Application Policy Enforcement Using APIC

937 views
765 views

Published on

Problems in current Data Center are mostly surrounding policy around applications. The presentation is designed to help students get a jump start on configuring and troubleshooting basic policy model as well as providing valuable hands-on experience with how the APIC integrates into existing network environments

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
937
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
54
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Application Policy Enforcement Using APIC

  1. 1. Cisco ACI - Application Policy Enforcement Using APIC TS-DC-06-I Azeem Suleman Solutions Architect
  2. 2. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public House Keeping Notes Tuesday April 15, 2014 Thank you for attending Cisco Connect Toronto 2014, here are a few housekeeping notes to ensure we all enjoy the session today.  Please ensure your cellphones / Laptops are set on silent to ensure no one is disturbed during the session  A power bar is available under each desk in case you need to charge your laptop  You have RDP client and JAVA support on your laptops  All the lab task will be done on a jump box 3
  3. 3. What Are We Solving? 4
  4. 4. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Overloaded Network Constructs VLAN VLAN VLAN Subnet Subnet Subnet Basic Network Policy SLAs L4-7 Services Network constructs are overloaded with unintended functionality.
  5. 5. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Application Language Barriers Developers Application Tiers Provider / Consumer Relationships Infrastructure Teams VLANs Subnets Protocols Ports Developer and infrastructure teams must translate between disparate languages.
  6. 6. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Who is insieme? $100M+ INVESTED BY CISCO 250+ EMPLOYEES 20 YEAR EXECUTION HISTORY IN SOFTWARE AND ASIC’S INSIEME
  7. 7. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public What is ACI? OPEN RESTFUL API’S CENTRALIZED POLICY MODEL OPEN SOURCE CONTROLLER POLICY MODEL ACI NETWORK CONNECTS TO ALL COMPONENTS OF DATA CENTER POLICY MODEL CONTROLS NETWORK AND INFORMATION FLOW
  8. 8. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Two types of language NETWORK LANGUAGE VLAN Subnets Bridging Routing IP Addresses APP LANGUAGE WEB APP DB Human Translator
  9. 9. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public APP-Centricity for access control CLEAR, SIMPLE DESCRIPTION OF HOW TIERS ARE ALLOWED TO COMMUNICATE APP DBWEB
  10. 10. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public APP-Centricity for Service deployment ANY SERVICE CAN BE ADDED BETWEEN TIERS ADC APP DBF/W ADC WEB
  11. 11. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public App-centricity for troubleshooting and Monitoring Easy to Follow Apps Around the DC Visibility into the Health of the Infrastructure for the App The Network Knows the App Structure and Components APPLICATION NETWORK PROFILE Traditional 3-Tier Application APPLICATION NETWORK PROFILE APPLICATION NETWORK PROFILE APPLICATION NETWORK PROFILE APPLICATION NETWORK PROFILE APPLICATION NETWORK PROFILE APPLICATION NETWORK PROFILE HEALTH SCORE LATENCY DROP COUNT VISIBILITY VMs Servers Ports Switches Services Faults Microsecond(s) Packets Dropped 82% 10 25
  12. 12. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Application policy infrastructure controller (APIC) Single API/ Open/ Restful XML/JSON Application Centric Reliable Scalable ENABLES THE APPLICATION CENTRIC INFRASTUCTURE
  13. 13. ACI Policy Model 15
  14. 14. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Defining Terms  Tenant - Logical separator for: Customer, BU, group etc. separates traffic, admin, visibility, etc.  Private-L3 - Equivalent to a VRF, separates routing instances, can be used as an admin separation  Bridge Domain - NOT A VLAN, simply a container for subnets, CAN be used to define L2 boundary  End-Point Group - (EPG) Container for objects requiring the same policy treatment, i.e. app tiers, or services
  15. 15. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Logical Model Overview rootuni Tenant A Tenant B Private-L3 A Private-L3 B Private-L3 A Bridge Domain Subnet A Bridge Domain Subnet B Subnet C Bridge Domain Subnet A Bridge Domain Subnet B Private-L3 and subnets are independent between tenants
  16. 16. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Logical Model Overview (cont.) rootuni Coke Pepsi Dev/Test Prod Web Services Prod-BD 20.1/24 21.1/24 Private-L3 and subnets are independent between tenants Dev/Test-BD 10.1/24 L2 Enabled = Yes Web-BD 100.1/16 L2 Enabled = Yes App-BD 20.1/24 L2 Enabled = Yes
  17. 17. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Defining Terms  Contract - Definition of policy. Defines how an EPG communicates with other EPGs.  Subject - Something being ‘discussed.’ Used to build definitions of communication between EPGs. Contains: filter, action, and optional label.  Filter - Identifier for a subject, i.e. the traffic do you want to take action on. Required within a subject.  Action - Action to be taken on the filtered traffic with a subject. Required within a subject.
  18. 18. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Applications and Conversations Application communication can be defined as who is allowed to talk to whom. DB Farm App ServersWeb FarmUsers Communication between objects on the network can be thought of as one or two way conversations (monologue/dialogue.)
  19. 19. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public The Provider Consumer Relationship Users Consumes Web Services Web Farm Provides Web Services Consumes App Services App Servers Provides App Services Provider consumer relationships define application connectivity in application terms. All objects can provide, consume, or both.
  20. 20. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Contracts for Policy Contracts are used to define relationships.
  21. 21. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Policy Definition Current Policy Definition Policy Based on Contracts Rules Actions SLAs Security L4-7 QoS
  22. 22. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Defining Provider Consumer Relationships DB Farm
  23. 23. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Defining Provider Consumer Relationships DB Farm
  24. 24. LAB TIME 26
  25. 25. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public How to access Pod URL: https://labops-out.cisco.com/labops/ilt/  Register your username and select Pod.  Classname: azesulem_v6399  Once Login to RDP you should see a PDF lab guide on the desktop  Follow the instructions on the lab guide. 27
  26. 26. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Call to Action… Visit:-  Cisco Campus  Technical Solutions Clinics  Meet the Engineer 28
  27. 27. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public Complete Your Paper Session Evaluation – Tuesday April 15th Give us your feedback and you could win 1 of 2 fabulous prizes in a random draw. Complete and return your paper evaluation form to the Room Attendant at the end of the session. Winners will be announced today at the end of the session. You must be present to win! See the Room monitor to redeem your prize
  28. 28. Questions? 30
  29. 29. Thank you

×