Software Defined DC powered by Cisco Toni Kuzman STORM Computers

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 Virtualizacija serverske infrastrukture HW Servers vSwitch HW Servers Virtual Servers Agilnost Pojednostavljenje operacija Nove poslovne mogućnosti Što je sa mrežom?

Software Defined DC powered by Cisco Kronološki prikaz evolucije dizajna mrežne DC infrastrukture 1995 2000 2005 2010

Software Defined DC powered by Cisco Ograničena virtualizacija VSS Dva mrežna uređaja, jedan control plane, aktivna dva data plane vPC Dva mrežna uređaja, dva control plane, aktivna dva data plane VDC Virtualizacija HW mrežnog uređaja na više virtualnih instanci s odvojenim procesorskim, memorijskim i prihvatnim kapacitetima

Software Defined DC powered by Cisco Kako je Cisco odgovorio na izazov? Izgradnja policy-driven mrežne infrastrukture Izlazak iz okvira konfiguriranja uređaja po uređaj na putu realizacije zamišljenog dizajna Izdvojeni segmenta za kreiranje pravila od control i data plane mrežne infrastrukture Jedinstven fizički dizajn, s predvidljivim tokovima prometa.

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure ACI Nexus 9000 APIC

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Spine switches Policy MGMT Leaf switches

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Fizička mreža, mrežni fabric Application policy Jednom fizički spojena mreža sama se konfigurira s minimalnim impactom od strane administratora Ljudska pogreška prilikom konfiguriranja teži „0” Optimizacija mreže automatizirana, determinirani tokovi prometa i failover mehanizmi unutar mrežnog fabrica Pojednostavljeno održavanje i nadogradnja Application policy se kreira na APIC serverima APIC cluster spojen na različite leaf switcheve, fabric Za pristup, Cluster APIC servera spojen na OOB mrežu Cluster APIC servera nije dio control i data planea Ispad cjelokupnog APIC clustera ne utječe na implementiranu politiku na mrežnom fabricu

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Mrežni ACI fabric

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Podjela ACI fabrica na instance/tenant Korisnički servisi/produkcija Korporativni servisi Test Mrežni ACI fabric Tenant je zasebna cjelina/kontejner unutar ACI fabrica koji ima svoju aplikacijsku, mrežnu i servisnu politiku

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Unutar svakog tenanta je moguće imati jednu ili više VRF instanci Mrežni ACI fabric Tenant_1 Tenant_2 VRF1 10.0.0.0/24 VRF1 10.0.0.0/24 VRF1 10.0.0.0/24 VRF2 10.0.0.0/24

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Unutar svakog VRF-a moguće je kreirati jednu ili više Bridging domena Mrežni ACI fabric Tenant VRF1 VRF2 Bridging domain1 Bridging domain1 Bridging domain2 Bridging domain2

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Bridging domena je pandan onom što poznajemo pod pojmom VLAN-a, broadcast/multicast Layer2 domena Mrežni ACI fabric Tenant VRF1 SVI_1 SVI_2 Bridging domain1 Bridging domain2

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure EPG – End Point Group Konstrukcija koja je temeljena na poveznicama EP-a koji joj pripadaju Mrežni ACI fabric Tenant VRF1 SVI_1 SVI_2 Bridging domain1 Bridging domain2 EPG1 EPG2 EPG3 EPG4

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure EPG – End Point Group Po default postavkama komunikacija između EPG nije moguća Mrežni ACI fabric Da bi bila moguća komunikacija između EPG-ova, potrebno je kreirati contracte filter liste, stateless firewall Tenant VRF1 SVI_1 SVI_2 Bridging domain1 Bridging domain2 EPG1 EPG2 EPG3 EPG4 Komunikacija između EP unutar EPG-a je po defaultu dopuštena

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Servisni flow, tri tier aplikacija Web serveri App serveri Database

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Servisni flow, tri tier aplikacija contract contract contract Bridging domain1 Gateway Bridging domain2 Gateway Bridging domain3 Gateway EPG web EPG App EPG DB

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Servisni flow, tri tier aplikacija Contract web: permit tcp 443 permit tcp 80 Bridging domain1 10.0.0.1/24 EPG web contract contract EPG App EPG DB contract 10.0.0.10-19/24 10.0.0.20-39/24 10.0.0.40-59/24 Bridging domain1 Gateway za sve EPGove, jedinstvena broadcast/multicast domena

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – Application Centric Infrastructure Servisni flow, tri tier aplikacija Contract web: permit tcp 443 permit 80 Bridging domain1 10.0.0.1/24 EPG web contract contract EPG App EPG DB contract 10.0.0.10-19/24 10.0.0.20-39/24 10.0.0.40-59/24 Bridging domain1 Gateway za sve EPGove, jedinstvena broadcast/multicast domena

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 ACI – ekstenzija na više lokacija ACI Single Pod Fabric ACI 1.0 - Leaf/Spine Single Pod Fabric DC1 DC2 ACI Stretched Fabric APIC Cluster ACI 1.1 - Geographically Stretch a single Pod ACI 2.0 - Multiple Networks (Pods) in a single Availability Zone (Fabric) Pod ‘A’ MP-BGP - EVPN … IPN Pod ‘n’ ACI Multi-Pod Fabric APIC Cluster ACI 3.1/3.2 - Remote Leaf and vPod extends an Availability Zone (Fabric) to remote locations ACI 3.0 – Multiple Availability Zones (Fabrics) in a Single Region ’and’ Multi-Region Policy Management Fabric ‘A’ MP-BGP - EVPN … IP Fabric ‘n’ ACI Multi-Site

Software Defined DC powered by Cisco Kako je Cisco odgovorio na izazov? Stratched Fabric Jedinstveni fabric i control plane DCI – DarkFiber, DWDM MultiPod Jedinstveni fabric, per site control plane DCI – IPN, podrška za bidirectional PIM Multisite Fabric per site, Control plane per site DCI – IP mreža DC1 DC2 Fabric ‘A’ APIC Cluster Pod ‘A’ MP-BGP - EVPN … IPN Pod ‘n’ APIC Cluster Fabric ‘A’ Fabric ‘A’ MP-BGP - EVPN … IP Fabric ‘n’

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 Single APIC Cluster/Single Fabric Multiple APIC Clusters/Multiple Fabrics ACI – ekstenzija na više lokacija DC1 DC2 ACI Fabric Stretched Fabric APIC Cluster Fabric ‘n’ Fabric ‘A’ Multi-Fabric (with L2 and L3 DCI) L2/L3 DCI Inter-Site App Pod ‘A’ Pod ‘n’ MP-BGP - EVPN Multi-Pod (from 2.0 Release) … IPN APIC Cluster IP Fabric ‘A’ Fabric ‘n’ MP-BGP - EVPN Multi-Site (3.0 Release, Q3CY17) … ACI Multi-Site

Software Defined DC powered by Cisco Cisco Live 2013 11/8/2018 Any Workload, Any Location, Any Cloud ACI ANYWHERE Remote PoD Multi-Pod / Multi-Site Hybrid Cloud Extension IP WAN IP WAN Remote Location On Premise Public Cloud Security Everywhere Policy Everywhere Analytics Everywhere

Pitanja? mail: toni.kuzman@storm.hr tel: +385 1 2352 200