Cisco ACI Cookbook

所需积分/C币:9 2017-05-16 19:59:44 26.69MB PDF
收藏 收藏

Stuart Fordham, "Cisco ACI Cookbook" English | ISBN: 1787129217 | 2017 | 330 pages | PDF | 27 MB Key Features Confidently provision your virtual and physical infrastructure for application deployment Integrate Cisco ACI with hypervisors and other third party devices Packed with powerful recipes to automate your IT operations Book Description Cisco Application Centric Infrastructure (ACI) is a tough architecture that automates IT tasks and accelerates datacenter application deployments. This book focuses on practical recipes to help you quickly build, manage, and adapt hybrid environment for your organization using Cisco ACI. You will begin by understanding the Cisco ACI architecture and its major components. You will then configure Cisco ACI policies and tenants. Next you will connect to hypervisors and other third-party devices. Moving on, you will configure routing to external networks and within ACI tenants, and also learn to secure ACI through RBAC. Furthermore, you will understand how to set up Quality of Service and network programming with REST, XML, Python and so on. Finally you will learn to monitor and troubleshoot ACI in the event of any issues that arise. By the end of the book, you will gain have mastered automating your IT tasks and accelerating the deployment of your applications. What you will learn Master the Cisco ACI architecture Discover the ACI fabric with easy-to-follow steps Set up Quality of Service within ACI Configure external networks with Cisco ACI Integrate with VMware and track VMware virtual machines Configure apply and verify the access policies Extend or migrate a VMware Virtual Machine LAN inside the ACI Fabric Monitor ACI with third party tools and troubleshoot issues
Creating Tenants How to do it 74 How it works 75 Configuring Bridge Domains 76 How to do it How it works 3 Configuring Contexts 85 How to do it 86 How it works 90 There's more 91 Creating Application Network Profiles 92 How to do it 94 Creating Endpoint Groups 96 How to do it 97 How it works Using contracts between Tenants 100 How to do it 100 How it works 114 Creating Filters 114 How to do it 114 Creating contracts within Tenants 116 How to do it 117 Creating Management contracts 119 How to do it 119 How it works 121 Chapter 3: Hypervisor Integration(and other 3rd Parties) 122 Introduction 122 Installing device packages 125 How to do it 125 How it works 127 There's more 129 Creating VMM domains and integrating VMWare 129 How to do it 130 There's more 141 Associating a VCenter domain with a tenant 141 How to do it 142 How it works 146 Deploying the AVs 146 How to do it 147 [i] How it works 149 Theres more 150 Discovering VMWare endpoints 150 How to do it 150 How it works 151 Adding virtual Machines to a tenant 152 How to do this 152 How it works 154 Using virtual Machine tracking 154 How to do it 154 How it works 155 Theres more 155 Integrating with A10 155 How to do it 156 How it works 167 There's more 167 Deploying the ASAv 167 How to do it 167 How it works 170 There's more 170 Integrating with Open Stack 170 How to do it 170 How it works 171 There's more 172 Integrating with F5 172 Getting ready 172 How to do it 172 There's more 180 Integrating with Citrix Netscaler 181 Getting ready.… 181 How to do it 181 There's more 181 Chapter 4: Routing in acl 183 Introduction 183 Creating a DHCP relay 183 How to do it 184 Creating a DHCP Relay using the Common tenant 184 Creating a Global DHCP Relay 190 How it works 195 There's more 195 Utilizing DNS 195 How to do it 195 How it works 200 There' s more 200 Routing with BGP 200 How to do it 201 Configuring a layer 3 outside interface for tenant networks 209 How to do it 210 Creating routed interfaces 210 Configuring an External SVI Interface 213 Configuring Routed Sub-Interfaces 213 Associating bridge domain with External Network 214 How to do it 214 Using Route Reflectors 219 How to do it 220 How it works 222 Routing With OSPF 223 How to do it 223 Routing with EIGRP 229 How to do it 230 Using IPv6 within Acl 233 How to do it 233 How it works 234 Setting up Multicast for ACI tenants 236 How to do it 236 How it works 236 Configuring Multicast on the bridge domain and interfaces 237 How it works 238 How it works 238 There's more 239 ACI transit routing and route peering 240 How to do it 241 How it works 242 There's more 243 Chapter 5: ACI Security 244 Introduction 244 AAA and Multiple Tenant Support 244 Understanding ACI Role-Based