I began writing a book about Cisco ACI in the Fall of 2017, but as often happens, life got in the way and I got derailed. I still have a lot of the material , but a lot of it is in draft form at the moment.
I will not be finishing the book, so I am going to put the material out here as a series of blog posts. How quickly I do it , will depend on how much interest I feel readers of this blog show in this material, so please leave comments.
If you are reading this, I would hope there’s no need to introduce Cisco’s Application Centric Infrastructure (ACI), or its advantages. The Cisco website does a pretty good job of introducing ACI and its advantages.
I will not be trying to sell you on the pros and cons of deploying ACI.
I’ll go ahead and jump into setting up a brand new ACI Fabric. You can follow along if you have the equipment, or just use your imagination.
Bring Up the Fabric for the first time
Any prior experience with Cisco equipment (especially UCS) helps here, but its not a deal breaker, as long as you have some Networking experience.
The ACI infrastructure consists of
- At least 1 APIC
- At least 1 Spine Switch
- At least 1 Leaf Switch
- An out of band network – Not mandatory, but highly recommended
The setup we will be working with consists of:
- 1 APIC
- 1 Spine switch
- 2 Leaf switches
- A 24-port switch for out-of-band access
- 2 x 40Gb cables for connecting the spine to the leaf switches
- 2 x 10Gb cables for connecting the leaf switches to the APIC
- Ethernet cables for connecting the switches to the out of band management network
Here’s a definition from Cisco’s website:
The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.
In other words, the configuration for the ACI Fabric is all done from the APIC
As the time of this writing, the APIC hardware is on its second generation. There are slight differences between the first and second gen hardware
We are using a second generation APIC in our setup.
Your APIC may be different, but pay attention to the labels on the ports to determine the functionality of each one.
The second generation APIC is based on the same hardware as the CiscoCisco UCS 220 M4 Series, but its running different software.
On the back of the APIC, you’ll find:
- A console port
- Ethernet ports ,
- usb ports
- VIC ports (fiber or copper)
- A VGA port
The Ethernet ports are used for out of band access
The Nexus Switches
The switches will generally have an Ethernet port for out of band access, a console port, and switch ports for connecting devices. At the time of this writing , only Nexus 9000 switches are supported. There is little point listing which models can be used as Spine, and which can be used as Leaf switches, since this changes all the time. you can find the most up to date information here:
Cisco ACI adopts the CLOS architecture . CLOS is not an acronym, its named after Charles Clos, who sometime in the 1950s came up with a white paper titled “A Study of Non-blocking Switching Networks” which pretty much describes the architecture thats now named after him.
In a nutshell, every leaf switch connects to every Spine switch, and all endpoints connect only to Leaf switches.
Leafs do not connect to other Leafs, and Spine switches do not connect to other Spine switches.
The APIC is not shown in our diagram, but an APIC connects to at least one Leaf switch and a maximum of 2.
Cisco recommends deploying APIC in odd numbered clusters of at least 3 , but the setup will work with a Single APIC
We’ll explore the architecture and its advantages in greater detail at some point.
Connecting the devices
The leaf switches connect to the spine using the 40gb ports
The APIC connects to at least 1 leaf. All switches connect to the out of band network. The APIC CIMC connects to the out of band network
The APIC management Ethernet connects to the out of band network
Once these connections are made, it’s time to do a little planning. The table below lays out some of the information we will be using during our initial configuration.
|Address Pool for TEP||22.214.171.124/16|
|VLAN for infra network||4051|
|APIC OOB IP||10.10.10.10|
With the planning out of the way, and the equipment connected, its time to bring up the fabric.
At this point, we’ll go ahead and connect a monitor and keyboard to the APIC.
The monitor connects to the VGA port, while the keyboard connects to one of the usb ports at the back of the APIC.
The next few steps include lots of screenshots. The ones I have are either outdated or they no longer match the information in the text.
I’ll stop at this point, and continue with Part 2 when the updated screenshots are ready.