Cisco® Application Centric Infrastructure (Cisco ACI™) is an industry-leading secure, open, and comprehensive Software-Defined Networking (SDN) solution. It radically simplifies, optimizes, and accelerates infrastructure deployment and governance and expedites the application deployment lifecycle.
Cisco ACI delivers an intent-based networking framework to enable agility in the data center. It captures higher-level business and user intent in the form of a policy and translates this intent into the network constructs necessary to dynamically provision the network, security, and infrastructure services. It uses a holistic systems-based approach, with tight integration between hardware and software and physical and virtual elements, an open ecosystem model, and innovative Cisco customer Application-Specific Integrated Circuits (ASICs) to enable unique business value for modern data centers. This unique approach uses a common policy-based operating model across the network, drastically reducing the cost and complexity of operating your network.
● The Cisco ACI Solution
● Cisco ACI Building Blocks
● Cisco ACI Deployment Models
● Cisco ACI Day-2 Operations
● Cisco ACI Anywhere – recent integrations
● Cisco ACI Open Ecosystem
● Cisco ACI Tiered Licensing
● Cisco Capital
Cisco ACI is an industry-leading SDN solution that provides policy-driven automation through an integrated underlay and overlay, is hypervisor agnostic, and extends policy automation to any workload — including virtual machines, physical bare-metal servers, and containers.
Cisco ACI Anywhere is a comprehensive solution: with one intent, using any hypervisor, for any workload, in any location, and in any cloud.
Cisco ACI Anywhere offers a set of capabilities that enable seamless connectivity between the on-premises data center, remote small-scale data centers, and geographically dispersed multiple data centers under a single pane of policy orchestration. In future, these capabilities will extend to public cloud as well.
With Cisco ACI, you can build a better network anywhere.
Cisco ACI differentiated business benefits
The main benefits of Cisco ACI include the following:
Optimize your network
● Operational simplicity, with common policy, management, and operation models across application, network, and security resources
● A flexible and yet highly available network that allows agile application deployment within a site, across sites, and across global data centers while removing the need for complex Data Center Interconnect (DCI) infrastructure
● Centralized network management and visibility with full automation and real-time network health monitoring
● Seamless integration of underlay and overlay
● Open northbound APIs to provide flexibility for DevOps teams and ecosystem partner integration
● A cloud-ready SDN solution
● Common platform for managing physical and virtual environments
Protect your business
● Business continuity and disaster recovery
● Secure networking with a zero-trust security model and innovative security features such as microsegmentation
● Security at cloud scale, accelerated by hardware
Accelerate path to multi-cloud performance
● Single policy and seamless connectivity across any data center and public cloud
● Any hypervisor, any workload, any location, any cloud
● Cloud automation enabled by integration with vRealize, AzurePack, OpenStack, OpenShift, Kubernetes, and Cisco UCS® Director
Cisco ACI and architectural solutions are built with the following building blocks:
● Cisco Application Policy Infrastructure Controller (APIC)
● Cisco Nexus® 9000 Series spine and leaf switches for Cisco ACI
Cisco Nexus® 9000 Series spine and leaf switches for Cisco ACI
Cisco Application Policy Infrastructure Controller (APIC)
The infrastructure controller is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC appliance is a centralized, clustered controller that optimizes performance and unifies the operation of physical and virtual environments. The controller manages and operates a scalable multitenant Cisco ACI fabric.
The main features of the APIC include the following:
● Application-centric network policies
● Data-model-based declarative provisioning
● Application and topology monitoring and troubleshooting
● Third-party integration
◦ Layer 4 through Layer 7 (L4-L7) services
◦ VMware vCenter and vRealize
◦ Microsoft Hyper-V, System Center Virtual Machine Manager (SCVMM), and AzurePack
◦ Open Virtual Switch (OVS) and OpenStack
● Image management (spine and leaf)
● Cisco ACI inventory and configuration
● Implementation on a distributed framework across a cluster of appliances
● Health scores for critical managed objects (tenants, application profiles, switches, etc.)
● Fault, event, and performance management
The controller framework enables broad ecosystem and industry interoperability with Cisco ACI. It enables interoperability between a Cisco ACI environment and management, orchestration, virtualization, and L4-L7 services from a broad range of vendors.
Cisco Nexus 9000 Series spine and leaf switches for Cisco ACI
Cisco Nexus 9300 and 9500 platform switches support Cisco ACI. Organizations can use them as spine or leaf switches to take full advantage of an automated, policy-based, systems management approach.
Cisco Nexus 9000 Series Switches include modular and fixed 1, 10, 25, 40, 50, and 100 Gigabit Ethernet switch configurations that are designed to operate either in NX-OS mode for compatibility and consistency with the current Cisco Nexus switches (using Cisco NX-OS Software) or in ACI mode to take full advantage of Cisco ACI application-policy-based services and infrastructure automation features. This dual-function capability provides customers with investment protection and ease of migration to Cisco ACI through a software upgrade.
Cisco ACI consists of the following architectural solutions:
● Cisco ACI Multi-Pod
● Cisco ACI Multi-Site Orchestrator
● Cisco Cloud ACI
◦ Cloud ACI extended to AWS and Microsoft Azure
◦ Cloud First, Cloud Only
◦ Cisco Cloud APIC
◦ Cisco Cloud Service Router (CSR) 1000V
● Virtual ACI or Cisco ACI Virtual Pod (vPod)
◦ Cisco ACI Virtual Edge (AVE)
● Cisco ACI Physical Remote Leaf
● Cisco ACI Mini Fabric
● ACI SD-WAN integration
Cisco ACI Multi-Pod
Cisco ACI Multi-Pod is part of the “Single APIC Cluster / Single Domain” family of solutions as a single APIC cluster is deployed to manage all the different ACI networks that are interconnected. These separate ACI networks are named “pods” and each of them looks like a regular two-tiers spine-leaf topology. The same APIC cluster can manage several pods, and to increase the resiliency of the solution, the various controller nodes that make up the cluster can be deployed across different pods.
Cisco ACI Multipod Example
Cisco ACI Multi-Site Orchestrator
Cisco ACI Multi-Site Orchestrator provides a single point of provisioning for multiple Cisco ACI fabrics operating in a coordinated way. When this appliance is combined with the latest networking enhancements of Cisco ACI, organizations can manage extension network elements such as Virtual Routing and Forwarding (VRF) instances, bridge domains, and subnets across multiple fabrics. Centralized policy and security controls across geographically distributed fabrics, and very large scaled-out fabrics at a single site enable automation and operations from a common point for global cloud-scale infrastructure.
The main features of this multisite solution include the following:
● Single point of administration for multiple Cisco ACI fabrics
● Capability to map tenants, applications, and associated networks to specific availability domains within the Cisco ACI Multi-Site fabric
● Change control across multiple fabrics, allowing staging, testing, and if required, clean backout of any policy changes
● Automatic configuration and management of fabric network interconnects across an IP backbone
Cisco Multi-Site Orchestrator
Cisco Cloud ACI
Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified operations, automated network connectivity, consistent policy management, and visibility for multiple on-premises data centers and public clouds or multicloud environments. The solution captures business and user intents and translates them into native policy constructs for applications deployed across various cloud environments. It uses a holistic approach to enable application availability and segmentation for bare-metal, virtualized, containerized, or microservices-based applications deployed across multiple cloud domains. The common policy and operating model drastically reduces the cost and complexity in managing multicloud deployments. It provides a single management console to configure, monitor, and operate multiple disjoint environments spread across multiple clouds. At the time of writing, Cloud ACI was available on AWS and Microsoft Azure.
Cisco Cloud ACI Example
Cloud first, Cloud only
● Cisco offers a cloud-first ACI and cloud only solution which uncouples the solution from the on-premises data center and allows you to securely connect and segment workloads not only in the public cloud, but also across public clouds.
Cloud ACI solution blocks
● Cisco Cloud APIC
Manage multiple cloud regions and Cisco Cloud Services Routers (CSR) 1000V from a single instance of Cisco Cloud APIC, and enable consistent policy, security, and operations through secure interconnect for a multicloud environment.
● Cisco Multi-Site Orchestrator
Responsible for provisioning, health monitoring, and managing the full lifecycle of Cisco ACI networking policies and stretched tenant policies across Cisco ACI sites around the world, both on premises and in the cloud. It is the single source of truth for policies.
● Cisco Cloud Services Router 1000V
Cloud ACI uses the Cisco Cloud Services Router (CSR) 1000V as the cloud router for connectivity between on-premises and cloud environments.
Cisco Virtual ACI (Virtual Pod)
● Cisco ACI Virtual Pod
The Cisco ACI Virtual ACI is an extension of the ACI architecture in the virtual infrastructure space. A Virtual Pod consists of a management cluster (Virtual Spines [vSpines], Virtual Leafs [vLeafs]) and ACI Virtual Edge (AVE) instances that are deployed on a hypervisor infrastructure. The main use-case of ACI Virtual Pod is the ability to extend an existing ACI policy domain in a location that cannot accommodate the addition of a physical ACI component. These locations can be bare-metal cloud extensions, brownfield deployments, remote locations and colocation facilities. Virtual Pods are managed by the APIC in the on-premises data center. The Virtual Pod interconnects with the physical ACI fabric using a generic IP network (IPN). Thus the Cisco ACI Virtual Pod deployment remains functionally a single fabric, with all the nodes deployed across the physical and virtual pods under the control of a single APIC cluster.
● Cisco ACI Virtual Edge
Cisco ACI Virtual Edge is the next generation of the Cisco Application Virtual Switch for ACI environments. Cisco ACI Virtual Edge is a hypervisor-independent distributed service virtual machine that leverages the natively distributed virtual switch that belongs to the hypervisor. Cisco ACI Virtual Edge runs in user-space, operates as a virtual leaf, and is managed by the Cisco Application Policy Infrastructure Controller (APIC).