Access Control(RBac 245 liv I Creating local users 246 How to do it 246 How it works 249 Creating security domains 249 How to do it Limiting users to tenants 254 How to do it 254 Connecting to a RADIUS server 257 How to do it 257 How it works Connecting to an LDAP server How to do it 269 Connecting to a TACACS+ server 270 How to do it 270 Appendix a: 272 Index 273 Understanding Components and the acl fabric In this chapter we will cover Understanding ACI and the apic An overview of the aci fabric Converting Cisco Nexus NX-OS mode to ACi mode · aCi Fabric Overlay An introduction to the gui Introduction Cisco's Application Centric Infrastructure(ACi) is a big evolutionary step in data center networking. Not because it adds programmability to the network, this has been a rising trend over the last few years but because of the increased compatibility between vendors This is where the real benefits are We can see the start of this evolutionary step with cisco's flexPod(an amalgam of cisco UCS,VMWare hypervisors, and NetApp storage). Here we see properly validated designs that span more than one vendor. This in itself was a big step, after all, it makes sense for one vendor to try and encourage the end-user to purchase their equipment instead of their competitors. This is done for two reasons, compatibility between devices and the vendors' financial success So, what of networks where one vendor can supply all of the equipment, from the networking to the storage, to the compute elements? It is actually quite rare to find an environment comprised of one single vendor in the real world, most networks(and i am understanding Components and the ACI Fabric including virtualization platforms and storage within this term) have equipment from more than one vendor, because when you are looking for the best performance, you go with the big names(vMWare for virtualization, NetApp for storage and so on), because they have the longevity in the industry, the knowledge and support options that are required. The network becomes heterogeneous because it needs to be in order to fulfill user, application, and business demands The downside to this is that we lose some degree of compatibility There are industr standard protocols that give some level of compatibility back, such as SNMP (Simple Network Management Protocol), Syslog, and LLDP(Link Layer Discovery Protocol), that can facilitate alerting, logging and communication between devices, but ACi takes this all one step further, taking the heterogeneous data center network and making it, well, homogenous. Through ACl, the data center can be configured rapidly as the application demands and this includes physical and virtual network elements from multiple vendors all of this can be performed through one gui Before we dive in let's take a few moments to understand what aci is all about, dispelling g some of the myths along the way Myth: ACi is too expensive ACi is not cheap to purchase, it is engineered for the data center, so commands data center process. Even the most basic of starter kits has a list price of $250,000. While a quarter of a million dollars is enough to get you started in the world of acl, it is probably out of reach of most people. Even trying to sell ACl, as a"this could revolutionize our business proposal, within most companies would be difficult. Despite the fact that most companies do not pay list price, ACI represents a huge risk, for a number of reasons aCi is in its infancy so adoption will be slow The companies that have the easily available financial resources to dive into it are, most likely, the same kind of businesses that are not typically early adopters. Established companies that have the cash have more accountability to stakeholders, shareholders, and the public, so are less likely to rush into investing six figure sums, than the eager startup company, to whom $250,000 represents a massive proportion of their available funds Nevertheless, as ACI becomes more prevalent, its adoption rate will increase, despite the costs(which can always be negotiated) Myth: SDN (and ACI)will replace the engineer The idea of Software-Defined Networking (SDN) has caused quite a stir in the networking industry as engineers question whether having a programmable network will mean that the developer slowly takes their place. So, we have some degree of fear when it comes to ACl, [2] understanding Components and the ACI Fabric ret sdn and aci only represents a small portion of the market. As the