Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy...

76
Cisco ACI Multicloud DC Networking Pepa Venzhöfer Systems Engineer DC, CCIE DC#59794 5.2.2019

Transcript of Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy...

Page 1: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Cisco ACI

Multicloud DC Networking

Pepa VenzhöferSystems Engineer DC, CCIE DC#59794

5.2.2019

Page 2: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Remote Leaf / Virtual PoD APIC / Multi-Site Multi-Cloud Extensions

ACI Anywhere - VisionAny Workload, Any Location, Any Cloud

ACI Anywhere

IP WAN

IP WAN

Remote Location Public CloudOn Premise

Security Everywhere Policy EverywhereAnalytics Everywhere

Page 3: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Software Release Timeline

Q4 2016 Q2 2017 Q3 2017 Q4 2017 Q1 2018Q1 2017

ACI 2.1

ACI 2.2

Long Lived Releases

ACI 3.2(x)

ACI 2.1(x)

ACI 2.3

ACI 3.0

ACI 3.1

Maintenance Releases =>

Target – One Release Every Four Months.

ACI 2.0(2)

ACI 2.1(2)

ACI 2.2(2)

ACI 2.3(2)

ACI 3.0(2)

ACI 2.2(x)

ACI 3.1(2)

Q2 2018

ACI 3.2

ACI 4.0

Q3 2018 Q1 2019

ACI 3.2(2)

ACI 4.0(2)

ACI 4.1

Major Releases =>

Page 4: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Long Lived Releases

Two Long Lived Releases At Any Given Point of Time 1

Active Maintenance Wil l Be Primarily Focused On Long Lived Release2

Target Duration Of Long Lived Release Support: Up to 18 Months From FCS

Direct Upgrade From One Long Lived To Next Long Lived Release Wil l Be Supported

Long Lived Releases Are Recommended For Networks That Wil l Not be Upgraded Frequently

3

4

5

ACI Software Release Guideline

Short Lived Releases

No Active Maintenance Beyond Six Months From FCS1

Page 5: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Networking Infrastructure: Nexus 9000 Series Platforms

ACI Software Enablement

Page 6: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Spine: N9K-C9332C 32p 40/100G QSFP28

▪ 1RU Form Factor To Support Small Scale ACI Fabric Deployments

▪ Telemetry –SSX Support

▪ Encryption Support On The Last 8 Ports

▪ 10G Support With QSA At FCS

▪ Support For AC/DC/HVDC PSU At FCS On Port-side Exhaust And Port-side Intake

▪ Optics Support Parity With Existing Products

▪ Transition 1st Gen Nexus 9336PQ Product

N9K-C9332C

ACI 4.0

Page 7: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Leaf: N9K-C93240YC-FX248p 1/10/25G SFP28, 12p 40/100G QSFP28

▪ ACI Access Leaf

▪ Flexible Speed 1/10/25/40/100G Ports

▪ Line-rate MACSEC Encryption

▪ 40MB Buffer (10MB Per Slice, 20MB Shared) With Smart Buffer Feature

▪ 1:1 Oversubscription for High Bandwidth Applications

▪ FEX Support

▪ Telemetry – FT, FTE and SSX

▪ Flexible TCAM Templates

N9K-C93240YC-FX2

ACI 4.0

Page 8: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Software EnablementNexus 9000 & APIC Hardware

Nexus Foundation: CloudScale Platforms

Nexus 9300

Nexus 9500

ACI

Futures

Nexus C93216TC-FX2 96p 10GT

12p 100G QSFP28

ACI

4.0APIC-CLUSTER-M3(< 1200 Leaf Ports)

Nexus C93240YC-FX248p 1/10/25G SFP28,

12p 40/100G QSFP28

ACI

3.1(2x)Nexus 9336C-FX236-port 40/100G QSFP28

ACI

3.1Nexus N2K-C2348TQ-E48p 1/10G + 6p 40G QSFP+

ACI

4.0

Nexus 9332C –

Fixed Spine32p 40/100G QSFP28, 2p 10G

APIC-CLUSTER-L3(>= 1200 Leaf Ports)

ACI

4.0

ACI

Futures

Nexus C93360YC-FX296p 25G SFP28

12p 100G QSFP28

ACI

4.0

Page 9: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Remote Leaf

Page 10: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

IP Network (WAN Core – IPv4, MPLS, SR, etc …)

