same vCenter and Distributed Virtual Switch (DVS). They are stretched between the two sites.
The ACI switch and APIC software recover from various failure scenarios. Check out the failover scenario analysis for details.
Tags: ACI, APIC, Border leaf, Nexus 9000 Series Switches, stretched ACI Fabric, Transit leaf, WAN
When I first visited Milan last year in January, the occasion was Cisco Live and I was pleasantly surprised to learn that the Alpine city is known as much for its Hi-tech as it is for fashion and tradition. I am one of the lucky few in Cisco to be visiting this great city for a second year in row as Cisco Live Europe is all set to commence here next week. What is special this year? From a Cisco Data center standpoint ACI, Inter-Cloud, IOT and UCS continue to grab the headlines. Particularly, ACI has established itself as the dominant SDN technology with more than 1,000 plus N9K customers, 200 plus ACI customers and a growing eco-system of 34 partners in just one year. In this blog, I am going to present excerpts of what attendees can broadly expect to see and experience at the buzzing event, and I will take you on a tour of how ACI is ready to engage and enrich you.
At the outset, I’d recommend that you attend all keynotes to understand Cisco’s strategy for the emerging technology trends and market transitions. Cisco Execs Carlos Dominguez and Jeremy Bevan kick-start the proceedings with an opening keynote on Jan 27 as they review the amazing things we have achieved in building the internet over the last decade and look at what we must do to build an Internet fit for purpose for the next decade. Don’t miss several technology trends keynotes occurring on Jan27 and 28. Soni Jiandani’s session scheduled for Jan 28 on SDN/ACI topic is going to be a sell-out. Come and listen to Soni to understand how ACI enables business outcomes and IT automation through the creation of an agile infrastructure.
Now I want to segue to ACI specifics. The last year has been phenomenal from an ACI eco-system momentum standpoint. F5 and Citrix, leading ADC vendors, have developed joint solutions with ACI and we have experienced several customer wins and success stories. F5 is a platinum sponsor and has a big presence at Cisco Live Milan this year to delight the 8,000 plus attendees. At the world of solutions F5 has dedicated demo stations to showcase multiple Cisco ACI-F5 joint solutions (featuring both BIG IP and BIG IQ), and F5’s engineers will be happy to explain via whiteboard how these solutions are relevant to your needs. Vincent Ng from F5, an expert presenter, has a technical breakout session on Jan 27 featuring ACI-F5 joint solution. Vincent’s expertise spans hands-on demos alongside lucid architectural illustrations, so do not miss this session.
Citrix has been a regular platinum sponsor at Cisco Live events. This year at Cisco Live Milan, Citrix has a large booth presence in the partner area. The key activities at the booth include joint solution demos featuring UCS-XD/XA, ACI-NetScaler, Mobility and Cloud among other major ones. Besides, David Potter and Christian Hietzschold from Citrix are doing a presentation on topic, “Delivering the best in SDN and ACI integration solutions.” If you happen to be in the DevNet zone, you may want to check out Citrix’s short theater presentations to get a well-rounded view of our joint alliance.
A10 Networks and Radware both have a presence in the WOS, showcasing joint solutions with ACI, thereby providing further evidence for the fast growing ACI L4-L7 eco-system.
At the World of Solutions (WOS) this year, ACI and Cloud take center stage in the Data center category. There are 10 demos showcasing ACI innovations and 6 on the Data Center Networking front. We also have an “Ask the Expert- Solutions Design Center” where Cisco architects will help address your data center, cloud, ACI strategy and design questions to accelerate ROI and reduce TCO. The ACI demos cover broad customer interest areas such as Analytics/Telemetry/Visibility, popular Cloud Management Platforms such as Microsoft Azure and Open Stack, Support for Multi-Hypervisors, Secure Application deployment etc. Our ACI subject matter experts will be on site to give you a real-life demo and explain how these are relevant to your needs.
We also have Hands-on labs at the WOS that give you the opportunity to explore and evaluate a range of Cisco technologies, and our Meet the Engineer and Technical Solution Clinics give you access to the people who design Cisco’s solutions and give you the insight you need about your own environment and technical challenges. So stop by the WOS to explore new technologies and get answers to your unique questions.
In addition to the hands-on demos, we also have round the clock mini-presentations at the WOS Cisco Theater. This year we have three innovative ACI theater topics namely “Simplifying day-0, day-1, day-2 operations with ACI”, “Securing Applications with ACI” and “NX-OS Programmability and Automation”. The special draw at the WOS Theater is the topic of “Simplifying Operations with ACI”. This presentation will cover how application deployment can be accelerated and how easy it is to troubleshoot problems with ACI. To satisfy your broader interests we also have theater sessions on UCS, Cloud and Nexus switching portfolio. Check our WOS Theater roster in the agenda handout.