● Main features include the following:
◦ Purpose-built, virtual network edge for Cisco ACI fabric architecture
◦ Integration with the Cisco ACI management and orchestration platform to automate virtual network provisioning and application services deployments
◦ High performance and throughput
◦ Integrated visibility of both physical and virtual workloads and network paths
● Cisco ACI Virtual Edge benefits:
◦ Hypervisor-independent distributed service virtual machine that leverages the distributed virtual switch of the hypervisor
◦ ACI policy model for virtual workloads and policy consistency with physical environment
◦ Seamless workload mobility
◦ Ability to secure east-west traffic using microsegmentation
◦ Maintain distributed firewall policies across virtual machine moves
Cisco Virtual ACI
Cisco ACI Physical Remote Leaf
With Cisco ACI Physical Remote Leaf, customers can place a regular leaf switch in a remote or satellite location and connect back to the spine switch in the main (on-premises) location and in turn extend ACI policy into the remote/satellite location. By doing so, customers can also take advantage of all the benefits of the Physical Remote Leaf from diverse interfaces to superior performance and scale and built in encryption.
Cisco ACI Physical Remote Leaf
Cisco ACI Mini Fabric
With the introduction of Cisco ACI Mini Fabric customers can now leverage an optimized ACI solution for their small-scale deployments. This solution comprises APIC-CLUSTER-XS (one physical and two virtual controllers) along with two spines and a minimum of two and a maximum of four leafs.
Cisco ACI Mini Fabric
Cisco Application Services Engine
The Cisco Application Services Engine is a purpose-built appliance that is designed to easily run ACI applications. Cisco Application Services Engine offers high availability, lifecycle management, and network automation for applications that are running on it. Initially designed as a cluster of 3 nodes, the Cisco Application Services Engine provides the necessary hardware performance and scale for applications such as Cisco Network Insights and Cisco ACI Multi-Site Orchestrator. By supporting horizontal scale-out, the cluster offers a pay-as-you-grow model for your current and future application needs.
Cisco Application Services Engine
Network Insights - Resources
Cisco Network Insights – Resources (NIR) is a Day-2 Operations tool that provides time-series visibility of network-wide flows, events, and anomalies; insights using correlation between the telemetry data; and remediation to take corrective actions for proactive troubleshooting.
NIR highlights unexpected occurrences in the network and helps network administrators with capacity planning, compliancy with audits, and keeping track of infrastructure uptime.
Network Insights - Resources is an extension of the administrator’s brain to prevent failure in the network or focus attention on remedial steps to recover faster when failures do occur.
Network Insights Advisor
Cisco Network Insights Advisor (NIA) provides proactive advisories for software and hardware recommendations, field notices, visibility into known defects, etc., keeping the network up to date, minimizing outages through proactive defect and security advisories, and allowing significant OpEx savings by avoiding multiple calls to the Cisco Technical Assistance Center (TAC).
Cisco Network Insights Advisor
Cisco ACI and SD-WAN integration
Cisco offers an ACI and SD-WAN integration for branch offices (the network edge). This is an integral component of customers cloud journey, which requires secure, policy-driven interconnects between the data center and branch offices that are a cost-efficient alternative to provisioning dedicated connections. Through this integration, customers can now automate a WAN path selection between the branch office and the on-premises data center based on application policy.
For example, traffic from a stock trader in a branch office in Chicago can be automatically sent over the fastest possible WAN link to access the trading application hosted in a data center in New York, based on the application policies and the SLAs configured.
Cisco ACI to SD-WAN (Viptela®) integration
Table 1. Features of the Cisco ACI Open Ecosystem
Third-party integration enabled by open APIs
Avoid vendor lock-in and expand choice and flexibility to build your own data center solution
Jointly certified software solutions with ecosystem partners
Employ a best-in-class SDN ecosystem with more than 65 technology partners, with partners publishing a certification matrix to guide customers to install and upgrade compatible software versions
L4-L7 service integration through service chaining
Deploy multivendor service graphs with a Cisco ACI integration mode of your choice to meet your operational and organizational needs
Cisco ACI App Center
Cisco ACI applications help you get the best applications for Cisco ACI in an efficient way. The Cisco ACI App Center:
● Accelerates innovations related to the Cisco ACI Open Ecosystem
● Enables Cisco internal partners, customers, and third-party developers to add value to Cisco ACI networks
● Allows customers to efficiently extract value from their networking investments
Cisco ACI licenses are applied per Cisco Nexus 9000 leaf switch in a physical on-premises ACI deployment. The per-leaf ACI licenses are offered as tiered licenses for easy consumption. Add-on licenses are charged either per leaf or per spine, based on value-added feature offerings. The following table provides the details of the ACI software licenses (Essentials, Advantage, and Premier).
Figure 12 lists the features included as part of each license tier.
Cisco ACI Subscription offers and features
Flexible payment solutions to help you achieve your objectives
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.
Use the following links to find additional information: