Data Center Application Centric Infrastructure Fundamentals (DCACIF)
Request a Quote for this class
About this Course
DCACIF (Data Center Application Centric Infrastructure Fundamentals) is a 5-day Instructor-led training course that is designed for systems & field engineers who install & implement the Cisco Nexus 9000 Switches in ACI mode using the updated 1.2(x) version & updated Cisco Nexus 9000 hardware platform. The course covers the key components & procedures you need to know to understand, configure, manage Cisco Nexus 9000 Switches in ACI mode utilizing the updated 1.2(x) version, & how to connect the ACI Fabric to external networks & services. Cisco ACI Release 1.2(x) offers many new features. The main new features relevant for this training course includes the following:
- Redesigned GUI
- Cisco NX-OS Software command-line interface (CLI), as in Cisco Nexus switches
- Capability to share L3Out connections across multiple tenants with inter-tenant route leaking
- Increased scalability support achieved by distributing L3Out classification & contracts in the data plane across all the leaf switches in the fabricAll lab exercises included in this training course will utilize Cisco ACI Release 1.2(x) version.
Audience Profile
This course is for systems engineers, technical architects, & product specialists in data center technical sales roles. Students include those who need to gain experience with understanding, configuring, & designing the data center networking environment with Cisco Nexus 9000 Series Switches.
At Course Completion
Upon completing this course, the learner will be able to meet these overall objectives:
- Describe the Cisco Nexus 9000 Series Switch ACI
- Describe the ACI fabric
- Describe Cisco Nexus 9000 Series Switch hardware
- Configure the ACI controller (APIC)
- Configure ACI L4L7 service integration
- Integrate the APIC hypervisor
- Understand the programmability & orchestration of the ACI network
- Discuss ACI connectivity to outside networks
- Implement ACI management
Prerequisites
The knowledge & skills that a learner should have before attending this course are as follows:
- This course is designed for systems engineers, technical architects, & product specialists in data center technical sales roles.
- Students should be familiar with Cisco Ethernet switching products.
- Students should understand Cisco data center architecture.
- Students should be familiar with virtualization.
- Good understanding of networking protocols, routing, & switching:
- Recommended CCNA Certification
- Recommended attendance of Cisco IP Routing Class (ROUTE)
- Recommended attendance of Cisco Switching Class (SWITCH)
- During the course of instruction, the learner will be exposed to the configuration of advanced technologies, such as BGP, OSPF & IS-IS. The learner will not be required to have experience with these technologies in order successfully complete the class.
Course Outline
Module 1: Cisco ACI Overview
Lesson 1: What problems are we trying to fix?
- The 3-Tier Application
- Application Flow
- Three Tier Application with Networking
- What are VLANs for?
- Applying Logical Model to Physical Model
- Maintenance of Large Infrastructure is Complex
- Problem: Micromanagement of Infrastructure
- Example: Configure Network on a New Server
- Imperative Control Systems
- Goal: Capture & Preserve User Intent
- The ACI Solution
- Unified Ports
- Unified Fabric
- What is ACI?
- Logical Networking Provisioning of Stateless Hardware
- What is the APIC?
- ACI Design & Philosophy
- Solution: Declarative Control
- Summary
Lesson 2: Hardware Overview
- The Cisco Nexus 9000 Solution
- Common Hardware Platform: Two Modes
- Modular Switch Overview
- Modular Switch Chassis
- Modular Switch Components
- Modular Line Cards
- Fixed Switch Platforms (Spine)
- Fixed Switch Platforms (Leaf)
- Fabric Extenders
- 40G QSFP BiDi
- 40G/10G Breakout
- Cisco Nexus 9000 Hardware Differentiators
- Going Beyond SDN
- Describing the Cisco APIC
- Centralized Automation & Fabric Management
- Algorithmically Sharded Cluster
- APIC Controller is Attached In-Band
- Spine & Leaf Topology
- Why Spine/Leaf?
