Cisco Cisco UCS Director 4.0 White Paper
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 7
Application Infrastructure on Demand with Cisco UCS Director and Cisco Application Centric Infrastructure
March 2015
Application-centric networking is implemented through the Cisco Application Policy
Infrastructure Controller (APIC). The Cisco APIC provides centralized access to all
fabric information, optimizes the application lifecycle for scale and performance, and
supports flexible application provisioning across physical and virtual resources.
Infrastructure Controller (APIC). The Cisco APIC provides centralized access to all
fabric information, optimizes the application lifecycle for scale and performance, and
supports flexible application provisioning across physical and virtual resources.
The APIC receives application-centric network profiles from Cisco UCS Director and
synchronizes network container creation by pushing policies down to the leaf nodes.
After a network container is established, the fabric maintains the configuration
independently of the APIC, delivering an exceptionally reliable network environment.
synchronizes network container creation by pushing policies down to the leaf nodes.
After a network container is established, the fabric maintains the configuration
independently of the APIC, delivering an exceptionally reliable network environment.
The combination of Cisco APIC and Cisco Nexus 9000 Series Switches provides:
•
•
Policy-based networking: Cisco ACI provides policy-based network containers
that are defined according to what applications need, created in terms that
application developers understand, eliminating miscommunication between
network specialists and developers.
that are defined according to what applications need, created in terms that
application developers understand, eliminating miscommunication between
network specialists and developers.
•
Automation: Cisco APIC automatically translates network profiles into the physical
switch configurations needed to support communication between endpoint
groups while providing secure isolation of each virtual network segment that it
implements.
switch configurations needed to support communication between endpoint
groups while providing secure isolation of each virtual network segment that it
implements.
•
Layer 4 through 7 services: Cisco ACI automatically inserts appropriate Layer 4
through 7 services as needed between application tiers. For example, physical or
virtual load balancers can distribute an incoming workload across a web server
tier; likewise, physical or virtual firewall appliances can provide stateful packet
filtering between the web and application server tiers.
through 7 services as needed between application tiers. For example, physical or
virtual load balancers can distribute an incoming workload across a web server
tier; likewise, physical or virtual firewall appliances can provide stateful packet
filtering between the web and application server tiers.
•
Massive scalability: The leaf-and-spine network can expand horizontally to
incorporate a large number of endpoints, providing precisely the kind of scalability
and high-performance you need to support the east-west traffic volumes typical
of virtualized environments.
incorporate a large number of endpoints, providing precisely the kind of scalability
and high-performance you need to support the east-west traffic volumes typical
of virtualized environments.
•
A network that spans deployment units: The horizontally scalable network can
be expanded to reach across what used to be barriers between deployment
units, such as integrated infrastructure solutions, racks, rows, or pods. Cisco ACI
encapsulation normalization can bring any device into your network, eliminating
stranded resources and increasing utilization.
be expanded to reach across what used to be barriers between deployment
units, such as integrated infrastructure solutions, racks, rows, or pods. Cisco ACI
encapsulation normalization can bring any device into your network, eliminating
stranded resources and increasing utilization.
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Web Server
Virtual Machine
Application
Server
Virtual Machine
Physical Database
Server
Storage Systems from
Leading Storage Vendors
Virtual Firewall
Appliance
Physical Content-
Load-Balancing
Appliance
Outside Network
Cisco Nexus 9500
Platform Switches
(Spine)
Cisco Nexus 9300
Platform Switches
(Leaves)
VXLAN
Tunnels
Policies
Pushed to
Leaf Nodes
by APIC
Encapsulation
Normalization
Each Switch Implements
Network Policies
Autonomously
Figure 2. Cisco ACI Implements a Leaf-and-Spine Architecture with Every Path Through
the Fabric Encapsulated in a VXLAN Tunnel
the Fabric Encapsulated in a VXLAN Tunnel