Cisco ACI, zero to hero a comprehensive guide to Cisco ACI design, implementation, operation, and troubleshooting
It doesn't matter if you are completely new to Cisco ACI or you already have some experience with the technology, this book will guide you through the whole implementation lifecycle and provide you with a comprehensive toolset to become confident in any ACI-related task. In the beginning, it...
Otros Autores: | |
---|---|
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
New York, New York :
Apress Media LLC
[2023]
|
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009711796206719 |
Tabla de Contenidos:
- Intro
- Table of Contents
- About the Author
- About the Technical Reviewer
- Acknowledgments
- Introduction
- Chapter 1: Introduction: Datacenter Network Evolution
- From Traditional to Software-Defined Networking
- Traditional Three-Tier Network Architecture
- Let's Go Virtual
- Transition to Leaf-Spine Architecture and VXLAN
- Need for Network Automation
- Cisco Application Centric Infrastructure (ACI)
- Summary
- Chapter 2: ACI Fundamentals: Underlay Infrastructure
- Cisco Nexus 9000 and CloudScale ASICs
- CloudScale ASIC Architecture
- CloudScale ASIC Buffering
- Nexus 9500: Modular Chassis Switches
- Chassis-Specific Components
- Fabric Module
- Fan Module
- Common Chassis Components
- Switch Supervisor Engine
- System Controller
- Power Supply Unit
- Line Cards
- Nexus 9300: Fixed Switches
- ACI Underlay Networking
- ACI Leaf-Spine Fabric Topology
- ACI Underlay Cabling Options
- ACI Control Plane and Data Plane Overview
- ACI Architecture
- Multi-Tier ACI Fabric
- ACI Stretched Fabric
- ACI Multi-Pod Architecture
- Inter-Pod Network (IPN)
- ACI Multi-Site Architecture
- Nexus Dashboard Orchestrator
- Cloud ACI
- ACI Remote Leaf
- Application Policy Infrastructure Controller
- Hardware Equipment
- Connecting APIC Nodes to the Network
- APIC High Availability
- ACI Licensing
- High-Level ACI Design
- Summary
- Chapter 3: Fabric Initialization and Management
- Nexus 9000 in ACI Switch Mode
- Conversion From NX-OS to ACI Mode
- APIC Cluster Initialization
- Graphical User Interface Overview
- Fabric Discovery and Registration
- ACI Switch Discovery
- Multi-Pod Fabric Discovery
- ACI Switch Discovery Troubleshooting
- ACI Management Access
- Fabric Out-of-Band Configuration
- Fabric In-Band Configuration
- APIC Connectivity Preference
- Initial and Best Practice Fabric Configuration.
- Network Time Protocol
- Internal ACI MP-BGP
- Domain Name System
- Securing Fabric Management Access
- Fabric-Wide Best Practice Configuration
- ACI Fabric Monitoring and Backup
- Simple Network Management Protocol
- Logging in ACI Syslog
- Faults
- Events
- Audit Logs
- Session Logs
- Syslog Configuration
- NetFlow
- NetFlow Exporter
- NetFlow Record
- NetFlow Monitor
- ACI Fabric Backup
- ACI Multi-Pod Configuration
- Inter-POD Network Configuration
- Nexus 9000 Features
- IPN VRF Instance
- OSPF/eBGP Process
- L3 IPN Interfaces Facing ACI Spines
- PIM Bidir Multicast Configuration
- DHCP Relay Agent Configuration
- Quality of Service for ACI Control-Plane in IPN
- APIC Multi-Pod Wizard
- ACI Multi-Pod Verification and Troubleshooting
- Summary
- Chapter 4: ACI Fundamentals: Access Policies
- Switch Policies
- Switch Protocol Policies and vPC
- Switch Policy Group
- Switch Profile
- Interface Policies
- Interface Protocol Policy
- Interface Policy Group
- Interface Profile
- Attachable Access Entity Profile
- Physical and External Domains
- VLAN | VXLAN | VSAN Pools
- Practical Example for Access Policies
- Access Policies Naming Convention
- Summary
- Chapter 5: ACI Fundamentals: Application Policy Model
- Application Policy Model Overview
- ACI Tenants
- Tenant Security and Access Control
- System Tenants
- Tenant common
- Tenant infra
- Tenant mgmt
- User Tenants
- Tenant Monitoring
- Virtual Routing and Forwarding
- Bridge Domains
- Bridge Domain Subnets
- ARP Handling
- Application Profiles
- Endpoint Groups
- Mapping EPGs to Interfaces
- Static EPG to Interface Mapping
- Static EPG Path Mapping to AAEP
- Dynamic EPG to Interface Mapping
- Endpoint Learning Verification
- EPG Design Options
- Network Centric
- Application Centric
- Microsegmentation uEPGs.
- Endpoint Security Groups
- ACI Contracts
- Consumer and Provider EPGs
- Contract Configuration
- Contract Scope
- Contract Subject
- Contract Filter
- Contract Application to EPGs/ESGs
- Contract Zoning Rules on Leaf Switches
- Endpoint Classification and Zoning Enforcement
- EPG/ESG Preferred Groups
- VRF vzAny Object
- Intra-EPG Isolation and Contracts
- Zone Rules Verification and Troubleshooting
- show system internal policy-mgr stats
- show logging ip access-list internal packet-log deny
- APIC contract_parser.py
- Contract Policy TCAM Utilization
- Naming Convention for ACI Application Policies
- Summary
- Chapter 6: Fabric Forwarding (and Troubleshooting)
- ACI Data Plane - iVXLAN Encapsulation
- 1) Outer MAC Header
- 2) Outer IP Header
- 3) UDP Header
- 4) VXLAN Header
- 5) Original Layer-2 Frame
- Fabric Control Plane Mechanisms Reviewed
- ACI Forwarding Scenarios
- Layer 2 Forwarding
- Multi-Destination (ARP) Forwarding in a Layer 2 Bridge Domain
- Known Layer 2 Unicast
- Unknown Layer 2 Unicast
- Bridge Domain in Flood Mode
- Bridge Domain in Hardware Proxy Mode
- Layer 2 Forwarding Summary
- Layer 3 Forwarding
- ARP Processing in a Layer 3 Bridge Domain
- Unknown Layer 3 Unicast
- Known Layer 3 Unicast
- External Forwarding in a Layer 3 Bridge Domain
- Layer 3 Forwarding Summary
- Multi-Pod Forwarding
- Multi-Pod Control Plane
- Multi-Pod Data Plane
- Multi-Destination Traffic Delivery
- Multi-Site Forwarding
- Name-Space Normalization (Translation)
- Additional Troubleshooting Toolset for Fabric Forwarding
- Endpoint Tracker
- Embedded Logic Analyzer Module
- fTriage
- Switch Port Analyzer
- SPAN Configuration
- Visibility &
- Troubleshooting Tool
- Interface Drops Analysis
- Summary
- Chapter 7: External Layer 2 and Layer 3 Connectivity
- Layer 2 External Connectivity.
- Bridge Domain Extension
- Endpoint Group Extension
- Spanning Tree Protocol and ACI
- Extending STP Domain to ACI
- Best Practices for STP-Related Configuration
- Topology Change Notification (TCNs)
- Be Aware of Overlapping VLANs!
- Layer 3 External Connectivity
- Main L3OUT Components
- L3OUT Related Access Policies
- L3OUT Root Object
- Logical Node and Interface Profiles
- Routing Protocol Interface Profile
- External EPG
- L3OUT Subnet Scope
- External Subnets for External EPG (default)
- Shared Security Import Subnet
- Export Route Control Subnet
- Import Route Control Subnet
- Shared Route Control Subnet
- Aggregate Export &
- Import
- Aggregate Shared Routes
- External Route Propagation
- Multi-Protocol BGP Operation
- Internal Bridge Domain Subnet Advertisement
- Subnet Scope - Advertised Externally
- Association of L3OUT to Bridge Domain
- L3OUT ExtEPG Configuration
- Filtering Using Route Profiles (Route Maps)
- Contract Application to External EPG
- Dynamic Routing Protocols in ACI
- OSPF
- OSPF Protocol Verification
- EIGRP
- EIGRP Protocol Verification
- BGP
- BGP Peer Configuration Options
- BGP Protocol Verification
- Static Routing with L3OUTs
- ACI Transit Routing
- VRF Route Tagging in ACI
- Route Profiles (Route Maps)
- Summary
- Chapter 8: Service Chaining with L4-L7 Devices
- To Use or Not to Use Service Insertion
- Service Graph Overview
- L4-L7 Device Deployment (Design) Modes
- Traditional Service Graph Designs
- Policy-Based Redirect Service Graph Designs
- L4-L7 Policy-Based Redirect
- VRF Sandwich vs. Policy-Based Redirect
- Endpoint Learning for PBR Device
- PBR Configuration and Verification
- Service Bridge Domain(s)
- L4-L7 PBR Policy
- L4-L7 Device
- Service Graph Templates
- Applying a Service Graph Template to a Contract.
- PBR Service Graph Deployment Verification
- PBR Contracts Programming
- Traffic Flow Between EPGs with PBR
- Symmetric PBR
- Summary
- Chapter 9: Integrating ACI with Virtualization and Container Platforms
- Virtualization platform Integration
- VMware Integration Overview
- Access Policies for ESXi Hosts
- To Use LLDP/CDP or Not to Use LLDP/CDP
- ACI VMM Domain
- vDS Uplink to ESXi Mapping
- VMM Domain to EPG Binding
- VM to Port Group Association
- Container Integration to ACI
- Kubernetes Platform Overview
- Kubernetes Control Plane Components
- Kubernetes Worker Node Components
- Kubernetes Networking Overview
- Preparing ACI and Kubernetes Integration
- Kubernetes Server Nodes Network configuration
- Kubernetes Installation
- ACI CNI Components
- Demo YELB Application with ACI L4-L7 Service Graph and EPG segmentation
- Summary
- Chapter 10: ACI Automation and Programmability
- ACI Programmability Introduction
- REST APIs
- REST HTTP Response Codes
- Data Encoding Formats
- XML
- JSON
- YAML
- ACI Object Model
- Managed Object Discovery Tools
- ACI Documentation
- APIC URL/Debug Info
- Save-As Feature
- Visore
- API Inspector
- APIC CLI
- ACI REST API
- URL and Body Format
- REST API Authentication
- Direct REST API Access
- Linux Command Line - cURL
- Postman
- Python Requests Library
- Cobra Software Development Kit
- Cobra SDK Installation
- Using Cobra SDK for Querying and Creating ACI Objects
- Automating ACI Using Ansible
- Ansible Component Architecture
- Playbook Structure
- Inventory File
- Ansible Variables
- Ansible Roles
- ACI Ansible Collection and Installation
- Practical Example 1 - Create and Query ACI Objects
- Practical Example 2 - CSV Based ACI Automation
- YAML Tenant Structure Definition
- BD and EPG Automation from CVS Data
- Automating ACI Using Terraform.
- Terraform Config and State Files.