- ISIS Fabric Infrastructure Routing
- Decoupled Identity, Location, & Policy Multi-Hypervisor Normalization
- Summary
Lesson 3: Hardware Architecture & Features
- Hardware Architecture
- Cisco Nexus 9500 Platform Architecture - Control Plane
- Cisco Nexus 9500 Platform Architecture - Control Plane EOBC Channel
- Cisco Nexus 9500 Platform Architecture - Control Plane EPC Channel
- Merchant & Custom ASICs
- Cisco Nexus 9508 Fabric Module Architecture
- Cisco Nexus 9508 Fabric Module Data Plane Scaling
- ASIC Architecture of the 9500
- Cisco Nexus 9500 48-Port 1/10G + 4-Port 40G I/O Modules
- Cisco Nexus 9500 48-Port 1/10G I/O Modules Connectivity with 3 Fabric Modules
- 48-Port 1/10G T/F Module Fabric Connectivity with 6 Fabric Modules
- Cisco Nexus 9500 36-Port 40G QSFP+ Unified Fabric I/O Module
- Cisco Nexus 9500 36-Port 40G QSFP+ I/O Module Fabric Connectivity
- Line Cards 36 Port 40G ACI Ready card Architecture
- Line Cards 36 Port 40G ACI Spine card Architecture
- Packet Forwarding of Nexus 9000
- Packet Forwarding Pipeline on Cisco Nexus 9500
- Cisco Nexus 9500 Table Scaling - Unicast Scale
- Local Switching with Additional Buffer on 48p 1G/10GE + 4p QSFP Module
- Layer 2 Unicast Packet Walk across Line-Cards
- Layer 3 Unicast Packet Walk across Line-Cards
- Cisco Nexus 9500 Multicast Packet Forwarding
- Hardware Architecture of 9300
- Cisco Nexus 9300 System Architecture
- Cisco Nexus 9300 Unicast Forwarding
- Fabric Features
- ACI Management Networks
- Layer 2 & Layer 3 Handling
- Hardware-Based Directed ARP Forwarding
- Gratuitous ARP & Device Mobility
- ACI Fabric Scale
- Scale of BIDIR & Security of SSM
- Load Balancing with FTags
- Group IP Outer
- Multicast Policies
- vPC Multicast
- Distributed Layer 3 Gateway
- ACI Fabric Gateway
- Application Response Time
- Flowlet Switching
- Congestion Monitoring
- Dynamic Flow Prioritization
- Normalization of Ingress Encapsulation
- Fabric Registration
- Fabric Initialization & Discovery
- ACI Management Network
- Fabric Initialization & Discovery
- Fabric Initialization & Discovery-Cont...
- Summary
Lesson 4: Software Overview
- Networking Concepts
- Tenants
- Contexts
- Bridge Domain
- Application Profiles
- End Point Groups
- EPGs, Subnets, & Policy
- External Connectivity Options
- L4-L7 Services
- Security Policies
- Contracts
- ACI Contracts
- Subjects
- Filters
- Building Contracts
- Taboos
- The Provider & Consumer Relationship
- Defining Provider & Consumer Relationships
- Supported Deployment Models
- Network Centric (Example VLAN=BD=EPG)
- Application Centric (Example)
- Hybrid (Example)
- Inter-Tenant Communication
- Inter-Tenant Contracts
- Summary
Lesson 5: Fabric Transport
- ACI Fabric Integrated Overlay
- Virtual Extensible LAN
- ACI VXLAN Header
- VNID as a Private Network Identifier
- VNID as a Bridge Domain Identifier
- VNID as an Endpoint Identifier
- Network Services Header Extends the VXLAN Data Plane
- Decoupled Identity, Location, & Policy
- Multi-hypervisor Normalization
- Normalization of Ingress Encapsulation
- Overview of ACI Fabric Unicast Forwarding
- Overview of ACI Fabric Policy Mechanisms
- Summary
Module 2: Cisco ACI - Configuring Basic Constructs
Lesson 1: GUI & CLI Overview
- Graphical User Interface
- Login Screen
- Menu Bar/Submenu Bar
- Navigation/Work Pane
- System
- Tenant
- Fabric
- VM Networking
- L4-L7 Services
- Admin
- Operations
- Search/Info
- Welcome
- Command Line Interface
- Logging into NXOS-CLI
- Modes of Operation
- Configuring Out of Band (OOB) Management-Example
- Summary
Lesson 2: Configuring Tenants & Contracts
- Configuring a Tenant
- Configuring a Tenant
- Configuring a Private Network (VRF)
- Configuring a Bridge Domain
- CLI Option- Tenant, VRF & BD
- Configuring an Application Profile
- Configuring an EPG
- CLI Option- Application Profiles & EPGs
- Configuring Contracts
- Configuring a Filter
- Configuring a Contract
- Configuring a Contract (Cont...)
- CLI Option- Contracts & Filters
- Providing Contracts
- Consuming Contracts
- CLI Option- Providing a Contract
- CLI Option- Consuming a Contract
- Summary
Module 3: Cisco ACI External Connectivity, Management, & Migration
Lesson 1: Policy Coordination with VM Managers
- VMM Domains
- VMM VLANs (Dynamic)
- Leveraging the Native vSwitch
- Cisco Nexus AVS Integration Overview
- EPG Spanning Across VMM Domains
- Recommended Practices for VLAN Networks
- Concept Map
- Port Groups Extend to Both Physical & Virtual & Across Virtualized Servers
- Summary
Lesson 2: Hypervisors & Bare Metal
- Hypervisor Integration
- Management Networks
- ACI Fabric & VMWare DVC Integration
- Endpoint Identification
- Cisco ACI & Microsoft Integration
- Integration with Microsoft Hyper-V
- Cisco Integration with Redhat Linux
- Bare Metal
- Bare Metal Connectivity
- Port Encapsulation
- Configuring Vmm Domains
- Fabric Access Policies
- Interface Policies CDP/LLDP Policy
- Interface Policies-Access Port Policy Group
- Interface Policies- Interface Profile / Access Port Selector
- Switch Profile
- Attachable Access Entity Profile (AAEP)
- VLAN Pools
- Creating VMM Domain
- Attaching the EPG to the VMM Domain
- Verifying the DVS Creation
- ESXI Configuration
- Attach the Guest
- CLI Option- VMM Creation-VLANS
- CLI Option- VMM Creation- Interface Profiles & APPG
- CLI Option- VMM Creation Switch Profile
- CLI Option- VMM Creation - VMM Domain
- CLI Option- VMM Creation- Attaching EPG
- Summary
Module 4: Cisco ACI - Configuring ACI Connectivity to Outside Networks
Lesson 1: Overview of External Connectivity
- Use Cases
- Options
- What is a Network on APIC?
- Relationship to Rest of Components
- Policy View
- Important Concepts- Inside Outside
- Internal EPG to External EPG
- External EPG to Internal EPG
- Scaling
- SVI Connection
- ACI Layer 3 Outside Connection IP Multicast Traffic
- Extended Layer 2 Domain Out of ACI
- STP Interaction
- BPDU Flooding
- ACI Layer 2 External Connections STP TCN Snooping
- Local Loop Detection
- Summary
Lesson 2 Layer 3 Outside Connectivity & Configuration
- L3 Outside Connectivity
- Layer 3 Connection Options
- Route Redistribution
- OPSFv3 Peering Considerations
- Route Redistribution with OSFPv2
- ACI as a Layer 3 Stub Network
- EIGRP Peering Considerations
- IBGP Peering Considerations
- EBGP Considerations
- Configuring L3 Outside
- Route-Reflector Configuration
- Route Reflector Configuration-Pod Policy Group
- Route Reflector Configuration Applying Pod Policy
- Verifying Route Reflector Configuration
- CLI-Option BGP Route-Reflector
- Preparing the Fabric for L3 Out
- Tenant- External Routed Out
- Tenant- External Node
- Tenant- Interface Profile
- Tenant- Example - SVI Interface
- Tenant- External EPG
- Verifying the L3 External Out Configuration- OSPF
- Verifying the L3 External Out Configuration- EIGRP
- Verifying the L3 External Out Configuration- BGP
- Configuring Layer 2 Outside
- L2 Bridged Outside Concept
- Tenant- External Bridged Out
- Tenant-L2 EPG Profile
- Verifying the L2 External Out Configuration
- Summary
Module 5: Cisco ACI - L4-L7 Services
Lesson 1 Service Insertion Concepts
- Device Packages
- Device Cluster
- Programmability
- Programming Options
- Device Packages
- Developing Device Specifications
- Opflex is a Flexible, Extensible Policy Protocol
- Opflex Uses a Declarative Model
- Service Insertion
- Service Insertion
- Redirection to Multiple Services
- Service Graphs
- Where are Service Graphs Helpful
- Service Graph Parameters
- Service Graph Rendering
- Summary
Lesson 2 Configuring L4-L7 Devices
- Configuring The Concrete Device
- Configuring the Functional Profile
- Configuring a Service Graph
- Summary
Module 6: Cisco ACI - Administration & Troubleshooting Tools
Lesson 1 Administration & Troubleshooting Tools
- RBAC, Firmware, & Backups
- RBAC
- Security Domains
- Users
- Roles
- Applying Security Domains & Roles
- LDAP/RADIUS/TACACS+
- Firmware
- Prior to Upgrading
- Uploading Code to the APIC
- Firmware Repository
- Upgrading the Controller
- Firmware Groups
- Maintenance Groups
- Upgrading the Nodes
- Backups
- Defining Remote Locations
- Snapshot Feature
- Import
- Configuration Rollbacks
- Troubleshooting, Faults & Monitoring
- Troubleshooting
- Troubleshooting Philosophy
- Troubleshooting Example
- Possible places to begin-Operations Tab
- Possible Fix Points
- Faults
- Fault Overview
- Fault Properties
- Isolating Faults through Health Checks
- Isolating Faults through Health Checks(Cont.)
- Isolating Faults through Health Checks(Cont.)
- Isolating Faults through Health Checks(Cont.)
- Isolating Faults through Health Checks(Cont.)
- Isolating Faults through Health Checks(Cont.)
- Isolating Faults through Health Checks(Cont.)
- Other Troubleshooting Tools
- Monitoring
- Summary
Module 7: Cisco ACI - Demonstrating ACI Network Programmability & Orchestration
Lesson 1 Need for Programming
- The Business Need for Network Programmability
- ACI Programmability
- ACI Open APIs & Ecosystem
- API Protocols
- How is REST Used?
- Summary
Lesson 2 JSON & XML
- What is XML?
- What is JSON?
- Evaluating XML & JSON
- Northbound: REST API, Python, Puppet, Chef, Openstack
- ACI Fabric-Attached Device API- OpFlex
- Southbound: Layer 4 to Layer 7 Scripting API
- Cisco DevNet- New Developer Program from Cisco
- Community Code Development
- Summary
Lesson 3 Programmability with REST API
- What is REST?
- REST APIs
- Configuration & the RESTful API
- What is RPC used for?
- The ACI APIC Object-Based Tree
- APIC REST API Operations
- APIC REST API Message Format
- dMIT Queries
- Summary
Lesson 4 Orchestration
- Opflex is a Flexible, Extensible Policy Protocol
- Opening the ACI Policy Engine with OpFlex
- How OpFlex Works-Simplified
- Opflex Protocol
- Opflex Protocol Messages
- Example OpFLex Plus Open vSwitch
- Opflex-Declarative Models
- OpenStack-Enabling the Cloud
- Two Option from OpenStack APIs
- Neutron API
- Group Policy API
- Group Based Policy in OpenStack
- Group Policy Model
- OpenStack ACI Integration
- Group-Based Policy Workflow
- OpenStack APIC Plug-in Details
- OpenStack Group Policy Details
- OpenStack Group Policy Plus OpFlex
- Application Policy in OpenDaylight
- Open Policy Exposed Through OSS Tools
- Summary
Module 8: Cisco ACI - Practical Review
Lesson 1 Attaching Appliances to the Fabric
- How does the Network Look Today
- Common Physical Design
- Virtual Design
- Physical Server
- Network Design
- Storage
- Spine & Leaf
- New Hardware Approach
- Attaching the Virtual Appliances
- Physical Server
- L4-L7 Services
- Storage
Lesson 2 Policy & Application Mapping
- Planning the Application EPG Connectivity
- Identify the Endpoints
- Who talks with whom?
- Network Centric Model
- Application Centric Model
- Planning Filters
- Assigning Filters to Contracts
- Assigning Contracts
- Bridged & Routed Outside
- Identify the Connection Type
- Basic Layout- No Security
- Service Insertion
- Service Insertion Considerations
- Service Insertion Internal
- Service Insertion External to Fabric
- Summary
Lab Outline
(Using Cisco ACI Release 1.2(x) OS version)
Lab 1: Accessing the Remote Lab Environment
- Connect to the Remote Lab Environment
Lab 2: Initiate ACI Fabric Discovery (Instructor Demo)
- Log in to the APIC Controller (Instructor Demo)
- Register the Cisco Nexus 9000 Switches to APIC-1 (Instructor Demo)
- Navigate Through the APIC GUI to Familiarize Yourself with the Fabric
Lab 3: Configure Basic Network Constructs
- Create a Tenant
- Create a Context
- Create a Bridge Domain
Lab 4: Configure Policy Filters & Contracts
- Create Filters
- Create Contracts
Lab 5: Deploy a Three-Tier Application Profile
- Create Application Profile
Lab 6: Deploy a Service Graph with Application Profile
- Import Device Packages (Instructor Demo)
- Create Device Cluster for the ASA
- Create Service Graph
- Create a Bridge Domain for the ASA
- Create Logical Device Context for ASA
Lab 7: Register a VMM Domain with ACI
- Register VMware vCenter to APIC by Creating a vCenter Domain
- Create vCenter Credentials & Server Object
- Verifying APIC Connection to vCenter Server
Lab 8: Configure VMware ESXi Hosts to Use the APIC DVS
- Add ESXi Hosts to APIC DVS
Lab 9: Associate an EPG to a VMware vCenter Domain
- Associate vCenter Domain to App_EPG
- Associate vCenter Domain to DB_EPG
- Associate vCenter Domain to Web_EPG
Lab 10: Associate a VM to an EPG Port Group
- Connect to Your vCenter Server Using the vSphere Client
- Edit Web-Server Settings
- Edit App-Server Settings
- Edit DB-Server Settings
Lab 11: Configure APIC Using the REST API
- Open the Postman Plugin for Google Chrome
- Create an Application Profile Using the REST API
Lab 12: Exporting Contracts between Tenants
- Create a Filter
- Export a Contract
- Create a Host Subnet & Add a Contract to EPG in the First Tenant
- Confirm the Exported Contract, Create a Host Subnet in the Second Tenant, & Add a Consumed Contract Interface
Lab 13: Configure APIC Using the ACI Cobra SDK (Python)
- Configure the Communication Policy
- Review a Python Script
- Use a Python Script to Create a Tenant
Lab 14: Configure APIC to Communicate to an External Layer 3 Network
- Configure MP-BGP Route Reflectors (Instructor Demo)
- Configure External L3 Network
- Create Application Profile to Propagate Internal Public Routes
- Associate an L3 Outside Connection to a Bridge Domain
- Verify That the Leaf Is Learning OSPF Routes
- Configure Contract between the External EPG & Internal EPG
Lab 15: Configure APIC to Communicate to an External Layer 2 Network
- Create an External Bridged Network
- Configure an Attachable Entity Profile to Selectively Allow VLAN Traffic
Lab 16: Configure APIC for Bare Metal to Bare Metal Communications
- Configure APIC Fabric for Bare Metal Communications
- Configure Tenant for Bare Metal Communications
- Verify Bare Metal Communications
Lab 17: Monitor & Troubleshoot ACI
- View Faults Using the APIC GUI
- View Events Using the APIC GUI
- Using the API Inspector
- Using the Managed Object Browser (Visore)
- Configuring Syslog Monitoring
Lab 18: Configure APIC RBAC for Local & Remote Users
- Create a Security Domain & Map to Your Tenant
- Configure Local Users & Roles for your Tenant Security Domain
- Create a RADIUS Security Domain & Map to your Tenant
- Create a AAA Login Domain for RADIUS Authentication
- Test RADIUS Authentication & Authorization