© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 16
White Paper
The Cisco Application Policy Infrastructure
Controller
Introduction: What Is the Cisco Application Policy Infrastructure Controller?
The Cisco
®
Application Policy Infrastructure Controller (referred to as the APIC) is a distributed system
implemented as a cluster of controllers. The APIC provides a single point of control, a central API, a central
repository of global data, and a repository of policy data for the Cisco Application Centric Infrastructure (ACI).
The Cisco ACI is conceptualized as a distributed overlay system with external endpoint connections controlled and
grouped via policies. Physically, ACI is a high-speed, multipath leaf and spine (bipartite graph) fabric.
The APIC is a unified point of policy-driven configuration. The primary function of the APIC is to provide policy
authority and policy resolution mechanisms for the Cisco ACI and ACI-attached devices. Automation is provided as
a direct result of policy resolution and of rendering its effects onto the Cisco ACI fabric.
The APIC communicates in the infrastructure VLAN (in-band) with the Cisco ACI spine and leaf nodes to distribute
policies to the points of attachment (Cisco leaf) and provide a number of key administrative functions to the Cisco
ACI. The APIC is not directly involved in data plane forwarding, so a complete failure or disconnection of all APIC
elements in a cluster will not result in any loss of existing datacenter functionality.
In general, policies are distributed to nodes as needed upon endpoint attachment or by an administrative static
binding. You can, however, specify “resolutional immediacy,” which regulates when policies are delivered into
Cisco nodes. “Prefetch” or early resolution is one of the modes. The most scalable mode is the “just-in-time mode,”
in which policies are delivered to nodes just in time upon detection of the attachment. Attachment detection is
based on analysis of various triggers available to the APIC.
A central APIC concept is to express application networking needs as an extension of application-level metadata
through a set of policies and requirements that are automatically applied to the network infrastructure. The APIC
policy model allows specification of network policy in an application- and workload-centric way. It describes sets of
endpoints with identical network and semantic behaviors as endpoint groups. Policies are specified per interaction
among such endpoint groups.