Professional Documents
Culture Documents
ACI_Acceleration_Advanced_V1.0
ACI_Acceleration_Advanced_V1.0
Modules
1 ACI Recap
5 Nexus Dashboard Orchestrator
Your central place for connectivity & policy control
3 ACI Multi-Pod
Extending the Metro Area 7 L4-L7 Services and Other Considerations
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Day 1 Module 1
Why ACI?
ACI Fabric
• Centralized Management
• Policy-based Segmentation
• Built-in Multi-Tenancy
• Zero Trust Architecture
• Automated Fabric Bring up
• Anycast Gateway
APICs
Fully Automated
BGP RR SPINES
MP-BGP
IS-IS
VXLAN
Overlay-1 VRF
Route LEAVES
Route Redistribution
Advertise internal VXLAN Encap/Decap
Redistribution BD Subnets routesinto
externally
ACI
(via border Leaf)
Physical Network
External Routes Access Policies - L3 Domain
67.0.0.0/8 Logical Network
68.0.0.0/8
L3 Out (OSPF/BGP/EIGRP peering, static route via a specific port)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential L3 Out External EPG (prefix classification)
What are the differences?
Review
L3Out
IP and Mac Address associated EPG EPG
External L3 Prefixes associated
& redistributed inside the ACI fabric
0.0.0.0/0
200.100.0.0/16
15.10.24.0/24
Bare-metal
DB
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
* ACI 4.2 and later has ARP flooding enabled by default for every BD. ARP Flooding should be enabled for previous versions
Day 1 Module 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing
ACI Anywhere
Cisco ACI Anywhere
Any workload, any location, any cloud
ACI Anywhere
Remote Leaf / ACI Mini APIC Single Site / Multi- Multi-Cloud Extensions
Pod / Multi-Site
IP IP
WAN WAN
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Anywhere: Extend the simplicity
Multiple locations managed from a single point
ACI 6.x
ACI 5.2
ACI 4.2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Day 1 Module 3
Nexus Dashboard
Orchestrator
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
An ACI Site is represented by an APIC Cluster
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Multi-Pod
Any Routed Network
(IPN)
Other Rooms/Data Centers
Active-Active Data Centers
Pod N
Single Management Domain
Pod 1 Pod 2
(All Pods)
High level of control needed for Short distances (50ms RTT required) Single APIC cluster
IPN: Multicast and MTU Scales up to 12 Pods / 500 total leafs Automated L2 DCI VXLAN extension
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Supported ACI Multi-Pod topologies
Intra-data center
10G*/40G/100G/400G 10G*/40G/100G/400G
Pod 1 Pod n
APIC Cluster
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
* 10G only with QSA adapters on EX spines
Supported ACI Multi-Pod topologies
Two data center sites directly connected
Pod 1 Pod 2
APIC Cluster
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Supported ACI Multi-Pod topologies
Three data center sites directly connected
Pod 1 Pod 2
10G*/40G/100G/400G
Pod 3
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Supported ACI Multi-Pod topologies
Multiple pods interconnected by a generic L3 network
10G*/40G/100G/400G 10G*/40G/100G/400G
MPLS or SP Cloud
10G*/40G/100G/400G
10G*/40G/100G/400G (up to 50 msec RTT)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Any Routed
Network (IPN)
Multi-Pod ACI Pod 2
On-Prem
(with IPN)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Any Routed
Network (IPN)
Multi-Pod ACI Pod 2
On-Prem
(with IPN)
Spine-IPN IP addresses
VTEPs
Managed and configured
APIC internal IPs
automatically by APIC Spine Nodes (from TEP Pool)
Loopbacks
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Any Routed
Network (IPN)
Multi-Pod ACI
On-Prem
(with IPN)
DHCP Request
Managed and configured
automatically by APIC Spine Nodes Spine Nodes
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Any Routed
Network (IPN)
Multi-Pod ACI Pod 2
On-Prem
(with IPN)
Spine-IPN IP addresses
VTEPs
Managed and configured
APIC internal IPs
automatically by APIC Spine Nodes (from TEP Pool)
Loopbacks
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Any Routed
Network (IPN)
Multi-Pod ACI
On-Prem DHCP Relay to APICs
(with IPN)
Internal IPs:
10.0.0.1 | 10.0.0.2 | 10.0.0.3
Pod 1 Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Any Routed
Network (IPN)
Multi-Pod ACI
On-Prem
(with IPN)
Pod 2
New nodes
Spine 103:discovered!
