1 00:00:06,530 --> 00:00:10,970 - Cisco ACI provides the capability to automate settings 2 00:00:10,970 --> 00:00:12,770 and networking policies, 3 00:00:12,770 --> 00:00:15,090 and configurations in a very, 4 00:00:15,090 --> 00:00:17,800 very flexible and scalable way. 5 00:00:17,800 --> 00:00:20,470 Now, in this example, I'm actually illustrating 6 00:00:20,470 --> 00:00:23,210 the concept of a centralized policy 7 00:00:23,210 --> 00:00:26,850 and configuration management in the Cisco ACI solution. 8 00:00:26,850 --> 00:00:27,830 For your reference. 9 00:00:27,830 --> 00:00:32,770 Now for you, this exam, you do not need to be an ACI 10 00:00:32,770 --> 00:00:34,850 you know, expert itself, right? 11 00:00:34,850 --> 00:00:38,880 So, there's different CCMP 12 00:00:38,880 --> 00:00:41,880 and CCIE concentrations for data center. 13 00:00:41,880 --> 00:00:45,400 But I strongly suggest to at least become familiar 14 00:00:45,400 --> 00:00:47,990 with the concepts that I'm sharing here with you 15 00:00:47,990 --> 00:00:51,650 and at least, you know, the overall functions, 16 00:00:51,650 --> 00:00:55,750 and the capabilities of the ACI solution. 17 00:00:55,750 --> 00:01:00,430 So, ACI uses a leaf and spine topology. 18 00:01:00,430 --> 00:01:02,940 Each leaf switch is actually connected 19 00:01:02,940 --> 00:01:05,720 to every spine switch in the network 20 00:01:05,720 --> 00:01:08,050 with no interconnection between leaves, 21 00:01:08,050 --> 00:01:10,760 switches, or spine switches. 22 00:01:10,760 --> 00:01:14,460 Now, the leaves have ports that are connected 23 00:01:14,460 --> 00:01:16,630 to traditional ethernet devices, for example, 24 00:01:16,630 --> 00:01:20,450 servers, firewalls, you know, even routers and so on. 25 00:01:20,450 --> 00:01:22,380 And then the leaf switches are actually, 26 00:01:22,380 --> 00:01:26,140 typically deployed at the edge of the fabric. 27 00:01:26,140 --> 00:01:30,210 And these leaf switches provide the virtual extensible LAN 28 00:01:30,210 --> 00:01:34,490 or VXLAN tunnel functionality, right? 29 00:01:34,490 --> 00:01:37,600 And specifically, the VXLAN tunnel endpoint, 30 00:01:37,600 --> 00:01:40,140 or VTEP functionality as well. 31 00:01:40,140 --> 00:01:41,817 And you're gonna learn more 32 00:01:41,817 --> 00:01:44,570 about VXLAN later in this course. 33 00:01:44,570 --> 00:01:46,300 Now, VXLAN, in short, 34 00:01:46,300 --> 00:01:49,220 is a network virtualization technology that leverages 35 00:01:49,220 --> 00:01:53,170 an encapsulation technique very similar to VLANs, right? 36 00:01:53,170 --> 00:01:57,410 To enable and encapsulate layer two ethernet frames 37 00:01:57,410 --> 00:01:59,240 within UDP packets. 38 00:01:59,240 --> 00:02:01,110 And typically, it's actually done 39 00:02:01,110 --> 00:02:04,200 over UDP port 4789 by default. 40 00:02:04,200 --> 00:02:05,520 But it can be actually changed 41 00:02:05,520 --> 00:02:08,680 and configured depending on the implementation. 42 00:02:08,680 --> 00:02:10,920 Now in Cisco ACI, the IP address 43 00:02:10,920 --> 00:02:13,550 that represents the leaf VTEP, right, 44 00:02:13,550 --> 00:02:16,680 or V-T-E-P, is actually called 45 00:02:16,680 --> 00:02:20,423 the physical tunnel endpoint or P-T-E-P. 46 00:02:21,330 --> 00:02:24,790 Now, the leaf switches are responsible for routing 47 00:02:24,790 --> 00:02:29,790 or bridging tenant packets for applying network policies. 48 00:02:30,040 --> 00:02:35,000 Now, the spine nodes interconnected actually leaf devices 49 00:02:35,000 --> 00:02:36,660 or the leaf switches, 50 00:02:36,660 --> 00:02:39,170 and they can also be used to establish connections 51 00:02:39,170 --> 00:02:42,220 from a Cisco ACI's pod. 52 00:02:42,220 --> 00:02:47,220 And that's a concept in ACI pod to an IP network 53 00:02:48,030 --> 00:02:53,010 or to, you know, interconnect multiple ACI pods, right? 54 00:02:53,010 --> 00:02:56,500 And spines or spine switches actually 55 00:02:56,500 --> 00:03:00,550 will store all the endpoint to V-T-E-P 56 00:03:00,550 --> 00:03:03,100 or VTEP mapping entries. 57 00:03:03,100 --> 00:03:04,900 Now, all leaf nodes connect 58 00:03:04,900 --> 00:03:09,550 to all spine nodes within a Cisco ACI pod. 59 00:03:09,550 --> 00:03:13,750 However, there's no direct connectivity allowed 60 00:03:13,750 --> 00:03:15,040 between the spine nodes 61 00:03:15,040 --> 00:03:17,530 or between the lift nodes themselves, 62 00:03:17,530 --> 00:03:22,030 or workloads in ACI connect to leaf switches. 