Prime Network Services
Controller supports integration with Cisco Data
Center Network Manager (DCNM). As part of this integration,
Prime Network Services
Controller provides the automation of virtual
network services in Cisco Dynamic Fabric Automation (DFA). In the Cisco DFA
solution, services like firewalls and load balancers are deployed at leaf nodes
within the spine-leaf topology and in border leaf nodes, in contrast to more
traditional data centers where these services are deployed at the aggregation
layer.
The following table
describes the primary items in the
Prime Network Services
Controller integration with DCNM:
Item |
Description |
Prime Network Services
Controller
|
Provides central management of network services in a multi-tenant environment.
|
DCNM
|
-
Provides the setup, visualization, management, and monitoring of the data center infrastructure.
-
Provides configuration and image management for the fabric.
|
Dynamic Fabric Automation (DFA) cluster
|
Provides a simplified spine-leaf architecture, enhanced forwarding, and distributed control plane.
|
Prime Network Services
Controller Adaptor
|
-
Links Prime Network Services
Controller with DCNM.
-
Enables DCNM to interoperate with one or more instances of Prime Network Services
Controller.
-
Maps the tenants and virtual data centers to the Prime Network Services
Controller instances responsible for network services.
-
Listens to network database updates and communicates those updates to the appropriate Prime Network Services
Controller instance.
-
Upon notification of a new network service in a tenant network, notifies DCNM of the change.
|
Prime Network Services
Controller provides centralized management of network services by supporting the following actions:
-
The creation, reading, updating, and deletion of vPath-based service chains.
-
The creation, updating, and deletion of network services.
-
Communicating changes about network services to the Prime Network Services
Controller Adapter.
The
Prime Network Services
Controller GUI reflects this support by
displaying information for networks and subnetworks associated with a tenant,
and network services in a tenant's network.
Terminology
The following table
identifies the corresponding terms in
Prime Network Services
Controller and DCNM:
Prime Network Services Controller Name |
DCNM Name |
Description |
Tenant
|
Organization
|
A collection of VDCs for tenant-level separation of resources and data.
|
Virtual Data Center (VDC)
|
Partition
|
An independent routing domain that includes a collection of subnetworks. A VDC can belong to only one tenant.
|
Subnetwork
|
Network
|
A Layer 2 network with a unique identifier. A subnetwork can belong to only one VDC.
|
Networks
After an admin user
provisions one or more tenant networks in DCNM, DCNM sends the information
about the tenant network to
Prime Network Services
Controller. A tenant-admin user in
Prime Network Services
Controller can then deploy network services
such as firewalls, load balancers, and routers on those networks.
For each network,
DCNM provides
Prime Network Services
Controller with a
handle that
uniquely identifies the network on a VM manager and the network's Layer 3 IP
details, such as subnet prefix, mask, and default gateway.
To view these
networks in
Prime Network Services
Controller, choose
Resource
Management > Managed Resources > root >
tenant (or other subordinate organization), and then
click the
Subnetworks tab.
You can place the interfaces of a network service that is deployed at a particular level (or node) in the tenant organizational hierarchy on available networks at the following locations:
-
The organization node on which the service is being deployed.
-
Organization nodes that are children of the organization node on which the service is being deployed.
-
Organization nodes that are ancestors of the organization node on which the service is being deployed.
Network Roles
Networks are
qualified by a role property which identifies their intended usage. The
following table describes the various network roles.
Network Role |
Description |
Host
|
Tenant-specific network intended for tenant application VMs. Service nodes can also be connected to this network.
|
Service
|
Tenant network intended exclusively for service nodes.
|
External
|
Tenant network that provides external connectivity. Both tenant application VMs and service nodes can connect to this network.
|
Management
|
Shared infrastructure network used for communication between service nodes and Prime Network Services
Controller. Service node management interfaces connect to this network.
|
HA
|
Shared infrastructure network intended for high availability communications between service nodes. Service node HA interfaces connect to this network.
|
In contrast with
tenant networks, which are tenant-specific and provisioned on the data center
fabric by DCNM, infrastructure networks are shared by all tenants and are
provisioned on the data center fabric out of band.
Details about
infrastructure networks need to be added to
Prime Network Services
Controller by the admin user. Because these
networks are shared, they can be added only to root (Tenant Management >
root).
To add details
about infrastructure networks, choose
Resource
Management > Managed Resources and then click the
Subnetworks tab.
Roles and Privileges
The following roles support Prime Network Services
Controller integration with DCNM:
Role |
Responsibility |
admin
|
-
Deploy Prime Network Services
Controller if it is not already deployed.
-
Configure the Prime Network Services
Controller instance and credentials on DCNM.
-
Confirm communication between Prime Network Services
Controller and DCNM.
-
As needed, create tenant-admin user accounts.
-
Provide the tenant-admin user with the Prime Network Services
Controller management IP address.
|
tenant-admin
|
-
Add, modify, or delete network services in the scope of the tenant organizational hierarchy provided by DCNM.
-
As part of network service creation, connect the data interfaces on the subnetworks for that tenant.
|