Prime Network Services Controller supports integration with Cisco Data
Center Network Manager (DCNM). As part of this integration,
Prime Network Services Controller provides the automation of virtual network services in Cisco Dynamic Fabric Automation
(DFA). In the Cisco DFA solution, services like firewalls and load balancers
are deployed at leaf nodes within the spine-leaf topology and in border leaf
nodes, in contrast to more traditional data centers where these services are
deployed at the aggregation layer.
The following table
describes the primary items in the Prime Network Services Controller integration with DCNM:
Item
|
Description
|
Prime Network Services Controller
|
Provides central management of network services in a
multi-tenant environment.
|
DCNM
|
- Provides the
setup, visualization, management, and monitoring of the data center
infrastructure.
- Provides
configuration and image management for the fabric.
|
Dynamic Fabric Automation (DFA)
cluster
|
Provides a simplified spine-leaf architecture, enhanced forwarding, and distributed control plane.
|
Prime Network Services Controller
Adaptor
|
- Links
Prime Network Services Controller
with DCNM.
- Enables DCNM to
interoperate with one or more instances of
Prime Network Services Controller.
- Maps the tenants
and virtual data centers to the
Prime Network Services Controller
instances responsible for network services.
- Listens to network
database updates and communicates those updates to the appropriate
Prime Network Services Controller
instance.
- Upon notification
of a new network service in a tenant network, notifies DCNM of the change.
|
Prime Network Services Controller provides centralized management of
network services by supporting the following actions:
- The creation, reading,
updating, and deletion of vPath-based service chains.
- The creation, updating, and
deletion of network services.
- Communicating changes about
network services to the
Prime Network Services Controller Adapter.
The
Prime Network Services Controller GUI reflects this support by
displaying information for networks and subnetworks associated with a tenant,
and network services in a tenant's network.
Terminology
The following table identifies the corresponding terms in Prime Network Services Controller and DCNM:
Prime Network Services Controller Name |
DCNM Name |
Description |
Tenant
|
Organization
|
A collection of VDCs for tenant-level separation of resources and data.
|
Virtual Data Center (VDC)
|
Partition
|
An independent routing domain that includes a collection of subnetworks. A VDC can belong to only one tenant.
|
Subnetwork
|
Network
|
A unique Layer 2 network identified by a unique identifier. A subnetwork can belong to only one VDC.
|
Networks
After an admin user provisions one or more tenant networks in DCNM, DCNM sends the information about the tenant network to Prime Network Services Controller. A tenant-admin user in Prime Network Services Controller can then deploy network services such as firewalls, load balancers, and routers on those networks.
For each network, DCNM provides Prime Network Services Controller with a handle that uniquely identifies the network on a VM manager and the network's Layer 3 IP details, such as subnet prefix, mask, and default gateway.
To view these networks in Prime Network Services Controller, choose Resource Management > Managed Resources > root > tenant (or other subordinate organization), and then click the Subnetworks tab.
You can place the interfaces of a network service that is deployed at a particular level (or node) in the tenant organizational hierarchy on available networks at the following locations: The organization node on which the service is being deployed.
Organization nodes that are children of the organization node on which the service is being deployed.
Organization nodes that are ancestors of the organization node on which the service is being deployed.
Network Roles
Networks are qualified by a role property which identifies their intended usage. The following table describes the various network roles.
Network Role
|
Description |
Host
|
Tenant-specific network intended for tenant application VMs. Service nodes can also be connected to this network.
|
Service
|
Tenant network intended exclusively for service nodes.
|
External
|
Tenant network that provides external connectivity. Both tenant application VMs and service nodes can connect to this network.
|
Management
|
Shared infrastructure network used for communication between service nodes and Prime Network Services Controller. Service node management interfaces connect to this network.
|
HA
|
Shared infrastructure network intended for high availability communications between service nodes. Service node HA interfaces connect to this network.
|
In contrast with tenant networks, which are tenant-specific and provisioned on the data center fabric by DCNM, infrastructure networks are shared by all tenants and are provisioned on the data center fabric out of band.
Details about infrastructure networks need to be added to Prime Network Services Controller by the admin user. Because these networks are shared, they can be added only to root (Tenant Management > root).
To add details about infrastructure networks, choose Resource Management > Managed Resources and then click the Subnetworks tab.
Roles and Privileges
The following roles
support
Prime Network Services Controller integration with DCNM:
Role
|
Responsibility
|
admin
|
- Deploy
Prime Network Services Controller if it is not already deployed.
- Configure the
Prime Network Services Controller instance and credentials on DCNM.
- Confirm communication
between
Prime Network Services Controller and DCNM.
- As needed, create
tenant-admin user accounts.
- Provide the tenant-admin
user with the
Prime Network Services Controller management IP address.
|
tenant-admin
|
- Add, modify, or delete
network services in the scope of the tenant organizational hierarchy provided
by DCNM.
- As part of network service
creation, connect the data interfaces on the subnetworks for that tenant.
|