10.1.0.10
Spine 104: 10.1.0.11 TEP Pool Pod 1: 10.0.0.0/16
TEP Pool Pod 2: 10.1.0.0/16
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Any Routed
Network (IPN)
Multi-Pod ACI
On-Prem
(with IPN)
Underlay
L2 Extension
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MP-BGP EVPN VXLAN
Where is 1.1.1.3?
It’s me! Store my EP
Flood/HW Proxy
info in your EP Tables
1.1.1.2 1.1.1.3
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Any Routed
Network (IPN)
Multi-Pod ACI
On-Prem
(with IPN)
Underlay
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
L2 Extension
Multi-Pod ACI
On-Prem IPN
(with IPN)
EVPN VXLAN
Spine
Nodes
E E
Objectives
1.1.1.2 1.1.1.3
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Pod ACI
1 Setup IPN
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
33
Multi-Pod ACI
E1/51.4
E1/61 E1/61
E1/31 E1/31
Pod 1 Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
34
Multi-Pod ACI
DHCP Relay
E1/51.4
172.16.113.0/24
172.16.112.0/24
172.16.111.0/24
172.16.114.0/24
E1/61 E1/61
.1 E1/31 .1 E1/31
APICs Internal IPs:
10.1.0.1
10.1.0.2
Spine Spine Spine Spine
10.1.0.3
101 102 103 104
Pod 1 Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
35
Multi-Pod ACI
1 Setup IPN
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
36
Multi-Pod ACI
N9K-IPN-Site-1
E1/53.4 E1/52.4
2
NX-OS Manual
Run the Multipod Wizard Configuration
E1/54.4
E1/51.4
E1/61 E1/61
E1/31 E1/31
Pod 1 Pod 2
Leaf Leaf Leaf
201 202 203
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
37
Multi-Pod ACI
N9K-IPN-Site-1
E1/53.4 E1/52.4
2
NX-OS Manual
Run the Multipod Wizard Configuration
E1/54.4
E1/51.4
MP-BGP EVPN VXLAN
Twice OSPF OSPF
E1/61 E1/61
E1/31 E1/31
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
38
Multi-Pod ACI
N9K-IPN-Site-1
NX-OS Manual
Pod 1 Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
41
Multi-Pod ACI
N9K-IPN-Site-1
External TEP Pools NX-OS Manual
Configuration
Pod 1: 172.16.100.0/24
Pod 2: 172.16.200.0/24
Pod 1 Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
42
Multi-Pod ACI
N9K-IPN-Site-1
External TEP Pools NX-OS Manual
Configuration
Pod 1: 172.16.100.0/24
Pod 2: 172.16.200.0/24
Pod 1 Pod 2
Leaf Leaf Leaf
201 202 203
1.1.1.0/24
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
43
Multi-Pod ACI
N9K-IPN-Site-1
E1/53.4 E1/52.4
2
NX-OS Manual
Run the Multipod Wizard Configuration
E1/54.4
E1/51.4
E1/61 E1/61
E1/31 E1/31
Pod 1 Pod 2
Leaf Leaf Leaf
201 202 203
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
44
Multi-Pod ACI
N9K-IPN-Site-1
E1/54.4
2
E1/52.4
Area 0
Type P2P
E1/31 E1/31
Spine Spine
103 104
Leaf
203
Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Pod ACI
DHCP Relay
E1/51.4
172.16.113.0/24
172.16.112.0/24
172.16.111.0/24
172.16.114.0/24
E1/61 E1/61
.1 E1/31 .1 E1/31
APICs Internal IPs:
DHCP Requests
10.1.0.1
10.1.0.2
Spine Spine Spine Spine
10.1.0.3
101 102 103 104
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
46
Multi-Pod ACI
DHCP Relay
E1/51.4
172.16.113.0/24
172.16.112.0/24
172.16.111.0/24
172.16.114.0/24
E1/61 E1/61
.1 E1/31 .1 E1/31
APICs Internal IPs:
10.1.0.1
10.1.0.2
Spine Spine Spine Spine
10.1.0.3
101 102 103 104
Pod 1 Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
47
Multi-Pod ACI
N9K-IPN-Site-1
External TEP Pools NX-OS Manual
Configuration
Pod 1 - 172.16.100.0/24
Pod 2 – 172.16.200.0/24
BGP Peers
EVPN VXLAN
Router-ID (1 per Spine)
Pod 1 Pod 2
Leaf Leaf Leaf
201 202 203
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
48
Multi-Pod ACI
1 Setup IPN
3 Test connectivity
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
49
Multi-Pod ACI
On-Prem
(with IPN)
L2VXLAN
Extension
L3
Pod 1 Pod 2
Our Objective
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Back-to-Back
2 pods maximum
Multi-Pod ACI
On-Prem
ACI 5.2(3)+
OSPF
Spine
Leaf
Pod 1 Pod 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Back-to-Back With Inter-Pod Network (IPN)
2 pods maximum 12 pods maximum
Multi-Pod ACI
On-Prem
ACI 5.2(3)+
Leaf Leaf
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Summary
1 2
Extend | Migrate Consistent & Centralized
• Active-Active Data Centers • Same policy across all pods
• Active-Standby Data Centers • Reuse configurations on all pods
