This document provides an overview of Cisco Application Centric Infrastructure (ACI) and the Application Policy Infrastructure Controller (APIC). It discusses how ACI solves problems with overloaded network constructs and language barriers between developers and infrastructure teams. It defines key ACI concepts like tenants, endpoint groups, contracts, filters, and actions. It also describes how ACI uses a centralized policy model to define application connectivity and control network traffic in application-centric terms through provider-consumer relationships between endpoint groups. The document concludes by reserving time for attendees to complete hands-on labs demonstrating ACI concepts.

2. Cisco ACI - Application Policy Enforcement
Using APIC
TS-DC-06-I
Azeem Suleman
Solutions Architect

3. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
House Keeping Notes Tuesday April 15, 2014
Thank you for attending Cisco Connect Toronto 2014, here are a few
housekeeping notes to ensure we all enjoy the session today.
 Please ensure your cellphones / Laptops are set on silent to ensure no one is
disturbed during the session
 A power bar is available under each desk in case you need to charge your
laptop
 You have RDP client and JAVA support on your laptops
 All the lab task will be done on a jump box
3

4. What Are We Solving?
4

5. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Overloaded Network Constructs
VLAN VLAN VLAN
Subnet Subnet Subnet
Basic Network
Policy
SLAs L4-7 Services
Network constructs are overloaded with unintended functionality.

6. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Application Language Barriers
Developers
Application
Tiers
Provider /
Consumer
Relationships
Infrastructure Teams
VLANs
Subnets
Protocols
Ports
Developer and infrastructure teams must translate between disparate languages.

7. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Who is insieme?
$100M+
INVESTED
BY CISCO
250+
EMPLOYEES
20 YEAR
EXECUTION HISTORY
IN SOFTWARE AND
ASIC’S
INSIEME

8. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
What is ACI?
OPEN RESTFUL API’S
CENTRALIZED POLICY MODEL
OPEN SOURCE
CONTROLLER POLICY MODEL
ACI
NETWORK CONNECTS TO ALL COMPONENTS OF DATA CENTER
POLICY MODEL CONTROLS NETWORK AND INFORMATION FLOW

9. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Two types of language
NETWORK LANGUAGE
VLAN
Subnets
Bridging
Routing
IP Addresses
APP LANGUAGE
WEB
APP
DB
Human
Translator

10. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
APP-Centricity for access control
CLEAR, SIMPLE DESCRIPTION OF HOW TIERS ARE ALLOWED TO COMMUNICATE
APP DBWEB

11. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
APP-Centricity for Service deployment
ANY SERVICE CAN BE ADDED BETWEEN TIERS
ADC APP DBF/W
ADC
WEB

12. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
App-centricity for troubleshooting and Monitoring
Easy to Follow Apps Around
the DC
Visibility into the Health of the
Infrastructure for the App
The Network Knows the App
Structure and Components
APPLICATION
NETWORK PROFILE
Traditional
3-Tier
Application
APPLICATION
NETWORK PROFILE
APPLICATION
NETWORK PROFILE
APPLICATION
NETWORK PROFILE
APPLICATION
NETWORK PROFILE
APPLICATION
NETWORK PROFILE
APPLICATION
NETWORK PROFILE
HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs
Servers
Ports
Switches
Services
Faults
Microsecond(s)
Packets Dropped
82%
10
25

13. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Application policy infrastructure controller (APIC)
Single API/
Open/
Restful
XML/JSON
Application
Centric
Reliable
Scalable
ENABLES THE APPLICATION CENTRIC INFRASTUCTURE

14. ACI Policy Model
15

15. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Defining Terms
 Tenant - Logical separator for: Customer, BU, group etc.
separates traffic, admin, visibility, etc.
 Private-L3 - Equivalent to a VRF, separates routing instances,
can be used as an admin separation
 Bridge Domain - NOT A VLAN, simply a container for subnets, CAN
be used to define L2 boundary
 End-Point Group - (EPG) Container for objects requiring the same
policy treatment, i.e. app tiers, or services

16. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Logical Model Overview
rootuni
Tenant A Tenant B
Private-L3 A Private-L3 B Private-L3 A
Bridge
Domain
Subnet A
Bridge
Domain
Subnet B
Subnet C
Bridge
Domain
Subnet A
Bridge
Domain
Subnet B
Private-L3 and subnets are independent between tenants

17. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Logical Model Overview (cont.)
rootuni
Coke Pepsi
Dev/Test Prod Web Services
Prod-BD
20.1/24
21.1/24
Private-L3 and subnets are independent between tenants
Dev/Test-BD
10.1/24
L2 Enabled = Yes
Web-BD
100.1/16
L2 Enabled = Yes
App-BD
20.1/24
L2 Enabled = Yes

18. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Defining Terms
 Contract - Definition of policy. Defines how an EPG communicates
with other EPGs.
 Subject - Something being ‘discussed.’ Used to build definitions of
communication between EPGs. Contains: filter, action, and
optional label.
 Filter - Identifier for a subject, i.e. the traffic do you want to take action
on. Required within a subject.
 Action - Action to be taken on the filtered traffic with a subject. Required
within a subject.

19. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Applications and Conversations
Application communication can be defined as who is allowed to talk to whom.
DB Farm
App
ServersWeb FarmUsers
Communication between objects on the network can be thought of as one or two
way conversations (monologue/dialogue.)

20. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
The Provider Consumer Relationship
Users
Consumes
Web Services
Web Farm
Provides Web
Services
Consumes
App Services
App
Servers
Provides App
Services
Provider consumer relationships define application connectivity in application
terms. All objects can provide, consume, or both.

21. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Contracts for Policy
Contracts are used to define relationships.

22. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Policy Definition
Current Policy Definition Policy Based on Contracts
Rules
Actions
SLAs Security
L4-7
QoS

23. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Defining Provider Consumer Relationships
DB Farm

24. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Defining Provider Consumer Relationships
DB Farm

25. LAB TIME
26

26. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
How to access Pod
URL: https://labops-out.cisco.com/labops/ilt/
 Register your username and select Pod.
 Classname: azesulem_v6399
 Once Login to RDP you should see a PDF lab guide on the desktop
 Follow the instructions on the lab guide.
27

27. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Call to Action…
Visit:-
 Cisco Campus
 Technical Solutions Clinics
 Meet the Engineer
28

28. Cisco and/or its affiliates. All rights reserved.TS-DC-06-I Cisco Public
Complete Your Paper Session Evaluation – Tuesday April 15th
Give us your feedback and you could win 1 of 2
fabulous prizes in a random draw.
Complete and return your paper evaluation
form to the Room Attendant at the end of the
session.
Winners will be announced today at the end of
the session. You must be present to win!
See the Room monitor to redeem your prize

29. Questions?
30

30. Thank you