How to Determine If ACI Multi-Site is the Right Data Center Solution
In This Article
Organizations purchase data center infrastructure due to End of Support (EOS) for current hardware, expansion or to build new greenfield data centers. A modern data center needs to be secure and optimized for application delivery. With more end users and IT staff working from home, organizations must also look at automating their Day 0 through Day 2 operations and cloud connectivity from on-premise workloads.
With over 80 percent of most modern data center traffic moving East-West, it is also important to consider moving from a traditional 3-tier architecture to a spine/leaf architecture for increased efficiency and for security enablement.
As organizations are going through the exercise to determine the best solution to fit their business and technology use cases, these following considerations must be explored.
What needs to be examined carefully is in bold, as these design considerations did not exist 7-10 years ago when organizations last did a data center refresh.
- Architectural flexibility to meet evolving requirements
- Automation and analytics (new to today's network designs)
- Integration and interoperability with existing networks and security
- The learning curve involved (new to today's network designs if going to spine/leaf)
- Data center interconnection considerations
- Cloud connectivity (new to today's network designs)
- Segmentation in the data center (new to today's network designs)
If you're trying to navigate today's design considerations and new architectures, WWT recommends our Data Center Discovery Workshop to help determine the best solutions based on business and technical requirements. We offer a vendor-agnostic view via this workshop into what architectures and technologies are being offered by OEMs and what customers are deploying successfully in production.
We can provide unique insight into multiple vendors and hundreds of customer deployments to determine the best solution for the organization. Understand each solution's pros and cons and determine the best solution from a business use case and technical requirements.
Today there are 4 data center architectures and data center interconnection (DCI) are as follows:
- Traditional 3-Tier Architecture using Core/Agg/Access switches
- Multiple data center interconnections via L2 extension (OTV, EoMPLS, VPLS)
- Spine\Leaf VXLAN Network with MP-BGP EVPN Control Plane
- Multiple data center interconnections via OTV or VXLAN
- Cisco Application Centric Infrastructure (ACI)
- Multiple data center interconnections via Multi-Pod/Multi-Site
- Using a Hypervisor-Based Software Overlay to create the Software-Defined Data Center
- Multiple data center interconnections via software-based extensions
As part of this discovery process to determine the correct solution, we developed a 4 module tutorial and lab environment that will go over the business and technical aspects of the ACI Multi-Site solution. ACI Multi-Site is part of Cisco's ACI Anywhere vision, which allows a single security and connectivity policy with a single pane of glass to manage all multicloud environments. The key to ACI Anywhere is the ACI Multi-Site Orchestrator (MSO), which allows the administrator to create consistent security and connectivity policies across multiple physical, virtual and cloud-based sites.
This series of 4 lab modules will go through all the steps necessary to bring up an ACI Multi-Site environment from scratch and is divided into smaller modules for the student to consume easier. The modules are broken into smaller 4-hour sections.
When you finish with the first module, you will then deploy the second module, and it will start where you finished the previous module. You can also continue in the doc as a code lab guide if you have the time to go through all of the 4 modules, or just 2 or 3 modules. This set of labs was designed to be flexible, so as you have more time, you can proceed to a second module.
The overall lab architecture consists of 2 ACI sites, MSITE-EAST and MSITE-WEST, which are connected via the Inter-Site Network (ISN). There is also a vCenter and 3 Multi-Site Orchestrator (MSO) nodes used to build out the environment. The lab does use ACI simulators, so there is no data plane testing; however, all configuration and verification steps are identical to a physical fabric.
By using the on-demand labs, organizations can work through the various scenarios of setting up ACI Multi-Site to determine if it fits their business and technical connectivity requirements.
Module 1 overview and breakdown
Module 1 offers a deep dive tutorial and labs of the technical and business benefits of VXLAN and the ACI initial setup process.
- VXLAN basics and ACI overview
- Lab 1: Initial APIC setup (EAST and WEST)
- Lab 2: ACI Fabric discovery
- Lab 3: APIC GUI walkthrough and Tenant creation
- Lab 4: Fabric setup and creating a backup for Module 2
Module 2 overview and breakdown
Module 2 offers a deep dive tutorial and labs of the technical and business benefits of ACI VMM integration and the ACI policy model.
- Restoring the fabric to end of Module 1
- ACI policy discussion
- VMM discussion
- Lab 5: VMM integration with ACI Lab 5
- Physical and logical policy discussion
- Lab 6, Part 1: Creating bridge domains
- Contracts and filters discussion
- Lab 6, Part 2: creating filter and contract creation
- Bridge Domain forwarding and endpoint learning discussion
- Lab 7: Application profile creation, EPG and contact integration VMM integration
Module 3 overview and breakdown
Module 3 offers a deep dive tutorial and labs of the technical and business benefits of ACI L2/L3 connectivity and micro-segmentation using Intra-EPG isolation and uEPGs.
- Restoring APIC fabric from a backup of lab 2
- ACI L2/3 policy discussion
- Layer 2 extension discussion
- Lab 8: Layer-2 connectivity
- Layer 3 discussion
- Lab 9: Layer 3 connectivity
- Micro-segmentation discussion
- Lab 10: Intra-EPG isolation and micro-segmentation using uEPGs
Module 4 overview and breakdown
Module 4 offers a deep dive into the MSO install and deploying an ACI policy from the MSO and the technical and business benefits of MSO.
- Lab 11: Restoring to module 3
- Lab 12: Creating the MSO Cluster
- Lab 13: Multi-Site Orchestrator GUI walk-through
- Lab 13: Importing MSITE-EAST and MSITE-WEST into MSO
- Lab 14: Creating APIC spine policies and ISN connectivity
- Lab 15: Creating the Infra policies using the MSO
- Lab 16: Creating a Tenant in MSO
- Lab 17: Creating the schema and templates for MSITE
- Lab 18: Creating policy inside the templates and deploying to sites
The goals of the Multi-Site tutorials and labs are to familiarize organizations with the concepts of configuring an ACI fabric from scratch, deploying and configuring the MSO and adding the ACI fabrics to the MSO. Once the user completes the 4 modules they will have a better understanding of how Cisco's ACI Multi-Site solution fits their business and technical connectivity requirements.
You can access the lab modules via these links: