Network Automation with ACI – a NetOps Example
I’d like to talk about Cisco Application Centric Infrastructure (ACI), and focus on one of the most important steps that Data Center IT teams take on the journey to achieve full automation and deliver agility, security, and efficiency deploying and managing applications. This step – Network Automation – is a key piece in this journey because it connects every component required to run an application: the servers, storage, other networks, and necessary services to secure and scale applications.
With Cisco ACI, customers can choose the operational model that suits them best – network automation, services automation, or full application based automation.(Figure 1). When customers have existing applications and networks, the first step, a network centric operational mode for ACI, can be the simplest. It’s easy to map existing network constructs to an ACI model and quickly yield benefits.
Figure 1 Operational Choice in the Journey to Application Centric Automation
Every network engineer and network operations leader can benefit almost immediately from the centralized management, simplification, and efficiency that automating switch and network management tasks with ACI can bring.
Let me provide you an example with an application written to simplify migrating legacy networks (using VLANs) onto an ACI fabric (which is better suited to today’s East/West data center traffic patterns). VLANs are used for isolation in data center networks and network operations teams need a simple way to deploy classical VLAN networks. With that need understood, Cisco network engineers created an ACI application called NCAplus (Figure 2).
Figure 2 NCAplus
The purpose of NCAplus was to create a portal that simplifies Layer 2 network operations in the datacenter. Leveraging the programmatic philosophy of ACI, the tool is able to automate traditional network constructs like port channels, virtual port channels, VLAN assignments and more. Older API interfaces that just provide a “view” to the CLI are not as powerful. The ACI RESTful API interface is capable of manipulating all members of the fabric as one single entity that makes it possible to create applications quicker. Instead of the application having to deal with individual components in the network, everything sits under the control of APIC that provides a robust programmatic interface to your network. These different facts made it possible to simplify the code for the application and deliver the application at speeds that match todays DevOps timeframes.
The tool can take network components and group them in such a way to provide the network operator visibility around business functions. Imagine being capable of seeing things instead of just VLANS, but in management domains as IP Phones, Cameras, IoT Sensors, wireless endpoints and more. These groups ( Figure 3 ) are associated in ACI as Tenants of the fabric and can then utilize the various domain management services inherit in the fabric to provide network status visibility to each of them.
Figure 3 NCAplus Groups
Once you have established the management groups, NCAplus can now create and map interfaces, port channels, virtual port channels under these groups mapped to VLANS in your classical Ethernet networks. NCAplus utilizes higher level constructs for naming VLAN networks to associate things with business functions (Figure 4). Instead of VLAN254 NCAplus makes it possible to name it “IP Phone network Bldg10”. And this would be visible in the entire ACI fabric using all the tools that ACI provides for operational awareness, simplifying the work of day two operations.
Figure 4 Network abstractions to classical ethernet networks
NCAplus was written by Santiago Flores, Rafael Muller, and Cesar Obediente in a couple weeks. It is project available on github (https://github.com/datacenter/NCAplus) with all the documentation you need to use it yourself. It was written using the ACI Cobra Software Development Kit (SDK) (https://github.com/datacenter/cobra) which provides a comprehensive set of open APIs for managing the 8,000+ managed objects available in the ACI object model. Beginning developers may prefer to start with the ACI Toolkit which is a basic toolkit for accessing the Cisco APIC (https://github.com/datacenter/acitoolkit). It is intended to allow users to quickly begin using the REST API and accelerate the learning curve necessary to begin using the APIC.
With the network automation approach, we can capture process knowledge in a repeatable model-based approach. This improves operational efficiency and eliminates manual errors for many tasks.
(Thanks to Cesar Obediente, Rafael Muller, and Mark Jackson for their inputs to this blog.)
For More Information
White paper on how to simplify adoption of SDN and migration to ACI: ACI – Network-Centric Approach.
Data Center open source applications at https://github.com/datacenter.
Cisco open source projects at http://opensource.cisco.com/projects.html
See these Cisco Live 2016 Las Vegas sessions: