Cisco ACI is a tighly coupled policy-driven solution that integrates hardware and software in which the switches are based of the Nexus 9000 product line and an APIC controller which runs in the Cisco UCS platform. The software that runs in the APIC controller is an image which contains the ACI policy model and becomes the Single Paned Glass to manage and operate the Cisco ACI fabric. The software that runs in the switches is a single binary image for both fix and modular chassis providing an easy way to manage software within the switches in the fabric.
Cisco ACI has become the standard SDN solution for many customers across different industries. One of the main reasons for this is because of its flexibility to manage and have visibility into different environments including Virtual, Physical and Container. ACI's architecture is based on a spine-leaf (CLOS) model where ECMP is leveraged between the spine switches and leaf switches, thus providing IP redundancy across the entire fabric. W ithin the fabric, ACI uses standard VXLAN in order to forward data between any device within the fabric.
Cisco ACI can also support L4-L7 devices within the fabric in order to provide the automation requirement for advanced security features, load balancing capabilities, monitoring, etc. Cisco ACI supports different vendors including Cisco, F5, AVI, etc. Please check the following link to obtain the latest support matrix:
Because of their success with ACI, customers started asking how they could extend the ACI policy outside of their single Data Center. Therefore, from these requests, a vision to extend the ACI policy outside the initial Data Center has been introduced as the "ACI Anywhere" concept. Customers can now connect multiple Data Centers with the Cisco MultiSite Orchestrator (MSO), also referred to as the Cisco MultiSite Controller (MSC), where the MSO becomes your geographical data center Single Pane of Glass. It is used to handle the visibility into various data center sites and the rendering of the policies across the respective data center sites. Another feature that customers can leverage is the "Remote Leaf" concept, where customers can extend ACI to Satellite Data Centers. Also, customers can extend the same ACI Policy to Bare Metal clouds and Remote Data Centers with "Cisco ACI vPOD". Lastly, Cisco ACI Policy framework can be extended to any Public Cloud such as AWS, Google Cloud and Azure.
Below is the ACI Anywhere vision for your reference.
Cisco APIC serves as the single point of automation and fabric element manager in both physical, virtual and container environments. As a result, operators can build fully automated and scalable multitenant environments.
Cisco APIC is a unified point for policy-based configuration expressed through group-based policy with the idea to make it simple for the operators.
Cisco APIC attributes and features include the following:
Cisco APIC communicates with the Cisco ACI fabric to distribute policies to the points of attachment and provide several critical administrative functions to the fabric. Cisco APIC is not directly involved in data-plane forwarding, so a complete failure or disconnection of all Cisco APIC elements in a cluster will not result in any loss of forwarding capabilities, increasing overall system reliability.
In general, policies are distributed to nodes as needed upon endpoint attachment or by an administrative static binding, allowing greater scalability across the entire fabric.
Cisco APIC also provides full native support for multitenancy so that multiple interested groups (internal or external to the organization) can share the Cisco ACI fabric securely, yet still be allowed access to shared resources if required. Cisco APIC also has full, detailed support for role-based access control (RBAC) down to each managed object in the system, so that privileges (read, write, or both) can be granted per role across the entire fabric.
Cisco APIC also has completely open APIs so that users can use Representational State Transfer (REST)-based calls (through XML or JavaScript Object Notation [JSON]) to provision, manage, monitor, or troubleshoot the system. Additionally, Cisco APIC includes a CLI and a GUI as central points of management for the entire Cisco ACI fabric.
The Cisco ACI Fabric is built around a set of hardware to provide the most scalable, extensible, simple, flexible, and efficient network in the industry. The Cisco ACI fabric is designed to address both today's and tomorrow's requirements:
In the next section, you will examine how the APIC is initiated before examining the APIC and fabric connectivity.