Automate Provisioning of Multitenant Cloud Environments with Cisco Dynamic Fabric Automation
PDF(315.4 KB) View with Adobe Reader on a variety of devices
Updated:March 12, 2015
What You Will Learn
Cloud networking implies the automation and orchestration of virtual machine, network, and service provisioning, as well as management processes that decrease IT touch points to increase efficiency and agility. The Cisco Dynamic Fabric Automation (Cisco DFA) architecture enables a simplified approach to cloud and network orchestration, alleviating the traditional complexity commonly required to manage and migrate applications. The result is a greater virtual machine mobility, smaller failure domains, and greater multi-tenant scale.
As organizations increasingly move to cloud deployments, data center and service provider networks are being pressed to adapt to the new application environment and the operational demands it is placing on the underlying infrastructure. To this end, Cisco has some specific design recommendations:
• Build around a highly efficient and flexible infrastructure based on open standards
• Ensure ability to map tenants (users, lines of business, or business apps) and requirements onto secure, shared, high-performance infrastructure resource pools
• Deploy centralized policy-driven automation, management and visibility of physical and virtual environments
• Establish a common programmable automation and management framework to simplify operations and increase agility
Cisco Dynamic Fabric Automation Architecture
Cisco developed the DFA architecture to create the premier foundation for building cloud infrastructure (Figure 1), resulting in some distinctive benefits:
• Greater Efficiency: Optimized spine-leaf topologies with integrated gateways provide greater efficiencies and seamless mobility for physical and virtual machines and services along with end-to-end visibility. It also delivers greater resiliency with smaller fault domains and multi-tenant scale.
• Operational Simplicity: DCNM 7.0 provides centralized fabric management across physical servers and virtual machines including auto-deployment, integrated fabric access, topology views, monitoring and health-checks. Open APIs allow better integration with orchestration and automation tools, in addition to cloud platforms.
• Greater Agility: Enables network automation and provisioning to speed up application delivery.
The balance of this document will focus on operational simplicity and how Cisco DFA accomplishes this by automating provisioning of the fabric and its services through a consolidated central point of management and monitoring (CPOM), provided by Cisco Prime Data Center Network Manager (DCNM) Release 7.0.
Cisco DCNM allows the user to manage all the devices in the fabric from a central console. Common configuration information and processes and can be applied to devices grouped by type or role, simplifying large-scale policy updates without the need to touch individual systems. Cisco DCNM also allows the network administrator to import bulk inventory data, enabling easy assignment of new devices to the network (Figure 1).
Figure 1. The Cisco DCNM Central Management Console Provides One Central Point of Management for the Self-Orchestrating Fabric
Fabric nodes (leaf and spine nodes) support a feature called Power-on Auto Provisioning (POAP), that helps ensure that new network devices can configure themselves in the network automatically after cabling and power-up. Upon booting, a node retrieves configuration information from an external server that recognizes the new node and its roles in the fabric. After the fabric device is powered on, it automatically participates in the required protocols to build the fabric and attach to servers and virtual machines. This zero-touch provisioning simplifies network expansion and management. Even cabling errors can be detected and quickly resolved through customizable policies that determine how nodes should be connected.
As cloud management platforms bring new tenants and applications online, they trigger the provisioning and configuration of logically isolated tenant networks in the fabric based on preconfigured profiles for that tenant and those application types, as well as configuration of any network devices and other required services (Figure 2).
Figure 2. New Tenants and Applications Configured in Cloud Management Systems Trigger Provisioning and Configuration
New traffic received from the endpoint servers is dynamically mapped to the provisioned network segment and identified to the rest of the network so that it can then participate in all the fabric forwarding capabilities through either Layer 2 or Layer 3 communications. Unlike in other virtual network environments, no encapsulation is required in the hypervisor, allowing the fabric to be fully hypervisor independent, thereby supporting hypervisors from multiple vendors in parallel.
Implementing the Cisco Dynamic Fabric Automation Architecture Enhancements
For organizations evolving or migrating to the enhanced Cisco DFA design, the transition is cost effective and smooth and generally based on existing Cisco Nexus
® Family hardware already in place. With software upgrades, Cisco Nexus 6000 and 7000 Series Switches can participate in the spine and the leaf nodes, including the border leaf nodes (the Cisco Nexus 7000 Series needs to be upgraded to the Cisco Nexus F3-Series line card to act as a leaf node). Cisco Nexus 5000 Series Switches can be used in the network spine.
To begin the migration and deployment of the architecture, organizations should implement Cisco FabricPath as well as Cisco Nexus 1000V Series virtual switches at the virtual machine access layer. Organizations should also consider building fabrics based on the supported platforms. For more information about supported hardware platforms and the timing of supported software releases, please refer to the Cisco DFA webpage:
A Simpler Network
Cisco DFA provides critical network attributes required for cloud computing, including dynamic provisioning and orchestration for both physical and virtual environments simultaneously. Fabric features such as POAP for network devices, automation of tenant and application deployments, and fabric auto-discovery allow dramatically smaller teams to manage vastly more scalable cloud networks. Cisco DFA offers more efficient device and tenant provisioning with greater visibility and control of the physical infrastructure. The resulting fabric design is free from any dependencies on the hypervisor infrastructure or cloud orchestration software.
The Cisco DFA architecture is a logical evolution of traditional data center fabric designs to address rapidly emerging cloud network requirements. Cisco's DFA delivers unparalleled advantages to customers optimizing for virtualized and hybrid data center environments. With the broadest data center networking portfolio and industry leading innovation, the Nexus platforms deliver differentiated value and lower TCO to our data center customers with an evolutionary path to maximize their return on investment. After driving LAN/SAN convergence, bringing VM-awareness into the fabric and laying the groundwork for extensibility across private and public cloud environments, Cisco is attacking the problem of operational complexity at its core.
For More Information
For a more in-depth discussion on the benefits of the Cisco DFA architecture for orchestration and scalability, please see