Cisco Application Centric Infrastructure
You might have seen my ACI lab in a previous post. I’ve installed that lab two years ago and ever since it has seen some heavy usage. It also lost some hardware due to ACI 5.x being installed on it and the Gen 1 hardware not supporting that version. Since the lab is used by me and co-workers to perform tests, training and lots and lots more it was time for a winter cleaning.
ACI 5.2 has been released in the summer of 2021. Recently (october 18th) version 5.2(3) has been released. That version has been earmarked by Cisco for a long time to become the recommended, long term support release. At the moment I’m writing this it hasn’t gotten the designation “Recommended” yet, but that will likely happen in the next few days to weeks.
One of the most important things is that for ACI 5.
It has been possible to integrate VMware vCenter with ACI for years. However, more and more environments are dependent on NSX-T to manage their VMWare infrastructure. They use NSX to deploy port groups and more.
When your environment runs both ACI and NSX-T you might be interested in integrating these two. There are some benefits to this integration. Most benefits are the same as the benefits you get from integrating ACI and vCenter.
This is a short post about the SSD issue in ACI leaf switches. Now ACI fabrics are approaching 5 or 6 years of operations people start noticing error codes F3073 and F3074. When you Google on these faults you’re likely to find this technote from Cisco. The issue is that the SSDs in the switches are nearing the end of their life. Error F3074 will tell you the SSD has reached 80% of its lifetime and F3073 is raised when the SSD reaches 90% of its lifetime.
ACI 5.1 has been released about three months ago. That means that ACI 5.2 is likely imminent. Usually I review a version when it becomes available, like I’ve done for versions 3.2, 4.0, 4.2, 5.0 and 5.1. I will do something similar when 5.2 will be released, but for now I thought it would be nice to speculate a bit.
Disclaimer: The information provided in this blog is purely speculation. I did not talk to Cisco to obtain any of this information.
On October 26, 2020 Cisco released ACI version 5.1. As has been customary for me I write a blogpost about this new ACI version looking into some of the new features.
When we look into the release notes of version 5.1 it would appear that there aren’t any major new features. The biggest new features aren’t listed in the release notes at this time. That might be because some of these features are as of yet undocumented.
ACI is made for automation. There are a lot of blog posts about automating ACI out there, but this is some documentation of my own progress on this matter.
I’m no complete beginner in the field of automation. When I stage an ACI environment for a customer I use several scripts that automate almost 95% of the process for me. However, these scripts are home grown and one of the issues I encounter is the lack of portability to other engineers (as I know the scripts by heart and know which things work and which do not).
In my post about the new features of ACI 5.0 (link) I explained the concept of the ESG shortly. This post explores the Endpoint Security Groups in more detail.
First we need to appreciate the fact that the introduction of the Endpoint Security Groups is the biggest change in the tenant policy model since ACI’s inception. The tenant policy model hasn’t changed in any major way since ACI 1.0 (as far as I know).
Yesterday, on the 14th of May 2020 Cisco released ACI 5.0. The fifth major release of ACI. This post will explore some of the new features to be found in this version. And there are some major new features to be found in this version. I’m especially excited about the possibility to create true physical multi-tenancy and ESG’s.
But there’s more to be found. Let’s start.
Hardware and Scale ACI 5.
I’m working on a series of posts concerning service graphs in ACI. In order for these posts I configured some stuff in my lab to demonstrate these functions. The series will take a long time for me to complete. To bridge the time between posts I decided to create a post about the PBR firewall integration I did in my lab.
This post does not cover reasons for using PBR in great detail, but in my opinion the PBR type of service graphs are the most likely type to be encountered.