Site A Remote Location

Zero Touch Auto Discovery of Remote Leaf

Two Remote Leafs Up To 20 Remote Locations

Stretch EPG, BD, VRF, Tenant, Contract

Health Scores, EPG Stats

VMVMVM VMVMVMVMVMVMVM VMVMVMVM

Logical Connection To Spine

(VXLAN)

Port Speed:1/10/40/100G

Shipping since ACI 3.1 (Q1 CY 18)

ACI: Physical Remote Leaf

IP Reachability for VTEP address pool

Page 11: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

Remote Leaf RequirementsHardware & Software

ACI Main DC

Supported Spines

Fixed Spine• N9364C• N9332C (ACI 4.0)

Modular Spine (C9504/C9508/C9516)• N9732C-EX• N9736C-FX

Remote LocationSupported Leaf• N93180YC-EX• N93108TC-EX• N93180LC-EX• N93180YC-FX• N93108TC-FX• N9348GC-FXP• N9336C-FX2

All hardware from –EX onwards is supported

Page 12: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI Remote LeafPBR

IP Network (WAN Core – IPv4, MPLS, SR, etc …)

Main DC Remote Location

EP3EP1 EP2

EP1EPG1

EP2EPG2

ContractPBR to Service

Node at RL

L4-L7

Service Node

ACI 4.0

Page 13: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI Remote LeafInter-VRF Traffic

IP Network (WAN Core – IPv4, MPLS, SR, etc …)

Main DC Remote Location

EP3EP1

VRF1

EP2

VRF2

ACI 4.0

Page 14: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

NEW EP learning on RL during Spine failure

IP Network (WAN Core – IPv4, MPLS, SR, etc …)

Main DCRemote Location

EP3EP1

BD1

EP2

BD2

X X X X

ARP for EP2

t_glean process at RL will

initiate glean for discovery for

EP2 and EP2 will learn on RL

ACI 4.0

Page 15: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

IP Network (WAN Core – IPv4, MPLS, SR, etc …)

Main DC

Remote Location

EP3

100.1.1.2 100.1.1.2/32

External Client

WAN

20.20.20.0/24

20.1.1.1

Host route advertisement from BL

Local-Pod-L3out

RL L3out

EP1

100.1.1.1

100.1.1.1/32

Host route advertisement from RL

Host route advertisement from BL & RLIngress path optimization

ACI 4.0

Page 16: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

EP1

EP3

ACI Main DCPoD1

ACI Main DCPoD2

Remote LocationPoD1

Remote Location-2PoD2

ACI Remote LeafRL-to-RL Traffic Forwarding

ACI 4.1

EP3

EP2

Remote Location-1PoD2

Remote LocationPoD1

IP Network (WAN Core – IPv4, MPLS, SR, etc …)

Page 17: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

EP1

EP2

ACI Main DCSite1

ACI Main DCSite2

Remote LocationSite1

Remote LocationSite2

ACI Remote Leaf with Multi-SiteACI 4.1

IP Network (WAN Core – IPv4, MPLS, SR, etc …)

Page 18: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI 3.2 Release

FEX Support

ACI Virtual Edge

OpenStack, Kubernetes

Atomic Counters

ACI 3.1 Release

EX and FX Models

vMotion To Remote Location

VMware DVS, Hyper-V

Local Service Integration

ACI 4.1 Release

MACSEC

Local Switching at RL for PBR, Inter-VRF &

ERSPAN

EP Tracker & troubleshooting

wizard

Remote Leaf + Multi-Site

RL to RL direct forwarding

Leaning new EP when Spine is down

ACI 4.0 Release

128 ToRs

ACI Remote Leaf

Page 19: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Virtualization & Cloud Automation

Page 20: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2018 Cisco and/or its affiliates. All rights reserved .

