ACI Elite

This ACI Elite Series is the most comprehensive ACI training course in the industry and has been built with a single goal – to give the participant the knowledge needed to deploy and operate an ACI Fabric. The ACI Elite Series has been designed for Cisco Networking Engineers who are deploying Cisco ACI. Built as a 14-part series (run over 14 weeks) of 4-hour deployment specific sessions, the Elite approach enables engineers to learn ACI in line with their deployment schedule.

Retail Price: $6,000.00

Next Date: 07/10/2024

Course Days: 14


Enroll in Next Date

Request Custom Course


LEARNING OBJECTIVES

• Describe ACI components and policy model
• Explain ACI packet forwarding
• Describe ACI fabric configuration
• Describe ACI logical constructs
• Explain how ACI uses contracts to allow for secure communication between endpoints
• Explain how ACI connects to other switched and routed networks
• Explain how to troubleshoot an ACI fabric
• Describe Multi-site and Multi-pod solutions, and how they fit in a multi-DC/multi-cloud design

 

WHO SHOULD ATTEND

This ACI Elite Series will provide value for anyone deploying or operating an ACI fabric. However some topics will be more relevant to specific audiences
• Sessions 1, 7, 8, 9, 10, 12, 13, and 14 are more focused for Architects or Engineers doing design work
• Sessions 2, 3, 4, 5, 6, and 11 are more focused for operations teams 


OUTLINE

Session 1
ACI Overview
Lecture

• What is ACI
• ACI’s benefits
• Overview of Switch and APIC models
• APIC Architecture Fabric bring up process
• ACI Object Model
• ACI MGMT

• RBAC
• Syslog
• SNMP
• UpgradeProcess
• BGP Policy

 

Session 2 Fabric Forwarding Lecture

• VxLan refresher
• Understanding Bridge Domains

> Bridge Domain as a layer 2 boundary
> Difference between Vlans and Bridge Domains
> Bridge Domain configuration knobs 

+ Limit Learning to IP subnet

> Encapsulation and multicast group 

• Coop

> Oracles and Citizens
> Endpoint tables
> Lookup process

• Layer2 and Layer3 forwarding

> ARP handling packet walk
> L2 packet walk
> L3 packet walk
> BUM traffic packet walk
> VxLan Encapsulations

+ Intro to Fd_Vlans and BD_Vlans
+ VRF encapsulation

> EP move and bounce entries
> Rogue endpoint detection
> Silent hosts
> Endpoint table vs Mac and Routing Table



Session 3 Fabric Configuration Part 1

Lecture
Overview of interface configurations

> Physical and VMM domains overview

+ Deployment immediacy (VMM)
+ Resolution immediacy (VMM)

> VLAN Pools

+ Static and Dynamic Pools
+ Base encap value

> AEPs

+ Used as a way to tie VLANs to an Interface
+ Used to define EPG membership

> Policy Groups
> Interface Profiles

Overview of switch configurations

> VPC in ACI
> Switch Profiles

VLANs in the ACI world

> PI, HW, Access Encap, BD and FD
> Physical Domain, AEP and VLAN Pool relationship to FD_VLAN and VxLAN encap

 

Session 4 Fabric Configuration Part 2
Lecture

• Overview of interface configurations

> Physical and VMM domains overview
+ Deployment immediacy (VMM)
+ Resolution immediacy (VMM)
> VLAN Pools
+ Static and Dynamic Pools
+ Base encap value
> AEPs
+ Used as a way to tie VLANs to an Interface
+ Used to define EPG membership
> Policy Groups
> Interface Profiles

• Overview of switch configurations

> VPC in ACI
> Switch Profiles

• VLANs in the ACI world

> PI, HW, Access Encap, BD and FD
> Physical Domain, AEP and VLAN Pool relationship to FD_VLAN and VxLAN encap

 

Session 5 ACI Logical Constructs Part 1 
Lecture

• Tenants
• VRFs
• Bridge Domains
• Application Profiles
• EPGs and Endpoint
• Security Groups

> VMM and Physical Domains

• Intro to Contracts

 

Session 6 ACI Logical Constructs Part 2
Lecture

Tenants
VRFs
Bridge Domains
Application Profiles
EPGs and Endpoint
Security Groups
> VMM and Physical Domains
Intro to Contracts

 

Session 7 Contracts 

Lecture

• Contract Scope
• Subjects
• Filters

> Directives (Log and Policy Compression)

• Verifying L2 and L3 permit and denies from the GUI Subject Labels

> Apply both ways and reverse filter ports

• EPG Labels
• Deny Contracts

> Taboo Contracts
> Regular contracts with Deny Filter

• VRF Enforced and Unenforced
• Preferred Group VZ_ANY
• Consumed contractinterfaces (Intro to leaking)

 

Session 8 External Connectivity Part 1
Lecture

• Layer 2 Connectivity

> Understanding L2Outs
> Understanding VLANs on ACI
> Understanding EPG extensions
> Unicast Routing option on Bridge Domain for migration
> Dual homing Layer 2 connectivity

• Layer 3 Connectivity

> L3Out Building Blocks
> Single L3Outs with Multiple Node Profiles vs Multiple L3Outs with single Node Profile
+ Traffic Shaping and traffic flow

• Layer 3 VPC

> Special configuration for HA L4-L7 Devices

• Understanding Subnet options for Ext-EPG
• Advertising routes

> Mapping L3Out to Bridge Domain
> Using Route Maps

• Shared L3Outs

> VRF Leaking overview and verification
> Shared L3Out on Common Tenant
> Shared L3Out on different tenants

• Transit Routing

 

Session 9 External Connectivity Part 2

Lecture

• Layer 2 Connectivity

> Understanding L2Outs
> Understanding VLANs on ACI
> Understanding EPG extensions
> Unicast Routing option on Bridge Domain for migration
> Dual homing Layer 2 connectivity

• Layer 3 Connectivity

> L3Out Building Blocks
> Single L3Outs with Multiple Node Profiles vs Multiple L3Outs with single Node Profile
+ Traffic Shaping and traffic flow

• Layer 3 VPC

> Special configuration for HA L4-L7 Devices

• Understanding Subnet options for Ext-EPG Advertising routes

> Mapping L3Out to Bridge Domain
> Using Route Maps

• Shared L3Outs

> VRF Leaking overview and verification
> Shared L3Out on Common Tenant
> Shared L3Out on different tenants

• Transit Routing 

 

Session 10 Deployment Models and DevOps

Lecture

• NamingConvention
• App Centric and Network Centric

> EPG to Bridge Domain to VLAN and Subnet relationship
> Generic VLAN/Subnet to App Driven VLAN/Subnet

• Whitelisting, Blacklisting, and Graylisting
• Benefits and Drawbacks
• Intro to Automation

> Moquery
> API inspector and postman
> Python
+ Cobra SDK


Session 11 Advanced Troubleshooting

Lecture

• Different CLI shells
• Common troubleshooting commands
• Structure to ACI troubleshooting
• Elam and fTriage CLI
• Understanding how to use show zoning rule
• Common faults and mistakes

> L3Out debugging in the ACI world

 

Session 12 Multi-site and Multi-pod Part 1

Lecture

• Active/Active, HA, Metro, and DR

> What it means
> How to choose the correct fit based on business requirements

• Multi-pod

> Components
> Requirements
> Fabric forwarding between Pods

• Multi-site

> Components
> Requirements
> Fabric forwarding between sites
> Stretched vs non-stretched
> Understanding Schema
> Intersite L3Outs
> Azure and AWS

 

Session 13 Multi-site and Multi-pod Part 2

Lecture

• Active/Active, HA, Metro, and DR

> What it means
> How to choose the correct fit based on business requirements

• Multi-pod

> Components
> Requirements
> Fabric forwarding between Pods

• Multi-site

> Components
> Requirements
> Fabric forwarding between sites
> Stretched vs non-stretched
> Understanding Schema
> Intersite L3Outs
> Azure and AWS

 

Session 14 Design and Migration Considerations

Lecture

• Integrating ACI to legacy environments
• Migration Steps
• Migration considerations
• FW Considerations

> Where do we place the GWs?
> Designing based on Zones
> To Service Graph or not to Service Graph
> DMZ inside of ACI vs DMZ outside
> Understanding inbound and outbound traffic flow for multi DC solutions
> Multi-cloud considerations

• LB considerations

> Single or Multi-hop
> GSLB/GTM requirements for multi DC solutions 

Course Dates Course Times (EST) Delivery Mode GTR
7/10/2024 - 7/10/2024 10:00 AM - 2:00 PM Virtual Enroll
7/17/2024 - 7/17/2024 10:00 AM - 2:00 PM Virtual Enroll
7/24/2024 - 7/24/2024 10:00 AM - 2:00 PM Virtual Enroll