Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Application Centric Infrastructure Solution Overview

Networking Solution Solution Overview

Available Languages

Download Options

  • PDF
    (2.0 MB)
    View with Adobe Reader on a variety of devices
Updated:June 2, 2021

Available Languages

Download Options

  • PDF
    (2.0 MB)
    View with Adobe Reader on a variety of devices
Updated:June 2, 2021


Cisco ACI solution

Cisco® Application Centric Infrastructure (Cisco ACI®) is part of our intent-based networking framework to enable agility and resiliency in the data center. It captures higher-level business and user intent in the form of a policy and translates this policy into the network constructs necessary to dynamically provision the network, security, and infrastructure services.

Built on top of the industry-leading Cisco Nexus® 9000 platform, Cisco ACI uses a holistic, systems-based approach, with tight integration between hardware and software and between physical and virtual elements, an open ecosystem model, and innovative Cisco Application-Specific Integrated Circuits (ASICs) to enable unique business value for modern data centers.

Cisco ACI is the industry’s most secure, open, and comprehensive Software-Defined Networking (SDN) solution.

Cisco ACI enables automation that accelerates infrastructure deployment and governance, simplifies management to easily move workloads across a multifabric and multicloud framework, and proactively secures against risk arising from anywhere. It radically simplifies, optimizes, and expedites the application deployment lifecycle.

Modern data centers are dynamic. IT operations must meet the expectation of quality of service business needs in a rapidly changing environment. Cisco ACI transforms IT operations from reactive to proactive with a highly intelligent set of software capabilities that analyzes every component of the data center to ensure business intent, guarantee reliability, and identify performance issues in the network before they happen.

As application usage gets more pervasive across the enterprise network, IT professionals are looking to build solutions for consistent policy and encryption from the campus to the data center. For example, Cisco ACI integrations with Cisco® Software-Defined Access (SD-Access) /Cisco DNA Center and Cisco SD-WAN allow customers to automate and extend policy, security, assurance, and insights across their entire networking ecosystem.


To keep up with the massive influx of data and the increased demands on the network for speed and agility, networking professionals are learning to broker, connect, build, and govern their networks not only in the data center, but also across a vast multicloud landscape.

Cisco Application Centric Infrastructure (Cisco ACI) was built to simplify the IT infrastructure and operations by automating the network, providing pervasive security, and, if required, accelerate businesses to move to a multicloud environment.

With Cisco ACI, customers can manage complexity, maximize business benefits, and deploy workloads in any location, small and large, on premises and remote, in private and public clouds, satellite data centers, and 5G-enabled telecom edges.

With Cisco ACI, you can build a better network anywhere.

Cisco ACI differentiated business benefits

Figure 1.               

Cisco ACI differentiated business benefits

Digital transformation and business resiliency

Applications are at the center of the drive to modernize traditional businesses and the foundation of their digital transformation. The current discussion is about how applications have changed the very nature of data – how the data is generated, how it is analyzed, and how it is delivered. These are fundamentally new classes of applications that need to be considered in order to enhance the overall resiliency and agility of a business. These new applications have the following characteristics. They are.

     Modular and distributed across the enterprise. Applications follow the data. Now organizations need—and can get—data from everywhere, from every device and at any time to answer questions about their markets and customers. As a result, monolithic applications are dissolving rapidly into interconnected agile microservices that are delivered through a variety of virtual and physical workloads, including containers, across the entire enterprise.

     Built continuously and rapidly. The decentralization of application development enables companies to build new applications and services at vastly faster speeds and greater scales than were possible in the old centralized, “waterfall development” methods. Today, new applications are custom built, are updated by the minute, and often have a shelf-life of only a few days.

     Increasingly ML-enabled, AI-powered. The emergence of AI-powered and Machine Learning (ML)―enabled applications for both business and consumer use will lead to a whole new world of connected, intelligent, and automated devices that are deployed everywhere.

The main benefits of Cisco ACI include the following:

Accelerate network operations

A flexible and yet highly available network that allows agile application deployment within a site, across sites, and across global data centers while removing the need for complex Data Center Interconnect (DCI) infrastructure.

     Operational simplicity, with common policy, management, and operation models across application, network, and security resources

     Centralized network management and visibility with full automation and real-time network health monitoring

     Seamless integration of underlay and overlay

     Open northbound APIs to provide flexibility for DevOps teams and ecosystem partner integration

     A cloud-ready SDN solution

     Common platform for managing physical and virtual environments

     Automation of IT workflows and application deployment agility

Securely expand to multicloud

     Create business continuity and provide disaster recovery

     Inherent security with a zero-trust whitelist model and innovative features in policy enforcement, microsegmentation, and analytics

     Integrated security with Cisco security products and ecosystem partners

     Consistent security posture at scale across a multicloud environment

Deliver superior application experience

     Single policy and seamless connectivity across any data center and public cloud

     Through any hypervisor, for any workload, at any location, using any cloud

     Cloud automation enabled by integration with vRealize, Azure Pack, OpenStack, OpenShift, Kubernetes, and Cisco UCS® Director

     Open APIs and a programmable SDN fabric, with 65+ ecosystem partners

Cisco ACI building blocks

Cisco ACI and architectural solutions are built with the following building blocks:

     Cisco Application Policy Infrastructure Controller (APIC)

     Cisco Nexus 9000 Series spine and leaf switches for Cisco ACI

Cisco ACI building blocks

Figure 2.               

Cisco ACI building blocks

Cisco Application Policy Infrastructure Controller (APIC)

The infrastructure controller is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC appliance is a centralized, clustered controller that optimizes performance and unifies the operation of physical and virtual environments. The controller manages and operates a scalable multitenant Cisco ACI fabric.

The main features of the Cisco APIC include the following:

     Application-centric network policies

     Data-model-based declarative provisioning

     Application and topology monitoring and troubleshooting

     Third-party integration

    Layer 4 through Layer 7 (L4-L7) services

    VMware vCenter and vRealize

    Microsoft Hyper-V, Microsoft System Center Virtual Machine Manager (SCVMM), and Azure Pack

    Open vSwitch (OVS) and OpenStack


     Image management (spine and leaf)

     Cisco ACI inventory and configuration

     Implementation on a distributed framework across a cluster of appliances

     Health scores for critical managed objects (tenants, application profiles, switches, etc.)

     Fault, event, and performance management

Cisco Nexus 9000 series spine and leaf switches for Cisco ACI

Cisco Nexus 9300 and 9500 platform switches support Cisco ACI. Organizations can use them as spine or leaf switches to take full advantage of an automated, policy-based, systems management approach.

Cisco Nexus 9000 Series Switches include modular and fixed 1, 10, 25, 40, 50, 100 and 400 Gigabit Ethernet switch configurations that are designed to operate either in NX-OS mode for compatibility and consistency with the current Cisco Nexus switches (using Cisco NX-OS Software) or in ACI mode to take full advantage of Cisco ACI application-policy-based services and infrastructure automation features. This dual-function capability provides customers with investment protection and ease of migration to Cisco ACI through a software upgrade.

New features in Cisco ACI Release 5.2 include the following

     APIC cluster connectivity to fabric over Layer 3 network

    Supports deployment of APIC clusters in remote locations (for example, a DMZ network) and connects the clusters to the fabric (spine and leaf) over an IP network

    Provides flexibility and improves ease of deployment

     Software maintenance upgrade support

    Capability to upgrade APIC or a fabric switch using a patch

    Provides flexibility and improves usability of the product

     Support for back-to-back link between remote leaf pairs

    East-west traffic between nodes behind a pair of remote leafs now can leverage the physical links between the remote leaf pairs instead of hair-pinning

    Improves ease of deployment and TCO

     Endpoint Security Group (ESG) enhancements

    Provides support for additional classifiers (MAC and VM tags)

    Provides tag-selector support, which enables migration of EPGs to ESGs

    Improves ease of use and deployment

     Policy based routing enhancements

    Provides support for PBR on L3Out

    Provides dynamic MAC learning on Layer 3 PBR

    Provides inter-EPG contract support on L3Out with permit, deny, and PBR actions

    Improves ease of use and deployment

The controller framework enables broad ecosystem and industry interoperability with Cisco ACI. It enables interoperability between a Cisco ACI environment and management, orchestration, virtualization, and L4-L7 services from a broad range of vendors.

Cisco ACI deployment models

Cisco ACI consists of the following architectural solutions:

     Cisco ACI MultiPod

     Cisco Nexus Dashboard Orchestrator

     Cisco Cloud ACI

    Cloud ACI extended to AWS and Microsoft Azure

    Cloud-only solutions

    Cisco Cloud APIC

    Cisco Cloud Service Router (CSR) 1000v Series

    Cisco Nexus Dashboard Orchestrator

     Cisco ACI Physical Remote Leaf

     Cisco ACI Mini Fabric

Cisco ACI MultiPod

Cisco ACI MultiPod is part of the “single APIC cluster/single domain” family of solutions; a single APIC cluster is deployed to manage all the different ACI networks that are interconnected. These separate ACI networks are called “pods,” and each of them looks like a regular two-tiers spine-leaf topology. The same APIC cluster can manage several pods, and, to increase the resiliency of the solution, the various controller nodes that make up the cluster can be deployed across different pods.

Cisco ACI MultiPod

Figure 3.               

Cisco ACI MultiPod

Cisco Nexus Dashboard Orchestrator

The Cisco Multi-Site Orchestrator (MSO) has become the Nexus Dashboard Orchestrator. The Nexus Dashboard Orchestrator provides a single point of provisioning for multiple Cisco ACI fabrics operating in a coordinated way. When this solution is combined with the latest networking enhancements of Cisco ACI, organizations can manage extension network elements such as Virtual Routing and Forwarding (VRF) instances, bridge domains, and subnets across multiple fabrics. It enables centralized policy and security controls across geographically distributed fabrics and very large scaled-out fabrics with automation and operations from a common point, allowing for a global cloudscale infrastructure.

The main features of Cisco Nexus Dashboard Orchestrator include the following:

     Single point of administration for multiple Cisco ACI fabrics

     Capability to map tenants, applications, and associated networks to specific availability domains within the Cisco ACI multisite

     Change control across multiple fabrics, allowing staging, testing, and if required, clean backout of any policy changes

     Automatic configuration and management of fabric network interconnects across an IP backbone

Cisco Nexus Dashboard Orchestrator

Figure 4.               

Cisco Nexus Dashboard Orchestrator

Cisco Cloud ACI

Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified operations, automated network connectivity, consistent policy management, and visibility for multiple on-premises data centers and public clouds or multicloud environments. The solution captures business and user intents and translates them into native policy constructs for applications deployed across various cloud environments. It uses a holistic approach to enable application availability and segmentation for bare-metal, virtualized, containerized, or microservices-based applications deployed across multiple cloud domains. The common policy and operating model drastically reduces the cost and complexity of managing multicloud deployments. It provides a single management console to configure, monitor, and operate multiple disjoint environments spread across multiple clouds. Cisco Cloud ACI is available on AWS and Microsoft Azure; future availability for Google Cloud has been announced.

What’s new in Cloud ACI for Cisco ACI Release 5.2:

     Brownfield VNet import on Azure: This feature will enable Azure Cloud customers to view existing brownfield VNets from within the Cloud APIC purview and connect their greenfield VNets to the brownfield VNets imported into Cloud ACI.

     AWS Transit Gateway Connect: Using this feature, customers will be able to auto-configure their AWS Transit Gateway Connect through a Cloud APIC to support dynamic routing between Cisco Cloud Service Routers (CSRs) and AWS Transit Gateway.

     Private IP Address for Cloud APIC and CSRs on AWS: This will enable customers to deploy their Cloud ACI solution with a private backbone network between their on-premises and AWS data centers.

     VNet Peering across Azure Active Directories: This feature enables operational flexibility for customers who want to use multiple Azure subscriptions to manage their application segments within Azure cloud.

Cisco Cloud ACI

Figure 5.               

Cisco Cloud ACI

Cloud-only solutions

Cisco offers, with a Cisco Cloud ACI, a cloud only approach, which uncouples the solution from the on-premises data center and allows you to securely connect and segment workloads not only in the public cloud, but also across public clouds.

Cisco Cloud ACI: required components

     Cisco Cloud APIC

Manage multiple cloud regions and Cisco Cloud Services Routers (CSR) 1000v Series from a single instance of Cisco Cloud APIC and enable consistent policy, security, and operations through secure interconnect for a multicloud environment.

     Cisco Nexus Dashboard Orchestrator

Responsible for provisioning, health monitoring, and managing the full lifecycle of Cisco ACI networking policies and stretched tenant policies across Cisco ACI sites around the world, both on premises and in the cloud. It is the single source of truth for policies.

     Cisco Cloud Services Router 1000v Series

Cloud ACI uses the Cisco Cloud Services Router (CSR) 1000v Series as the cloud router for connectivity between on-premises and cloud environments.

Cisco ACI Physical remote leaf

With Cisco ACI Physical Remote Leaf, customers can place a regular leaf switch in a remote/satellite location and connect back to the spine switch in the main (on-premises) location and, in turn, extend Cisco ACI policy into the remote/satellite location. By doing so, customers can also take advantage of all the benefits of the Physical Remote Leaf, from diverse interfaces to superior performance and scale and built-in encryption.

Cisco ACI Physical Remote Leaf

Figure 6.               

Cisco ACI Physical Remote Leaf

Cisco ACI Mini fabric

With the introduction of Cisco Mini ACI Fabric, customers can now leverage an optimized Cisco ACI solution for their small-scale deployments. This solution comprises APIC-CLUSTER-XS (one physical and two virtual controllers) along with two spines and a minimum of two and a maximum of four leaves.

Cisco ACI Mini Fabric

Figure 7.               

Cisco ACI Mini Fabric

Cisco Nexus Dashboard

Cisco Nexus Dashboard provides a single automation platform to access operational services and tools for the data center and network. Using the Cisco Nexus Dashboard platform, customers can deploy Cisco Nexus Dashboard Orchestrator (NDO), Cisco Nexus Dashboard Insights, and Cisco Nexus Dashboard Data Broker. The Cisco Nexus Dashboard becomes even more of a collaborative focal point with the inclusion of operations-critical, third-party applications and tools. From the Nexus Dashboard, you can cross-launch any of the sites’ controllers, including APIC, Cloud APIC, and Cisco Data Center Network Manager (DCNM) fabrics, which drives the adoption of cloud-native application practices. Cisco Nexus Dashboard provides the following benefits.

     Easy to use

    Customizable role-based UI view to provide a focused view on network operators use cases

    Single Sign-On (SSO) for a seamless user experience across operation services

    Single console for health monitoring and quick service turnup

     Easy to scale

    High availability, scale-out operations from a single dashboard

    Scale use cases, leveraging flexible deployment options

    Operations that span across on-premises, multicloud, and edge networks

     Easy to maintain

    Seamless integration and lifecycle management of operational services

    Onboarding and managing of operational services across on-premises, cloud, or hybrid environments

    Single point of integration for critical third-party applications and tools

Cisco Nexus Dashboard

Figure 8.               

Cisco Nexus Dashboard

Cisco Nexus Dashboard Insights

Cisco Nexus Dashboard Insights gives customers the ability to monitor and analyze their fabric in real time to identify anomalies, to provide root-cause analysis and capacity planning, and to accelerate troubleshooting. By tracking historical context, collecting and processing hardware and software telemetry data, and correlating customer designs with Cisco best-practices, customers can get excellent visibility and awareness of issues affecting their environment and take corrective actions. Nexus Dashboard Insights is a microservices-based application designed to be hosted on Cisco Nexus Dashboard.

Cisco ACI Anywhere: popular integrations

Utilize Cisco Infrastructure-as-Code (IaC) integrated solutions with HashiCorp and Red Hat Ansible

Infrastructure as Code (IaC) is an innovative approach to building application and software infrastructure with code. IaC enables automated provisioning and management of the full technology stack by translating manual, repetitive tasks into reusable, robust, and distributable code. IaC relies on practices that have been successfully used for years in software development, such as versioning, automated testing, release tagging, continuous delivery, etc.

Cisco Data Center Network (DCN) IaC solutions cover integrations with common third-party tools from HashiCorp and Ansible. These solutions enable customers to empower application services to define network and security requirements at the infrastructure layer in an automated and fully synchronized manner. With this approach, you can embrace a DevOps model by accelerating applications deployment and optimize network compliance in a safe and predictable manner.

Benefits of IaC

     Scalability and reliability

     Automation and agility

     Higher ROI and lower TCO

Cisco ACI and Cisco SD-WAN integration

Cisco offers an ACI and SD-WAN integration for branch offices (network edge). This is an integral component of customers’ cloud journey, which requires secure, policy-driven interconnects between the data center and branch offices that are a cost-efficient alternative to provisioning dedicated connections. Through this integration, customers can now automate a WAN path selection between the branch office and the on-premises data center based on application policy.

For example, traffic from a stock trader in a branch office in Chicago can be automatically sent over the fastest possible WAN link to access the trading application hosted in a data center in New York, based on the application policies and SLAs configured.

Cisco ACI to Cisco SD-WAN integration

Figure 9.               

Cisco ACI to Cisco SD-WAN integration

Cisco ACI and AppDynamics integration

Digital transformation is a complex team effort across business and IT, requiring end-to-end application management and awareness. AppDynamics® provides IT teams the application-layer visibility and monitoring required in an intent-based architecture to validate that IT and business policies are being implemented across the network. Cisco ACI and AppDynamics integration provides dynamic correlation between application and network constructs. This combined solution provides high-quality application performance monitoring, richer diagnostic capability for application and network performance, and faster root-cause analysis of problems, with fast triage, sent quickly to appropriate team members – for example, does a given problem pertain to an application or to the network?

Cisco ACI and AppDynamics integration

Figure 10.           

Cisco ACI and AppDynamics integration

This integration does the following:

     Dynamically maps the application and service components to the Cisco ACI network elements, thus providing a shared view of the application and infrastructure across teams

     Provides a dynamic view of application use in the infrastructure for the network operations team

     Provides a cross-launch for application teams to correlate network and application fault and performance data

     Baselines application health status in AppDynamics by correlating the Cisco ACI network health and faults

Customers are on a continuous quest to correlate application service-level management with infrastructure monitoring. This new integration will significantly reduce the time it takes to identify and troubleshoot end-to-end application performance issues.

Cisco ACI and Cisco SD-Access integration

Hyper-distributed applications and highly mobile users, increased cybersecurity threats, and increased regulatory requirements make network segmentation a must for reducing risk and achieving better compliance. Policy integration between Cisco ACI and Cisco SD-Access allows the marrying of Cisco ACI’s application-based microsegmentation in the data center with Cisco SD-Access’s user-group-based segmentation across the campus and branch. This integration automates the mapping and enforcement of segmentation policy based on the user’s security profile as they access resources within the data center. It enables security administrators to manage segmentation seamlessly from end to end, user to application. A common and consistent identity-based microsegmentation capability is provided from the user to the application.

Cisco ACI and Cisco SD-Access integration

Figure 11.           

Cisco ACI and Cisco SD-Access integration

As a result of this integration, the attack surface is greatly reduced, and any unauthorized or suspicious access to resources and potential threats can quickly be controlled and remediated. The solution is fully qualified for up to 25,000 Cisco SD-Access campus users, with plans to expand scale as needed by our customers.

Cisco ACI and ServiceNow

Enterprises are increasingly embracing a multicloud strategy to deliver applications with the intent to accelerate innovation and reduce costs. However, this strategy brings in its wake inherent challenges in application agility and security. Enterprises demand business services to be up and running rapidly to serve their end users. End users often demand that IT departments quickly and flexibly offer services that can help them get their jobs done. This goal leaves many IT teams struggling to maintain the business services needed to help ensure that end users remain productive. Some of the challenges they face in helping ensure the uptime of critical business services include:

     A manual service mapping process that can take weeks or months, depending on service complexity

     Lack of correlation between infrastructure changes and the business services they support

     Disconnected infrastructure tools and portals for change management and troubleshooting

     Inefficient root-cause analysis for service outages as a result of inaccurate service maps

Cisco Application Centric Infrastructure (Cisco ACI) integration with ServiceNow automates the discovery, application to business service mapping, firmware management, and provisioning of the Cisco ACI fabric from the ServiceNow instance.

Integrating Cisco ACI with ServiceNow delivers visibility and automation from the application tier down to the physical infrastructure, improving the speed and efficiency of IT provisioning, management, and troubleshooting, including

     Faster troubleshooting and root-cause analysis

     Improved operational efficiency

     Reduced TCO

Cisco ACI and Kubernetes Anywhere

Cisco ACI is designed to offer policy-based automation, security, mobility, and visibility for application workloads regardless of whether they run on bare-metal servers, hypervisors, or Linux containers. The Cisco ACI system-level approach extends the support for Linux containers by providing tight integration of Kubernetes, a popular container orchestration platform, and the Cisco ACI platform.

This integration allows Cisco ACI to provide a ready-to-use, secure networking environment for Kubernetes. The integration maintains the simplicity of the user experience in deploying, scaling, and managing containerized applications while still offering the controls, visibility, security, and isolation required by an enterprise.

The Cisco ACI and Kubernetes solution offers the following benefits:

     Flexible approach to policy

     Automated, integrated load-balancing services

     Secure multitenancy

     Visibility and telemetry information

Kubernetes anywhere integrated with Cisco ACI

Figure 12.           

Kubernetes anywhere integrated with Cisco ACI

Cisco ACI Open Ecosystem

Table 1.           Features of the Cisco ACI Open Ecosystem



Third-party integration enabled by open APIs

Avoid vendor lock-in and expand choice and flexibility to build your own data center solution

Jointly certified software solutions with ecosystem partners

Employ a best-in-class SDN ecosystem with more than 65 technology partners, with partners publishing a certification matrix to guide customers to install and upgrade compatible software versions

L4-L7 service integration through service chaining

Deploy multivendor service graphs with a Cisco ACI integration mode of your choice to meet your operational and organizational needs

These L4-7 integrations are supported through NB REST API with respective ADC/firewall vendors or applications on Cisco ACI App Center

Cisco ACI App Center

Cisco ACI applications help you get the best applications for Cisco ACI in an efficient way. The Cisco ACI App Center:

  Accelerates innovations related to the Cisco ACI open ecosystem
  Enables Cisco internal partners, customers, and third-party developers to add value to Cisco ACI networks
  Allows customers to efficiently extract value from their networking investments

Cisco Capital

Flexible payment solutions to help you achieve your objectives.

Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

Use the following links for additional information:

     Cisco ACI Overview

     Cisco APIC Data Sheet

     Cisco Nexus 9000 Series Switches Data Sheet

     Cisco Cloud ACI Overview

     Get Cisco Cloud ACI on AWS

     Get Cisco Cloud ACI on Microsoft Azure

     Cisco ACI Multi Site White paper

     Cisco ACI Remote Leaf

     Case Studies

     Walkthrough Demonstrations

     Download Cisco ACI software

     Cisco Nexus Dashboard

     Cisco ACI ROI Calculator




Learn more