ACI Elite

LEARNING OBJECTIVES

• Describe ACI components and policy model
• Explain ACI packet forwarding
• Describe ACI fabric configuration
• Describe ACI logical constructs
• Explain how ACI uses contracts to allow for secure communication between endpoints
• Explain how ACI connects to other switched and routed networks
• Explain how to troubleshoot an ACI fabric
• Describe Multi-site and Multi-pod solutions, and how they fit in a multi-DC/multi-cloud design

WHO SHOULD ATTEND

This ACI Elite Series will provide value for anyone deploying or operating an ACI fabric. However some topics will be more relevant to specific audiences
• Sessions 1, 7, 8, 9, 10, 12, 13, and 14 are more focused for Architects or Engineers doing design work
• Sessions 2, 3, 4, 5, 6, and 11 are more focused for operations teams 

OUTLINE

Session 1
ACI Overview
Lecture

• What is ACI
• ACI’s benefits
• Overview of Switch and APIC models
• APIC Architecture Fabric bring up process
• ACI Object Model
• ACI MGMT

• RBAC
• Syslog
• SNMP
• UpgradeProcess
• BGP Policy

Session 2 Fabric Forwarding Lecture

• VxLan refresher
• Understanding Bridge Domains

> Bridge Domain as a layer 2 boundary
> Difference between Vlans and Bridge Domains
> Bridge Domain configuration knobs 

+ Limit Learning to IP subnet

> Encapsulation and multicast group 

• Coop

> Oracles and Citizens
> Endpoint tables
> Lookup process

• Layer2 and Layer3 forwarding

> ARP handling packet walk
> L2 packet walk
> L3 packet walk
> BUM traffic packet walk
> VxLan Encapsulations

+ Intro to Fd_Vlans and BD_Vlans
+ VRF encapsulation

> EP move and bounce entries
> Rogue endpoint detection
> Silent hosts
> Endpoint table vs Mac and Routing Table

Session 3 Fabric Configuration Part 1

Lecture
Overview of interface configurations

> Physical and VMM domains overview

+ Deployment immediacy (VMM)
+ Resolution immediacy (VMM)

> VLAN Pools

+ Static and Dynamic Pools
+ Base encap value

> AEPs

+ Used as a way to tie VLANs to an Interface
+ Used to define EPG membership

> Policy Groups
> Interface Profiles

Overview of switch configurations

> VPC in ACI
> Switch Profiles

VLANs in the ACI world

> PI, HW, Access Encap, BD and FD
> Physical Domain, AEP and VLAN Pool relationship to FD_VLAN and VxLAN encap

Session 4 Fabric Configuration Part 2
Lecture

• Overview of interface configurations

> Physical and VMM domains overview
+ Deployment immediacy (VMM)
+ Resolution immediacy (VMM)
> VLAN Pools
+ Static and Dynamic Pools
+ Base encap value
> AEPs
+ Used as a way to tie VLANs to an Interface
+ Used to define EPG membership
> Policy Groups
> Interface Profiles

• Overview of switch configurations

> VPC in ACI
> Switch Profiles

• VLANs in the ACI world

> PI, HW, Access Encap, BD and FD
> Physical Domain, AEP and VLAN Pool relationship to FD_VLAN and VxLAN encap

Session 5 ACI Logical Constructs Part 1 
Lecture

• Tenants
• VRFs
• Bridge Domains
• Application Profiles
• EPGs and Endpoint
• Security Groups

> VMM and Physical Domains

• Intro to Contracts

Session 6 ACI Logical Constructs Part 2
Lecture

Tenants
VRFs
Bridge Domains
Application Profiles
EPGs and Endpoint
Security Groups
> VMM and Physical Domains
Intro to Contracts

Session 7 Contracts 

Lecture

• Contract Scope
• Subjects
• Filters

> Directives (Log and Policy Compression)

• Verifying L2 and L3 permit and denies from the GUI Subject Labels

> Apply both ways and reverse filter ports

• EPG Labels
• Deny Contracts

> Taboo Contracts
> Regular contracts with Deny Filter

• VRF Enforced and Unenforced
• Preferred Group VZ_ANY
• Consumed contractinterfaces (Intro to leaking)

Session 8 External Connectivity Part 1
Lecture

• Layer 2 Connectivity

> Understanding L2Outs
> Understanding VLANs on ACI
> Understanding EPG extensions
> Unicast Routing option on Bridge Domain for migration
> Dual homing Layer 2 connectivity

• Layer 3 Connectivity

> L3Out Building Blocks
> Single L3Outs with Multiple Node Profiles vs Multiple L3Outs with single Node Profile
+ Traffic Shaping and traffic flow

• Layer 3 VPC

> Special configuration for HA L4-L7 Devices

• Understanding Subnet options for Ext-EPG
• Advertising routes

> Mapping L3Out to Bridge Domain
> Using Route Maps

• Shared L3Outs

> VRF Leaking overview and verification
> Shared L3Out on Common Tenant
> Shared L3Out on different tenants

• Transit Routing

Session 9 External Connectivity Part 2

Lecture

• Layer 2 Connectivity

> Understanding L2Outs
> Understanding VLANs on ACI
> Understanding EPG extensions
> Unicast Routing option on Bridge Domain for migration
> Dual homing Layer 2 connectivity

• Layer 3 Connectivity

> L3Out Building Blocks
> Single L3Outs with Multiple Node Profiles vs Multiple L3Outs with single Node Profile
+ Traffic Shaping and traffic flow

• Layer 3 VPC

> Special configuration for HA L4-L7 Devices

• Understanding Subnet options for Ext-EPG Advertising routes

> Mapping L3Out to Bridge Domain
> Using Route Maps

• Shared L3Outs

> VRF Leaking overview and verification
> Shared L3Out on Common Tenant
> Shared L3Out on different tenants

• Transit Routing 

Session 10 Deployment Models and DevOps

Lecture

• NamingConvention
• App Centric and Network Centric

> EPG to Bridge Domain to VLAN and Subnet relationship
> Generic VLAN/Subnet to App Driven VLAN/Subnet

• Whitelisting, Blacklisting, and Graylisting
• Benefits and Drawbacks
• Intro to Automation

> Moquery
> API inspector and postman
> Python
+ Cobra SDK

Session 11 Advanced Troubleshooting

Lecture

• Different CLI shells
• Common troubleshooting commands
• Structure to ACI troubleshooting
• Elam and fTriage CLI
• Understanding how to use show zoning rule
• Common faults and mistakes

> L3Out debugging in the ACI world

Session 12 Multi-site and Multi-pod Part 1

Lecture

• Active/Active, HA, Metro, and DR

> What it means
> How to choose the correct fit based on business requirements

• Multi-pod

> Components
> Requirements
> Fabric forwarding between Pods

• Multi-site

> Components
> Requirements
> Fabric forwarding between sites
> Stretched vs non-stretched
> Understanding Schema
> Intersite L3Outs
> Azure and AWS

Session 13 Multi-site and Multi-pod Part 2

Lecture

• Active/Active, HA, Metro, and DR

> What it means
> How to choose the correct fit based on business requirements

• Multi-pod

> Components
> Requirements
> Fabric forwarding between Pods

• Multi-site

> Components
> Requirements
> Fabric forwarding between sites
> Stretched vs non-stretched
> Understanding Schema
> Intersite L3Outs
> Azure and AWS

Session 14 Design and Migration Considerations

Lecture

• Integrating ACI to legacy environments
• Migration Steps
• Migration considerations
• FW Considerations

> Where do we place the GWs?
> Designing based on Zones
> To Service Graph or not to Service Graph
> DMZ inside of ACI vs DMZ outside
> Understanding inbound and outbound traffic flow for multi DC solutions
> Multi-cloud considerations

• LB considerations

> Single or Multi-hop
> GSLB/GTM requirements for multi DC solutions