DCACIF v2.0 - Data Center Application Centric Infrastructure Fundamentals

Networking/Server/Operating Systems
Schedules
Optional
  LearnITAnytime Online Subscription (1 Year Subscription - $195.00)
  IT Online Library (1 Year Subscription - $1595.00)
  Private Mentoring 3 Hours ($225)
Quantity
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions

Description

DCACIF (Data Center Application Centric Infrastructure Fundamentals) is a 5-day Instructor-led training course that is designed for systems & field engineers who install & implement the Cisco Nexus 9000 Switches in ACI mode using the updated 2.0(x) version & updated Cisco Nexus 9000 hardware platform. The course covers the key components & procedures you need to know to understand, configure, manage Cisco Nexus 9000 Switches in ACI mode utilizing the updated 2.0(x) version, & how to connect the ACI Fabric to external networks & services.

Cisco ACI Release 2.0(x) offers many new features. The main new features introduced with the 2.0 version are:

  • ACI vCenter Plugin for VMware vSphere Web Client
  • AVS Health Status
  • Contact Permit Logging
  • COOP Authentication
  • Digital Optical Monitoring
  • Layer 3 Multicast Support
  • Added OSPF Inbound Route Controls
  • Policy-Based Redirect for Provisions Service Appliances
  • EPG Deployment Through AEP
  • FCoE N-Port Virtualization Support
  • Layer 3 EVPN Services Over WAN Fabric
  • Port-Security
  • Support for Multiple vCenters per Fabric

All lab exercises included in this training course will utilize Cisco ACI Release 2.0(x) version. The lab does not necessarily show all new feature uses.

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

  • We recommend using at least a Pentium 4 or better and 1 GB of RAM or more.
  • We recommend running Windows XP Professional SP3 or greater (Vista & Windows 7/8).
    Mac & Linux machines are also supported.
  • Browser Requirements: Internet Explorer 10 or greater or Mozilla Firefox. (Safari and Mozilla Firefox for Mac OSX)
  • All students are required to have administrator rights to their PCs and cannot be logged in to a domain using any Group Policies that will limit their machine's capabilities.
  • If you do not have administrator rights to your PC, you at least need permissions to download, install, and run Cisco Any Connect Client.
  • If you are participating in a WebEx event, it is highly recommended to take this class at a location that has bandwidth speeds at a minimum of 1 Mbps bandwidth speeds.

If you have any questions or issues with meeting the recommended requirements, please contact us at rlt@skyline-ats.com to discuss.

Note: The courseware and lab guide for this course are being provided in an encrypted digital format. To be able to view your digital kit, you will need to bring a suitable device to view the content. You can install your digital course material onto a Windows PC, Mac (OSX 10.6 & up), Apple iPad (iPAD2 & up preferred) or Android tablet (v4.1 & up preferred). You will need to install an encrypted document viewer on your device to be able to view the course material.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

(Using Cisco ACI Release 2.0(x) OS version)

  • Describe the Cisco Nexus 9000 Series Switch ACI
  • Describe the ACI fabric
  • Describe the Cisco Nexus 9000 Series Switch hardware
  • Describe the Cisco Nexus 9300-EX Series Switch hardware
  • Configure the ACI controller (APIC)
  • Understand the Cisco Cloud Based APIC
  • Describe VXLAN Bridging, Gateway and Routing
  • Configure VDS and ADS microsegmentation
  • Configure ACI L4L7 service integration
  • Integrate the APIC hypervisor
  • Understand the programmability & orchestration of the ACI network
  • Discuss ACI connectivity to outside networks
  • Implement ACI management

Prerequisites

The knowledge & skills that a learner should have before attending this course are as follows:

This course is designed for systems engineers, technical architects, & product specialists in data center technical sales roles.

  • Students should be familiar with Cisco Ethernet switching products.
  • Students should understand Cisco data center architecture.
  • Students should be familiar with virtualization.
  • Good understanding of networking protocols, routing, & switching:
    • Recommended CCNA Certification
    • Recommended attendance of Cisco IP Routing Class (ROUTE)
    • Recommended attendance of Cisco Switching Class (SWITCH)
  • During the course of instruction, the learner will be exposed to the configuration of advanced technologies, such as BGP, OSPF & IS-IS. The learner will not be required to have experience with these technologies in order successfully complete the class.

Who Should Attend

This course is for systems engineers, technical architects, & product specialists in data center technical sales roles. Students include those who need to gain experience with understanding, configuring, & designing the data center networking environment with Cisco Nexus 9000 Series Switches.

Outline

(Using Cisco ACI Release 2.0(x) OS version)

Module 1: Cisco ACI Overview

Lesson 1: What problems are we trying to fix?

  • The 3-Tier Application
    • Application Flow
    • Three Tier Application with Networking
    • What are VLAN€s for?
    • Applying Logical Model to Physical Model
    • Maintenance of Large Infrastructure is Complex
    • Problem: Micromanagement of Infrastructure
    • Example: Configure Network on a New Server
    • Imperative Control Systems
    • Goal: Capture & Preserve User Intent
  • The ACI Solution
    • Unified Ports
    • Unified Fabric
    • What is ACI?
    • Logical Networking Provisioning of Stateless Hardware
    • What is the APIC?
    • ACI Design & Philosophy
    • Solution: Declarative Control
  • Summary

Lesson 2: Hardware Overview

  • The Cisco Nexus 9000 Solution
  • The Cisco Nexus 9300-EX Solution
  • The Cisco Cloud Scaled ASIC
  • Common Hardware Platform: Two Modes
  • Modular Switch Overview
  • Modular Switch Chassis
  • Modular Switch Components
  • Modular Line Cards
  • Fixed Switch Platforms (Spine)
  • Fixed Switch Platforms (Leaf)
  • Fabric Extenders
  • 40G QSFP BiDi
  • 40G/10G Breakout
  • Cisco Nexus 9000 Hardware Differentiators
  • Going Beyond SDN
  • Describing the Cisco APIC
  • Centralized Automation & Fabric Management
  • Algorithmically Sharded Cluster
  • APIC Controller is Attached In-Band
  • Spine & Leaf Topology
  • Why Spine/Leaf?
  • ISIS Fabric Infrastructure Routing
  • Decoupled Identity, Location, & Policy Multi-Hypervisor Normalization
  • Summary

Lesson 3: Software Overview

  • Networking Concepts
    • Tenants
    • Contexts
    • Bridge Domain
    • Application Profiles
    • End Point Groups
    • EPG€s, Subnets, & Policy
    • External Connectivity Options
    • L4-L7 Services
  • Security Policies
    • Contracts
    • ACI Contracts
    • Subjects
    • Filters
    • Building Contracts
    • Taboos
    • The Provider & Consumer Relationship
    • Defining Provider & Consumer Relationships
  • Supported Deployment Models
    • Network Centric (Example VLAN=BD=EPG)
    • Application Centric (Example)
    • Hybrid (Example)
    • Inter-Tenant Communication
    • Inter-Tenant Contracts
  • Summary

Lesson 4: Fabric Transport

  • ACI Fabric Integrated Overlay
  • Virtual Extensible LAN
  • ACI VXLAN Header
  • VNID as a Private Network Identifier
  • VNID as a Bridge Domain Identifier
  • VNID as an Endpoint Identifier
  • Network Services Header Extends the VXLAN Data Plane
  • Decoupled Identity, Location, & Policy
  • Multi-hypervisor Normalization
  • Normalization of Ingress Encapsulation
  • Overview of ACI Fabric Unicast Forwarding
  • Overview of ACI Fabric Policy Mechanisms
  • Summary

Module 2: Cisco ACI - Configuring Basic Constructs

Lesson 1: GUI & CLI Overview

  • Graphical User Interface
    • Login Screen
    • Menu Bar/Submenu Bar
    • Navigation/Work Pane
    • System
    • Tenant
    • Fabric
    • VM Networking
    • L4-L7 Services
    • Admin
    • Operations
    • Search/Info
    • Welcome
  • Command Line Interface
    • Logging into NXOS-CLI
    • Modes of Operation
    • Configuring Out of Band (OOB) Management-Example
  • Summary

Lesson 2: Configuring Tenants & Contracts

  • Configuring a Tenant
    • Configuring a Tenant
    • Configuring a Private Network (VRF)
    • Configuring a Bridge Domain
    • CLI Option- Tenant, VRF & BD
    • Configuring an Application Profile
    • Configuring an EPG
    • CLI Option- Application Profiles & EPG€s
  • Configuring Contracts
    • Configuring a Filter
    • Configuring a Contract
    • Configuring a Contract (Cont...)
    • CLI Option- Contracts & Filters
    • Providing Contracts
    • Consuming Contracts
    • CLI Option- Providing a Contract
    • CLI Option- Consuming a Contract
  • Summary

Module 3: Cisco ACI External Connectivity, Management, & Migration

Lesson 1: Policy Coordination with VM Managers

  • VMM Domains
  • VMM VLANs (Dynamic)
  • Leveraging the Native vSwitch
  • Cisco Nexus AVS Integration Overview
  • EPG Spanning Across VMM Domains
  • Recommended Practices for VLAN Networks
  • Concept Map
  • Port Groups Extend to Both Physical & Virtual & Across Virtualized Servers
  • Summary

Lesson 2: Hypervisors & Bare Metal

  • Hypervisor Integration
    • Management Networks
    • ACI Fabric & VMWare DVC Integration
    • Endpoint Identification
    • Cisco ACI & Microsoft Integration
    • Integration with Microsoft Hyper-V
    • Cisco Integration with Redhat Linux
  • Bare Metal
    • Bare Metal Connectivity
    • Port Encapsulation

Lesson 3: Vmm Domains

  • Configuring Vmm Domains
    • Fabric Access Policies
    • Interface Policies €CDP/LLDP Policy
    • Interface Policies-Access Port Policy Group
    • Interface Policies- Interface Profile / Access Port Selector
    • Switch Profile
    • Attachable Access Entity Profile (AAEP)
    • VLAN Pools
    • Creating VMM Domain
    • Attaching the EPG to the VMM Domain
    • Verifying the DVS Creation
    • ESXI Configuration
    • Attach the Guest
    • CLI Option- VMM Creation-VLANS
    • CLI Option- VMM Creation- Interface Profiles & APPG
    • CLI Option- VMM Creation € Switch Profile
    • CLI Option- VMM Creation - VMM Domain
    • CLI Option- VMM Creation- Attaching EPG
  • Summary

Lesson 4: Microsegmentation in the New Data Center

  • Virtual Distribution Switch
    • Integrating Cisco ACI with VMware
    • Configuration Integration with VMware
    • Endpoint Identification
    • Cisco ACI Hypervisor Integration € VMware VDS
    • Create a VMM Domain
    • Create a vCenter Domain
    • Create a VLAN Namespace
    • Create a vCenter Controller Association
  • ACI VMware Integration € Create a VMM Domain
    • Associate EPG to VMM
    • Create a VLAN Namespace
  • Configuration Integration with Microsoft SCVM
    • Integration with Microsoft Hyper-V
    • Comparing AVS to Hypervisor-Based Virtual Switches
    • Cisco AVS Key Features

Module 4: Cisco ACI - Configuring ACI Connectivity to Outside Networks

Lesson 1: Overview of External Connectivity

  • Use Cases
  • Options
  • What is a Network on APIC?
  • Component Relationships
  • Policy View
  • Important Concepts- Inside Outside
  • Internal EPG to External EPG
  • External EPG to Internal EPG
  • Scaling
  • SVI Connection
  • ACI Layer 3 Outside Connection IP Multicast Traffic
  • Extended Layer 2 Domain Out of ACI
  • STP Interaction
  • BPDU Flooding
  • ACI Layer 2 External Connections STP TCN Snooping
  • Local Loop Detection
  • Summary

Lesson 2 Layer 3 Outside Connectivity & Configuration

  • L3 Outside Connectivity
    • Layer 3 Connection Options
    • Route Redistribution
    • OPSFv3 Peering Considerations
    • Route Redistribution with OSFPv2
    • ACI as a Layer 3 Stub Network
    • EIGRP Peering Considerations
    • IBGP Peering Considerations
    • EBGP Considerations
  • Configuring L3 Outside
    • Route-Reflector Configuration
    • Route Reflector Configuration-Pod Policy Group
    • Route Reflector Configuration €Applying Pod Policy
    • Verifying Route Reflector Configuration
    • CLI-Option BGP Route-Reflector
    • Preparing the Fabric for L3 Out
    • Tenant- External Routed Out
    • Tenant- External Node
    • Tenant- Interface Profile
    • Tenant- Example - SVI Interface
    • Tenant- External EPG
    • Verifying the L3 External Out Configuration- OSPF
    • Verifying the L3 External Out Configuration- EIGRP
    • Verifying the L3 External Out Configuration- BGP
  • Configuring Layer 2 Outside
    • L2 Bridged Outside Concept
    • Tenant- External Bridged Out
    • Tenant-L2 EPG Profile
    • Verifying the L2 External Out Configuration
  • Summary

Module 5: Cisco ACI - L4-L7 Services

Lesson 1 Service Insertion Concepts

  • Device Packages
    • Device Cluster
    • Programmability
    • Programming Options
    • Device Packages
    • Developing Device Specifications
    • Opflex is a Flexible, Extensible Policy Protocol
    • Opflex Uses a Declarative Model
  • Service Insertion
    • Service Insertion
    • Redirection to Multiple Services
    • Service Graphs
    • Where are Service Graphs Helpful
    • Service Graph Parameters
    • Service Graph Rendering
  • Summary

Lesson 2 Configuring L4-L7 Devices

  • Configuring the Concrete Device
  • Configuring the Functional Profile
  • Configuring a Service Graph
  • Summary

Module 6: Cisco ACI - Administration & Troubleshooting Tools

Lesson 1 Administration & Troubleshooting Tools

  • RBAC
    • Security Domains
    • Users
    • Roles
    • Applying Security Domains & Roles
    • LDAP/RADIUS/TACACS+
  • Firmware
    • Prior to Upgrading
    • Uploading Code to the APIC
    • Firmware Repository
    • Upgrading the Controller
    • Firmware Groups
    • Maintenance Groups
    • Upgrading the Nodes
  • Backups
    • Defining Remote Locations
    • Snapshot Feature
    • Import
    • Configuration Rollbacks

Lesson 2 Troubleshooting, Faults & Monitoring

  • Troubleshooting
    • Troubleshooting Philosophy
    • Troubleshooting Example
    • Possible places to begin-Operations Tab
    • Possible Fix Points
  • Faults
    • Fault Overview
    • Fault Properties
    • Isolating Faults through Health Checks
    • Isolating Faults through Health Checks(Cont.)
    • Isolating Faults through Health Checks(Cont.)
    • Isolating Faults through Health Checks(Cont.)
    • Isolating Faults through Health Checks(Cont.)
    • Isolating Faults through Health Checks(Cont.)
    • Isolating Faults through Health Checks(Cont.)
    • Other Troubleshooting Tools
  • Monitoring
  • Summary

Module 7: Cisco ACI - Demonstrating ACI Network Programmability & Orchestration

Lesson 1 Need for Programming

  • The Business Need for Network Programmability
  • ACI Programmability
  • ACI Open APIs & Ecosystem
  • API Protocols
  • How is REST Used?
  • Summary

Lesson 2 JSON & XML

  • What is XML?
  • What is JSON?
  • Evaluating XML & JSON
  • Northbound: REST API, Python, Puppet, Chef, Openstack
  • Southbound: Layer 4 to Layer 7 Scripting API
  • Cisco DevNet- New Developer Program from Cisco
  • Community Code Development
  • Summary

Lesson 3 Programmability with REST API

  • What is REST?
  • REST API€s
  • Configuration & the RESTful API
  • What is RPC used for?
  • The ACI APIC Object-Based Tree
  • APIC REST API Operations
  • APIC REST API Message Format
  • dMIT Queries
  • Summary

Lesson 4 Orchestration

  • Opflex is a Flexible, Extensible Policy Protocol
  • Opening the ACI Policy Engine with OpFlex
  • How OpFlex Works-Simplified
  • Opflex Protocol
  • Opflex Protocol Messages
  • Example OpFLex Plus Open vSwitch
  • Opflex-Declarative Models
  • OpenStack-Enabling the Cloud
  • Two Option from OpenStack API€s
  • Neutron API
  • Group Policy API
  • Group Based Policy in OpenStack
  • Group Policy Model
  • OpenStack ACI Integration
  • Group-Based Policy Workflow
  • OpenStack APIC Plug-in Details
  • OpenStack Group Policy Details
  • OpenStack Group Policy Plus OpFlex
  • Application Policy in OpenDaylight
  • Open Policy Exposed Through OSS Tools
  • Summary

Module 8: Cisco ACI - Practical Review

Lesson 1 Attaching Appliances to the Fabric

  • How the Network Look Today
    • Common Physical Design
    • Virtual Design
    • Physical Server
    • Network Design
  • Storage
  • Spine & Leaf
    • New Hardware Approach
    • Attaching the Virtual Appliances
    • Physical Server
    • L4-L7 Services
    • Storage

Lesson 2 Policy & Application Mapping

  • Planning the Application EPG Connectivity
    • Identify the Endpoints
    • Who talks with whom?
    • Network Centric Model
    • Application Centric Model
    • Planning Filters
    • Assigning Filters to Contracts
    • Assigning Contracts
  • Bridged & Routed Outside
    • Identify the Connection Type
    • Basic Layout- No Security
  • Service Insertion
    • Service Insertion Considerations
    • Service Insertion Internal
    • Service Insertion External to Fabric
  • Summary

Appendix: Hardware Architecture & Features

  • Hardware Architecture
    • Cisco Nexus 9500 Platform Architecture - Control Plane
  • Cisco Nexus 9500 Platform Architecture - Control Plane EOBC Channel
    • Cisco Nexus 9500 Platform Architecture - Control Plane EPC Channel
  • Merchant & Custom ASICs
    • Cisco Nexus 9508 Fabric Module Architecture
    • Cisco Nexus 9508 Fabric Module Data Plane Scaling
  • ASIC Architecture of the 9500
    • Cisco Nexus 9500 48-Port 1/10G + 4-Port 40G I/O Modules
    • Cisco Nexus 9500 48-Port 1/10G I/O Modules Connectivity with 3 Fabric Modules
    • 48-Port 1/10G T/F Module Fabric Connectivity with 6 Fabric Modules
    • Cisco Nexus 9500 36-Port 40G QSFP+ Unified Fabric I/O Module
    • Cisco Nexus 9500 36-Port 40G QSFP+ I/O Module Fabric Connectivity
    • Line Cards € 36 Port 40G ACI Ready card Architecture
    • Line Cards € 36 Port 40G ACI Spine card Architecture
  • Packet Forwarding of Nexus 9000
    • Packet Forwarding Pipeline on Cisco Nexus 9500
    • Cisco Nexus 9500 Table Scaling - Unicast Scale
    • Local Switching with Additional Buffer on 48p 1G/10GE + 4p QSFP Module
    • Layer 2 Unicast Packet Walk across Line-Cards
    • Layer 3 Unicast Packet Walk across Line-Cards
    • Cisco Nexus 9500 Multicast Packet Forwarding
  • Hardware Architecture of 9300
    • Cisco Nexus 9300 System Architecture
    • Cisco Nexus 9300 Unicast Forwarding
  • Fabric Features
    • ACI Management Networks
    • Layer 2 & Layer 3 Handling
    • Hardware-Based Directed ARP Forwarding
    • Gratuitous ARP & Device Mobility
    • ACI Fabric Scale
    • Scale of BIDIR & Security of SSM
    • Load Balancing with FTags
    • Group IP Outer
    • Multicast Policies
    • vPC Multicast
    • Distributed Layer 3 Gateway
    • ACI Fabric Gateway
    • Application Response Time
    • Flowlet Switching
    • Congestion Monitoring
    • Dynamic Flow Prioritization
    • Normalization of Ingress Encapsulation
  • Fabric Registration
    • Fabric Initialization & Discovery
    • ACI Management Network
    • Fabric Initialization & Discovery
    • Fabric Initialization & Discovery-Cont...

Lab Outline
(Using Cisco ACI Release 2.0(x) OS version)

Lab 0: Accessing the Remote Lab Environment

Lab 1: Initiate ACI Fabric Discovery

  • Connect to the Remote Lab Environment
  • Log in to the APIC Controller (Instructor Demo)
  • Register the Cisco Nexus 9000 Switches to APIC-1 (Instructor Demo)
  • Navigate Through the APIC GUI to Familiarize Yourself with the Fabric

Lab 2: Configuring the OOB Management Address for the Fabric Switches

  • Log in to the APIC and configure management address

Lab 3: Configure Basic Network Constructs

  • Create a Tenant
  • Create a Context
  • Create a Bridge Domain

Lab 4: Configure Policy Filters & Contracts

  • Create Filters
  • Create Contracts

Lab 5: Deploy a Three-Tier Application Profile

  • Create Application Profile

Lab 6: Building a Physical Domain

  • Create a vPC Physical Domain (Instructor Demo)
  • Attach to the vPC Physical Domain (Instructor Demo)
  • Add the Physical Domain to Your Tenant App_EPG

Lab 7: Register a VMM Domain with ACI

  • Register VMware vCenter to APIC by Creating a vCenter Domain
  • Create vCenter Credentials & Server Object
  • Verifying APIC Connection to vCenter Server

Lab 8: Configure VMware ESXi Hosts to Use the APIC-Initiated DVS

  • Add ESXi Hosts to APIC DVS

Lab 9: Associate an EPG to a VMware vCenter Domain

  • Associate vCenter Domain to App_EPG
  • Associate vCenter Domain to DB_EPG
  • Associate vCenter Domain to Web_EPG

Lab 10: Associate a VM to an EPG Port Group

  • Connect to Your vCenter Server Using the vSphere Client
  • Edit Web-Server Settings
  • Edit App-Server Settings
  • Edit DB-Server Settings

Lab 11: Deploy Cisco AVS and Microsegmentation

  • Remove VMs, Uplinks, and Hosts from Classic DVS
  • Configure AVS-Based VM Domain
  • Deploy AVS
  • Associate EPGs with AVS and Migrate VMs to AVS
  • Implementation Microsegmentation Based on IP Address
  • Implement Microsegmentation Based on Custom Attribute

Lab 12: Configure APIC to Communicate to an External Layer 3 Network

  • Configure MP-BGP Route Reflectors (Instructor Demo)
  • Configure External L3 Network
  • Create Application Profile to Propagate Internal Public Routes
  • Associate an L3 Outside Connection to a Bridge Domain
  • Verify That the Leaf Is Learning OSPF Routes

Lab 13: Configure APIC to Communicate to an External Layer 2 Network

  • Create an External Bridged Network
  • Configure an Attachable Entity Profile to Selectively Allow VLAN Traffic

Lab 14: Deploy a Service Graph with Application Profile

  • Import Device Packages (Instructor Demo)

Lab 15: Configure APIC Using the REST API

  • Open the Postman Plugin for Google Chrome
  • Create an Application Profile Using the REST API
  • Create Device Cluster for the ASA
  • Create Service Graph
  • Create a Bridge Domain for the ASA
  • Create Logical Device Context for ASA

Lab 16: Configure APIC RBAC for Local and Remote Users

  • Create a Security Domain and Map to your Tenant
  • Configure Local Users and Roles for your Tenant Security Domain
  • Create a RADIUS Security Domain and Map to your Tenant
  • Create an AAA Login Domain for RADIUS Authentication
  • Test RADIUS Authentication and Authorization

Lab 17: Monitor and Troubleshoot ACI

  • View Faults Using the APIC GUI
  • View Events Using the APIC GUI
  • Using the Managed Object Browser (Visore)
  • Configuring Syslog Monitoring

Lab 18: Monitor & Troubleshoot ACI

  • View Faults Using the APIC GUI
  • View Events Using the APIC GUI
  • Using the API Inspector
  • Using the Managed Object Browser (Visore)
  • Configuring Syslog Monitoring

Appendix A

  • Hardware and Software Features