ACI Virtual Edge

Maintain Existing Operational Models

Simple Transition/Migration AVS => AVE

Policy Consistency Across Multiple Hypervisors

AVS/AVE Feature Parity

Q1 CY18

Shipping Since ACI 3.1 (Q1 CY 18)

VMVMVM VMVMVMVM

ACI Virtual Edge (AVE)

ACI Virtual Edge

Hypervisor Dependent

VM VM VM VM VM VM

Hypervisor

Bare Metal Server

AVS

Hypervisor Agnostic

ACI Virtual Edge

VM VM VM

Hypervisor

Bare Metal Server

Native Switch

Page 21: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI 3.2 Release

L4-L7 Services

Health Monitoring

Remote Physical Leaf Support

Remote Storage Support

ACI 3.1 Release

VLAN, VxLAN

Micro-Segmentation

Distributed Firewall

Migration from AVS

ACI Future

Virtual Pod (vPod)

Proactive HA

VxLAN Load Balancing

Local Switching and Policy

Container L4-L7 Services

Multi NIC support

ACI 4.0 Release

Tetration Sensor

ACI: Virtual Edge (AVE)Roadmap

Page 22: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

IP Network

Cisco ACI Virtual PodExtend ACI to Bare Metal Clouds and Remote Data Centers

Bare Metal Clouds (IBM, OVH, etc.)

Remote Data Centers

Co-location Facilities

(Equinix, CoreSite etc.)

Brownfield Deployments

Remote location On-premises ACI Data Center

VMVMVM VMVMVMVM

VMVMVM VMVMVMVM

Hypervisor

Policy extension from

On-premise DC

ACI 4.1

Page 23: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI vPod RequirementsHardware & Software Components

Supported Spines

Fixed Spine• N9364C• N9332C

Modular Spine (C9504/C9508/C9516)• N9732C-EX with N9K-C950x-FM-E(2)• N9736C-FX with N9K-C950x-FM-E(2)

APIC Controller Software• ACI 4.0+ onward release

✓ VMware vCenter running 6.0 or later

✓ 2 hosts for Management cluster recommended

• Management & Payload Can Co-exist

✓ ESXi 6.0 or 6.5

• Each vSpine (x2) & vLeaf(x2) VM consumes 2vCPU, 8 GB RAM and 80 GB storage

• Each AVE (one per ESXi host) VM consumes 2vCPU, 8 GB RAM and 8 GB storage

vPod Data CenterOn-Premises Data Center

ACI 4.1

Page 24: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI vPod License Elements

Cisco ACI Virtual Edge (vPod Mode - per Workload Server)

ACI Virtual Edge

Management Cluster – per vPod

AVE (vPod Mode) – per Server

AVE (vPod Mode) – per Server

Up To 6 vPods In ACI 4.1 Release

Single License Per Management Cluster

Up to 64 AVE per vPodACI 4.1 up to 32

Software License Per AVE(AVE is NOT Licensed if Not In vPod)

AVE (vPod Mode) – per Server

ACI 4.1

Page 25: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

NodeNode

• Independent Openstack VMM domain and Openshift Container Domain

• Openshift Nodes run as Openstack instances connected to a special Neutron network with APIC extensions

• Opflex managed KVM-OVS and Openshift-OVS without double encapsulation.

• Both Openshift PODs and KVM instances are first class citizens.

• Supported with Red Hat OSP10 or higher and Openshift 3.9.

OpenShift on OpenStack integration with ACI

NodeOpFlex OVS

ACI Policies

Network Policy

Node

OpFlex OVS

Features

ACI 4.0

OpFlex OVSOpFlex OVSNova

Servers

KVM

VM

Neutron Policy

Page 26: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Supported Container Application Platforms

Baremetal ESXiKVM/

OpenStack

Open source Kubernetes Future

Openshift

Pivotal Cloud Foundry n/a Future

Docker EE (Kubernetes) Future Future Future

Mesosphere Future Future Future

Refer to the ACI virtualization support matrix for details:https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/aci/virtualization/matrix/virtmatrix.html

Page 27: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Multi-Tier

Page 28: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI: Multi-Tier Architectures

Seamless Migration From Legacy 3-Tier Architectures

Three Tier ACI Fabric

Vertical Expansion Of ACI Policy Domain

Investment Protection: Reuse Exist ing Cable Plan

Replace FEX Architecture With 2 nd Tier Leaf:Better Visibi l ity & Policy Enforcement

1

2

3VMVMVM VMVMVMVM

2nd Tier Leaf

1st Tier Leaf

Spine

ACI 4.1

Simplify N2/N5/N7k Migration to ACI4

Page 29: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

Multi-Tier Fabric TopologiesCable Plant Simplification

• Multi-Pod often used to support Multiple Blocks connected within the same DC (between halls, buildings, … within the same Campus)

• Multi-Tier provides another option to addresses Cabling limitations

• Ease Migrations from Nexus 7/5/2K designs

Inter-POD

And

WAN/DCI

ACI Pod

‘B’

ACI Pod

‘A’ACI Pod

‘E’

ACI Pod

‘D’

ACI Pod

‘C’

Page 30: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

Supported Platforms in ACI 4.1

Spine

Any next gen Spine (-EX/FX, N9364C)

1st Tier Leaf

Any –EX, –FX & -FX2 ToR (Exception:-N93180LC-EX)

2nd Tier Leaf

Any –EX, –FX & -FX2 ToRVMVMVM VMVMVMVM

Spine

1st Tier Leaf

2nd Tier Leaf

VMVM

Page 31: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

Connectivity requirement to 2nd Tier Leaf

• 2nd Tier Leaf fabric port connects to 1st Tier Leaf’s fabric port

• All ports of 1st Tier Leaf can be converted to fabric port using port profile feature

• 2nd Tier Leaf can connect to multiple 1st Tier Leaf. It could be an advantage for ACI design where customer can connect to more than 2 upstream switches in comparison to traditional double sided vPC design with only 2 upstream switches.

VMVMVM VMVMVMVM

Spine

1st Tier Leaf

2nd Tier Leaf

VMVM

Page 32: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Multisite

Page 33: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Multi-Site

VMVMVM

Site A

Site B

Site C

Site D

VMVMVM

Multi-Site Orchestrator

VMVMVM

VMVMVM

Policy Consistency

Single Point Of Orchestration

Availability Fault Isolation

Scale

Shipping Since ACI 3.0 (Q3 CY 17)

Consistent Policy across sites

Single Point of Orchestration

Fault Isolation

Scale

Page 34: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI 3.2 Release

Multi-Site + Multi-Pod

L4-L7 Services Support

Spine-Spine (Dark Fiber)

Consistency Checker

(Multi-Site, APIC, HW)

UCS-D Orchestration

(6.6)

Up To 10 Sites, 1200

Leafs

ACI 3.1 Release

Nexus 9364C (Fixed

Spine)

Multi-Site Health Check

External Authentication

Audit / Accounting Logs

Shared Golf

Up To 8 Sites, 800 Leafs

ACI 4.0 Release

CloudSec

L3 Multicast

2-Node Service Graphs (FW+SLB)

N9K-9332C Spine

Up To 12 Sites, 1200

Leafs

ACI: Multi-SiteRoadmap

ACI 4.1 Release

Inter-site L3out

Multisite + Remote Leaf

L1/L2 PBR Service Graphs

Physical Appliance

Patch API, Swagger

ACI Mini Support

Page 35: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI Release 4.1

MSC 2.1

18

1,800

400

1,000

4,000

4,000

4,000

500

400

Number Of Sites

Max Leafs (across sites)

Tenants

VRF

BD

EPGs

Contracts

L3Out (External EPGs)

Isolated EPGs

ACI Release 3.1

MSC 1.1

8

800

200

400

2,000

2,000

2,000

500

400

ACI Release 3.2

MSC 1.2

10

1,200

300

800

3,000

3,000

3,000

500

400

ACI Release 4.0

MSC 2.0

12

1,200

400

1,000

4,000

4,000

4,000

500

400

ACI Multi-SiteContinuous Scale Improvements

Page 36: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Anywhere Extension to Cloud

Page 37: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

VMVMVM

Site A

Site B

Site C

Site D

VMVMVM

ACI Extensions To Multi-Cloud

ACI Multi-Site Appliance

Consistent Network and Policy across clouds

Seamless Workload Migration

Single Point of Orchestration

Secure Automated Connectivity

Page 38: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

AWS Region

On-Premises

VMVMVM

Public CloudSite A Site B

Multi-Site

Infra VPC

AWS Direct ConnectRouters

CSR1000V

DX Location

Colocation

Customer Router

Amazon VGW

Customer Premise Router

User VPC-1

AWS Instances

CSR1000V

User VPC-2

AWS Instances

CSR1000V

BGP EVPN Control Plane

VXLAN TUNNEL (DATA PLANE)

