BASE OF ACI1.1 # WHY IS ACI SECURITY NEEDED:
Cisco Application Centric Infrastructure (ACI) is a software-defined networking (SDN) solution designed to help organizations build and manage highly automated, secure, and scalable data center environments. Cisco ACI allows network infrastructure to be defined based upon network policies – simplifying, optimizing, and accelerating the application deployment lifecycle. A Cisco ACI environment is built with three main components: APIC is the SDN controller for Cisco ACI. It creates the policies that define the data center’s network infrastructure. Nexus 9000 switches use the ACI Fabric OS to communicate with APIC and create infrastructure based on policies. They can be either SPINE (distribution) or LEAF (access) switches.
Benefits of ACI:- Automated Network Management: Reduces the complexity of network configuration and management.
- Scalability: ACI allows organizations to scale their network easily to meet the demands of growing applications.
- Improved Application Performance: Since ACI is optimized for applications, it ensures that network performance aligns with the needs of the application.
- Enhanced Security: With features like micro-segmentation and policies based on application requirements, ACI improves network security.
- Cost Efficiency: ACI optimizes resources and automates processes, which can reduce operational costs.
1.2 # STATEMENT SOFTWARE-DEFINE NETWORKING (SDN) ARCHITECTURE:
Software-Defined Networking (SDN) is an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network.This model differs from that of traditional networks, which use dedicated hardware devices (i.e., routers and switches) to control network traffic. SDN can create and control a virtual network – or control a traditional hardware – via software.
# HOW DOES WORK DO:
Cisco ACI is an SDN solution that defines its network infrastructure based upon network policies. To make this possible Cisco has created the ACI Fabric OS, which is run by all systems within the ACI network. This shared OS makes it possible for the various switches within the ACI network to translate policies into infrastructure designs. This includes support for on-site, cloud-based (including public, private, and hybrid clouds), and SD-WAN edge environments. This enables organizations to use policy-based network management throughout their corporate WANs. ACI switches do not actively participate in Spanning Tree Protocol (STP). ACI switches forward spanning tree Bridge Protocol Data Units (BPDUs) across EPGs on which they are received. The spanning tree links are peer-to-peer (P2P), which does not cause loops until ACI acts as a hub for BPDUs. And instead of Spanning Tree Protocol (STP), we implement Transparent Interconnection of Lots of Links (TRILL) and Shortest Path Bridging (SPB), which allows traffic flows across all available links, offering improved redundancy, but like STP, still prevent loops. TRILL and SPB protocols work on layer-2 for Spine and Leaf network architecture.
LIMITATION OF SPINE & LEAF ARCHITECTURE:
As we have advantages and benefits, we also have limitations in implementing spine-leaf architecture in our network:-
Amount of Cables – We need to run more copper or fiber cables since each leaf must be connected to every spine device.
Limited Hosts – The number of hosts that we can support can be limited. Spine port counts can restrict the number of leaf switch connections. As technology advances, more data center traffic is moving from server to server instead of moving in and out of the data center.
SOFTWARE-DEFINE NETWORK (SDN) LAYER OF ACI
In the world of computers, all the network devices can't travel the data with intfrastructure layers. Now, There are only three types of components in ACI, the Application Policy Infrastructure Controller (APIC), the spine switches, and the leaf switches shares the data from one end to other end from three layers of software define network. There are three types of layer such as Infrastructure, Control and Application layers.
Application Layer - It is defined as the part of Applications demand the information of network appliances and the topology in order to react upon it. These applications are able to create end-to-end features and make decisions based on changes in the network. The essential communication tools between the mentioned layers are provided by means of the Application Programming Interfaces (APIs).
Control Layer - It is defined as the part of a network that controls how data packets are forwarded — meaning how data is sent from one place to another and set of services within the network that perform traffic management functions, including security, routing, load balancing, and analysis. It is responsible for network routing that defines what to do with incoming packets because OpenFlow protocol defines the SDN interface between the control and data planes.It also sometime called control plane.
infrastructure Layer - It is defined as a part of the network through which user packet are transmitted. On a network the Data Plane is the layer that has infrastructure to carry network traffic. In traditional networks the Data Plane functionality is provided by firmware in switches or other network devices. It is responsible for forwarding actual IP packet and sometimes called the Data Plane.
# CISCO APPLICATION CENTRIC INFRASTRUCTURE (ACI) :
# DIFFERENCE BETWEEN VXLAN v/s VLAN v/s NVGRE :
The main difference is that VLAN uses the tag on the layer 2 frame for encapsulation and can scale up to 4000 VLANs and having the 12 bits ID. VXLAN, on the other hand, encapsulates the MAC in UDP and is capable of scaling up to 16 million VxLAN segments and having 24 bit ID.It doesn't use direct trunk connection for transmitted data (Spine to Spine). NVGRE (Network Virtualization using Generic Routing Encapsulation) are advanced network virtualization implement tunneling technologies in comparison with VLAN. They expand virtual networks size from 4096 to 16 million and allow layer 2 packets to transmit across layer 3 networks.
Be updated into yourself and improve lives through DIT.
0 Comments