Application Centric Infrastructure
I’m working on a series of posts concerning service graphs in ACI. In order for these posts I configured some stuff in my lab to demonstrate these functions. The series will take a long time for me to complete. To bridge the time between posts I decided to create a post about the PBR firewall integration I did in my lab.
This post does not cover reasons for using PBR in great detail, but in my opinion the PBR type of service graphs are the most likely type to be encountered.
Service Graphs are one of the most important features in ACI. The idea behind these service graphs is that you can create an application chain within ACI. Even better, you can configure the L4 to L7 devices directly from within ACI in an automated manner.
Many of my customers have several questions about service insertion. The question I get asked the most is “should I use service graphs?”. The answer to this question, as usual, is: “It depends”.
Earlier this evening I sent out a tweet with a photo depicting the new ACI lab we received at Axians (my employer). I thought I’d share some more details about this lab with everybody who’s interested.
Shiny new equipment. 😎 Look at our awesome new #ACI lab. Going to be a multi-site setup.
This is going to be super helpful in servicing our customers. @AxiansNL #Cisco pic.twitter.com/h2hx2RWY3T
— Michael van Kleij (@mvankleij_nl) January 23, 2020 Goal One aspect of my job is to design, build and implement ACI networks for our customers.
We’ve learned about the ACI object model in reference to the Tenants. However, to apply an EPG to a port you need the Access Policy Model.
The access policy model consists of a few object in the model that in the end make up the configuration of the physical port on a switch.
This chapter will cover all the objects in the image above.
Vlan Pools A vlan pool is a set of vlans that can be used at a later time in the policy.
Fabric Discovery is the process of discovering all the Leaf and Spine switches in the fabric. This sounds fairly straightforward and it is. But before you can start Fabric Discovery you have to perform the APIC setup first.
APIC setup When you first unbox an APIC you will have a UCS server. It will have several interfaces on the backside. At one of the interfaces there should be a label To Fabric.
ACI Hardware Though this chapter is called ACI Topology and Hardware we begin with the hardware. This makes more sense from a logical standpoint. Otherwise I would be telling you about Leafs and Spines and APICs and such, without any reference.
There is a lot of specific hardware available for ACI and I won’t cover it all here. The best place to find hardware specific information is on the Cisco website itself.