ACI Transit Overview

As we continue to deploy fabrics we always joke about these routing checkboxes shooting us in the foot.  We play with different scenarios in the lab to ensure we understand how these pesky boxes work and what other options we have for future deployments.   The scenario here was to use different OSPF areas connected to the same border leaf using ACI as the transit.  This scenario brings up some certain challenges and hopefully my testing will help others understand it a little better as well.


 image 1

Read more ...

  1. L4-L7 Unmanaged Go-Through Mode

L4-7 Unmanaged Go-Through Mode (Transparent FW)

I have been playing around with service graphs quite a bit and wanted to share my findings with deployment.  This lab deployment of service graphs using the ACI fabric (2.2(1n), an ASAv and CSR router.  Enjoy….

 2018 04 12 17 36 47

Feature External BD Web BD
Hardware Proxy No No
ARP Flooding Yes Yes
Unicast Routing Yes No
Subnet Yes No
Subnet Check Yes No


This design is an unmanaged transparent mode deployment with routing provided by the ACI Fabric.  We will be using two bridge domains and the default gateway for the servers is the IP address of the subnet in the external bridge domain.  The table above shows the settings that each bridge domain needs for the configuration to work properly. 

Read more ...

The IT world is full of cliches and misnomers that run the gamut of everything from the ever-more-nebulous "It's in the cloud" to real world examples of "If it isn't broken, don't fix it". There is one cliche that I heard 25 years ago when I got into this business that has stuck with me all these years and has remained true. In this industry, if you are not learning you are dying. To this day I don't know if I have heard a more true statement. None of us want to die off in our chosen profession but the problem is that our chosen field is so vast how do you know what to learn? And even when you do figure out a topic to learn, how do you figure out where to start?

These are the questions I was muttering to myself a few years ago when I decided to start learning Python. Whenever I teach a class I get the exact same questions from students, so we're not alone in this angst. Let me share a little about my story. I took some programming classes in college. These classes were the reason I got into networking, so I would never have to try and write code ever again! But the world is cruel and programmability and DevOps have creeped into even the realm of the network administrator.

Once my initial reluctance was shoved aside I went the route that I had always gone when learning new things, be it a new vendor operating system, hardware platform or technology, pick up a book and read. I now have an extensive Python library (OK, bad pun) of books that I have either started reading and they were so complex I am not sure what I learned, or finished reading but were so simple that I'm not sure what I learned. In addition, what I was learning was being outdated at a rate faster than I could read it.

Read more ...

Cisco multi site ACI

For disaster recovery, political, and organizational reasons, enterprises like to have multiple datacenters, and now they are going hybrid with public cloud capacity adding in the mix. Having networks scattered across the globe brings operational challenges, from being able to easily migrate and manage workloads across the multiple sites and increased complexity around networks, security to adopting emerging datacenter technologies like containers.

As the world becomes more cloud-centric, organizations are looking for ways to gain greater visibility and scalability across their environments, automate as many processes as possible and manage all these sites as a single entity.

Cisco Systems is putting new features into the latest release of its Application Centric Infrastructure (ACI) software that they say can address many of those problems, including more easily managing multiple ACI network fabrics in different geographical locations and integrating Kubernetes for better container management.

ACI 3.0 is the latest version of the software that drives Cisco’s software-defined networking (SDN) strategy. The networking giant unveiled ACI in late 2013 as an answer to the growing network virtualization trend that was being driven by the likes of VMware (with its NSX technology inherited when it bought Nicira), smaller startups, and open source projects. The idea was to create a network architecture that responded to the demands of applications, ensuring the necessary resources were available. The response has been good. The company has more than 4,000 ACI customers, and in Cisco’s fiscal fourth quarter, ACI revenue grew 38 percent year-over-year.

In addition, earlier this year, Cisco unveiled an initiative called Network Intuitive, which is designed to drive the development of intent-based networks that are intelligent enough through machine learning and advanced analytics to anticipate needed actions, offer predictive network analysis, address security threats before they become a problem and essentially evolve by learning over time. Intent-based networks are a key part of Cisco’s larger efforts to address customer needs in an increasingly multi-cloud world, CEO Chuck Robbins said during a conference call in August to discuss the quarterly numbers.

Read more ...


The New Features Should Simplify Network Management and Improve Security Across Complex Environments.

Cisco on Thursday announced updates to its software-defined networking (SDN) offering, Application Centric Infrastructure (ACI), with the intent of simplifying network management for the growing number of customers adopting complex, multi-cloud strategies.

The latest release (ACI 3.0) offers improved security and simplified management for any combination of workloads in containers, virtual machines, and bare metal for private clouds and on-premise data centers.

"By automating basic IT operations with a central policy across multiple data centers and geographies, ACI's new multi-site management capability helps network operators more easily move and manage workloads with a single pane of glass - a significant step in delivering on Cisco's vision for enabling ACI Anywhere," Ish Limkakeng, SVP for data center networking at Cisco, said in a statement.

Read more ...

Search Blogs

Blog Collection

Go to top