Cisco Application Policy Infrastructure Controller Driver for OpenStack Data Sheet
Available Languages
Product Description
The Cisco® Application Policy Infrastructure Controller (APIC) offers a single point of automation and management for Cisco Application Centric Infrastructure (Cisco ACI™). The Cisco APIC Driver for OpenStack allows customers to use OpenStack Neutron networking APIs, interfaces, and automation tools with the performance, scalability, flexibility, and visibility of Cisco ACI. This solution automatically translates the Neutron configuration into application network profiles within the controller and automatically manages connectivity across both physical and virtual switches.
The APIC driver supports Neutron APIs, including network, router, subnet, and security group APIs. It also automates configuration of external networks and the creation and attachment of Neutron ports to virtual machines. With the exception of security groups, which are supported through IP address tables, each of these APIs automatically triggers configuration on the controller.
The Cisco ACI fabric offers distributed Layer 2 behavior, allowing complete flexibility in the placement of virtual machines within the OpenStack cloud. It also serves as a distributed default gateway between Neutron networks, eliminating the need for a software-based Layer 3 agent.
OpenStack Neutron Modular Layer 2 Architecture
The APIC driver works as part of the Neutron Modular Layer 2 (ML2) plug-in architecture.
OpFlex and Open vSwitch Support
The APIC can manage Open vSwitch (OVS) in an OpenStack environment using the OpFlex protocol. The OpFlex agent, an open-source software component running on each hypervisor, communicates with one or more physical leaf switches within the Cisco ACI fabric and manages a local instance of OVS.
This approach allows tight integration between the APIC and OpenStack using the controller’s native virtual machine networking tools and interfaces. This link between OpenStack and the APIC offers a number of advantages:
● It enables the controller to track each OpenStack computing node, including its virtual machines, internal networking configuration, and traffic metrics.
● It provides operational visibility into the OpenStack environment and simplifies troubleshooting across the physical and virtual environments.
● It supports local response to Dynamic Host Configuration Protocol (DHCP) and metadata requests on each OpenStack computing node rather than relying on responses through a centralized network node.
● It enables efficient virtual machine migration by automatically sending a Gratuitous Address Resolution Protocol (GARP) request.
Floating IP Addresses and Network Address Translation
Cisco ACI, with the group-based policy (GBP) APIC driver, supports the capability to create floating IP addresses and dynamically assigns them to virtual machines. Using OpFlex and OVS, the floating IP address capability is fully distributed within each hypervisor host. The solution also allows virtual machines in private tenant networks to access external networks through Source Network Address Translation (SNAT).
The APIC driver is designed for high availability. It supports connections to multiple APICs within the Cisco ACI fabric and is designed to synchronize the state if a failure occurs in the OpenStack or APIC deployment. The APIC driver also supports multihomed hosts using virtual PortChannel (vPC) technology.
The APIC driver uses Link-Layer Discovery Protocol (LLDP) to automatically discover hypervisor connectivity points for servers directly attached to the Cisco ACI fabric. This protocol allows new virtual machines to be automatically attached to or removed from endpoint groups (EPGs) as they as created or deleted. In addition, you can configure hypervisor connectivity manually.
The APIC Driver for OpenStack is open-source software. It is available, including OpFlex support, without additional licensing in APIC Release 1.1(4e).
Platform Requirements
● The APIC driver is supported on OpenStack Juno and later releases. The driver is compatible with any server hardware capable of supporting OpenStack Icehouse. OpFlex support is available in Juno and later releases.
● Cisco ACI fabric, which consists of Cisco Nexus® 9500 and 9300 platform switches and APICs that support Cisco ACI, is required.
Main Features
Table 1 summarizes the main features and capabilities of the Cisco APIC Driver for OpenStack.
Table 1. Cisco APIC Driver Features and Capabilities
| Feature |
Description |
| Neutron Layer 2 support |
Distributed Layer 2 support allowing flexible placement of virtual machines. |
| Neutron Layer 3 support |
Support for multiple routers implemented in the Cisco ACI fabric using distributed hardware gateways, including support for multiple, independent IP address spaces. |
| Security group |
Security group support (implemented on each hypervisor host through IP address tables). |
| Scalability |
Scalability limits are set by the capabilities of the ACI fabric. Please check the scalability guide for each ACI release. |
| Encapsulation to Cisco ACI fabric from hypervisor |
VLAN or VXLAN. |
| Floating IP and sNAT |
Distributed Floating IP and sNAT support implemented through OpFlex and Open vSwitch. |
| Neutron Node HA |
Distributed meta-data proxy and DHCP implemented through OpFlex and Open vSwitch. |
| Support for multiple APICs |
The driver communicates with multiple APICs and is resilient to the failure of any specific APIC. |
| Dual-homed servers |
The driver supports dual-homed servers using the vPC function of the Cisco ACI fabric’s top-of-rack (ToR) switches. |
| Automatic hypervisor discovery |
This feature is optional and requires LLDP. The driver automatically discovers hypervisor physical connectivity to the top of the rack using LLDP and dynamically provisions the Cisco ACI fabric. This behavior allows physical topology changes without the need for any reconfiguration. |
| Licensing |
The APIC driver is open-source software and is available without additional licensing on the APIC or the Cisco ACI fabric. |
| Supported versions |
● The GBP APIC driver is supported on OpenStack Juno and later releases.
● GBP is supported by commercial distributions from Red Hat and Mirantis. Packages are available for Ubuntu platforms as well. Check with Cisco for specific vendor versions.
● Cisco ACI Release 1.1(4e) and later is required.
|
Figure 1 shows how the APIC driver works in an OpenStack environment along with the APIC and the Cisco ACI fabric.
Cisco Capital
Financing to Help You Achieve Your Objectives
Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
For More Information
Read more about the Cisco Nexus plug-in for OpenStack Neutron at http://www.cisco.com/go/aci.
Read more about OpenStack at http://docs.openstack.org/.
Feedback