infrastructure scales up and out, SDN makes more sense. In smaller deployments, the costs outweigh the benefits, yet SDN (and ACi) will never replace the network engineer. The developer does not speak the language of networks in the same way that a traditional network engineer does not talk in development code. The two will remain separate entities in their little silos, aCi offers a bridge between the two, but both roles remain safeguarded So as much as aCi is expensive, data center specific, and occasionally perceived as a threat to the traditional network engineer, why should you look at it favorably? This is sdn, the cisco way ACi allows the network administrator and the application developers to work closer together. Applications change, networks change. Both have lifecycles of varying length, and aCi allows for these lifecycles to coexist with each other and complement each other. Both teams can work together to achieve a common goa ACI reduces the complexity of the network, regarding deployment, management, and monitoring and does this through a common policy framework. Applications can be deployed rapidly, and the administrative overhead on the network is significantly reduced It is, therefore, application-centric, and can facilitate services at layer 4 to 7 to enhance the application lifecycle Through aci we can automate and program the network we have a singular platform with which to provision the network. We can bring in, with ease, services such as virtualization (vmWare and Hyper-V, firewalls, load-balancers and a whole range of infrastructure that would, previously, have meant many hours being spent configuring an reconfiguring as the demands of the application change This automation is performed through policies. Policies are centrally configured on the APIC (Application Policy Infrastructure Controllers), which are(usually) clustered The aPic is where we will start Understanding acl and the APIc ACI is for the data center. It is a fabric(which is just a fancy name for the layout of the components)that can span data centers using OTV or similar, overlay technologies, but it is not for the WAN. We can implement a similar level of programmability on our WAN links through APIC-EM(Application Policy Infrastructure Controllers Enterprise Module), which uses isr or asr series routers, along with the aPic-eM virtual machine to control and program them. APIC and APIC-EM are very similar, just the object of their focus is [3] understanding Components and the ACI Fabric different. APIC-EM is outside of the scope of this book as we will be looking at data center technologies The APiC is our frontend. Through this, we can create and manage our policies manage the fabric, create tenants and troubleshoot. Most importantly the apic is not associated with the data path If we lose the apic for any reason the fabric will continue to forward the traffic To give you the technical elevator pitch, ACI uses a number of APIs(application Programming Interfaces) such as REST (Representational State Transfer) using languages like jSoN JavaScript Object Notation) and XML(eXtensible markup language), as well as the cli and the gul, to manage the fabric and other protocols such Op Flex to supply the policies to the network devices. The first set(those that manage the fabric)are referred to as northbound " protocols. Northbound protocols allow lower level network components talk to higher level ones. OpFlex(which we will discuss later in this chapter) is a"southbound protocol. Southbound protocols(such as OpFlex and Open Flow, which is another protocol you will hear in relation to SDN) allow the controllers to push policies down to the nodes (the switches) APIC 1. Admin makes configuration change Southbound using REST Spine Switch APIC Northbound ACI 2. APIC pushes policies to nodes using OpFlex ACI ACI Leaf switch Figure [4]

试读 127P Cisco ACI Cookbook
限时抽奖 低至0.43元/次
身份认证后 购VIP低至7折
SuperBilly666 很难得的参考书,多谢分享!
去旅行吧 不错!!!
  • 签到新秀

  • 至尊王者

关注 私信
Cisco ACI Cookbook 9积分/C币 立即下载
Cisco ACI Cookbook第1页
Cisco ACI Cookbook第2页
Cisco ACI Cookbook第3页
Cisco ACI Cookbook第4页
Cisco ACI Cookbook第5页
Cisco ACI Cookbook第6页
Cisco ACI Cookbook第7页
Cisco ACI Cookbook第8页
Cisco ACI Cookbook第9页
Cisco ACI Cookbook第10页
Cisco ACI Cookbook第11页
Cisco ACI Cookbook第12页
Cisco ACI Cookbook第13页
Cisco ACI Cookbook第14页
Cisco ACI Cookbook第15页
Cisco ACI Cookbook第16页
Cisco ACI Cookbook第17页
Cisco ACI Cookbook第18页
Cisco ACI Cookbook第19页
Cisco ACI Cookbook第20页

试读结束, 可继续阅读

9积分/C币 立即下载