OVERLAY

ACI Anywhere: On-Prem Connectivity To AWSVPC With Direct Connect + VPN

ACI 4.1

Page 39: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI AnywhereRoles of MSO & Cloud APIC

MSO Cloud APIC (cAPIC)

Physical & Cloud Site:• Registration• On-Prem and Cloud sites inter-connectivity• Tenant Creation across On-Prem and Cloud sites

cAPIC Cluster:• Defines 1 cloud site with multiple regions• Zero touch provisioning of cloud infra VPC• Manages the lifecycle of CSR across all regions• Renders ACI policy model in any public cloud• Manages cloud health

Usecases:• VRF and EPG stretch• Contracts between On-Prem and Cloud EPGs• Cloud and On-Prem Shared Services • L3out cloud and on-prem• L4-L7 Application LB

ACI Policy and Networking:• ACI policy translation to cloud native policy (AWS,

Azure, GCP, etc …)• ACI policy enforcement using cloud native

constructs and vice versa• Provision underlay for connecting other cloud and

On-Prem sites• Auto-provisioning and scale resources based on

usage

Page 40: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI AnywhereRoles of MSO & Cloud APIC

MSO Cloud APIC (cAPIC)

Import and Deploy:• Brownfield templates from cAPIC• (eg. site1::region-us-east1 => site2::region-us-

west1)

Imports and Deploy:• Brownfield cloud deployments into ACI policy • (eg. site1::region-us-east1 to site1::region-us-

east2)

Migration between On-Prem to Cloud and vice-versa Supports cloud first deployment across all regions

Operations: • Day 1: On-Prem and cloud site• Day 2: Health, trouble-shooting and monitoring

Supports consuming all public cloud native services

Page 41: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI 4.1

APIC Site 1

Physical

cAPIC Site 2

AWS

Tenant 1

Stretched VRF1

BD/Subnet1

Web-EPG1

BD3/Subnet3

App-EPG1

CIDR 2

Web-EPG2

CIDR 4

App-EPG2

C1

Multi-Site Orchestrator

C1 C2C2

AWS: Use Case-1Stretched VRF with Inter-Site Contracts

Page 42: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

AWS: Use Case-2Stretched EPG

APIC Site 1

Physical

cAPIC Site 2

AWS

Tenant 1

VRF 1

BD1/Subnet1 CIDR 2

CIDR 4BD2/Subnet3

Multi-Site Orchestrator

Stretched EPG - Web

Stretched EPG - App

C1

ACI 4.1

Page 43: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI 4.1AWS: Use Case-3Inter-Site Shared Services

APIC Site 1

Physical

APIC Site 2

Physical

APIC Site 3

Physical

cAPIC Site 3

AWScAPIC Site 4

AWS

Tenant 1

VRF 1

BD1/Subnet1 BD1/Subnet2

BD2/Subnet4 BD2/Subnet5

Web-EPG

App-EPG

Tenant 2

VRF 2

CIDR 1

VRF Route Leaking

Provider

Multi-Site Orchestrator

C1

C2

CIDR 2

DNS – Stretched EPG

Page 44: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI 4.1AWS Use Case-4L3out Cloud and On-Prem

On-Premise

Multi-Site Orchestrator (MSO)

Public Cloud

Site B

Infra VPC

AZ-1 AZ-2

Region 1

CSR CSR

Site A

User VPC -2

VGW

User VPC - 1

VGWIPSec / GRE Tunnel IPSec Tunnel

EPG-1 EPG-3EPG-2EPG-1

SG-1 SG-1 SG-3SG-2

Instance 01 Instance 02 Instance 03 Instance 04

IGWIGW

L3outL3out

L3out• Cloud local L3out

via IGW

Page 45: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI 4.1AWS: Use Case-5L4-L7 Services – Application Load Balancer

L3Out (0.0.0.0/0)

AZ1

AZ2

Subnet-1

Subnet-2

IGW

Page 46: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

Future

Azure, GCP

Cloud Native Services

using ACI Policy

SD-WAN Integration

L4-L7 FW Services

Telemetry and

Operations

Interconnect via DX and

Express Route

ACI 4.1 Release

ACI-AWS Launch

cAPIC Policy Translation

CSR Interconnect

Automation

MSO Public Cloud

Operations

AWS ALB support

4 Cloud Sites and 18

Physical Sites

ACI Anywhere Public Cloud Roadmap

Compliance and Security

Governance

L2 Mobility without re-IP

CSR in User VPC

Tetration Integration

CloudCenter Integration

Elastic BM

Page 47: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Security

Page 48: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2017 Cisco and/or its affiliates. All rights reserved.

