Cisco Blogs


Cisco Blog > Data Center and Cloud

The Benefits of an Application Policy Language in Cisco ACI: Part 3 – Group Policies

October 17, 2014 at 5:00 am PST

[Note: This is the third a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not. Part 1 | Part 2 | Part 4]

The Cisco ACI fabric is designed as an application-centric intelligent network. The Cisco APIC policy model is defined from the top down as a policy enforcement engine focused on the application itself and abstracting the networking functions underneath. The policy model unites with the advanced hardware capabilities of the Cisco ACI fabric underlying the business-application-focused control system.

The Cisco APIC policy object-oriented model is built on the distributed policy enforcement concepts for intelligent devices enabled by OpFlex and characterized by modern development and operations (DevOps) applications such as Puppet and Chef.

At the top level, the Cisco APIC policy model is built on a series of one or more tenants, which allows the network infrastructure administration and data flows to be segregated. Tenants can be customers, business units, or groups, depending on organization needs. Below tenants, the model provides a series of objects that define the application itself. These objects are endpoints and endpoint groups (EPGs) and the policies that define their relationships (see figure below). The relationship between two endpoints, which might be two virtual machines connected in a three-tier web application, can be implemented by routing traffic between the endpoints to firewalls and ADCs that enforce the appropriate security and quality of service (QoS) policies for the application and those endpoints.

Endpoint Group Policy

Endpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy ModelEndpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy Model

For a more thorough description of the Cisco ACI application policy model, please refer to this whitepaper, or this one more specifically on Endpoint Groups.

For this discussion, the important feature to notice is the way that Cisco ACI policies are applied to application endpoints (physical and virtual workloads) and to EPGs. Configuration of individual network devices is ancillary to the requirements of the application and workloads. Individual devices do not require programmatic control as in prior SDN models, but are orchestrated according to the centrally defined and managed policies and according to application policies.

This model is catching hold in the industry and in the open source community. The OpenStack organization has begun work on including group-based policies to extend the OpenStack Neutron API for network orchestration with a declarative policy-based model based closely on EPG policies from Cisco ACI. (Note: “Declarative” refers to the orchestration model in which control is distributed to intelligent devices based on centralized policies, in contrast to retaining per-flow management control within the controller itself.)

Read More »

Tags: , , , , , , , ,

The Benefits of an Application Policy Language in Cisco ACI: Part 2 – The OpFlex Protocol

October 14, 2014 at 5:00 am PST

[Note: This is the second of a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not.  Part 1 | Part 3 | Part 4]

Following on from the first part of our series, this blog post takes a closer look at some of these architectural components of Cisco ACI and the VMware NSX software overlay solution to quantify the advantages of Cisco’s application-centric policies and demonstrate how the architecture supports greater scale and more robust IT automation.

As called for in the requirements listed in the previous section, Cisco ACI is an open architecture that includes the policy controller and policy repository (Cisco APIC), infrastructure nodes (network devices, virtual switches, network services, etc.) under Cisco APIC control, and a protocol communication between Cisco APIC and the infrastructure. For Cisco ACI, that protocol is OpFlex.

OpFlex was designed with the Cisco ACI policy model and cloud automation objectives in mind, including important features that other SDN protocols could not deliver. OpFlex supports the Cisco ACI approach of separating the application policy from the network and infrastructure, but not the control plane itself. This approach provides the desired centralization of policy management, allowing automation of the entire infrastructure without limiting scalability through a centralized control point or creating a single point of catastrophic failure. Through Cisco ACI and OpFlex, the control engines are distributed, essentially staying with the infrastructure nodes that enforce the policies.

Read More »

Tags: , , , , , , ,

Learn How to Transform your Network with Cisco Innovations at MEF GEN14!!

October 13, 2014 at 5:45 pm PST

By Gina Nienaber, Marketing Manager, SP Product and Solutions Marketing  gina

Cisco is a sponsor of a new show this year, the Metro Ethernet Forum Global Ethernet Network 2014 show or “MEF GEN 14” to be held on November 17-20th, at the Gaylord National in Washington, DC. The event promises to bring together leading industry experts to define the future of global networking. Distinguished Cisco specialists will be available to discuss business transformation through industry leading innovations such as Software Defined Network (SDN), Network Function Virtualization (NFV), Service Orchestration and Carrier Ethernet 2.0.

MEF GEN 14

On Monday, 17 November, at 1:00 PM, Cisco will host a “MUST ATTEND” pre-conference workshop for our customers where we will share new innovations that will change how service providers plan, deploy, and operate programmable Carrier Ethernet networks. Read More »

Tags: , , , , , , , , , , , , ,

Cox Communications and Cisco Jointly Present on Innovations in Network Monetization and Optimization

Project Illustrates How Software Defined Network (SDN) and Network Functions Virtualization (NFV) Work in Concert to Enhance How Networks are Designed, Operated, and Monetized

Last week, I blogged about some joint research with Cox Communications related to our Evolved Services Platform (ESP) and NFV efforts. Another collaborative took place at the Society of Cable Telecommunications Engineers (SCTE) at their Cable-Tec Expo 14 event in Denver.

Loukas Paraschis, a Technology Solutions Architect at Cisco, co-wrote a paper (entitled SDN and NFV in Business Services) with Mazen Khaddam, Principal Lead Network Architect at Cox Atlanta.

SDN and NFV Value in Business Services: Innovations in Network Monetization and Optimization from Cisco Service Provider

The paper provides a comprehensive summary of Cisco’s SDN, NFV, and open source vision with the Cisco Evolved Services Platform (ESP). It specifically validates the service provider’s need for solutions that provide desired business outcomes for applications running across multiple domains (such as WAN and data center), and provides detailed use cases for the WAN Automation Engine (WAE).

The paper Read More »

Tags: , , , , , , , , , ,

Cisco at the Fall ’14 PONC, Oct 28-30, Baveno Italy – Informative Workshops

By Leonard Luna, Senior Marketing Manager, Cisco Service Provider Solutionsheadshot-resized-sp360

The Fall ’14 Cisco Packet Optical Networking Conference (PONC) is quickly approaching – October 28-30 in Baveno & Vimercate, Italy.  Don’t miss this opportunity to participate in this highly compelling and informative event (To learn more visit the Cisco PONC Series webpage).

If you are a PONC veteran, then you appreciate the value of this event – an opportunity to network with industry peers, hear directly from carriers leading the convergence evolution, see the latest technology innovations, and to have your voice heard.

If this will be your first PONC, then let me prepare you for this compelling event.

Cisco conducts this three day event twice a year –in the spring in San Jose California, and in the fall near its facilities in Vimercate, Italy.  Read More »

Tags: , , , , , , ,