Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account
Networking Solution Solution Overview

Available Languages

Download Options

  • PDF
    (1.4 MB)
    View with Adobe Reader on a variety of devices
Updated:October 29, 2019

Available Languages

Download Options

  • PDF
    (1.4 MB)
    View with Adobe Reader on a variety of devices
Updated:October 29, 2019
 

 

The Cisco ACI Solution

Cisco® Application Centric Infrastructure (Cisco ACI) is an industry-leading secure, open, and comprehensive Software-Defined Networking (SDN) solution. It radically simplifies, optimizes, and accelerates infrastructure deployment and governance and expedites the application deployment lifecycle.

Cisco ACI delivers an intent-based networking framework to enable agility in the data center. It captures higher-level business and user intent in the form of a policy and translates this intent into the network constructs necessary to dynamically provision the network, security, and infrastructure services. It uses a holistic systems-based approach, with tight integration between hardware and software and physical and virtual elements, an open ecosystem model, and innovative Cisco customer Application-Specific Integrated Circuits (ASICs) to enable unique business value for modern data centers. This unique approach uses a common policy-based operating model across the network, drastically reducing the cost and complexity of operating your network.

What’s inside

     The Cisco ACI Solution

     Benefits

     Cisco ACI Building Blocks

     Cisco ACI Deployment Models

     Cisco ACI Day-2 Operations

     Cisco ACI Anywhere – recent integrations

     Cisco ACI Open Ecosystem

     Cisco ACI Tiered Licensing

     Cisco Capital

Benefits

Cisco ACI is an industry-leading SDN solution that provides policy-driven automation through an integrated underlay and overlay, is hypervisor agnostic, and extends policy automation to any workload — including virtual machines, physical bare-metal servers, and containers.

Cisco ACI Anywhere is a comprehensive solution: with one intent, using any hypervisor, for any workload, in any location, and in any cloud.

Cisco ACI Anywhere offers a set of capabilities that enable seamless connectivity between the on-premises data center, remote small-scale data centers, and geographically dispersed multiple data centers under a single pane of policy orchestration. In future, these capabilities will extend to public cloud as well.

With Cisco ACI, you can build a better network anywhere.

solution-overview-c22-741487_0.jpg

Figure 1.           

Cisco ACI differentiated business benefits

The main benefits of Cisco ACI include the following:

Optimize your network

     Operational simplicity, with common policy, management, and operation models across application, network, and security resources

     A flexible and yet highly available network that allows agile application deployment within a site, across sites, and across global data centers while removing the need for complex Data Center Interconnect (DCI) infrastructure

     Centralized network management and visibility with full automation and real-time network health monitoring

     Seamless integration of underlay and overlay

     Open northbound APIs to provide flexibility for DevOps teams and ecosystem partner integration

     A cloud-ready SDN solution

     Common platform for managing physical and virtual environments

Protect your business

     Business continuity and disaster recovery

     Secure networking with a zero-trust security model and innovative security features such as microsegmentation

     Security at cloud scale, accelerated by hardware

Accelerate path to multi-cloud performance

     Single policy and seamless connectivity across any data center and public cloud

     Any hypervisor, any workload, any location, any cloud

     Cloud automation enabled by integration with vRealize, AzurePack, OpenStack, OpenShift, Kubernetes, and Cisco UCS® Director

Cisco ACI Building Blocks

Cisco ACI and architectural solutions are built with the following building blocks:

     Cisco Application Policy Infrastructure Controller (APIC)

     Cisco Nexus® 9000 Series spine and leaf switches for Cisco ACI

solution-overview-c22-741487_1.jpg

Figure 2.           

Cisco Nexus® 9000 Series spine and leaf switches for Cisco ACI

Cisco Application Policy Infrastructure Controller (APIC)

The infrastructure controller is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC appliance is a centralized, clustered controller that optimizes performance and unifies the operation of physical and virtual environments. The controller manages and operates a scalable multitenant Cisco ACI fabric.

The main features of the APIC include the following:

     Application-centric network policies

     Data-model-based declarative provisioning

     Application and topology monitoring and troubleshooting

     Third-party integration

    Layer 4 through Layer 7 (L4-L7) services

    VMware vCenter and vRealize

    Microsoft Hyper-V, System Center Virtual Machine Manager (SCVMM), and AzurePack

    Open Virtual Switch (OVS) and OpenStack

    Kubernetes

     Image management (spine and leaf)

     Cisco ACI inventory and configuration

     Implementation on a distributed framework across a cluster of appliances

     Health scores for critical managed objects (tenants, application profiles, switches, etc.)

     Fault, event, and performance management

The controller framework enables broad ecosystem and industry interoperability with Cisco ACI. It enables interoperability between a Cisco ACI environment and management, orchestration, virtualization, and L4-L7 services from a broad range of vendors.

Cisco Nexus 9000 Series spine and leaf switches for Cisco ACI

Cisco Nexus 9300 and 9500 platform switches support Cisco ACI. Organizations can use them as spine or leaf switches to take full advantage of an automated, policy-based, systems management approach.

Cisco Nexus 9000 Series Switches include modular and fixed 1, 10, 25, 40, 50, and 100 Gigabit Ethernet switch configurations that are designed to operate either in NX-OS mode for compatibility and consistency with the current Cisco Nexus switches (using Cisco NX-OS Software) or in ACI mode to take full advantage of Cisco ACI application-policy-based services and infrastructure automation features. This dual-function capability provides customers with investment protection and ease of migration to Cisco ACI through a software upgrade.

Cisco ACI Deployment Models

Cisco ACI consists of the following architectural solutions:

     Cisco ACI Multi-Pod

     Cisco ACI Multi-Site Orchestrator

     Cisco Cloud ACI

    Cloud ACI extended to AWS and Microsoft Azure

    Cloud First, Cloud Only

    Cisco Cloud APIC

    Cisco Cloud Service Router (CSR) 1000V

     Virtual ACI or Cisco ACI Virtual Pod (vPod)

    Cisco ACI Virtual Edge (AVE)

     Cisco ACI Physical Remote Leaf

     Cisco ACI Mini Fabric

     ACI SD-WAN integration

Cisco ACI Multi-Pod

Cisco ACI Multi-Pod is part of the “Single APIC Cluster / Single Domain” family of solutions as a single APIC cluster is deployed to manage all the different ACI networks that are interconnected. These separate ACI networks are named “pods” and each of them looks like a regular two-tiers spine-leaf topology. The same APIC cluster can manage several pods, and to increase the resiliency of the solution, the various controller nodes that make up the cluster can be deployed across different pods.

solution-overview-c22-741487_2.jpg

Figure 3.           

Cisco ACI Multipod Example

Cisco ACI Multi-Site Orchestrator

Cisco ACI Multi-Site Orchestrator provides a single point of provisioning for multiple Cisco ACI fabrics operating in a coordinated way. When this appliance is combined with the latest networking enhancements of Cisco ACI, organizations can manage extension network elements such as Virtual Routing and Forwarding (VRF) instances, bridge domains, and subnets across multiple fabrics. Centralized policy and security controls across geographically distributed fabrics, and very large scaled-out fabrics at a single site enable automation and operations from a common point for global cloud-scale infrastructure.

The main features of this multisite solution include the following:

     Single point of administration for multiple Cisco ACI fabrics

     Capability to map tenants, applications, and associated networks to specific availability domains within the Cisco ACI Multi-Site fabric

     Change control across multiple fabrics, allowing staging, testing, and if required, clean backout of any policy changes

     Automatic configuration and management of fabric network interconnects across an IP backbone

solution-overview-c22-741487_3.jpg

Figure 4.           

Cisco Multi-Site Orchestrator

Cisco Cloud ACI

Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified operations, automated network connectivity, consistent policy management, and visibility for multiple on-premises data centers and public clouds or multicloud environments. The solution captures business and user intents and translates them into native policy constructs for applications deployed across various cloud environments. It uses a holistic approach to enable application availability and segmentation for bare-metal, virtualized, containerized, or microservices-based applications deployed across multiple cloud domains. The common policy and operating model drastically reduces the cost and complexity in managing multicloud deployments. It provides a single management console to configure, monitor, and operate multiple disjoint environments spread across multiple clouds. At the time of writing, Cloud ACI was available on AWS and Microsoft Azure.

solution-overview-c22-741487_4.jpg

Figure 5.           

