Data Center Application Centric Infrastructure Fundamentals DCACIF V2.0; 5 days, Instructor-led Course Description DCACIF (Data Center Application Centric Infrastructure Fundamentals) is a 5-day Instructor-led training course that is designed for systems & field engineers who install & implement the Cisco Nexus 9000 Switches in ACI mode using the updated 2.0(x) version & updated Cisco Nexus 9000 hardware platform. The course covers the key components & procedures you need to know to understand, configure, manage Cisco Nexus 9000 Switches in ACI mode utilizing the updated 2.0(x) version, & how to connect the ACI Fabric to external networks & services. Cisco ACI Release 2.0(x) offers many new features. The main new features introduced with the 2.0 version are: • ACI vCenter Plugin for VMware vSphere Web Client • AVS Health Status • Contact Permit Logging • COOP Authentication • Digital Optical Monitoring • Layer 3 Multicast Support • Added OSPF Inbound Route Controls • Policy-Based Redirect for Provisions Service Appliances • EPG Deployment Through AEP • FCoE N-Port Virtualization Support • Layer 3 EVPN Services Over WAN Fabric • Port-Security • Support for Multiple vCenters per Fabric Course Objectives Upon completing this course, the learner will be able to meet these overall objectives: • Describe the Cisco Nexus 9000 Series Switch ACI • Describe the ACI fabric • Describe Cisco Nexus 9000 Series Switch hardware • Configure the ACI controller (APIC) • Configure ACI L4L7 service integration
14
Embed
Data Center Application Centric Infrastructure Fundamentals v1 · PDF fileData Center Application Centric Infrastructure Fundamentals ... DCACIF (Data Center Application Centric Infrastructure
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Data Center Application Centric Infrastructure Fundamentals
DCACIF V2.0; 5 days, Instructor-led
Course Description
DCACIF (Data Center Application Centric Infrastructure Fundamentals) is a 5-day Instructor-led training course that is designed for systems & field engineers who install & implement the Cisco Nexus 9000 Switches in ACI mode using the updated 2.0(x) version & updated Cisco Nexus 9000 hardware platform. The course covers the key components & procedures you need to know to understand, configure, manage Cisco Nexus 9000 Switches in ACI mode utilizing the updated 2.0(x) version, & how to connect the ACI Fabric to external networks & services.
Cisco ACI Release 2.0(x) offers many new features. The main new features introduced with the 2.0 version are:
• ACI vCenter Plugin for VMware vSphere Web Client • AVS Health Status • Contact Permit Logging • COOP Authentication • Digital Optical Monitoring • Layer 3 Multicast Support • Added OSPF Inbound Route Controls • Policy-Based Redirect for Provisions Service Appliances • EPG Deployment Through AEP • FCoE N-Port Virtualization Support • Layer 3 EVPN Services Over WAN Fabric • Port-Security • Support for Multiple vCenters per Fabric
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
• Describe the Cisco Nexus 9000 Series Switch ACI • Describe the ACI fabric • Describe Cisco Nexus 9000 Series Switch hardware • Configure the ACI controller (APIC) • Configure ACI L4L7 service integration
• Integrate the APIC hypervisor • Understand the programmability & orchestration of the ACI network • Discuss ACI connectivity to outside networks • Implement ACI management
Audience
This course is for systems engineers, technical architects, & product specialists in data center technical sales roles. Students include those who need to gain experience with understanding, configuring, & designing the data center networking environment with Cisco Nexus 9000 Series Switches.
Prerequisites
The knowledge & skills that a learner should have before attending this course are as follows:
• This course is designed for systems engineers, technical architects, & product specialists in data center technical sales roles
• Students should be familiar with Cisco Ethernet switching products • Students should understand Cisco data center architecture • Students should be familiar with virtualization • Good understanding of networking protocols, routing, & switching: • Recommended CCNA Certification • Recommended attendance of Cisco IP Routing Class (ROUTE) • Recommended attendance of Cisco Switching Class (SWITCH) • During the course of instruction, the learner will be exposed to the configuration of advanced
technologies, such as BGP, OSPF & IS-IS. The learner will not be required to have experience with these technologies in order successfully complete the class
Course Outline
Module 1: Cisco ACI Overview
Lesson 1: What problems are we trying to fix?
