Thanks to everyone who joined us for our August 15 DemoFriday with Cisco! Participants got an early look at Cisco’s Application Centric Infrastructure (ACI), rolled out just last month. Cisco Principal Engineer Bradley Wong walked us through a hands-on demo of the Cisco Application Policy Infrastructure Controller (APIC), the unifying point of automation and management for ACI.
Following the demo, Wong took questions from participants. You can read that Q&A below, watch the full presentation, or check out the teaser video and other resources below.
Will there be information on how this will tie into OpenDaylight?
Cisco: Yes, the group policy model is getting introduced in OpenDaylight. More details can be found on the OpenDaylight wiki page: https://wiki.opendaylight.org/view/Group_Policy:Main
Is there a migration guide or tool to integrate devices in the fabric?
Cisco: Soon to be published. Please check back here: http://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html
Is APIC available for partners to test?
Cisco: Yes, APIC is available for Cisco ATP and channel partners. Please contact your Cisco channel contact.
Do I need to procure the Nexus 9000 series switches to implement ACI? Or can I leverage my existing Nexus switches (7000 and/or 5000) to implement and virtualize my network environment?
Cisco: Today, ACI policy model is available for the Nexus 9000 Series Switches. The Nexus switches can be part of the ACI fabric, however the policy model support is expected to be supported in the future.
Will Cisco APIC talk to the Cisco Wide Area Application Engine (WAE)?
Cisco: Yes, we have integration planned in future releases.
Without channel partners in the loop, can startups and developers do value-added development with ACI?
Cisco: In open source initiatives, working group developers have an opportunity to collaborate and contribute to the APIC evolution. For more information please go here: https://developer.cisco.com/web/n9k/home
ACI will be opened up in Cisco Developer community, this is under work. https://communities.cisco.com/
APIC has a GUI to create and define application profiles. My company is a developer. Are there any use cases or opportunities to develop third-party applications on top of APIC? What kinds of applications? Any sample use cases?
Cisco: You can use orchestration tools (existing or user-defined apps) to define the application network profile. Examples are OpenStack, Microsoft Azure pack, UCS Director, etc.
How does Chef/Puppet integration work? Is there an agent on the APIC?
Cisco: Puppet is supported with the ACI Controller (APIC) now. Chef is on the roadmap.
Any plans to support OpenFlow 1.x?
Cisco: ACI is a superset of SDN OpenFlow, providing application networking and Layer 4-7 services automation. OpenFlow focuses on network flow automation. ACI takes it to the next level. It provides applications the network and Layer 4-7 constructs needed to deploy in a secure multitenant fashion.
Do you support 1:N HA clusters for APIC?
Cisco: Yes, Cisco APIC is clustered for High Availability (HA).
Where I can find detail about how to apply ACI ATP?
Cisco: The Cisco Advanced Technology Partner (ATP) program is for channel partners. http://www.cisco.com/web/partners/pr11/atp/application-centric/aci.html
For developers and technology partners, ACI access will be provided via Cisco Developer program and communities: https://communities.cisco.com
Is the automatic provisioning dependent on CDP or another Layer 2 protocol?
Cisco: CDP and LLDP are used to detect the data center components — hosts, storage, Layer 4-7 services. Automatic policy deployment is done where the endpoints appear.
Does ACI integrate with UCS Director? Or do I need to toggle back and forth between my virtualization portal (UCS Director) and a software defined portal (ACI)?
Cisco: Yes, UCSD will be integrated with ACI (planned release: 2H 2014). UCS Director is now the single pane to manage your ACI-based infrastructure. No toggling back and forth.
UCSD will provide you with the following use cases: Tenant on-boarding, application container definition (mapping to ACI Application Profile) and self-service portal.
Where can we get training on the deployment and administration of ACI infrastructure?
Cisco: We are rolling ACI training for partners and customers. ACI is available via Cisco training now.
Does the new switch you added, via the GUI, automatically get connected to the spine, and learned via LLDP? All of this by the APIC Controller?
Cisco: When new switches are added to the fabric, LLDP is utilized to discover them, and then APIC will automatically connect and deploy configuration to bring up the newly added node.
What exactly is the tenant being created? In the spine?
Cisco: The Tenant is the top level construct in Cisco APIC to denote the line of business or a department under which you create applications.
Tenant is a context that isolates all the applications below in a secure multitenancy mode in the fabric. The tenant context is distributed within the fabric where the endpoints appear (endpoints being VMs, L4-7 services, storage systems).
Where can I find the course schedule related to ACI training?
Cisco: ACI trainings are going live in early September for partners and customers, you will find the details here: http://www.cisco.com/web/learning/index.html
Wondering if this adds any CLI commands to the NX-OS of the spine and leaf Nexus 9000?
Cisco: The communication between APIC controller and fabric nodes (leaves) is REST with JSON/XML. No CLI is configured, only XML configuration.
What is the difference between AVS and Nexus 1000V?
Cisco: AVS is Nexus1000V specific for ACI.
You no longer have a VSM managing the VEMs. It is the APIC. The APIC manages the policy on the VEMs. You get full visibility (health score, atomic counters) and local policy can be done within the VEMs (future).
Can APIC integrate with Microsoft System Center?
Cisco: Yes. The Cisco APIC can integrate with SCVMM and Azure Pack. Please refer to this White Paper for additional details: http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/unified-fabric/solution-brief-c22-730005.pdf
You can find out more information here www.cisco.com/go/aci
Cisco: Complex applications can be provisioned automatically through the power of the ACI policy model. The EPG abstraction and the automation are not limited by complexity. Also, the distributed intelligence of the network itself is used to concretely render the policy intent defined through policy via the OpFlex open policy command protocol. This provides greater resiliency and scale while enabling vendors in the ecosystem to innovate.
So VXLAN encapsulation is using multicast in this environment?
Cisco: Yes, we use multicast through standard VXLAN behavior. The fabric encapsulates all traffic ingress into a normalized VXLAN inside the fabric.
Is this console meant to be for network guys, server guys, apps guys or all of the above?
Cisco: The ACI policy model is to unify the key personas in the data center — networking, security, application owners. Short answer: all of the above
If I want to implement ACI for complex data centers, does my engineer need to know Puppet or OnePK, or not (for complex or deep programming to the device)?
Cisco: Programmability is an essential skill set that network engineers will need to learn. You can deploy ACI using the GUI, but the key benefits will be when you deploy via automation scripts such as Python and Puppet.
How well does ACI play with anti-affinity rules then? What if we don’t want Pepsi and Coke sharing tenancy?
Cisco: Tenants are completely isolated. You have the option for them to use shared services (i.e. DNS and AD) if you choose. The secure multitenancy is intrinsically built into the ACI architecture. You get full isolation between the tenants with each tenant having their own networking context.
Any case studies for deploying ACI via automation tool such as Python, Puppet? What kinds of applications are they?
Cisco: Please refer to our white papers. http://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-listing.html
If I want to set up a small lab to demo ACI to the customer, what are the minimum requirements?
Cisco: Minimum requirements: one spine, one leaf, and one APIC controller for lab testing.
More details can be found here. http://blogs.cisco.com/datacenter/aci-fcs/