Cisco Cloud ACI Example

Cloud first, Cloud only

     Cisco offers a cloud-first ACI and cloud only solution which uncouples the solution from the on-premises data center and allows you to securely connect and segment workloads not only in the public cloud, but also across public clouds.

Cloud ACI solution blocks

     Cisco Cloud APIC

Manage multiple cloud regions and Cisco Cloud Services Routers (CSR) 1000V from a single instance of Cisco Cloud APIC, and enable consistent policy, security, and operations through secure interconnect for a multicloud environment.

     Cisco Multi-Site Orchestrator

Responsible for provisioning, health monitoring, and managing the full lifecycle of Cisco ACI networking policies and stretched tenant policies across Cisco ACI sites around the world, both on premises and in the cloud. It is the single source of truth for policies.

     Cisco Cloud Services Router 1000V

Cloud ACI uses the Cisco Cloud Services Router (CSR) 1000V as the cloud router for connectivity between on-premises and cloud environments.

Cisco Virtual ACI (Virtual Pod)

     Cisco ACI Virtual Pod

The Cisco ACI Virtual ACI is an extension of the ACI architecture in the virtual infrastructure space. A Virtual Pod consists of a management cluster (Virtual Spines [vSpines], Virtual Leafs [vLeafs]) and ACI Virtual Edge (AVE) instances that are deployed on a hypervisor infrastructure. The main use-case of ACI Virtual Pod is the ability to extend an existing ACI policy domain in a location that cannot accommodate the addition of a physical ACI component. These locations can be bare-metal cloud extensions, brownfield deployments, remote locations and colocation facilities. Virtual Pods are managed by the APIC in the on-premises data center. The Virtual Pod interconnects with the physical ACI fabric using a generic IP network (IPN). Thus the Cisco ACI Virtual Pod deployment remains functionally a single fabric, with all the nodes deployed across the physical and virtual pods under the control of a single APIC cluster.

     Cisco ACI Virtual Edge

Cisco ACI Virtual Edge is the next generation of the Cisco Application Virtual Switch for ACI environments. Cisco ACI Virtual Edge is a hypervisor-independent distributed service virtual machine that leverages the natively distributed virtual switch that belongs to the hypervisor. Cisco ACI Virtual Edge runs in user-space, operates as a virtual leaf, and is managed by the Cisco Application Policy Infrastructure Controller (APIC).

     Main features include the following:

    Purpose-built, virtual network edge for Cisco ACI fabric architecture

    Integration with the Cisco ACI management and orchestration platform to automate virtual network provisioning and application services deployments

    High performance and throughput

    Integrated visibility of both physical and virtual workloads and network paths

     Cisco ACI Virtual Edge benefits:

    Hypervisor-independent distributed service virtual machine that leverages the distributed virtual switch of the hypervisor

    ACI policy model for virtual workloads and policy consistency with physical environment

    Seamless workload mobility

    Ability to secure east-west traffic using microsegmentation

    Maintain distributed firewall policies across virtual machine moves

solution-overview-c22-741487_5.jpg

Figure 6.           

Cisco Virtual ACI

Cisco ACI Physical Remote Leaf

With Cisco ACI Physical Remote Leaf, customers can place a regular leaf switch in a remote or satellite location and connect back to the spine switch in the main (on-premises) location and in turn extend ACI policy into the remote/satellite location. By doing so, customers can also take advantage of all the benefits of the Physical Remote Leaf from diverse interfaces to superior performance and scale and built in encryption.

solution-overview-c22-741487_6.jpg

Figure 7.           

Cisco ACI Physical Remote Leaf

Cisco ACI Mini Fabric

With the introduction of Cisco ACI Mini Fabric customers can now leverage an optimized ACI solution for their small-scale deployments. This solution comprises APIC-CLUSTER-XS (one physical and two virtual controllers) along with two spines and a minimum of two and a maximum of four leafs.

solution-overview-c22-741487_7.jpg

Figure 8.           

Cisco ACI Mini Fabric

Cisco ACI Day-2 Operations

Cisco Application Services Engine

The Cisco Application Services Engine is a purpose-built appliance that is designed to easily run ACI applications. Cisco Application Services Engine offers high availability, lifecycle management, and network automation for applications that are running on it. Initially designed as a cluster of 3 nodes, the Cisco Application Services Engine provides the necessary hardware performance and scale for applications such as Cisco Network Insights and Cisco ACI Multi-Site Orchestrator. By supporting horizontal scale-out, the cluster offers a pay-as-you-grow model for your current and future application needs.

solution-overview-c22-741487_8.jpg

Figure 9.           

Cisco Application Services Engine

Cisco Network Insights

Network Insights - Resources

Cisco Network Insights – Resources (NIR) is a Day-2 Operations tool that provides time-series visibility of network-wide flows, events, and anomalies; insights using correlation between the telemetry data; and remediation to take corrective actions for proactive troubleshooting.

NIR highlights unexpected occurrences in the network and helps network administrators with capacity planning, compliancy with audits, and keeping track of infrastructure uptime.

Network Insights - Resources is an extension of the administrator’s brain to prevent failure in the network or focus attention on remedial steps to recover faster when failures do occur.

Network Insights Advisor

Cisco Network Insights Advisor (NIA) provides proactive advisories for software and hardware recommendations, field notices, visibility into known defects, etc., keeping the network up to date, minimizing outages through proactive defect and security advisories, and allowing significant OpEx savings by avoiding multiple calls to the Cisco Technical Assistance Center (TAC).

solution-overview-c22-741487_9.jpg

Figure 10.        

Cisco Network Insights Advisor

Cisco ACI Anywhere – recent integrations

Cisco ACI and SD-WAN integration

Cisco offers an ACI and SD-WAN integration for branch offices (the network edge). This is an integral component of customers cloud journey, which requires secure, policy-driven interconnects between the data center and branch offices that are a cost-efficient alternative to provisioning dedicated connections. Through this integration, customers can now automate a WAN path selection between the branch office and the on-premises data center based on application policy.

For example, traffic from a stock trader in a branch office in Chicago can be automatically sent over the fastest possible WAN link to access the trading application hosted in a data center in New York, based on the application policies and the SLAs configured.

solution-overview-c22-741487_10.jpg

Figure 11.        

Cisco ACI to SD-WAN (Viptela®) integration

Cisco ACI Open Ecosystem

Table 1.             Features of the Cisco ACI Open Ecosystem

Feature

Description

Third-party integration enabled by open APIs

Avoid vendor lock-in and expand choice and flexibility to build your own data center solution

Jointly certified software solutions with ecosystem partners

Employ a best-in-class SDN ecosystem with more than 65 technology partners, with partners publishing a certification matrix to guide customers to install and upgrade compatible software versions

L4-L7 service integration through service chaining

Deploy multivendor service graphs with a Cisco ACI integration mode of your choice to meet your operational and organizational needs

Cisco ACI App Center

Cisco ACI applications help you get the best applications for Cisco ACI in an efficient way. The Cisco ACI App Center:

  Accelerates innovations related to the Cisco ACI Open Ecosystem
  Enables Cisco internal partners, customers, and third-party developers to add value to Cisco ACI networks
  Allows customers to efficiently extract value from their networking investments

Cisco ACI Tiered Licensing

Cisco ACI licenses are applied per Cisco Nexus 9000 leaf switch in a physical on-premises ACI deployment. The per-leaf ACI licenses are offered as tiered licenses for easy consumption. Add-on licenses are charged either per leaf or per spine, based on value-added feature offerings. The following table provides the details of the ACI software licenses (Essentials, Advantage, and Premier).

Figure 12 lists the features included as part of each license tier.

solution-overview-c22-741487_11.jpg

Figure 12.        

Cisco ACI Subscription offers and features

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

Use the following links to find additional information:

Cisco ACI Overview

Cisco ACI Ordering Guide

Cisco APIC Datasheet

Cisco Nexus 9000 Series Switches data sheet

Cisco Cloud ACI Overview

Get Cisco Cloud ACI on AWS

Get Cisco Cloud ACI on Microsoft Azure

Cisco ACI Virtual Edge data sheet

Cisco ACI Multi Site White paper

Cisco ACI Remote Leaf

Case studies

Walkthrough Demonstrations

Download Cisco ACI software

Learn more