ACI 2-Factor Authentication Options

VMVMVM VMVMVMVM

External Authentication

via SAML and IDPs supported Okta &

MSFT ADFS

Local AuthenticationTOTP using Google Authenticator for 2nd

factor pin/barcode

RSA SecureID PingFederate SSO PingID 2-FA

Federal Common Access Card (CAC)

ACI 3.0 ACI 3.0 ACI 3.1 ACI 3.2 ACI 4.0

Page 49: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2017 Cisco and/or its affiliates. All rights reserved.

Certification ACI

Certified

Certified

Certified

Certified

Vulnerability Scanners• Nessus, Fuzzing, etc … • Port Scan, AppScan

Certified(Ran every release)

Security Certifications ACI 4.0

Page 50: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2017 Cisco and/or its affiliates. All rights reserved.

ACIStretchFabric

Spine

Leaf

IPN/WAN

DCI (N7k/ASR9k)N7k/ASR9k

Generate Keys for

Every Link Segment

Border Leaf

Vmware AVS

3. Multi-POD or GOLF

1. Fabric Links

2. Stretch Fabric

2. Border Leaf to DCI

1. Fabric Links

MACSEC Link EncryptionMKA Key Exchange

APIC Centralized Key Management

MACSEC for Fixed SpinesShipping Since ACI 3.1

Support For Fixed Spines:• N9k-9364C• N9k-9332C

New

Page 51: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

Multi-Site

IP / WAN

Site A Site B

VMVMVM

Site C

MACSEC MACSEC

CloudSec

Today Future

ACI AnywhereEncrypted DCI Connectivity

ACI 4.0

New

Page 52: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Usability and Operations

Page 53: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

Root Cause? Prevention? Evidence?

Capacity Planning? Uptime? Remediation?

Network Admin Operational Challenges

Page 54: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Event Analytics

Presentation ID 54

ACI: Introducing Network Insights-ResourcesUnderstand What’s Running In Your Network

Flow Analytics

Resource Analytics

ACI Network Insights Resources

Deep Insights Into Network Health (Control Plane, Data Plane, Capacity, Utilization and Environmental Health)

Limited Availability

Page 55: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

ACI: Network Insights-ResourcesUnderstand What’s Running In Your Network

ResourceAnalytics

Data Collection

Anomaly Detection

Remediation

Event Analytics Dashboard Displays Faults, Events, And Audit Logs In A Time Series Fashion.

Event Analytics Dashboard

Limited Availability

Page 56: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

ACI: Network Insights-ResourcesUnderstand What’s Running In Your Network

Flow Analytics Dashboard Displays Key Indicators Of Infrastructure Data Plane Health.

Flow Analytics DashboardFlow Anomalies

Packet Drops

Latency

End Point Move

Limited Availability

Page 57: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI 4.0 GUI Enhancements

Configuration

• Fabric Membership Simplification

• L3out Simplification

• Admin Module Simplification

• vPod, Multi-pod Workflow Simplification

• Service Parameter Consolidation

• APIC Upgrade improvements

• Application Tab: Context Saving

Operations

• Show User Activity

• Configurable Capacity

Dashboard

• Tech Support Simplification

• TWS Usability Improvements

Usability

• New APIC Alerts

• Share Session Across Multiple Tabs

• Enhanced Capacity Dashboard

• APIC Upgrade.