63 00:03:22,030 --> 00:03:23,850 Now, the leaf switches, you know, 64 00:03:23,850 --> 00:03:27,550 used in the ACI fabric are top of rack switches 65 00:03:27,550 --> 00:03:29,210 or ToR switches. 66 00:03:29,210 --> 00:03:32,000 The acronym ToR here here is not the same 67 00:03:32,000 --> 00:03:33,220 as the onion router. 68 00:03:33,220 --> 00:03:34,560 If you're familiar with that, you know 69 00:03:34,560 --> 00:03:36,240 the solution used for anonymity 70 00:03:36,240 --> 00:03:37,890 and to access a deep web. 71 00:03:37,890 --> 00:03:40,130 That's not what I'm talking about here, right? 72 00:03:40,130 --> 00:03:42,210 Now, another thing to highlight is 73 00:03:42,210 --> 00:03:45,210 that the APIC or the controller, right, 74 00:03:45,210 --> 00:03:48,460 can be considered a policy and topology manager, right? 75 00:03:48,460 --> 00:03:53,330 So, basically APIC is the brain of ASIC or ACI rather. 76 00:03:53,330 --> 00:03:56,030 And APIC actually manages 77 00:03:56,030 --> 00:03:59,310 the distributed policy repository responsible 78 00:03:59,310 --> 00:04:01,100 for the definition and deployment 79 00:04:01,100 --> 00:04:06,100 of the policy-based configuration in the ACI infrastructure. 80 00:04:07,240 --> 00:04:10,980 Now, APIC also manages the topology 81 00:04:10,980 --> 00:04:15,980 and the inventory of all the devices within the ACI pod. 82 00:04:17,670 --> 00:04:20,880 Now, APIC also has a few additional functionalities, 83 00:04:20,880 --> 00:04:22,490 you know, different functions 84 00:04:22,490 --> 00:04:24,960 and here are the most common. 85 00:04:24,960 --> 00:04:27,050 First, it actually monitors the subsystem 86 00:04:27,050 --> 00:04:30,741 of, you know, ACI infrastructure. 87 00:04:30,741 --> 00:04:34,480 The API APIC observer is a function 88 00:04:34,480 --> 00:04:36,800 that actually monitors the health, the state 89 00:04:36,800 --> 00:04:39,540 and the performance of the actual ACI pod. 90 00:04:39,540 --> 00:04:41,490 And then, you also have the boot director 91 00:04:41,490 --> 00:04:43,710 which is actually the function in charge 92 00:04:43,710 --> 00:04:44,940 of the booting process 93 00:04:44,940 --> 00:04:48,690 and the firmware updates of the spine switches, 94 00:04:48,690 --> 00:04:52,520 leaf switches and the actual APIC components itself. 95 00:04:52,520 --> 00:04:55,670 Now, the appliance director is an APIC function 96 00:04:55,670 --> 00:04:57,200 that manages the function 97 00:04:57,200 --> 00:05:00,910 and control of the APIC appliance cluster. 98 00:05:00,910 --> 00:05:02,760 And then, you also have the VMM 99 00:05:02,760 --> 00:05:04,760 or the virtual machine manager 100 00:05:04,760 --> 00:05:07,620 that is an agent between the policy repository 101 00:05:07,620 --> 00:05:09,080 and a hypervisor. 102 00:05:09,080 --> 00:05:13,900 For example, something like VMware vCenter and so on. 103 00:05:13,900 --> 00:05:16,190 Now, you also have the event manager 104 00:05:16,190 --> 00:05:17,800 and if the event manager manages 105 00:05:17,800 --> 00:05:21,630 and store all the events, and faults initiated 106 00:05:21,630 --> 00:05:26,120 from the APIC and the a ACI fabric nodes. 107 00:05:26,120 --> 00:05:28,800 Then lastly, you have the appliance element 108 00:05:28,800 --> 00:05:30,330 which maintains the inventory 109 00:05:30,330 --> 00:05:34,290 and the state of the local APIC appliance. 110 00:05:34,290 --> 00:05:38,010 Now, for your reference, I'm actually including a link 111 00:05:38,010 --> 00:05:40,250 to the ACI design guide 112 00:05:40,250 --> 00:05:42,590 which actually provides comprehensive information 113 00:05:42,590 --> 00:05:43,940 about the design, the deployment 114 00:05:43,940 --> 00:05:46,370 and the configuration of the ACI solution. 115 00:05:46,370 --> 00:05:49,940 For this exam, you do not need to know, you know, 116 00:05:49,940 --> 00:05:52,690 very details of a configuration of the ACI solution. 117 00:05:52,690 --> 00:05:55,750 Again, we actually have separate exams 118 00:05:55,750 --> 00:05:57,700 for that and certifications. 119 00:05:57,700 --> 00:05:59,950 But I strongly suggest to at least, you know 120 00:05:59,950 --> 00:06:01,890 read the document and become familiar 121 00:06:01,890 --> 00:06:05,670 with most important components 122 00:06:05,670 --> 00:06:07,870 which actually I already have covered here. 123 00:06:07,870 --> 00:06:11,733 But as a refresher, please use this as your reference.