To your heart’s delight is how I’ll describe Cisco technical breakout sessions. Yes, we have more than 500 breakouts from industry recognized experts at the show. ACI breakouts feature prominently and ACI domain experts Carlos Pereira, Mike Cohen, Mike Herbert, Maurizio Portolani all co-present Jan 26 on topic ‘ACI-Policy Driven Data Center”. This session ranks at the top for me. If you are an Open Stack fan then you must look into the session “APIC Integration with Open Stack” presented by Sebastian Jeuk and Lijun Deng. Harry Petty is doing an ACI operations focused session PSODCT-2455. Data Center operators focused on tenant on-boarding, application monitoring and trouble-shooting will find this session very relevant, so mark this as a must-attend. There are many more breakouts and Lab sessions on ACI, and check out the session catalog for details. Another insightful breakout session PSODCT-1200 by Craig Huitema focuses on the Nexus switching portfolio and ACI and how together they enable a faster, responsive and flexible IT.
As a Cisco Live attendee you benefit from the opportunity to interact with your peers, Cisco staff and partner technical experts in both structured and informal settings. Our Welcome Reception and Customer Appreciation Event are the highlights of the week’s social calendar. Read more on the Social Events & Networking Onsite section. Our online communities on Facebook and Twitter provide year round access to like-minded individuals as well as valuable content, news and updates. We’d love it if you would join the conversation.
I can go on and on, but I’d never be able to cover all of the excitement in store. I’d leave some for you to explore on your own and our Meet and Greet ambassadors will be more than happy to assist you at the show. As for me, if time permits, I am planning on acquainting myself with some of the legendary artworks of MichelAngelo. Safe travels and a happy Cisco Live.
Tags: ACI, ACI and Open Stack, ACI architecture, ACI operations, APIC, Citrix NetScaler, DevNet Zone, F5 BIG IP, IoT, Nexus portfolio
Cisco is announcing another important strategic partner to its list of ACI-compliant vendors with the addition of the Check Point Next Generation Security Gateway to the ecosystem. A couple months ago I wrote about the inherent security architecture in ACI (Security for an Application Centric World), and now the Check Point solutions fit right into that framework as an alternative to Cisco security solutions. Essentially, this means that the ACI controller, APIC, can now configure the application network to include the insertion and provisioning of Check Point virtual and physical security gateways as it does other Layer 4-7 application services and security appliances. The availability of the Check Point solutions will offer customers greater choice and flexibility while underscoring the open, multi-vendor approach of ACI.
[Note: Check Point will be participating in our upcoming ACI Webcast event: “Is Your Data Center Ready for the Application Economy”, January 13, 2015, 9 AM PT, Noon ET, featuring ACI customers and several other key ACI technology partners. Register here.]
In scalable, multitenant cloud environments with flexible resource placement, almost every workload must be secured from every other workload, with detailed security policies enabled between workloads in an application network: a concept called micro-segmentation. This level of security policy detail can become tedious to manage on an application-by-application basis. It also can potentially restrict workload mobility and the ways that applications can be deployed in the cloud.
Cisco ACI policies abstract the network, devices, and services into a hierarchical, logical object model. In this model, administrators specify the Layer 4 through Layer 7 services (firewalls, load balancers, etc.) that are applied, the kind of traffic to which they are applied, and the traffic that is permitted. These services can be chained together and are presented to application developers as a single object with simple input and output. Connection of application-tier objects and server objects creates an application network profile (ANP). When this ANP is applied to the network, the devices are told to configure themselves to support it. Tier objects can be groups of hundreds of servers, or just one device; the same policies are applied to all the objects in a single configuration step (see below).
The Application Profile Defines Security and Application Policies for Application Networks, and Cisco APIC Manages and Provisions Security Resources in the Fabric, Such as a Check Point Firewall, with the Right Policies for Each Application, at the Right Location
The integration with Check Point Next Generation Security Gateway provides automated security provisioning and a full range of security protections and threat-prevention capabilities in a highly dynamic and agile Cisco ACI environment. Check Point Security Gateways can be deployed as physical or virtual solutions and address today’s ever-changing threat landscape with a modular and dynamic security architecture.
Read More »
Tags: APIC, application centric infrastructure, Check Point, Cisco ACI, IPS, Nexus 9000, security
[Note: Register today for our upcoming live ACI webcast: “Is Your Data Center Ready for the Application Economy”, January 13, 2015, 9 AM PT, Noon ET, featuring ACI customers and several key ACI technology partners.]
At the most recent Gartner Data Center Conference in Las Vegas, after some insightful discussions with customers and analysts, we came up with a great demo idea and proof point that highlights a key feature in our Application Centric Infrastructure (ACI) platform. This particular demo centers on the unique visibility of the ACI Fabric to faults in the underlying physical network.
Joe Onisick, Principal Engineer in the ACI team at Cisco, compares this ability in ACI to SDN technologies that employ only virtual overlay networks in the following video. With overlay networks, such as a VXLAN tunnel, the resulting virtual network (and all the management and analytics tools) has a much harder time isolating faults within the physical infrastructure. The overlay is designed to “tunnel” through the physical network, simplifying and obscuring the physical topology and issues with any specific network node. Before going much further, I’ll let Joe provide the details in this quick, 3 minute video:
Read More »
Tags: ACI, APIC, application centric infrastructure, SDN, VXLAN