ACI 4.0

Page 58: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Integrations

Page 59: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

100 SGT, 64K Bindings on Border Leaf with ISE 2.4 and ACI 3.2 onwards

TrustSec and ACIBorder Leaf Leveraging IP Based EPG

Shipping Since ACI 2.3

Page 60: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Mapping Application And Service

Components To ACI(Standalone App)

[Beta]

Mapping Application And Service

Components To ACI(Standalone App)

[GA]

Cross Launch AppDynamics and APIC To Correlate

Network And Application Data

Baseline Application Health Status In AppDynamics By

Correlating ACI MO Health And Faults

Micro-segmentation Based On Application

Tiers

ACI

4.0ACI 4.1 ACI 4.1 Future Future

Network & Application Health

Correlation

VMVMVM VMVMVMVM

APPDYNAMICS

ACI: AppDynamics IntegrationIdentify Problems Faster By Correlating Applications & Network Data

Page 61: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Hardware Sensor Support On Nexus

9000 EX and FX Leafs &

FX Spine Line Cards

Tetration NPMD Support For ACI Fabric

(Single Fault Domain)

Tetration NPMD Support For

Multi-Site, Multi-Pod, Remote Leaf

Hardware Sensor Support On Nexus 9000 EX Spine Line

Cards

Standalone Application To Generate ACI Policy

From Tetration ADM Output

Shipping Shipping Future ACI 4.1 ACI 4.1

ACI: Tetration Integration Capture Intent & Translate To ACI Policy

Tenant and Application Policy Requirements (ADM)

Rich Telemetry Data from Hardware (Nexus 9000)

Cisco Tetration™ Platform

Cisco ACI Fabric

Page 62: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

San FranciscoData Center

Multi-Site

New York Data Center

vEdge vEdgeSD-WAN Fabric

Region EastRegion West

Los AngelesBranch

Chicago Branch

ACI: SD WAN (Viptela) IntegrationExtend Operational Domain And Policy To Branch & Public Cloud

vManage

MPLS Internet

FW

Web

server

App

serverDB

server

Subnet 10.1.1.0/24

FW

Web

server

App

serverDB

server

Subnet 10.121.0/24

1App Policy Determines Routing Path Between

Branch And Data Center To Meet SLA

1

2

2Optimal Path Selection

Between On-PremApps and Services

Hosted In Multi-Region AWS

ACI 4.1

Page 63: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco ACI Config Management

Support for Puppet and Ansible

• Ansible

• Tenant, Fabric Access, L3Out, AAA Policies

• 55 ACI Modules

• Puppet New

• Tenant Policies - 11 New Types and Providers

• Availability

• Ansible – Ansible Core (2.4 and 2.5)

• Puppet – GitHub now; Puppet Forge soon

• https://github.com/cisco/ciscoacipuppet

New

Page 64: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Other Improvementsand Features

Page 65: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Infrastructure EnhancementsACI 4.0

Deployment

Networking

OperationsAppD Integration

(App Center)

Network Insight

Resources App

(App Center)

New Troubleshooting Wizard

FC NPV Inter-VRF L3 Multicast AVE Enhancements

Dot1x for IP Phone

Policy Indirection

Host Route On Border LeafRoCE v2

Page 66: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI Fabric Scale

ACI 3.0

50

3K

256

512

256

16

1024

4k

250

8k

Max. Number of EPs

# of VRF Per Tenant

Max. # of VRF

Max. # of BDs per VRF

Max. # Of Subnets / BD

Common Pervasive Gateway/BD

vzAny Contracts / VRF

# of IP’s per MAC

IP-based EPG

External EPG / L3 Out

# of Multicast Groups

ACI 3.1

128*

3K

1k*

1k*

256

16

1024

4k

250

8k

ACI 3.2

128

3K

1k*

1k*

256

16

4K

4k

250

8k

ACI 4.0

128

3K

1k*

1k*

256

16

4K

4k

250

32k

Depends On Profile - See Verified Scalability Guide

Cisco ACI Verified Scalability Guide:https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/3-x/verified_scalabilty/b_Verified_Scalability_3_1_1x_and_13_1_1x.html

Page 67: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Tile Profiles: ACI 4.0

Default Profile

Policy Heavy

L2-Only Mode

Multicast Scale

Flexibility To Choose tile

Profile Based On Your

Infrastructure Needs

Tile (Total = Local+Remote) Scale

EP MAC 64k

EP IPv4 64k

IPv4 Host route + EP IPv4 +

Multicast96k

EP IPv6 48k

LPM 38k

Policy 128k

Multicast 32k

High Dual-Stack

(FX – Leaf Switches Only)

Page 68: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI: FCoE NPV and FC NPV Support

FCoE NPV FC NPV FC Switching

N9k-93180YC-EX Shipping N/A N/A

N9k-93180-LC-EX Shipping N/A N/A

N9k-93180-YC-FX Shipping ACI 3.2 (Q2-CY18)

▪ FC NPV 8/16G Uplink SAN Switch support

Future

N9k-93180-YC-FX Shipping ACI 4.0 (Q3 CY 18) ▪ FC NPV Host port support

▪ Trunking and Port Channel support on FC Uplink

▪ San Boot

Future

N9K-C93360YC-FX2 Future Future Future

New

Page 69: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

ACI: Mini ACI Fabric

Cloud

Optimized Physical Footprint – 5 RU System

ACI Fabric For Small Scale Deployments

VMLeaf 1 – 48 ports

Leaf 2 – 48 ports

Spine 1

Spine 2

APIC

VM

ACI 4.0

No. of EPGs

No. of Tenants

No. of Spines

No. of Leafs

No. of BDs

No. of EPs

No. of VRFs

1000

25

2

2-4

1000

20,000

25

Virtual APIC

Physical APIC

2

1

Promotion PID List Price

Step1:

Spines PLUS Controller Kits

ACI-C9332-VAPIC-B1(Consists of 2x N9K-C9332C + 1x APIC-CLUSTER-XS*)20% discount

$83,600

Step 2:

N9300 Starter Kits (2 –pack)

Ex: N9K-C93180-EX-B24C(Consists of 2x N9K-C93180YC-EX+ 8x 100G Optics) 10% discount

$55,000

Step 3:

ACI Leaf License

2x ACI-ES-XF $30,000

Total $168,600

Page 70: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI: Mini ACI Fabric

Fabric Scope (4.0)

Single Pod and Single Site

200 Edge Ports per APIC-CLUSTER-XS

No support for Remote Leaf, GOLF and vPod

vAPIC Config

ESXi 6.5

8 vCPU

32G Memory

HDD 300G & SDD 100G local storage

ACI 4.1 Enhancements

Mini ACI with Multi Site Support

Page 71: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Licensing

Page 72: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Data Center Networking Subscription Offers

Cisco Software Support Service (SWSS) included in all subscriptions

Cisco Nexus® 9000 Series

ACI Essentials - subscription

Network Services

ACI Base

LAN Enterprise

DCNM LAN

Streaming Telemetry

PTP

ACI Multi-pod

3/5 Year SubscriptionsSingle SKU

Single data center

ACI Advantage - subscription

ACI Essentials

VPN Fabric

3/5 Year SubscriptionsSingle SKU

ACI Multi-site

Physical Remote Leaf

Multiple data centers and/or

clouds

ACI Essentials

3/5 Year SubscriptionsSingle SKU

Network Assurance Engine

ACI Advantage

ACI Premier - subscription

Multiple data centers and/or clouds with highest innovation

Appliances (APIC, ACI Multi-site controller vApp, and NAE vApp) are separate purchases.

Page 73: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved.

ACI: SMART Licensing Recap

Registration Recommendation Duration

• 120 days evaluation period

• No Functionality Impact At End Of Evaluation Period

Impact?

• No functionality impact to ACI fabric based on Smart Licensing status

Support

• Smart License Feature Will Be Supported On ACI From Release 3.2 Onwards

• APIC Will Have Workflow To Register With Cisco Smart License Manager

• Register APIC to track yourlicense usage and compliance

Create Smart Accounts While Placing New Orders With ACI Licenses

Page 74: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Summary

Page 75: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Remote Leaf / Virtual PoD APIC / Multi-Site Multi-Cloud Extensions

ACI Anywhere

IP WAN

IP WAN

Remote Location Public CloudOn Premise

Security Everywhere Policy EverywhereAnalytics Everywhere

Cisco ACI AnywhereAny Workload, Any Location, Any Cloud

Page 76: Cisco ACI Multicloud DC Networking€¦ · Security Everywhere Analytics Everywhere Policy Everywhere. ACI Software Release Timeline Q4 2016 Q1 2017 Q2 2017 Q3 2017 Q4 2017 Q1 2018

Thank you