Cisco Cisco UCS Director 4.0 White Paper
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 17
Application Infrastructure on Demand with Cisco UCS Director and Cisco Application Centric Infrastructure
March 2015
Leaf-and-Spine Network Deployment
Figure 11 shows how the application container can be deployed on the Cisco
ACI physical leaf-and-spine network. A spine is established with a set of Cisco
Nexus 9500 platform switches. Leaf nodes are established with Cisco Nexus 9300
platform switches. Every leaf switch is connected physically to each spine switch
(gray lines). EPGs are illustrated using the same colors as in the previous two
figures, and web, application, and database EPGs are shown. The individual physical
and virtual servers are interconnected with VXLAN tunnels (shown in purple, red,
and orange), with physical and virtual services (load balancing and firewalls) inserted
into the interconnection.
Figure 11 shows how the application container can be deployed on the Cisco
ACI physical leaf-and-spine network. A spine is established with a set of Cisco
Nexus 9500 platform switches. Leaf nodes are established with Cisco Nexus 9300
platform switches. Every leaf switch is connected physically to each spine switch
(gray lines). EPGs are illustrated using the same colors as in the previous two
figures, and web, application, and database EPGs are shown. The individual physical
and virtual servers are interconnected with VXLAN tunnels (shown in purple, red,
and orange), with physical and virtual services (load balancing and firewalls) inserted
into the interconnection.
Network traffic is routed through VXLAN tunnels using an open shortest path first
(OSPF) algorithm that allows network loads to be dynamically routed based on
network conditions. The physical routing of packets is across the physical (gray)
lines in the figure. Because the routing is dynamic, the figure shows the VXLAN
tunnels going through the fabric rather than through any particular switch.
(OSPF) algorithm that allows network loads to be dynamically routed based on
network conditions. The physical routing of packets is across the physical (gray)
lines in the figure. Because the routing is dynamic, the figure shows the VXLAN
tunnels going through the fabric rather than through any particular switch.
It is very difficult to illustrate all the VXLAN connections because they would normally
be configured in the network fabric, so several simplifications have been made in
Figure 11:
• Storage has been omitted, for simplicity.
• The web and application EPGs are shown as if each EPG and its virtual machines
be configured in the network fabric, so several simplifications have been made in
Figure 11:
• Storage has been omitted, for simplicity.
• The web and application EPGs are shown as if each EPG and its virtual machines
were connected to a single leaf switch. Best practices recommend that the
servers in EPGs span multiple leaf nodes on multiple servers for higher availability.
servers in EPGs span multiple leaf nodes on multiple servers for higher availability.
• The connectivity of the two database servers is more realistic, with each server
connected to different leaf switches.
1
2
3
4
2
3
4
1
2
3
4
2
3
4
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Web EPG
Virtual Machines
App EPG
Virtual Machines
Database EPG with
Physical Servers
Cisco UCS C460 M4 Servers
Virtual Firewall
Appliance
Physical Content-
Load-Balancing
Appliance
Outside Network
Cisco Nexus 9500
Platform Switches
(Spines)
Cisco Nexus 9300
Platform Switches
(Leaves)
VXLAN
Tunnels
Encapsulation
Normalization
Each Leaf Switch
Implements Network
Policies Autonomously
Figure 11. Application Containers Deployed on a Leaf-and-Spine Network