• The 3-Tier Application • Application Flow • Three Tier Application with Networking • What are VLANs for? • Applying Logical Model to Physical Model • Maintenance of Large Infrastructure is Complex • Problem: Micromanagement of Infrastructure • Example: Configure Network on a New Server • Imperative Control Systems • Goal: Capture & Preserve User Intent • The ACI Solution • Unified Ports
• Unified Fabric • What is ACI? • Logical Networking Provisioning of Stateless Hardware • What is the APIC? • ACI Design & Philosophy • Solution: Declarative Control • Summary
• L3 Outside Connectivity • Layer 3 Connection Options • Route Redistribution • OPSFv3 Peering Considerations • Route Redistribution with OSFPv2 • ACI as a Layer 3 Stub Network
• EIGRP Peering Considerations • IBGP Peering Considerations • EBGP Considerations • Configuring L3 Outside • Route-Reflector Configuration • Route Reflector Configuration-Pod Policy Group • Route Reflector Configuration Applying Pod Policy • Verifying Route Reflector Configuration • CLI-Option BGP Route-Reflector • Preparing the Fabric for L3 Out • Tenant- External Routed Out • Tenant- External Node • Tenant- Interface Profile • Tenant- Example - SVI Interface • Tenant- External EPG • Verifying the L3 External Out Configuration- OSPF
• Verifying the L3 External Out Configuration- EIGRP • Verifying the L3 External Out Configuration- BGP • Configuring Layer 2 Outside • L2 Bridged Outside Concept • Tenant- External Bridged Out • Tenant-L2 EPG Profile • Verifying the L2 External Out Configuration • Summary
Module 5: Cisco ACI - L4-L7 Services
Lesson 1: Service Insertion Concepts
• Device Packages • Device Cluster • Programmability • Programming Options • Device Packages • Developing Device Specifications • Opflex is a Flexible, Extensible Policy Protocol • Opflex Uses a Declarative Model • Service Insertion • Service Insertion • Redirection to Multiple Services • Service Graphs • Where are Service Graphs Helpful • Service Graph Parameters • Service Graph Rendering • Summary
Lesson 2: Configuring L4-L7 Devices
• Configuring The Concrete Device • Configuring the Functional Profile • Configuring a Service Graph • Summary
• Firmware • Prior to Upgrading • Uploading Code to the APIC • Firmware Repository • Upgrading the Controller • Firmware Groups • Maintenance Groups • Upgrading the Nodes • Backups • Defining Remote Locations • Snapshot Feature • Import • Configuration Rollbacks
Lesson 2 Troubleshooting, Faults & Monitoring
• Troubleshooting • Troubleshooting Philosophy • Troubleshooting Example • Possible places to begin-Operations Tab • Possible Fix Points • Faults • Fault Overview • Fault Properties • Isolating Faults through Health Checks • Isolating Faults through Health Checks(Cont.) • Isolating Faults through Health Checks(Cont.) • Isolating Faults through Health Checks(Cont.) • Isolating Faults through Health Checks(Cont.) • Isolating Faults through Health Checks(Cont.) • Isolating Faults through Health Checks(Cont.) • Other Troubleshooting Tools • Monitoring • Summary
• The Business Need for Network Programmability • ACI Programmability • ACI Open APIs & Ecosystem • API Protocols • How is REST Used? • Summary
Lesson 2: JSON & XML
• What is XML? • What is JSON? • Evaluating XML & JSON • Northbound: REST API, Python, Puppet, Chef, Openstack • ACI Fabric-Attached Device API- OpFlex • Southbound: Layer 4 to Layer 7 Scripting API • Cisco DevNet- New Developer Program from Cisco • Community Code Development • Summary
Lesson 3: Programmability with REST API
• What is REST? • REST APIs • Configuration & the RESTful API • What is RPC used for? • The ACI APIC Object-Based Tree • APIC REST API Operations • APIC REST API Message Format • dMIT Queries • Summary
Lesson 4: Orchestration
• Opflex is a Flexible, Extensible Policy Protocol • Opening the ACI Policy Engine with OpFlex • How OpFlex Works-Simplified • Opflex Protocol • Opflex Protocol Messages • Example OpFLex Plus Open vSwitch • Opflex-Declarative Models • OpenStack-Enabling the Cloud • Two Option from OpenStack APIs • Neutron API • Group Policy API • Group Based Policy in OpenStack • Group Policy Model • OpenStack ACI Integration • Group-Based Policy Workflow • OpenStack APIC Plug-in Details • OpenStack Group Policy Details • OpenStack Group Policy Plus OpFlex • Application Policy in OpenDaylight • Open Policy Exposed Through OSS Tools • Summary
Module 8: Cisco ACI - Practical Review
Lesson 1: Attaching Appliances to the Fabric
• How does the Network Look Today? • Common Physical Design • Virtual Design • Physical Server • Network Design • Storage • Spine & Leaf • New Hardware Approach • Attaching the Virtual Appliances • Physical Server • L4-L7 Services • Storage
Lesson 2: Policy & Application Mapping
• Planning the Application EPG Connectivity • Identify the Endpoints • Who talks with whom? • Network Centric Model • Application Centric Model • Planning Filters • Assigning Filters to Contracts • Assigning Contracts • Bridged & Routed Outside • Identify the Connection Type • Basic Layout - No Security • Service Insertion • Service Insertion Considerations • Service Insertion Internal • Service Insertion External to Fabric • Summary
Lab Outline (Using Cisco ACI Release 2.0(x) OS version)
Lab 0: Accessing the Remote Lab Environment
Lab 1: Initiate ACI Fabric Discovery
• Connect to the Remote Lab Environment • Log in to the APIC Controller (Instructor Demo) • Register the Cisco Nexus 9000 Switches to APIC-1 (Instructor Demo) • Navigate Through the APIC GUI to Familiarize Yourself with the Fabric
Lab 2: Configuring the OOB Management Address for the Fabric Switches
• Log in to the APIC and configure management address
Lab 3: Configure Basic Network Constructs
• Create a Tenant • Create a Context • Create a Bridge Domain
Lab 4: Configure Policy Filters & Contracts
• Create Filters • Create Contracts
Lab 5: Deploy a Three-Tier Application Profile
• Create Application Profile
Lab 6: Building a Physical Domain
• Create a vPC Physical Domain (Instructor Demo) • Attach to the vPC Physical Domain (Instructor Demo) • Add the Physical Domain to Your Tenant App_EPG
Lab 7: Register a VMM Domain with ACI
• Register VMware vCenter to APIC by Creating a vCenter Domain • Create vCenter Credentials & Server Object • Verifying APIC Connection to vCenter Server
Lab 8: Configure VMware ESXi Hosts to Use the APIC-Initiated DVS
• Add ESXi Hosts to APIC DVS
Lab 9: Associate an EPG to a VMware vCenter Domain
• Associate vCenter Domain to App_EPG • Associate vCenter Domain to DB_EPG • Associate vCenter Domain to Web_EPG
Lab 10: Associate a VM to an EPG Port Group
• Connect to Your vCenter Server Using the vSphere Client • Edit Web-Server Settings • Edit App-Server Settings
• Edit DB-Server Settings
Lab 11: Deploy Cisco AVS and Microsegmentation
• Remove VMs, Uplinks, and Hosts from Classic DVS • Configure AVS-Based VM Domain • Deploy AVS • Associate EPGs with AVS and Migrate VMs to AVS • Implementation Microsegmentation Based on IP Address • Implement Microsegmentation Based on Custom Attribute
Lab 12: Configure APIC to Communicate to an External Layer 3 Network
• Configure MP-BGP Route Reflectors (Instructor Demo) • Configure External L3 Network • Create Application Profile to Propagate Internal Public Routes • Associate an L3 Outside Connection to a Bridge Domain • Verify That the Leaf Is Learning OSPF Routes
Lab 13: Configure APIC to Communicate to an External Layer 2 Network
• Create an External Bridged Network • Configure an Attachable Entity Profile to Selectively Allow VLAN Traffic
Lab 14: Deploy a Service Graph with Application Profile
• Import Device Packages (Instructor Demo)
Lab 15: Configure APIC Using the REST API
• Open the Postman Plugin for Google Chrome • Create an Application Profile Using the REST API • Create Device Cluster for the ASA • Create Service Graph • Create a Bridge Domain for the ASA • Create Logical Device Context for ASA
Lab 16: Configure APIC RBAC for Local and Remote Users
• Create a Security Domain and Map to your Tenant • Configure Local Users and Roles for your Tenant Security Domain • Create a RADIUS Security Domain and Map to your Tenant • Create an AAA Login Domain for RADIUS Authentication • Test RADIUS Authentication and Authorization
Lab 17: Monitor and Troubleshoot ACI
• View Faults Using the APIC GUI • View Events Using the APIC GUI • Using the Managed Object Browser (Visore) • Configuring Syslog Monitoring
Lab 18: Monitor & Troubleshoot ACI
• View Faults Using the APIC GUI • View Events Using the APIC GUI • Using the API Inspector • Using the Managed Object Browser (Visore) • Configuring Syslog Monitoring