The Cisco ACI fabric
includes Cisco Nexus 9000 Series switches with the
to run in the leaf/spine ACI fabric mode. These switches form a “fat-tree”
network by connecting each leaf node to each spine node; all other devices
connect to the leaf nodes. The
APIC manages the ACI fabric. The
recommended minimum configuration for the
APIC is a cluster of three replicated
APIC fabric management functions do not
operate in the data path of the fabric. The following figure shows an overview
of the leaf/spin ACI fabric.
Figure 1. ACI Fabric
The ACI fabric
provides consistent low-latency forwarding across high-bandwidth links (40
Gbps, with a 100-Gbps future capability). Traffic with the source and
destination on the same leaf switch is handled locally, and all other traffic
travels from the ingress leaf to the egress leaf through a spine switch.
Although this architecture appears as two hops from a physical perspective, it
is actually a single Layer 3 hop because the fabric operates as a single Layer
The ACI fabric
object-oriented operating system (OS) runs on each Cisco Nexus 9000 Series
node. It enables programming of objects for each configurable element of the
The ACI fabric OS
renders policies from the
APIC into a concrete model that runs in the
physical infrastructure. The concrete model is analogous to compiled software;
it is the form of the model that the switch operating system can execute. The
figure below shows the relationship of the logical model to the concrete model
and the switch OS.
Figure 2. Logical Model
Rendered into a Concrete Model
All the switch nodes contain a complete copy of the concrete model.
When an administrator creates a policy in the
APIC that represents a configuration, the
APIC updates the logical model. The
APIC then performs the intermediate step of
creating a fully elaborated policy that it pushes into all the switch nodes
where the concrete model is updated.
The Cisco Nexus
9000 Series switches can only execute the concrete model. Each switch has a
copy of the concrete model. If the
APIC goes off line, the fabric keeps
functioning but modifications to the fabric policies are not possible.
APIC is responsible for fabric activation,
switch firmware management, network policy configuration, and instantiation.
APIC acts as the centralized policy and
network management engine for the fabric, it is completely removed from the
data path, including the forwarding topology. Therefore, the fabric can still
forward traffic even when communication with the
APIC is lost.
The Cisco Nexus 9000
Series switches offer modular and fixed 1-, 10-, and 40-Gigabit Ethernet switch
configurations that operate in either Cisco NX-OS stand-alone mode for
compatibility and consistency with the current Cisco Nexus switches or in ACI
mode to take full advantage of the
APIC's application policy-driven services
and infrastructure automation features.