Shulou(Shulou.com)06/01 Report--

Full name: Application Centric Infrastructure

ACI logic:

Tenant logic

Interface logic:

1 on-line

Spine devices and Leaf devices are automatically produced after power-up according to the topology connection, without human intervention, to achieve automatic online (LLDP discovery)

The controller APIC is encapsulated in cisco's own C-series servers, APIC can be connected to any Leaf, and the three APIC servers try to access different leaf and dual-link lines.

Then initialize the APIC.

2 initialize APIC

This part of the configuration

1. Configure APIC basic configuration: device name, ID, administrative address, login username and password, etc.

two。 Configure TEP address pool (one per device for establishing VXLAN tunneling)

3. Vlan id of Infra network (infra is the network between APIC and network devices, which is equivalent to in-band management)

4. Configure BD Multicast address Pool (Multicast Communication within ACI replaces broadcast and suppresses flooding)

3 basic configuration (log in to APIC) 3.1 View Fabric

You can view the details of registered Spine and Leaf nodes (Node) in the Fabric interface.

3.2 device out-of-Band Management (mgmt)

APIC comes with tenant mgmt by default. Configure device out-of-band management in tenant mgmt.

Tenants/Tenant mgmt/Node Management Addresses/Static Node Management Addresses, create the out-of-band management address of Node.

3.3.Configuring Leaf access interface

Enter the access policies in fabric to configure the attributes of leaf access port

The logic is as follows:

Configure interface polices first and enter the interface polices interface

1. Configure physical properties such as interface polices, such as speed,cdp,lldp,lacp

two。 Configure interface policy group, associate interface polices, and combine physical attributes

3. Configure interface profiles, associate the physical interface, and then associate the interface policy group, which means that the profile is the configuration of the associated physical interface, which has not yet been applied to the specific switch. A profile content has multiple interfaces, and each interface is associated with a policy group. The policy group of different interfaces can be the same.

Then configure switch polices to enter the interface polices interface

4. Configure switch profiles, associate specific leaf nodes, associate interface profiles, and select the configuration of the interface equivalent to the current leaf is the content of profile.

Configure pools

5. Create vlan pool, these vlan are the vlan used by the business

Configure physical and External Domain

6. Domain Associated VLAN pool

Configure AEP (Attachable Access Entity Profiles) in Gobal polices

7. Create AEP, associate Domain, associate multiple domain, and then associate policy group. Or when creating a policy group or creating a domain, the role of creating and associating the AEP,AEP is equivalent to which vlan of the interface trunk allow in the traditional network.

3.4 configure cisco vPC

ACI is enhanced vPC, no heartbeat line is required.

Select Creat VPC Interface Policy Group when creating policy group in interface polices, and other steps are the same.

3.5 fabric global configuration

Fabric/fabric polices

3.6 Summary: interface logic relationship

4 New tenant process 4.1 ACI business terminology

1. Tenant: tenant

2. VRF: virtual network

3. BD:Bridge Domain, layer 2 broadcast domain

4. EPG:End-Point Group, a group of terminals with the same attributes / policies, such as a VLAN

5. EP:End-Point, terminal (physical server or virtual server)

6. Egress of L3Out:ACI network

7. Security policy of Contract/Filter:ACI network, usually used for access control between EPG and access control from EPG to L3Out

4.2 create tenant/VRF/DB/Subnet

Enter Tenants,Add Tenant

1. Create tenant Tenant

two。 Create VRF (tenant xxx/Networking/VRF), an L3 VPC, in tenant networking

3. Create BD (Brige Domain) in tenant networking. BD is a layer 2 domain, and BD is associated with a VRF.

4. Create a Subnet in BD, which is the ip address of the layer 2 domain. You can have multiple subnet and belong to the same BD.

4.3 create AP/EPG and associate interfaces

1. Create AP (Application Profiles) and create EPG under AP

two。 Create EPG, associate Domain, associate BD

3. EPG associated port, which can be statically associated with physical interface (AP/EPG/Static Port) in Static Ports to deploy static port, select leaf and interface, and configure encapsulated vlan

4.4 create contract and apply

To create a contract (contract) in tenant/contract, the contract strategy is one-way, divided into provider (provider) and consumer (consumer).

EPG_A accesses EPG_B, contract access can be provided by EPG_B, and EPG_A and EPG_B are connected with contract.

At this point, the internal configuration of VPC is complete.

As shown in the figure: EPG associated interface or virtual machine. For mutual access between EPG, you need to configure the subnet address under the associated BD through the server or virtual machine associated with contract,EPG.

4.5 Special tenant (included with the system) 4.5.1 Common

Common tenant is a tenant that can access all tenants. Tenants can visit each other, deploy FW/LB and other L4-L7 service equipment, and can be placed in common tenants.

4.5.2 Infra

Infra is inside the ACI network and is used for overlay vxlan basic configuration

4.5.3 Mgmt

Manage network configuration in-band and out-of-band

5 tenant OUT Network 5.1 L2 OUT

The layer 2 network inside ACI extends to the outside of ACI. There are two ways to implement:

The first is the EPG level, where if an EPG network needs to be extended to an ACI external network, you can manually configure a port to a VLAN and then map to an EPG.

The second is External Bridge Network, which creates an additional external EPG,ACI for layer 2 connectivity. The internal layer 2 connection requires a layer 2 connection to the external EPG through the contract connection to the external EPG to achieve layer 2 connection to the external network. (the ACI internal vlan created in this way can be different from the ACI external VLAN)

External Bridge Network mode: in tenant/network/External Bridge Network

1. Add an L2 domain, associate vlan pool,AEP,domain

two。 Add specific leaf node ports

3. Create L2EPG

4. Creating a contract,contract connection requires L2 to access an external EPG

5.2 L3OUT

The ACI internal network is routed to the external network and connected through Border Leaf.

Support for BGP,OSPF,Static

1. Create a L3OUT. In tenant/network/External Routed Network, create routed outside and bind VRF/BD. You can choose a routing protocol or OSPF/BGP/EIGRP.

two。 Select the node. Create a node profile in logical node profile, select a specific border leaf, and configure route id, where you can add static routes.

3. Select the physical interface of the node. Create interface profile in logical interface profile under logical node profile. Here, you can select routing interface / routing sub-interface / Vlan sub-interface, bind specific physical interface, configure interface IP, and choose to create VIP when creating IP with double Border.

One L3out per tenant is recommended.

6 go back to the front and look at the picture.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.