ACI Release 4.0 New Features
Cisco has released the newest ACI version, version 4.0. Again this version includes many new features and continues implementing the ACI Anywhere strategy. This new release also comes with it’s share of new hardware.
ACI 4.0 introduces two new switches, a spine and a leaf:
This new spine switch is a smaller version of the Nexus 9364C spine switch. It supports 32 40/100G ports and is a more interesting option for smaller fabrics. (Well, small. This switch supports up to 32 leaf switches in a site, which in my book isn’t small). The 9332C will probably be used as a replacement for the 9336PQ (baby Spine) switch. It’s a 1RU unit second generation spine.
This beast of a leaf switch supports 48 1/10/25G SFP+ interfaces and 12 40/100G QSFP interfaces. It supports MACSEC on all its ports and has 32G Fibre-Channel support on all SFP+ ports. It also supports ‘real’ 25G, so it’s not limited to the 3M cable length due to FC-FEC (This switch supports RS-FEC)
APIC M3 and L3
4.0 Introduces two new physical APICs. These apics are just an upgrade from the existing M2 and L2 apics with more storage and power and support a little more ports than the M2 and L3 variants. (For the M2 variant 1000 Leaf ports were supported, the M3 supports 1250 leaf ports)
The most exciting new APIC is the vAPIC, which is an ESX image. Yes, that’s right, you can virtualize your APICs now. Of course everybody who has ever built a fabric from scratch knows that you need something connected to the first leaf to discover the fabric, so you will still need at least 1 physical APIC, but for small implementations vAPICs might be a very interesting option. Currently a fabric using vAPICs is still limited to a mini-ACI pod whichis limited to a single site and limited tenants, EPGs etc, but multi-site support and probably increased scalability options are on the roadmap.
The vAPIC does have some beefy requirements for its VM:
- ESXi 6.5
- 8 vCPUs
- 32GB memory
- 300G HDD and 100G SSD local storage
ACI 4.0 introduces some improvements in the existing ACI GUI. The menu structures have been simplified and the L3out configuration should be a lot easier. After upgrading the APICs you’ll notice the upgrade process for your switches has changed as well. This is also part of the redesign of the GUI.
Cisco lists the following improvements in the gui:
- Fabric membership simplification
- L3out simplification
- Admin module simplification
- vPod, Multi-pod workflow simplification
- Service parameter consolidation
- APIC upgrade improvements
- Context saving for application tabs (no relogin if you open multiple tabs)
- Enhanced capacity dashboard
Creating multi-pods is something I do on a fairly regular basis, so I’m especially curious about this improvement. Once I’ve configured a multi-pod based on ACI 4.0 I’ll dedicate a post to it.
Other new features include:
- Policy Indirection
- Inter-VRF L3 multicast
- AppD integration
- Network Insight Resources
One of the scalability issues facing ACI is fabrics with a lot of contracts. For every contract the filter rules are programmed into the TCAM of the switch. This is inefficient. Several improvements have been made by Cisco addressing this issue like vzAny, but policy redirection is another step in improving scalability. Policy indirection will take care of the TCAM by only installing a filter entry once even if multiple consumer EPGs make use of this filter. This saves TCAM space.
Inter-VRF L3 multicast
ACI release 4.0 adds support for inter-VRF multicast, which enables sources and receivers to be in different VRFs. This allows the receiver VRF to perform the reverse path forwarding (RPF) lookup for the multicast route in the source VRF. When a valid RPF interface is formed in the source VRF, this enables an outgoing interface (OIF) in the receiver VRF. All inter-VRF multicast traffic will be forwarded within the fabric in the source VRF. The inter-VRF forwarding and translation is performed on the leaf switch where the receivers are connected.
To be honest, Inter-VRF multicast isn’t the biggest thing for me, the fact that the fabric can now be used as a Rendezvous-Point is much more interesting. This makes using ACI as the only datacenter network a lot easier to achieve (if that’s something you’re after)
I do not yet have experience with AppD, but Cisco aquired the company about two years ago. The AppD integration will enable you to model your applications and create a policy for ACI. This makes migrating to Application Centric networks a lot easier.
Network Insight Resources
Also an app within ACI and will provide a lot more insight into the network. Cisco recommends deploying an extra APIC just for this application due to it’s requirements (it needs a lot of storage and processing power). The Network Insight app will provide you with:
- Resource Analytics
- Event Analytics
- Flow Analytics
This will help youu detect issues and resolve them quicker, gain insight in network usage and flows.
Network Insights will be available in two variants, a free basic variant and a paid full version. This is the first ACI app that comes in two versions. The Network Insights app is not yet available for general implementations and will be fully presented by Cisco in a few weeks time. Once it is in general availability I will create a post about this.