• Data Center Availability Zones • Back-to-Back or IPN options
• Connect different rooms • Up to 12 Pods
• RTT < 50 ms • PIM Bi-Dir requirement on IPN
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Day 1 Module 4
Brownfield DC
VM
Pod 1
RL
(Main DC)
Edge Compute
RL
Co-Location
MTU, OSPF, and DHCP Relay <= 300 ms RTT, 100M+ BW On-premises APIC not required
Multicast is not required Up to 64 Remote Leaf Pairs Automated L2 VXLAN extension
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Remote Leaf
Architecture Overview
Remote location contains Cisco Nexus® 9300 switches
connected to IP network and fully managed by APIC
cluster at the main data center
IP Network L2/L3
APIC and Spine Nodes remain at
main data center
vSwitch
Hypervisor
`
Bare
Leaf Metal
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Remote Leaf use-cases
vSwitch Bare-
Hypervisor Metal
PBR
ACI Main DC Remote Location
*Data plane and control plane independency from main Pod
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI 4.1.2+
Bare
`Metal
IP Network
vSwitch
Hypervisor
Bare
Metal
IP Network
Leaf
Remote Leaf Location – APICs
Remote Leaf Location –
Pod 1 Pod 2
ACI 3.1 30
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Day 1 Module 5
…..
Site 1 Site 2 Site n
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
NDO Schemas and Templates
Schema
§ Template = ACI policy definition Lives only in Site 1 Lives in Site 1 and Site 2
Tenant1 Tenant1
(ANP, EPGs, BDs, VRFs, etc.) Stretched
Template
§ Schema = container of Templates sharing a
common use-case
• As an example, a schema can be dedicated to a
Tenant
§ The template is currently the atomic unit of
change for policies
• Such policies are concurrently pushed to one or
more sites
Site 1 Site 2
§ Scope of change: policies in different
EFFECTIVE
templates can be pushed to separate sites at EFFECTIVE
POLICY POLICY
different times
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
NDO Schema and Templates
EPG1 BD1 EPG2 BD2 § All objects defined inside a schema are visible and can be
referenced via the drop-down list
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Nexus Dashboard Orchestrator
Green and Brown Field Flexibility
Site 1
Site 1 Site 1 Site 1
Site 2
Site 2 Site 2 Site 2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Day 1 Module 6
MP-BGP - EVPN
Site 1 Site 2
…
Nexus
Dashboard
Orchestrator
GUI
Region 1 Region 2
Single Multi-Site Orchestrator domain
• Separate ACI Fabrics with independentAPIC clusters • Standard MP-BGP EVPN control plane between sites
• Nexus Dashboard Orchestrator is your central point for inter-site • Consistent Data plane VXLAN encapsulation across sites
connectivity and for designing / deploying policy across sites • L3 or L2 stretching across sites is possible
• Longer distances (<1s RTT max from NDO - APIC); up to 12 sites • No latency limitation between fabrics
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site Use Cases
Scale-up model to build a large intra-DC
Data Center Interconnect (DCI)
network (above 400 leaf nodes)
Delhi
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
Software and Hardware Requirements
• Support all ACI leaf switches (1st Generation, -EX and -FX) Can have only a subset of
Inter-Site Network spines connecting to the IP
• Only –EX spine (or newer) to connect to the ISN (ISN) network
NDO
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multi-Site Network Options
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
Layer 3 networking scenario
• Layer-3-only connectivity across sites • Bridge Domains and subnets not extended across sites
• No Layer 2 extension or flooding is allowed
Site 1 Site 2
Nexus
Dashboard
Orchestrator
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
Layer 3 networking scenario
• Inter-VRF communication source and destination bridge domains: Different VRF instances
• Intra-VRF communication source EPG and destination EPG: Different bridge domains
Nexus Dashboard
Orchestrator
Site 1 Site 2
Tenant-A
VRF1 VRF2
BD-Red and
Subnet 1 Contract C1
EPG-Red BD-Green and
Subnet 2
EPG-Green
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
Layer 2 networking scenario
• Layer 2 connectivity across sites without flooding
• No Layer 2 BUM flooding across sites
• Same IP subnet defined in separate sites
Site 1 Site 2
Nexus Dashboard
Orchestrator
IP Mobility
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
Layer 2 networking scenario
• Layer 2 connectivity across sites without flooding (logical view)
• Objects to be stretched across the sites
• Layer 2 broadcast flooding is localized at each site
Nexus Dashboard
Orchestrator
Contract
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
Layer 2 networking scenario
• Layer 2 connectivity across sites with flooding
• Broadcast flooding is enabled across Fabrics
• Tenant and VRF are stretched between sites
Site 1 Site 2
Nexus Dashboard
Orchestrator
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site
Layer 2 networking scenario
• Layer 2 connectivity across sites with flooding (logical view)
• BUM (Broadcast Unicast and Multicast) flooding is enabled across sites.
Nexus Dashboard
Orchestrator
Contract
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
MP-BGP EVPN VXLAN
(with ISN)
Spine
Managed & configured
by Nexus Dashboard Orchestrator Nodes
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MP-BGP EVPN VXLAN
(with ISN)
1-click encryption*
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential *Optional
Schema: Production Template: Stretched Network
Routed Network
(Underlay)
Physical Network Configuration Physical Network Configuration
Shadow EPGs and contracts automatically created ACI site 1 ACI site 2
Tokyo Sri Lanka
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Schema: Production Template Stretched Network
Nexus Dashboard
Logical Network Configuration Orchestrator
You may also import their objects in a template ACI site 1 ACI site 2
Tokyo Sri Lanka
This consolidates logical network management
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Schema: Production Template Stretched Network
On-Prem Tenant A EPGs Contracts Logical Network Configuration Tenant B EPGs Contracts
Nexus Dashboard
Logical Network Configuration Logical Network Configuration
Orchestrator
Routed Network
(Underlay)
Physical Network Configuration Physical Network Configuration
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CONFIGURATION
STEPS
Multi-Site ACI
Nexus Dashboard
Orchestrator
Automated Connectivity
Consistent Operations
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
88
Multi-Site ACI Business continuity/DR/DRaaS DC/Cloud Interconnect VM Mobility & Cloud Migration
Nexus Dashboard
Can be run as
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
* Roadmap
Multi-Site ACI
Nexus Dashboard
Orchestrator
Automated Connectivity
Consistent Operations
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
90
Nexus Dashboard
Orchestrator Multi-site ACI
Enable Multi-Site
Setup ISN (OSPF) & prepare
1 ACI Sites 2 Add ACI Sites to Orchestrator 3 Setup IP Addresses for BGP and
OSPF running on Spines
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Site ACI
It is recommended to preserve APIC
Setup ISN (OSPF) Any Routed CoS/DSCP marking in the ISN
Network (ISN)
E1/49
ISN is Manually configured 172.16.121.0/30 ISN First Hop
E1/51.4 E1/51.4
172.16.111.2/30 172.16.222.2/30
MTU 9000 MTU 9000
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Nexus Dashboard
Orchestrator Multi-site ACI Setup ISN
devices
Configure sub-interface (VLAN 4) for interface facing Spine(s) and increase MTU (all links)
Setup ISN (OSPF) & prepare
1 ACI Sites
Enable OSPF on sub-interface and in the external-facing ISN links (or re-distribute)
It is recommended to assign a specific VRF for ISN traffic in your ISN device
It is recommended to match the QoS CoS mappings from the ACI fabric
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Nexus Dashboard
Orchestrator Multi-site ACI
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Nexus Dashboard
Orchestrator Multi-site ACI Add Sites to Nexus
Dashboard Orchestrator
2 Add ACI Sites to NDO Provide the credentials for each site’s APIC in Nexus Dashboard
Pin each ACI Site’s location running on-prem into the map
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Nexus Dashboard
Orchestrator Multi-site ACI
Enable Multi-Site
1 Setup ISN (OSPF) 2 Add ACI Sites to NDO 3 Setup IP Addresses for BGP and
OSPF running on Spines
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Nexus Dashboard
Orchestrator Multi-site ACI Enable Multi-Site
Enable Multi-Site
3 Setup IP Addresses for BGP and
OSPF running on Spines
Enable Multi-Site on each Site
Configure anycast VTEP (unicast and multicast) & Router ID for MP-BGP and your Spine(s) OSPF L3 Out
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Site ACI MP-BGP EVPN VXLAN
Enable Multi-Site Any Routed
Network (ISN)
VTEP Pools/GiPO may be the same on each site ACI site 1 ACI site 2
Miami San Jose
Automated configuration will show on tenant infra (intersite VRF)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Site ACI
Nexus Dashboard
Orchestrator
Automated Connectivity
Consistent Operations
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
99
Schema Design (Typical Deployment)
One Template per Site, plus a ‘Stretched’ Template
Schema ACME Site 1
ANP1 VRF
BD7 C1 C2
EPG7
Contracts
ISN ISN
WAN WAN
§ BLs on each ACI site connect to a separate pair of WAN edge routers § BLs of different sites connect to a common pair of WAN edge
for communication with the WAN routers for communication with the WAN
§ Most common deployment model for ACI fabrics geographically § Typical deployment model when Multi-Site is used for scaling up
dispersed the fabric in a single DC location
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Problem Statement
Behavior before ACI Release 4.2(1)
Supported Design
✓ Not Supported Design
❌
Inter-Site Network Inter-Site Network
X
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Multi-Site and Intersite L3Out ACI 4.2(1)
Release
Supported Scenarios
WAN, Mainframes,
WAN
FW/SLB, etc…
WAN
WAN, Mainframes, WAN, Mainframes,
FW/SLB, etc… FW/SLB, etc…
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summary
1 2
Automate Extend and secure
• MP-BGP EVPN, VXLAN • Extend Layer 2 and 3 across sites
• Back-to-Back and ISN topologies • Over any routed network
• 1-click encryption • Centralize policy definition
• Phase—out changes • Import brownfield ACI configurations
• Integrate Multi-Pod and Multi-Site
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Day 1 Module 7
Packets leave through one path and return through Result: Firewall drops traffic due to
a different one lack-of-session state
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Pod and Multi-Site ACI considerations
Stretched
Subnet
Advertise specific prefixes outside the fabric Web Server: Result: Maintain symmetric forwarding
1.1.1.1
No HRA:
HRA: Announce
Announce Prefix
BD Prefix No HRA: Announce BD Prefix
1.1.1.1/32
1.1.1.0/24 externally 1.1.1.0/24 externally
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Pod and Multi-Site ACI considerations
Policy-Based Redirection
PBR: Define through a contract which traffic should Result: Avoid firewall or L4-L7 device bottlenecks
be forwarded to a specific MAC or IP working in L1/L2 or L3
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multi-Pod and Multi-Site ACI considerations
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
* Clustered FW connectivity is not supported in Multi-Site currently
Summary
1 2
High-Availability Security & Flexibility
• Integrate SLBs and GSLBs to increase • Reduce L4-L7 bottlenecks (PBR)
site redundancy • Provision once, enforce and re-direct anywhere
• Minimize sub-optimal routing &
enable seamless failover (PBR/HRA)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Online Labs
dcloud
dcloud.cisco.com
Lab Access:
Cisco Nexus Dashboard Orchestrator for
ACI Lab v1
Scenarios
•Create New Users
•Create New Sites
•Day-0 Infrastructure Configuration
•ACI Multi-Site Use Cases
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
What’s next? Review the content and more
/CiscoDataCenterMadeEasy
DCACIA
600-660 DCACIA
Implementing Cisco ACI Advanced
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
* CCNP through ACI Specialization requires passing both 350-601 DCCOR +300-620 DCACI
Cloud Networking
ACI Acceleration Series
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential