My name is Jose Moreno, I am a Cisco engineer passionate about increasing efficiencies in the DC. Today I focus in Cisco Application Centric Infrastructure, which I find fascinating. In my private time I can't help being a Star Wars fanboy... You can follow me in Twitter under @erjosito
Don't wanna be here? Send us removal request.
Statistics
We looked inside some of the posts by erjosito and here's what we found interesting.
Average Info
Notes Per Post
6
Likes Per Post
5
Reblog Per Post
1
Reply Per Post
0
Time Between Posts
16 days
Number of Posts By Type
Text
17
Last Seen Tumblr Blogs
Fun Fact
In 2020, 44% of users from Denmark used Tumblr daily.
Text
Goodbye Tumblr, hello Wordpress
Hi there,
I have migrated the content in this blog to https://1138blog.wordpress.com/. Thanks for following me over there!
1 note
·
View note
Text
What do Cisco ACI, microsegmentation, service insertion, REST and Docker containers have in common?
Lately I have been involved in quite some conversations, where organisations have shown a lot of interest in the integration between Cisco ACI and F5 BigIP and BigIQ (or should I say iWorkflow?).
As you might know, Cisco ACI offers the option to integrate L4-L7 services in the network. What does this mean?
Optionally, you can have the Cisco ACI controller (APIC) inserting the L4-L7 device or devices in the data path, taking the hassle from you to stitch VLANs (or EPGs) together so that packets flow through the devices in the order you want.
Additionally, you have the possibility of having APIC configuring your L4-L7 device with the required network attributes (IP addresses, transparent bridges) and L4-L7 attributes (access lists, virtual IP addresses).
Note that these are totally optional. If you decide not to use service insertion, you can certainly attach network service devices to an ACI network the old fashioned way (I will call it “VLAN stitching”). And if you only want option 1 (that is, “APIC, don’t touch my firewall”), you can use unmanaged service graphs.
But let’s assume that you go for the full thing, with managed service graphs. If you have ever configured service graphs in ACI, you already know that it is not the easiest feature to configure. So why adding additional complexity to your environment?
One of the most common reasons is to have a single API to manage your L2-L7 network. And since ACI’s REST API has a lot of goodies (read API inspector, debug mode, Visore, Python SDK and Arya automatic Python code generation to name a few), APIC is a good candidate for this API consolidation task.
First advantage: It means that you can configure your firewalls and load balancers using ACI’s API. And now you can use all the great automation possibilities in ACI to build your solution, be it with orchestration solutions like Cisco UCS Director or Cisco CloudCenter, or with your own set of scripts. I promise, you will be developing automation much much quicker with ACI than with other APIs in the market.
But wait a sec: if the network configures the load balancer, could we leverage some network knowledge in that configuration? Like dynamically deploying your web server pools depending on the IP addresses existing in the network?
Second advantage: that is exactly what APIC does (sometimes called “Dynamic Endpoint Attach”). If you configure your F5 server pool as “dynamic” in APIC, pool members will appear and disappear as end points come and go from your network. A very important thing to note is that this is not restricted to virtual machines, but includes anything that you might have as a Web server. Including Docker containers, what I am showing in the video below.
But wait, you might not want every single server in that VLAN to pop up as a Web server in my BigIP? And this is where microsegmentation comes into play. Remember that you can configure your ACI EPGs (End Point Groups, think of them as “server zones”) matching your VLANs one to one, but you don’t have to. You could have multiple EPGs inside one single subnet, and one of them would contain the Web servers for your specific application. Only those would be configured as pool members in your BigIP ADC.
Third advantage: and the best thing is that you can control dynamically which servers make it into the Web EPG, without having to change IP addresses or port-group assignments in the case of vSphere VMs. You could match on attributes like VM name, or Linux container IP or MAC addresses, to opt-in or opt-out servers to your web server pool. In the video below, I am showing how to remove a server dynamically from the web pool just by changing its VM name, maybe because it needs to go through some maintenance, or because it has been compromised (in this latter case, the action could have even been performed automatically by a security threat detection technology such as Cisco Advanced Malware Protection, https://www.cisco.com/go/amp).
Fourth advantage: Last but not least, you have all your config in one single place: from your firewall rules to the health checks you use in your load balancer. This can come handy in some situations, like security audits (only one document to give to your auditor), or config snapshots and rollbacks. And surprise, surprise, you can see this in the video below too.
youtube
Thanks for reading, I hope I could give you a glimpse of the benefits of Cisco ACI service insertion from an automation perspective!
#bigip#f5#docker#ciscoaci#aci#microsegmentation#automation#rest#rest api#python#compliance#nfv#service chain#service graph#sdn#networking#network automation
1 note
·
View note
Text
Using NX-API to deploy full networks
Do you have a network lab to try out new technologies? Then you might have experienced this problem: you finished testing technology A, and you start testing technology B. For that you need to reconfigure your devices, obviously. Now you need to try out something new in technology A, for example a new functionality brought in a recent software release.
You would have to save your existing configs (related to tech B), replay your tech A configs, test whatever you want to test, and then replay back your tech B configs. At least for me, that process sounded scary enough so that I did not want to change my running lab unless I had a very good reason to do so.
That has changed recently, with an app that my esteemed colleague Christian Jäckel has developed in order to quickly snapshot and deploy configurations across whole networks. You can find his work here (as well as a link to my fork): https://github.com/chjaecke/nexus_lab_deploy
You can see a demo video below, but essentially it can download the config of a group of network devices, and document it in a JSON file, which will represent a snapshot of your lab. You can deploy that snapshot with the tool as well, which will restore those specific configs in each one of the devices.
Here you have a short video that gives a glimpse on how this thing works:
youtube
Now I feel confident deleting all my VXLAN EVPN config from my lab, and start testing the exciting Segment Routing functionality that is now available in the Nexus 9000 product line.
Would this be useful for you too?
1 note
·
View note
Text
Demo with Docker containers and Cisco ACI integration: Contiv
You might remember my old post on Linux container integration with ACI by using the “network=none” option in the old Docker implementation: http://erjosito.tumblr.com/post/110063660087/cisco-aci-and-linux-containers.
In the meantime, the networking concept in Docker has considerably evolved, including in the latest releases the concept of network driver plugins (https://docs.docker.com/engine/extend/plugins_network/). Contiv (https://contiv.io) is one of those plugins, that enhances the native Docker functionality for both storage and networking, so that intent policy can be specified for infrastructure as well. This open source project is attracting quite a lot of interest, as the recent ONUG award proved (http://blogs.cisco.com/datacenter/cisco-open-source-project-contiv-winner-at-onug-spring).
First of all, we will focus in this post in one of the halves of Contiv (networking), while leaving the other one (storage) for a different post.
Contiv offers multiple networking options for Linux containers: either native BGP for scalable IP networks, VXLAN overlay networks, or VLAN-based for better performance (in case you don’t have VXLAN offload NICs in your server) or interaction with VLAN-based physical networks.
I get often the question to run customer demos with Contiv integration, so I decided to record one and post it in a video, here you have the result:
youtube
Essentially, the main goal of the demo is showing that creating and tearing down containers with Contiv is essentially no different to the native docker implementation. That is, the Linux container admin is not burned with additional processes. However, contiv will extract the network-relevant information, and use it to create (and tear down) secure container networks at the same speed. This way operators have the same visibility for Linux containers as for other DC workloads.
Additionally, all the good operational tools of ACI can now be applied for Linux containers as well. Think about the troubleshooting wizard for example. Linux containers are thus promoted to first-class citizens in the data center, from a network perspective.
0 notes
Text
Are ACI and NSX complementary solutions?
Lately there seems to be a lot of buzz in the press about combining Cisco ACI and VMware NSX to achieve a comprehensive SDN solution. Nothing bad with that, other than it creates some times the perception that NSX and ACI need themselves mutually. And hence this post, since I disagree with this perspective.
First of all, the usual disclaimer: I happen to work for Cisco, but I will try to stay objective in this post. Please tell me if you don’t think I achieved that.
I like to compare technology to everyday situations, so that it is easier to understand. I will use the analogy of cars and trailers in this post.
Imagine you have an old network, that is imposing a lot of limitations in the way you operate your data center. You could compare it to an old car. And you are trying to solve the following problem: you need to transport big objects. What do you do? You buy a trailer.
The trailer is VMware NSX. It is an add-on to your old network, that solves your problem. Now you can transport big objects. Let’s go back to the real world: what problems does NSX try to solve? After speaking to some customers, and reading documentation, these seem to be the most frequent issues that people try to address with NSX:
Higher security, through microsegmentation and firewall integration
Automation through a single API
Automation through integration in vRealize Automation
Ability of deploy network configurations from vCenter
Interconnection of clusters separated by IP networks
But wait a minute, are you sure that your old Trabant has enough horse powers to pull the fully loaded trailer? The same way that NSX needs a performant network (according to the design guide, a 10G/40G spine/leaf architecture is highly recommended), you might need some more power there. The performance of your overlay network will only be as good as the performance of your underlay.
So chances are that you need to get a new car to successfully solve your problem anyway. What if you bought the best car/network on the planet today? If you went for Cisco ACI, you would be in a similar situation:
Now we are talking, this looks much better. But wait a second, your new pick-up (your new network, ACI) is now able to transport a lot of stuff! Do you still need the trailer? Let’s see what our new car is able to do on its own:
Microsegmentation? Check
Integration with next-gen firewalls? Check
Centralized API? Check
Configurable from vCenter? Check
Integrated with vRA? Check
Multiple locations interconnected by IP? Check
And the previous goals are solved not only for the VMs in a specific hypervisor, but for multiple ones (Hyper-V, Openstack, vSphere), for bare-metal servers and Linux containers (see https://contiv.io).
But you will tell me: ah, but I had to spent a lot of money in the new car! What if I told you that Cisco ACI does not cost more than traditional networks? In other words:
Now it is a no-brainer. You needed a new car anyway. Get ACI, which is the best value for your bucks, and it can cover all of your requirements. If you look really hard, I am sure you can find some object that does not fit in your pick-up (ACI), and maybe you can even convince yourself that that justifies buying the trailer (NSX). Be my guest, you can always attach the trailer to the pick-up. But one thing remains true: the trailer will not be able to drive without a car pulling from it.
1 note
·
View note
Text
ACI 1.3, NFM, CliQr, Austin and much, much more!
Hi there! Amazing, another month has gone by, and there are a bunch of new stuff coming our way from the Cisco Nexus 9000 and ACI corner. Not only a new ACI software version with support for the new EX hardware, but a new way of managing VXLAN networks the easy way (awarded the Best of Interop for DC award), and of course, the wealth of innovation coming from the Openstack Summit in Austin. Not to mention the latest Cisco acquisition of CliQr, that we all are extremely excited about.
But let’s start with it. This is in a nutshell what has been going on during the last 4 weeks around Cisco ACI and the Nexus 9000:
New ACI software releases!
1.3(1g) is on cisco.com, congratulations to the team! Apart from the highly anticipated EX hardware support, some great new features for vSphere, like intra-EPG isolation on AVS and VDS, and dynamic EPG assignment with VDS. Here the release notes:
Switch software, 11.3(1): http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/aci_nxos_rn_1131.html
APIC, 1.3(1):http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_131.html
Another new ACI software release: 1.2(3c). Please notice this release is mainly a bug-fix 1.2 release. Here the release notes: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_123.html
On the new product for managing VXLAN networks, Cisco Nexus Fabric Manager:
NFM wins Best of Interop DC Award! More here: http://blogs.cisco.com/datacenter/cisco-nexus-fabric-manager-wins-best-of-interop-2016-data-center-award
NFM already available in cisco.com. Download the OVA for 1.1(1) here: https://software.cisco.com/download/release.html?mdfid=286305124&softwareid=286307078&release=1.1%281%29&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rm. Note that the OVA should only be used for testing purposes, production NFM deployments are delivered as hardware appliances.
Find out more about Cisco NFM in https://www.cisco.com/go/nexusfabricmanager
Cisco has closed the CliQr acquisition, and Cisco CloudCenter has been born. Some relevant content:
Cisco blog: http://blogs.cisco.com/news/cisco-completes-acquisition-of-cliqr
CliQr web site with information about its integration with ACI: http://www.cliqr.com/ciscoaci/
Cisco CloudCenter (aka CliQr) and ACI demo (4:22): https://www.youtube.com/watch?v=35ssaqhF8tw
VoD on stretched app deployment with ACI+CliQr (58:20): http://www.cliqr.com/resources/landing-pages/stretched-application-deployment-with-cliqr-cisco-aci/
And if you want to play with it, there is an ACI+CliQr demo in dCloud now (https://dcloud.cisco.com).
New in Cisco.com:
Hadoop-as-a-Service CVD on UCS/ACI: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/HaaS_on_Bare_Metal_with_UCSDExpress_on_Cisco_UCS_Integrated_Infrastructure_for_Big_Data_and_ACI.html
Apprenda+ACI solution overview: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/solution-overview-c22-736553.html
1.2(2g) L4-L7 SG deployment guide: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/L4-L7_Service_Graph_Deployment_Guide/b_L4L7_Service_Graph_Deploy_ver122g.html
All 1.1(4) release notes have been merged into one document: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_114.html
Cisco Blogs:
Digital Transformation disrupting ITSM: http://blogs.cisco.com/datacenter/how-digital-transformation-is-disrupting-it-service-management
Container Networking and ONUG: http://blogs.cisco.com/datacenter/container-networking-in-full-bloom-at-onug-spring-2016
Hybrid Cloud Trio (CliQr+HX+N9K): http://blogs.cisco.com/datacenter/hybrid-cloud-power-trio
Container networking: http://blogs.cisco.com/datacenter/bring-application-intent-to-networking-containers
DCNM gets a new face: http://blogs.cisco.com/datacenter/dcnm10
Cloud success factors: http://blogs.cisco.com/datacenter/the-rounds-industry-experts-discuss-data-center-cloud-and-best-practices
Hybrid IT / CliQr: http://blogs.cisco.com/datacenter/hybrid-it-its-a-strategy-not-something-you-build
From the web:
AVI Networks case study with ACI: https://avinetworks.com/media/pdfs/Cisco_ACI_Case_Study.pdf
Fortigate connectors, including the one for ACI: https://www.fortinet.com/products-services/products/firewall/fortigate-connectors.html
Article on Container Networking with Vipin and Balaji: https://www.sdxcentral.com/articles/featured/cisco-balaji-sivasubramanian-vipin-jain-project-contiv/2016/05/
Great blog “ACI and Me”, last entry on Upgrade/Downgrade Sequences: https://aciandme.wordpress.com/
Deploying NetScaler+ACI: https://www.citrix.com/blogs/2016/04/21/deploying-netscaler-adcs-in-cisco-application-centric-infrastructure/
External blog on Openstack+ACI: http://www.snarchs.com/2016/04/cisco-aci-and-openstack-integration.html
New blog entry from Michael Earls: http://www.michaelearls.com/category/cisco-aci/
OneConvergence launches NSD for Openstack, supporting ACI: http://www.marketwired.com/press-release/one-convergence-launches-network-service-delivery-platform-for-openstack-2114497.htm
Tufin integration with ACI: https://www.tufin.com/blog/tufin-and-cisco-aci-policy-based-automation-for-the-hybrid-network/
Videos (a lot on Openstack, as you would expect after the Austin summit):
From the Openstack Summit in Austin:
Walmart showed how to integrate an Openstack network over MP-BGP: https://www.youtube.com/watch?v=TpKVd0DgDwM
Cisco on the power of community-developed software: https://www.youtube.com/watch?v=xTM0kFwT6Y8
Openstack@Sungard with ACI (31:19): https://www.youtube.com/watch?v=RJwQQ7TJuz8
RH+Cisco Openstack Solutions (46:33): https://www.youtube.com/watch?v=7RF_EjI0KKk
Openstack+ACI series by Mike Cohen:
ACI and Mirantis Fuel (8:26): https://www.youtube.com/watch?v=BHSYXLhjYH0
GBP and ACI (16:06): https://www.youtube.com/watch?v=m6rqOdYBOtQ
ACI and Openstack, operations and Troubleshooting (7:41): https://www.youtube.com/watch?v=xz1IA3F9Fz0
Connecting bare metal servers to neutron networks (5:19): https://www.youtube.com/watch?v=TOXmIYVnPE0
F5 LBaaS and ACI (8:08): https://www.youtube.com/watch?v=5SeRKBC4Ptw
And one more on Openstack: Openstack+Cisco from, by Ifti Rathore (37:59): https://www.youtube.com/watch?v=mHxogb83yiI
Critical Success Factors for Cloud Part 1, with Carlos Pereira (9:15): https://www.youtube.com/watch?v=h9n2C2CBQZs
GTRI on ACI (53:13): https://www.youtube.com/watch?v=WFY3kUwTAw4
And here the slides: http://www.slideshare.net/GlobalTechnologyResourcesInc/cisco-aci-a-new-approach-to-software-defined-networking-60921348
ACI is coming, are you ready? Webinar by Sunset Learning (57:02): https://www.youtube.com/watch?v=sJiOguEWBfY
Unboxing an APIC: https://www.youtube.com/watch?v=2YeVFPU8Lug
Some videos from CLMEL:
ACI+Openstack demo: https://www.youtube.com/watch?v=7-jrTE0NiCQ
ACI microsegmentation and L4-L7: https://www.youtube.com/watch?v=__7jp2gqg5Q
ACI Policy Mgmt: https://www.youtube.com/watch?v=FXrEc56Etaw
Thanks for reading! Did I forget anything?
0 notes
Text
Cisco ACI and Nexus 9000 last month news. Keep it coming!
Hey there! Time for a new post with the latest news on Cisco ACI and Nexus 9000. Funny, I thought that the speed of innovation would go down with time, but it is actually going up! In my opinion, that has a lot to do with the extended partner ecosystem and the programmability possibilities of ACI, that allow to build new solutions on top of it. Enough chatter though, let’s go for the meat:
7.0(3)I2(3) for N9K NXOS has been released, here you have the release notes: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/release/notes/70323_nxos_rn.html.
Some EX-hardware already orderable in Cisco Commerce Workspace, like the Nexus 93108YC-EX ToR switch or the 9732C-EX line card for the N9500
In cisco.com:
White papers:
SPAN possibilities inside ACI: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-736974.html
Programmability: http://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-9000-series-switches/gain-network-programmability.pdf
NXOS-to-ACI migration: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-736866.html
N7K/ASR integration with ACI: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-736899.html
Blogs:
Cisco blog: 10M N3K ports sold: http://blogs.cisco.com/datacenter/3-reasons-10-million-is-a-big-number
About CliQr and ACI: http://blogs.cisco.com/datacenter/profile-once-deploy-anywhere
See this one on smart buffers: http://blogs.cisco.com/datacenter/intelligentbuffer
SDN lessons learnt: http://blogs.cisco.com/datacenter/3-sdn-lessons-in-3-years-of-production-learn-from-cisco-aci-and-citrix-netscaler-best-practices. For the impatient:
Plan big, start small
Start clean
One step at a time
ACI:
Customer ACI success stories:
Design infos on how Cisco IT uses ACI: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/white_papers/Cisco_IT_ACI_Design.html
Customer case study on Hutchinson Networks and ACI: http://www.cisco.com/c/en/us/about/case-studies-customer-success-stories/hutchinson-networks.html
Customers speak on ACI: http://blogs.cisco.com/datacenter/customers-speak-out-on-aci-speed-simplicity-security (see the corresponding youtube video in the “Videos" section too)
NTT Docomo adopts ACI: http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1753087
Blog: Compelling RoI of the solution based on ACI and AVI Networks: https://blogs.cisco.com/datacenter/cisco-aci-and-avi-networks-deliver-compelling-roi-and-automation-to-leading-financial-management-software-firm
Siam City Cement PCL success story with ACI: http://unleashingit.com/articles/A15A4.aspx
Integra Telecom achieves a 368% RoI with ACI: http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/idc-roi-integratelecom.pdf
And this one with Tele2: https://www.sdxcentral.com/articles/news/tele2-preps-5g-openstack-huawei-cisco-nfv-tools/2016/03/
Openstack:
Cisco ACI Opflex plugin for Fuel (Mirantis): http://plugins.mirantis.com/docs/a/c/aci_opflex/aci_opflex-7.0-7.0.7-1.pdf
Information in Mirantis Web site on the Cisco integration: https://www.mirantis.com/partners/cisco/
The new ACI OpenStack plugin 1.2(2.20160322) added support for Liberty on Red Hat, Mirantis and Canonical.
ScienceLogic for ACI monitoring: https://www.sciencelogic.com/product/resources/cisco-aci-monitoring
New ACI training session: Logical Model Overview (part 3), by Zach Seils: https://learningnetwork.cisco.com/docs/DOC-26857
From the web:
A refreshing view (in my opinion) on what a microsegmentation solution should offer: http://www.datacenterknowledge.com/archives/2016/03/28/how-to-choose-a-microsegmentation-solution-to-protect-vms/
Very interesting perspective on the role of the network for microservices architectures: https://medium.com/lightspeed-venture-partners/in-the-land-of-microservices-the-network-is-the-king-maker-37de7ec4119a
Large scale DC design at LinkedIn, powered by the Nexus 3232C: https://engineering.linkedin.com/blog/2016/03/the-linkedin-data-center-100g-transformation
New Gartner technology category: NPB or “Network Packet Broker”, the place where Cisco Nexus Data Broker plays. See their analysis here: https://www.gartner.com/doc/reprints?id=1-2WO9JPT&ct=160120&st=sb
vArmour integrates with ACI: https://info.varmour.com/rs/650-OZW-112/images/vArmour-Cisco-SB-HQ.pdf
See in this CL session by David Jansen on an implementation of multicast routing in ACI using external routers: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89910&backBtn=true (from slide 102 on, but don’t miss the rest)
ACI integration with Infoblox over CliQr: https://community.infoblox.com/t5/Company-Blog/Infoblox-brings-core-network-services-to-Cisco-Application/ba-p/5685
Week summary of Citrix at CLMEL, by our friend Dave Potter: https://www.citrix.com/blogs/2016/03/10/what-a-week-citrix-at-ciscolive-melbourne/
Interview with Soni Jiandani about the CliQr acquisition: https://www.digitalnewsasia.com/cliqr-will-remain-independent-promises-cisco
Videos:
Why ACI? CLEUR Wow moments - customer statements (2:40): https://www.youtube.com/watch?v=3eJNgm6hhhs
ACI and the SDDC, session at a VMUG UserCon courtesy of Anna Shepelenko (42:59): https://www.youtube.com/watch?v=5TI-mjuBKHQ
ACI in 5, short video series by Lauren Malhoit on ACI benefits. Check this one out on intra-EPG segmentation (2:18): https://www.youtube.com/watch?v=a7gVLKu3jjU
And this one by Carly Stoughton on the ACI integration with CliQr (11:45): https://www.youtube.com/watch?v=h1LfRfVtNvc
On ACI, UCS, SAP and Vnomic (4:00): https://www.youtube.com/watch?v=dMMffmiIyWs
And a customer testimonial (Dimension Data) using the previous solution, SAP+Vnomic+ACI (1:11): https://www.youtube.com/watch?v=q7d0bHJ5yP4
Unleashing SAP with Cisco ACI (4:49): https://www.youtube.com/watch?v=I0bG36KAtys
FirePower NGIPSv integration with Cisco ACI (33:56): https://www.youtube.com/watch?v=nu574_qahPg
SDN and ACI (4:20): https://www.youtube.com/watch?v=nZm3UPtBhL4
On the importance of hardware innovation: https://www.youtube.com/watch?v=FxhVPFSPkes
Soni Jiandani on joint solution with F5 (1:43): https://www.youtube.com/watch?v=eBpLsDI6AnE
Achieve new efficiency levels with CliQr and ACI (0:59): https://www.youtube.com/watch?v=T8kKTJ8umPU
100G transceivers in the DC (2:03): https://www.youtube.com/watch?v=K4tdLzDggf4
Another great video by WWT, this time on a CliQr+ACI demo (11:19): https://www.youtube.com/watch?v=rQxskkK_urQ
Zenoss and ACI (8:58): https://www.youtube.com/watch?v=J0Aim54GZiI
Thanks for reading down to here! Did I forget anything?
0 notes
Text
Cisco ACI and Nexus 9000 news from the last 4 weeks...
Hi there,
Really A LOT has been going on in the last weeks: we had Cisco Live in Berlin with record attendance, a successful Partner Summit in US, 2 major releases for both ACI and NXOS, acquisition announcements, an entry in a new market for Cisco and brand new hardware with new bandwidth standards. Not too bad for a month time!
1.1(2h) software for ACI online! Congratulations to the team for yet another software milestone delivered in time! Release notes:
APIC software: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_122g.html
Switch software: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/aci_nxos_rn_1122g.html
Scalability guide: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/verified-scalability/b_Verified_Scalability_1_2_2.html
My favourite new features (there are many other in the release notes):
Intra-EPG PVLAN
N9372TX-E support
Data Plane Policing (QoS policers)
7.0(3)I3(1) software for NXOS posted in cisco.com!! Lots of new features, check out the release notes here: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/release/notes/70331_nxos_rn.html. Amongst others:
N9200 support
ISSU
FCoE NPV
From Cisco Live Europe 2016:
New market penetration numbers presented by Soni (more in http://blogs.cisco.com/datacenter/excitement-in-the-air-more-customers-are-embracing-cisco-aci):
6,000+ N9K customers
1,400+ ACI customers
50+ partners in the ACI/N9K ecosystem
Lots of great content, check out this link: https://www.ciscolive.com/online/connect/search.ww?cid=Global#loadSearch-searchPhrase=aci&searchType=session&tc=0&sortBy=&p=&i(10017)=20991
And from the Partner Summit 2016:
Announcement summary (CliQr, HyperFlex and 9200/9300-EX): http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1750136
You probably heard about the CliQr acquisition by now: http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1750092
Hardware:
Looks like ASIC innovation is still relevant for next-gen DCs: http://idcdocserv.com/US41022016
On 25G: Unlike 10G, 25G requires FEC for the majority of the transceivers. There are 3 types of 25G transceivers, switch support for one version of FEC or another can influence the cabling the 25G ports will support:
No FEC: Passive Copper Cables for 1 and 2 meters
Base-R FEC: Passive Copper Cables for 3 meters
RS-FEC: Passive Copper Cables for 5 meters, and SR
On 25G-capable switches like the 92160, there will be twinax cables for 25G: SFP-H25GB-CU1M, SFP-H25GB-CU2M and SFP-H25GB-CU3M (the latter requires FC-FEC on both server NIC and switch).
Don’t get scared if you feel the BiDi optics run physically hotter than other optics, that is normal
The lack of port-channel support on the existing 4x100G uplink module for the N9396PX is a hardware limitation and will not be lifted in the future. If you need 100G port channeling, the upcoming Nexus 9200 or 9300EX are your friends
Regarding optics, note that S-class 40G optics are not compatible with 10G SR optics (using an MPO breakout cable) because of power reasons.
ACI:
Interesting discussion on TACACS+/RADIUS over inband. As you might know, the APIC has a single routing table, and prefers the inband default gateway (when configured). However, the switches have a dedicated oob VRF, which is always use for RADIUS/TACACS+ (even if inband is configured). So there is a problem if the authentication servers are only reachable over inband.
Check out Hank’s updated workflows for automated deployments on ACI out of UCS Director: https://communities.cisco.com/docs/DOC-65217
Uplink port tracking in leaves supported since 1.2(2)
NXOS:
Nexus 9200 orderable now, and software-supported with the 7.0(3)I3(1) release!
If you are looking for better ways to manage your VXLAN network, Puppet might be your option! (BTW this is an industry first): https://puppetlabs.com/blog/networking-industry-s-first-puppet-orchestrated-vxlan-fabric
N9272Q supports breakout cables only on ports 37-72
Great automation examples to use with NXOS by Jason Pfeifer: https://github.com/jpfeifer22/boneyard/tree/master/Nexus9000/NXOS
EoS announcements:
EoS/EoL announcements:
6.1(2)I3(x): May 1 2016
7.0(3)I1(x) and 7.0(3)IX1(x): March 30 2016
The last date of software maintenance releases:
6.1(2)I3(x): October 30th 2017
7.0(3)I1(x) and 7.0(3)IX1(x): March 28th 2017
Not directly related to N9K/ACI, but other important announcements:
7.3(0)N1(1) available for the N5K family (release notes here: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/7x/Nexus5500_Release_Notes_7x.html)
7.3(0)D1(1) available for the N7K family (release notes here: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/7_x/nx-os/release/notes/7x_nx-os_release_note.html)
CECS 2.5 announcement: http://amp2.h2fmedia.com/Amp/q.aspx?211266325806_v2e4_b4bf26fe-f6be-4999-87c5-947b527f5133
New Docker 1.10 release with many improvements, including network related: http://blog.docker.com/2016/02/docker-1-10/
In the Web:
Cloning ACI tenants (by WWT): https://www2.wwt.com/cloning-aci-tenants-demo/
ACI and ICO solution paper: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-736625.html
“Operating ACI” now in CCO: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/b_Cisco_Operating_ACI.html
eHDF and ACI, a success story: http://www.itp.net/606367-ehdf-enhances-data-centre-services-with-cisco-aci
Using Ansible to create ACI contracts: http://davidstamen.com/ansible/cisco/using-ansible-to-create-cisco-aci-filters/
Blogs:
Cisco blog by Soni: http://blogs.cisco.com/news/delivering-cloud-services-at-cloud-scale-with-cloud-economics
N9K/ACI customer and ecosystem numbers: http://blogs.cisco.com/datacenter/excitement-in-the-air-more-customers-are-embracing-cisco-aci
ACI and secure PaaS: http://blogs.cisco.com/datacenter/aci-policy-enables-secure-paas-and-more-at-cleur
NXOS and Ansible: http://blogs.cisco.com/datacenter/devops
Open APIs: http://blogs.cisco.com/datacenter/open-apis-enable-greater-customer-value
Customers share their digital journeys at CLEUR: http://blogs.cisco.com/datacenter/customers-share-their-digital-journeys-with-ciscoaci
William Nellis and macro (or is it micro?) segmentation: http://williamnellis.com/2016/02/22/macro-segmentation-for-system-level-hardening/
Nic Vermandé and inter-tenant route leaking: http://static-void.io/simple-inter-tenant-communication-rules-with-aci/
Check out these 2 entries by Luca on CliQr-CECS integration (premonition before the acquisition attempt?):
http://lucarelandini.blogspot.com/2016/02/governance-in-hybrid-cloud.html
http://lucarelandini.blogspot.com/2016/02/governance-in-hybrid-cloud_8.html
Videos
NFM overview: https://www.youtube.com/watch?v=FyKD9xY0btc
Tech Field Day extra at CLEUR:
Cisco ACI microsegmentation with Juan Lage (33:50): https://www.youtube.com/watch?v=XJCthJZ2AMw
Raf super star on ACI deployment (29:57): https://vimeo.com/155547163
Cisco integrated infrastructure with UCS+ACI (35:39): https://www.youtube.com/watch?v=Zu5sZnQgdSE
Check the rest here: https://www.youtube.com/playlist?list=PLinuRwpnsHacKtAm5Js_yqqDpxqYxLKot&feature=view_all
ACI troubleshooting by Michael Earls (6:19): https://www.youtube.com/watch?v=mf4YU4IYYYs
Interview with F5 at CLEUR (6:43): https://www.youtube.com/watch?v=PhoAB22sMa4
Interview with Citrix at CLEUR (5:45): https://www.youtube.com/watch?v=yFlKxEH4j6k
Thanks for reading down to here! Did I forget anything?
0 notes
Text
Cisco ACI and Nexus 9000 news - February 2016
Happy New Year! Yes, you are right, a bit late for that. As late as I am with the monthly newsletter, so I have lots of stuff for this edition. Let’s cut the nonsense and go where the beef is, because there is a lot of it:
ACI one of the technologies of the year for InfoWorld! http://www.infoworld.com/article/3023050/open-source-tools/infoworlds-2016-technology-of-the-year-award-winners.html#slide6
Software:
Brazos is now GA! Although by now you have probably updated your fabric already 😃
7.0(3)I2(2a) is out, release notes here: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/release/notes/70322a_nxos_rn.html.
Cisco blogs:
You need to read this one from Soni Jiandani: http://blogs.cisco.com/news/executing-on-our-vision-and-strategy-the-future-of-networking-for-an-application-centric-world
And this one by Frank D’Agostino and Juan Lage on Microsegmentation, Security and NSX: http://blogs.cisco.com/datacenter/aci-surpasses-vmware-nsx-again-with-micro-segmentation-end-point-granularity
Overcoming the “stack fallacy”: http://dcweapons.cisco.com/blog/2016/01/26/competitive-response-to-aristas-next-generation-eos/
On Fast IT and the IDC report on the Pulsant success story: http://blogs.cisco.com/datacenter/fast-aci-cloud-starwars
Update on ACI partners and microsegmentation: http://blogs.cisco.com/datacenter/aci-applications-spotlight-microsegmentation-and-new-application-partners
Learnings from the last Gartner DC conference: http://blogs.cisco.com/datacenter/part-2-ten-learnings-and-observations-from-the-2015-london-gartner-data-center-conference
In cisco.com:
Forrester study on economic impact of ACI now available in cisco.com: http://www.cisco.com/c/en/us/solutions/software-defined-networking/learning-center.html#ufh-i-191651035-what-can-cisco-aci-do-for-you
New white paper on migrating existing networks to ACI: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/migration_guides/migrating_existing_networks_to_aci.htmlWhite paper on AVS: failover and convergence tests: http://www.cisco.com/c/en/us/products/collateral/switches/application-virtual-switch/white-paper-c11-736554.html
White paper on the multiple UIs in ACI: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-736514.pdf
Scalability limits of ACI 1.2: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/verified-scalability/b_Verified_Scalability_1_2_1x.html
Pulsant case study infographic: http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/pulsant-win-happy-customers.pdf
New ACI security white paper: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-736292.html
AVS now supported on vSphere 6.0 too: http://www.cisco.com/c/dam/en/us/products/collateral/switches/application-virtual-switch/avs-support-statement-an.pdf
Data sheet for the upcoming Nexus 9200 online: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/datasheet-c78-735989.html
Out in the web:
Interesting interview with Cisco’s CTO, where ACI plays a key role: http://www.infoworld.com/article/3028173/analytics/ciscos-cto-charts-a-new-direction.html
IDC study on ACI benefits for Pulsant (8-pages): https://www.sdxcentral.com/wp-content/uploads/2015/12/IDC_ROISpotlightDec2015_Pulsant.pdf. For example: a ROI of 513%, payback in 6.4 months, 85% less time in fabric provisioning.
Find other ACI customer success stories in SlideShare: http://www.slideshare.net/Ciscodatacenter/cisco-aci-customer-spotlights
Command-line REST client for ACI, with variables support, rollback functionality and automatic generation of files to import into UCS Director as custom tasks: http://erjosito.tumblr.com/post/137149656822/a-command-line-rest-client-for-aci
New vBrownBag series started by Lauren Malhoit on ACI: http://professionalvmware.com/2015/12/cisco-aci-series/, first four episodes posted
Plumgrid integrates with N9K in NXOS mode : http://www.plumgrid.com/plumgrid-blog/2015/12/extend-sdn-overlay-with-cisco-nexus-9000-switch-in-under-10-steps/. Another proof of NXOS programmability, with a software overlay product
Video demo here: https://www.youtube.com/watch?v=Jd9NRI3_3yI).
Here some more details: http://www.plumgrid.com/wp-content/uploads/documents/GAS_Cisco_v1.3.pdf
A special section in L4-L7 services integration with ACI:
Yet a new example of openness and programmability: a Belgian computer science student developed an ACI device package for the open source load balancer NGINX: https://github.com/FServais/NGINX-Device-Package
Here you can find a demo: https://www.youtube.com/watch?v=eLiydsFUOYc
Some news on Citrix NetScaler, including a new device package version: https://www.citrix.com/blogs/2015/12/28/say-happy-new-year-with-netscaler-device-packages-with-cisco-aci/
New deployment guides on cisco.com about ACI+F5: http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/guide-c07-736160.pdf
Videos:
I did a 4-part video series demonstrating the advantages of managed Service Graphs with ASA (more focused on the “why” than on the “how”, see other blog entries in this site):
Part 1: quick insertion/removal (7:56): https://www.youtube.com/watch?v=0kvpKNudt0k
Part 2: service insertion and the troubleshooting wizard (4:16): https://www.youtube.com/watch?v=l4fbclJfVkw
Part 3: ruleset management (6:46): https://www.youtube.com/watch?v=7JNQE6aCYos
Part 4: automated microsegmentation of compromised workloads (9:09): https://www.youtube.com/watch?v=UmufoFsjXoM
Watch this series (3 videos) on a deep dive on how to setup ASA in ACI: https://www.youtube.com/playlist?list=PL_VvDNvGnyZ38GSdhJ3R1abrWtcOh4gEY
ACI programmability demo using the concept of network dashboard (3:37): https://www.youtube.com/watch?v=CBnthLw7bvI
NetScaler ACI migration tool (5:19): https://www.youtube.com/watch?v=f_RahlgPBP. Translating between native netScaler config and ACI XML
NetScaler ACI PoC starter kit (3:29): https://www.youtube.com/watch?v=14CMX6v-3PY. How to use content downloadable from https://github.com/citrix/netscaler_aci_poc_kit
Managing Cisco ACI (1:17:51): https://www.youtube.com/watch?v=TFNhwKPQTSU. Including software upgrades, OOB mgmt, SNMP, NTP config and other topics
Cisco WLAN Controllers over 2 ACI fabrics (16:45): https://www.youtube.com/watch?v=lLxG8hd2QQ8
TechWise TV: scaling multitenancy with VXLAN (14:34): https://www.youtube.com/watch?v=APqVHTIYrPQ. Learn more by joining the Webinar in February (http://cs.co/6052Bni1O)
N9K and ACI intro, by John Swartz (13:19): https://www.youtube.com/watch?v=P7846ZYy0Y8
What do your customers think of ACI? Part 1 (3:27): https://www.youtube.com/watch?v=s56yWMqY0bE
What do your customers think of ACI? Part 2 (3:01): https://www.youtube.com/watch?v=NUL1h1N3DEw
And another one featuring Pulsant (3:10): https://www.youtube.com/watch?v=WHU6RWDJGEo
WWT strikes again with great content: demo on Openstack-ACI integration (19:01): https://www.youtube.com/watch?v=x1qef1_y22Y
New chapter of Lauren’s vBrownBag, this time on security (42:22): https://www.youtube.com/watch?v=HKwrF7epn-8
Fulfilling SDN Vision + Customer Testimonials (Gartner DC Summit): http://eod.gartner.com/session-video/LSC34/SPS1
Developing with Cisco Network Programmability (1:07): https://www.youtube.com/watch?v=xJIWzXvcy64
Cisco DC overlays with focus on VXLAN (Vishal Mehta, 1:25:48): https://www.youtube.com/watch?v=kAoa7djX3Ew
Did I forget anything?
0 notes
Text
Microsegmentation and APIs: the perfect combination
You might have heard the hype about microsegmentation in the DC, and multiple definitions of this term. Paraphrasing Juan Lage, it is the possibility of setting up policies with end point granularity. In other words, to be able to take any end point in the DC and change its security policies, without having to alter any of its attributes (like IP address).
Note that I am speaking most of the time about end points. These could be virtual machines, but they could be something else like bare metal servers, Linux containers or storage systems).
This as such is a very powerful capability, that until recently not many network technologies could boast about. Cisco ACI is one of them.
One example: you modify the security policy of some end points when you decide that their role is going to change (for example, when moving an application from staging to production).
Does this mean that network admins have to define as many security policies as end points exist in the DC? Not necessarily. In my opinion, this feature makes most sense when use in an automated fashion.
Another example, but this time no admin takes any action: a security tool detects that a server has been compromised, and moves it to quarantine. This is what I am showing in this video:
youtube
Here, the “security tool” detecting that a server is compromised is an ASA firewall with NGIPS, that detects suspicious activity coming from a compromised end point. This could be your favourite virus scanner detecting malicious code, or OpenDNS detecting that some server is sending data where it should not.
There are multiple ways to tell the network to move the compromised server somewhere else. In this example the NGIPS is setting a custom attribute in vSphere leveraging dynamic EPG (End Point Group) assignment in Cisco ACI (also known as Microsegmentation EPGs). After setting a flag in the VM (in this case an attribute called “Attacked” is set to “True”), Cisco ACI will recognise it and move the end point to another EPG with a different security policy (typically no access to other DC areas, but with the possibility to investigate and remediate the compromised server).
A more generic way to modify the security policy would be directly interacting with ACI and using IP-based EPGs, since this would not depend on the hypervisor or the workload form factor. I have this in my To-Do list.
What do you think? Do you need this functionality in your DC?
0 notes
Text
A command-line REST client for ACI
First of all, Happy New Year! Thanks for looking at my first post in 2016.
As you might already know, Cisco ACI is a new concept of network management. In short, it is a network that brings along embedded network management functionality, that sits in a centralised controller cluster. If you want to manage a Cisco ACI network, you don’t talk to the switches, you talk to the controller.
There are a couple of interesting things about this controller. Although it offers good old CLI for network changes and show commands, you can use its GUI (either in advanced or basic mode), or the object of this post, its REST API.
About this REST API in ACI there are several interesting facts that I personally like quite a bit: you can choose to use JSON or XML payload, it is thoroughly documented, and best of all, it has multiple tools that quickly help you to start rock’n’rolling, such as the API Inspector. This API Inspector shows you which API calls you need to send to ACI in order to accomplish any particular task that you just did using the GUI.
So now you have a good library of useful REST API calls, possibly generated with the API inspector. The next step could be using a REST client to actually use them. There are multiple choices out there, like browser plugins (I use Postman for Chrome) or standalone clients (I use Paw because of its ability to “translate” REST into something else like curl or Python).
But I was always missing something in those clients, so I decided to create a REST client of my own. Some time ago I had seen a script called “request.py”, a simple script that chains multiple JSON/XML requests, and sends them to ACI. ACI credentials as well as the list of JSON/XML requests to be sent to ACI are defined in a YAML file that is provided to request.py as only parameter.
What was missing? First of all: variables. If you have a REST request to create say a subnet, you want to specify the IP address as variable, so that you can reuse the same request to create multiple subnets.
The next step is variable recursivity: if you create say an application called “ERP”, you might want that your server groups (End Point Groups in ACI speech) “inherit” the value of the application variable and are called something like “ERP-Web” or “ERP-Database”.
Another one is the possibility to specify variables inside of every request. Maybe there are variables that are valid for the whole workflow (like the tenant name), but you might want to reuse the same REST call in the same workflow mutliple times, but with different variables. For example, to create two different subnets.
What is your workflow gets deployed, but it is not what you wanted? Something very important is the concept of rollback. If next to the sequence of REST calls to commit a change you specify the sequence of calls required to undo that change, you gain a lot of flexibility when falling back changes that have not been successful.
And the last thing is the possibility to import the workflows into a serious orchestrator. Once you are happy with your commit and rollback REST requests, “request.py” supports generating a file that can be imported into UCS Director, containing custom tasks that can be leveraged in UCS Director workflows.
Find the improved “request.py” along with some workflows in my GitHub repository here: https://github.com/erjosito/request, or in the ACI developer site https://acidev.cisco.com.
Do you have any idea that you would like to see in this command-line utility for ACI?
1 note
·
View note
Text
Firewall insertion with ACI
Hey there,
So this is probably my last post of the year, it has been a fun ride! So far I have been able to keep the goal “no post without code” (excluding the news updates), let’s see if I can keep it up next year.
But let’s turn to our matter of the day. Have you ever configured L4-L7 Service Insertion with service graphs in ACI? It is all about doing two tasks, where one of them is optional:
Bring a L4-L7 device (like a firewall or a load balancer) into the data path
Put some configuration on that L4-L7 device (optional)
By the way, step 2 has become optional since the latest ACI release 1.2 with what we call “unmanaged service graphs” (you do the L4-L7 device configuration outside APIC).
Obviously, you still can insert firewalls and load balancers the same way we always have, using VLAN/subnet/VRF stitching. So why going over the hassle of doing this service insertion thing, specially when it is not the easiest thing to configure in ACI?
First, as usual, let’s define some focus for our question. I will concentrate on the Cisco ASA. Other firewalls are supported for ACI service insertion as well (Palo Alto, Fortinet, Checkpoint), but the ASA’s device package has the best capabilities.
I decided to test a cluster of physical firewalls in routed mode, and got the help of two colleagues, since I am not that expert in firewalling: Stefan Dürnberger and Goran Saradzic. BTW, they will be presenting in CiscoLive, do not miss their sessions on DC Security if you happen to be in Berlin next February.
So What were our findings? I have created a series of videos (so far 3, more might come) with the main benefits (in my opinion)
One API for the whole network, quick insertion/removal, self-service
Having the possibility of orchestrate from a single place the full L2-L7 network. It is not only having a REST API, but the helper tools as well that make that API usable (as opposed of just having a 400-page API reference guide). Think API inspector, Python/Ruby SDKs, Arya, Save As / Post GUI operations, etc.
For example, you could easily build a self-service portal with which customers can decide whether using the embedded ACI security (up to L4), or including some additional L4-L7 security coming from the ASA (and SourceFire).
You can see more details here (7:55):
youtube
Easier troubleshooting
The next question was: if the network is aware of the services inserted, it should provide some context in troubleshooting? This is why we explored what the Troubleshooting Wizard looks like, when there are firewalls inserted over Service Graphs.
As you can see here, ACI can give relevant information (such as counters from the source to the firewall, and from the firewall to the destination).
I used the chance as well to try the relatively new “SPAN to APIC” function. I would have killed for having that one in my days as network admin, for not having to travel to the DC every time I needed to capture traffic.
youtube
Ruleset management
And finally, how do we address the constant pain of too complex firewall rulesets? Multiple answers on that one:
Since ACI is like a distributed L4 packet filter, you can configure “permit tcp any any eq xxx” kind of rules in your firewall that take care about TCP normalization or application-specific firewalling. ACI will do the rest, and you don’t need to modify the ruleset every time servers come and go
But wait, there is more. Some customers like to have in their firewalls the full policy, no “any to any”. You can use object groups that ACI will update automatically. How cool is that? You have IP address information which is always up to date, but you don’t need to maintain it.
And lastly, what about the list of protocols to be allowed? APIs come to the rescue here as well. Why not “offloading” that task to our own customers, giving them a self-service portal to configure them? This is what we did in this demonstration. Again, the enabler is not only ACI’s REST API, but all the helper tools around it (and more specifically, the API inspector and Save As functions).
Have a look (6:46):
youtube
And as usual, here all the code that I have used for these demos, plus the tenant configuration, plus the firewall configs: https://github.com/erjosito/sirius
What do you think about service insertion in ACI? Are you happy with VLAN/subnet/VRF stitching? Would you rather go for managed or unmanaged service insertion with ACI? Were these demos helpful? Have you already watched The Force Awakens? (awesome!)
0 notes
Text
Network dashboards
After a long time without blogging, two entries in one day. I wanted to share some ideas about network dashboards and Cisco ACI. If you are managing a “traditional network” (that is, everything that is not called ACI :-), you are probably familiar with non-network folks rolling their eyes when they see you typing CLI commands at light speed. Eventually some manager will ask something like “would you be able to tell me how our network is doing, so that even I understand it?”
So we come to the concept of dashboards. One option is buying some software that has this kind of functionality. But hey, you already bought a network, why should you be buying stuff to operate that network?
That is the idea behind Cisco ACI. It already comes with some dashboard. For example, this is what you see when you log into the ACI Advanced GUI (note that since the last version there is a simplified GUI too):
You can see some interesting stuff, like the overall health of the network, both now and in a time-based graph, an alert summary, and what surprises most people, the tenants affected by those alerts. Traditional networks are not aware of the tenants or the applications using them, this is one of the reasons for the “A” in ACI.
But wait, there is more. What if you are not interested in the whole network, but in *your* network? How is the network for my application doing? Good news: there are other dashboards, for example this one tenant-focused, showing the health of the applications that belong to that tenant:
But you cannot create a GUI that everybody likes. I am sure some of you are thinking: “doesn’t look too good, I would have done it differently”. You know what? Do it!
This is what some folks like my admired colleague Paul Lesiak did: using the Ruby SDK for ACI he created a widget-based dashboard (https://github.com/datacenter/acirb) that can be installed on a Web server that has connectivity to the APIC. This is what it looks like running on my Mac:
But you know what? Everybody is different. A customer recently asked me whether something in PHP could be done. They don’t have a lot of Ruby expertise (yet), and they wanted something really simple: some kind of dials that showed how many end points were registered with the EPGs of an app. No problem! I created for them a simple PHP-based dashboard (https://github.com/erjosito/stuff/blob/master/acme_summary.php):
By now you see where I am going. A colleague recently asked me whether a Mac OS X Desktop Widget for ACI would make sense. I found the idea intriguing, and I did a first implementation (https://github.com/erjosito/stuff/tree/master/ACIHealth.wdgt, please take into account it still needs a good deal of tweaks):
You can see it along other Desktop widgets. It shows the overall network health (95%, as you saw in the very first screenshot in this post), and there are three main panels: one with tenant health (shown in the picture), the second one with switch health, and the third one with a list of the aggregated faults in the network.
Isn’t that cool? Tell me a network were developing this kind of integrations is that easy! BTW, if you want to know more about this stuff, don’t miss my session at the next Cisco Live in Berlin!
One last question: what ideas do you have for a cool network dashboard?
0 notes
Text
ACI/N9K news: 1.2 is here!
Hi there,
sorry for the delay in this edition, but I wanted to wait until ACI 1.2 hits the road. I had some early releases in my lab and I have to tell you: it is AWESOME. But don’t let me bore you, here you have my summary of past month until today:
Happy birthday on the 2-year anniversary from ACI announcement in NYC on Nov 6th 2013! Time has flown ever since!
New software:
ACI 1.2(1i) is there!! With this version Cisco has delivered yet another ACI milestone (the 3rd “major” release in 6 quarters).
Here the APIC release notes: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_121i.html
LOTS and LOTS of new great functions! Here my favourites:
Basic, simplified GUI (the “advanced GUI” stays, the user can toggle between basic and advanced)
NXOS-style CLI for ACI: back in black!
VM-EPG assignment based on VM attributes for Hyper-V too (it was already possible in vSphere)
IP-based EPG assignment for virtual or physical workloads
Unmanaged service graphs: automate service insertion even if no device package is available
And many more. Check out the release notes (link above) for more!
Citrix has released a new version of the device package: https://www.citrix.com/blogs/2015/11/10/new-netscaler-device-package-for-cisco-aci/
Camden MR aka 7.0(3)I2(2) is in CCO ready to download, more info in the release notes: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/release/notes/70322_nxos_rn.html
VTS 2.0 is now GA! For more info go to http://www.cisco.com/go/vts. Ordering guide here: http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/virtual-topology-system/guide-c07-736079.html (including pricing).
Nexus Data Broker 2.2 released! More info in the release notes:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/xnc/nexus_data_broker/release_notes/nexus_data_broker_release_notes_22.html
UCS 5.4 is out! Support for ACI 1.1(3) is there! The new UCSD 5.4 APIC Mgmt Guide is here: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-director/apic-management-guide/5-4/b_UCS_Director_APIC_Management_Guide_54.html.
The one feature I can’t wait to try is the “Tenant onboarding with private networks”. That is, no need for UCS or VNX/Netapp any more to use the native ACI integration, you just need a VMware and an ACI.
Some press on Cisco ACI:
LightReading about the new 1.2 release: http://www.lightreading.com/carrier-sdn/sdn-technology/cisco-enhances-sdn-capabilities-of-aci/d/d-id/719654
Great report on ACI: “ACI shakes up SDN": http://www.infoworld.com/article/3003903/sdn/review-cisco-aci-application-centric-infrastructure-shakes-up-sdn.html
ACI as Top Trend for 2016: http://www.infoworld.com/article/3007057/cloud-computing/9-enterprise-tech-trends-for-2016-and-beyond.html
Cisco ACI awarded InfoWorld Editor’s Choice: http://blogs.cisco.com/partner/cisco-aci-awarded-infoworld-editors-choice
Reflections on ACI: https://www.sdxcentral.com/articles/featured/aci-cisco-article/2015/11/
Nexus 9K+3K at $2B run rate! (http://www.crn.com/news/networking/300078813/ciscos-q1-success-overshadowed-by-bleak-q2-outlook.htm)
ACI is now included in the CCIE DC v2.0 blueprint: http://www.cisco.com/web/learning/certifications/shared/docs/ccie-datacenter-comparison.pdf
On Openstack:
A blog entry by Lauren on ACI’s latest innovations regarding Openstack: http://blogs.cisco.com/datacenter/cisco-aci-at-openstack-2015-in-tokyo
ACI+Openstack GBP+OneConvergence (5:37): https://www.youtube.com/watch?v=UYmM_uBtu2s
Tech Field Day, Lucien on ACI & Openstack (15:54): https://www.youtube.com/watch?v=3QFz2iqrvvk
Lucien strikes again, with an intro on GBP (3:34): https://www.youtube.com/watch?v=r0dGIxpqzf4
GBP with Openstack (2:58): https://www.youtube.com/watch?v=jF4aK1b383gACI
Openstack GBP and Opflex (15:17): https://www.youtube.com/watch?v=3jSgVXxQRBo
On Linux containers:
ACI integration with Docker (8:46): https://www.youtube.com/watch?v=La7fiE00slQ
A blog entry on containers with a link for ebook download: http://blogs.cisco.com/cloud/why-containerize
Don’t miss Balaji’s blog on Contiv: http://blogs.cisco.com/datacenter/project-contiv
Apprenda and ACI (4:21): https://www.youtube.com/watch?v=_GAg__YfqUg
Docker 1.9 is out with lots of enhancements on networking: http://blog.docker.com/2015/11/docker-multi-host-networking-ga/
More on containers: in the last Openstack summit we announced Mantl 0.4: http://blogs.cisco.com/cloud/microservices-infrastructure-mantl-release-0-4
Once again, about Docker integration (15:53): https://www.youtube.com/watch?v=SsY2-E0D98g
Some technical notes:
New TechNote for ACI on configuring VMM integration on UCS: http://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/118965-config-vmm-aci-ucs-00.html
A note on mgmt networks in ACI: “If you are not using INB (inband management), the fabric will default to OOB (out of band management) for things like NTP, AAA, and others. If you have an operable INB setup, then it would be only used for redundancy. INB, when configured, is preferred over OOB."
When setting the “preferred” checkbox for a subnet in an ACI BD, ACI will relay DHCP requests in that BD from that subnet.
ACI NTP config and demo (13:05): https://www.youtube.com/watch?v=yfeQ_mokxYI
From the web:
VCE supports now “powered-by-ACI” Vblocks: http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1730531
Du’s Case Study: http://www.cisco.com/web/about/success-stories/docs/du.html
DemoFriday on switch deployment with Ansible: https://www.sdxcentral.com/resources/sdn-demofriday/open-nx-os-cisco-demofriday-devops/
Application Network Profiler (ANP) tool: http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-735428.pdf
TechWise on Puppet: http://www.cisco.com/web/learning/le21/onlineevts/offers/twtv/en/twtv184/ondemand.html
Infographic on “Top 5 ways that ACI makes IT agile”: http://www.cisco.com/c/dam/m/en_us/solutions/data-center/offers/efficiency/dc-08-dc-cloud-top5s-cte-en.pdf
Blogs
Soni Jiandani: http://blogs.cisco.com/news/executing-on-our-vision-and-strategy-the-future-of-networking-for-an-application-centric-world
Must Knows on Devops, Open NXOS, Ansible: http://blogs.cisco.com/datacenter/ansiblefest2015
ACI DC innovations: http://blogs.cisco.com/datacenter/aci-datacenter-innovations-top-3-ways
Blog by Praveen on ACI from an automation and operation perspective: http://blogs.cisco.com/datacenter/aci-the-sdn-purpose-built-for-data-center-operations-and-automation
Videos:
New ACI NXOS-based CLI: https://youtu.be/It4pddw5_es Splunk and ACI (3:51): https://www.youtube.com/watch?v=ZHWTibFJZEw
ACI dual DC innovations, including multisite toolkit app and cross-vCenter vMotion (31:34): https://www.youtube.com/watch?v=RFBX65GZYNs
ScienceLogic: ACI monitoring demo (4:22): https://www.youtube.com/watch?v=fXnH6FjAg4Y
A10 and ACI integration (6:52): https://www.youtube.com/watch?v=02EAONJdGJM
Great video by Santiago on ASA clusters over 2 ACI fabrics (19:53): https://www.youtube.com/watch?v=Qn5Ki5SviEA
TechWise TV: Open NXOS and Puppet enable DevOps (25:46): https://www.youtube.com/watch?v=f7_M1MCxzxg
ACI-F5 integration demo: https://www.youtube.com/watch?v=7jXTS6COKss (includes BigIP, BigIQ and unmanaged)
ASA and FirePower in ACI (32:32): https://www.youtube.com/watch?v=rcGoZUx4nNs
ACI for the MSFT cloud (1:05): https://www.youtube.com/watch?v=YlF1eXlPqQ0
Thanks for reading down to here!
http://erjosito.tumblr.com/ask
0 notes
Text
ACI/N9K news update: October
Winter is coming closer, and we are in the count down before the next big ACI release comes (code named “Brazos”) with lots of operational enhancements, amongst other things. In the meantime, this is what has been going on in the ACI/N9K area this past month of October:
Puppet for ACI: https://github.com/datacenter/puppet-aci. The Puppet Device framework is being used, that is, no agent required (Puppet manifests are translated in the server to API calls)
The ACI-Fortinet integration officially announced in cisco.com:
Blog entry: http://blogs.cisco.com/datacenter/new-fortigate-connector-for-cisco-aci-delivers-app-centric-security-automation-for-data-center-agility
Solution overview: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/solution-overview-c22-735898.html
In fortinet.com: http://www.fortinet.com/press_releases/2015/fortinet-complements-cisco-application-centric-infrastructure-sdn-security.html
Useful piece of information: In VXLAN, the tenant packet DSCP values are copied to the VXLAN header DSCP
Cisco Enterprise Cloud Suite demo in dCloud! More details here: https://dcloud-cms.cisco.com/?p=19135
7.0(3)I2(1a) released for NXOS with bug fixes, I2(1) has been deferred
From the Web:
Knowledge Base article on vzAny: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Use_vzAny_to_AutomaticallyApplyCommunicationRules_toEPGs.html
SDX-central on unmanaged service integration: https://www.sdxcentral.com/articles/featured/layer-4-7-cisco-article/2015/09/?utm_content=buffera5bd2
Nice write-up on 10 things you should know about Fast IT: http://www.techrepublic.com/article/10-things-you-should-know-about-fast-it/
sdxcentral Demo Friday with ACI+A10:
Event content: https://www.sdxcentral.com/resources/sdn-demofriday/advanced-security-a10-demofriday/
Q&A: https://www.sdxcentral.com/articles/featured/advanced-security-a10-demofriday-qa/2015/10/?utm_source=feedblitz&utm_medium=FeedBlitzRss&utm_campaign=sdxcentral
Blogs:
Soni Jiandani: http://blogs.cisco.com/news/co-innovating-with-ecosystem-partners-to-deliver-truly-integrated-solutions-for-our-customers
Excellent and concise entry on ACI security: open and consistent, for every one (Frank D’Agostino): https://blogs.cisco.com/datacenter/aci-security-open-consistent-for-everyone
ITD on N9K - SLB with NAT: http://blogs.cisco.com/datacenter/server-load-balancing-with-nat-using-nexus-switches-itd
ACI, big data and Data Torrent: http://blogs.cisco.com/datacenter/aci-big-data-and-datatorrent
1,000th customer pictogram: http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/aci-customer-momentum.pdf
New entry on Lauren’s blog, this time on L2 connectivity: http://www.virtualizationadmin.com/articles-tutorials/general-virtualization-articles/layer-2-external-access-cisco-aci.html
Great posts by Luca on containers
Part 1: http://lucarelandini.blogspot.com/2015/10/devops-docker-and-cisco-aci-part-1.html
Part 2: http://lucarelandini.blogspot.com/2015/10/devops-docker-and-cisco-aci-part-2.html
Jim French’s blog: https://cisco.jiveon.com/blogs/JimFrench/2015/09/23/software-defined-network-overlay-and-controller-situation
Videos
I did a quick demo of AVS using application network migrations as concept (7:31): https://www.youtube.com/watch?v=4DmNrCUT1_s
End-to-end application deployment with Cisco ACI, OpenStack and Puppet by Chris Gascoigne (24:02): https://www.youtube.com/watch?v=P4mz4iQfego
Lauren Malhoit in Openstack Summit Tokyo (11:53): https://www.youtube.com/watch?v=8HkiDFGxwFA
Cisco- Bringing Enterprise Grade OpenStack Clouds Online Faster (39:06): https://www.youtube.com/watch?v=SzppPn1XOLk
NetScaler and ACI: configuring SLB Service Graphs (1:56): https://www.youtube.com/watch?v=SRngZTlzWrU
NetScaler and ACI: configuring AppFW Service Graphs (3:19): https://www.youtube.com/watch?v=rYVoX61Al6E
NetScaler and ACI: configuring SSL Service Graphs (3:37): https://www.youtube.com/watch?v=v-0wAunUNhA
OneCloud on UCSD+ACI (9:20): https://www.youtube.com/watch?v=3zf_sMZANNg
TechWise TV: inside the APIC (53:13): https://www.youtube.com/watch?v=MACdOHOXkzQ
TechWise TV: the momentum accelerates (31:52): https://www.youtube.com/watch?v=XzsTuN-DdkE
TechWise TV Special: ACI is more than SDN (1:02:43): https://www.youtube.com/watch?v=youleTI9p8U
TechWise TV: Cisco and Openstack Neutron (49:15): https://www.youtube.com/watch?v=L22gQykSkLc
Cisco and VCE: a winning relationship, with Frank Palumbo (1:37): https://www.youtube.com/watch?v=ZeWrh4XCnDk
Transform your DC with ACI and NetScaler: https://www.youtube.com/watch?v=xhipQdW31LU
See this great video from Muhammed on the ACI firmware upgrade process (18:41):https://www.youtube.com/watch?v=8-dhop-C4bc
0 notes
Text
N9K/ACI update: September+
Hi there,
I missed the updates during Summer, so this one is a bit more dense than usual :-) Hope you find something interesting!
ACI software 1.1(3f) posted in CCO!
1.1(3f) Release Notes: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_113f.html
This release contains mostly bug-fixes, plus the new feature "Deployment Warning and Policy Usage Information”: before updating a policy you can see what other objects are using that policy!
7.0(3)I2(1) for NXOS mode is here! Lots, really lots of new features, I wouldn’t attempt to put all of them here. My personal favourites are the programmability ones, but please check the release notes because the team did an impressive job here:
Release notes: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/release/notes/70321_nxos_rn.html
7.0(3)I1(3) - has been posted too, with mainly bug fixes over Bronte 7.0(3)I1(2):
Release notes: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/release/notes/70313_nxos_rn.html
1000th ACI customer: http://blogs.cisco.com/news/danske-bank-our-1000th-cisco-aci-customer
N9K-C9372PX-E orderable now!
AVS Cisco support statement (in case you hadn’t seen it): http://www.cisco.com/c/dam/en/us/products/collateral/switches/application-virtual-switch/avs-support-statement-an.pdf
Why the network? Here Frank Palumbo’s perspective: http://blogs.cisco.com/news/data-centers-applications-networks-and-chicken-salad-sandwiches
F5 releases v1.2.0 of their device package: https://devcentral.f5.com/articles/f5-release-device-package-120-for-cisco-aci
Customer report: “What Du can do with ACI”: http://blogs.cisco.com/datacenter/what-du-can-do-with-aci
DataTorrent integration with ACI: http://www.virtual-strategy.com/2015/09/29/datatorrent-integrates-cisco-aci-help-secure-big-data-processing-through-unified-data-and#axzz3nccj1rkn
On containers:
Have you heard about the Calico project? If not, take a look at this Cisco blog post: http://blogs.cisco.com/cloud/project-calico-and-cisco-join-forces-to-supercharge-container-networking
Check out what project Mantl is: http://thenewstack.io/mantl-introduces-microservices-stack/
On ACI security:
http://blogs.cisco.com/datacenter/an-overview-of-network-security-considerations-for-cisco-aci-deployments
https://blogs.cisco.com/datacenter/cisco-aci-a-hardened-secure-platform-with-native-built-in-security
ACI microsegmentation article on SDXcentral: https://www.sdxcentral.com/articles/featured/microsegmentation-cisco-article-security/2015/09/
Even if the ACI-Fortinet integration is not officially supported, Qbranch is using it and has publicly spoken about it: https://www.sdxcentral.com/articles/featured/aci-integration-cisco-fortinet-video/2015/09/
From the web
White paper “IT as a strategic Business Resource” written with Forbes (18 pages): http://images.forbes.com/forbesinsights/StudyPDFs/Cisco-IT_as_a_Strategic_Business_Resource-REPORT.pdf
Zenoss achieves compatibility certification for Cisco ACI: http://vmblog.com/archive/2015/09/23/zenoss-inc-achieves-cisco-compatibility-certification-with-the-cisco-solution-partner-program.aspx#.Vgjwr2Sqqko
I did this spreadsheet with code to configure ACI to explain to customers that even if we think that you can operate a network with the existing APIC GUI, there are easy alternatives that help customers to match network operations with existing processes. This is now possible with ACI, in the past it was only at the reach of customers with high programming skills: http://erjosito.tumblr.com/post/129878491127/configuring-your-network-from-excel
On new “unmanaged” mode for L4-L7 service insertion in ACI: https://blogs.cisco.com/datacenter/new-innovations-for-l4-7-network-services-integration-with-ciscos-aci-approach
On ACI-based Vblocks: http://www.vce.com/about/media/news?id=tcm:20-34305
Lauren describing contract creation: http://www.virtualizationadmin.com/articles-tutorials/general-virtualization-articles/cisco-aci-creating-contracts.html
Why Fabrix went ACI: http://hutchinsonnetworks.com/news/sdn,-orchestration-and-why-fabrix-went-cisco-aci
Policy-driven infrastructure: http://blogs.cisco.com/datacenter/policy-driven-infrastructure-to-transform-your-microsoft-cloud-apps-and-operations
Integration with Infoblox: http://blogs.cisco.com/datacenter/aci-and-infoblox-ddi-deliver-highly-automated-secure-reliable-core-network-services
Zitcom success story: http://blogs.cisco.com/datacenter/hosting-provider-zitcom-accelerates-time-to-market-with-cisco-aci
ScienceLogic and ACI: http://www.fierceenterprisecommunications.com/story/sciencelogic-offers-greater-visibility-cisco-aci/2015-08-12 (here you can find the data sheet for the product: https://www.sciencelogic.com/wp-content/uploads/sciencelogic-datasheet-cisco-aci-monitoring.pdf)
PAN-ACI integration note: https://live.paloaltonetworks.com/twzvq79624/attachments/twzvq79624/aci_tkb/1/1/Palo-Alto-Networks-Cisco-ACI-Integration-note.pdf
A note on the partnership with CliQr and hybric clouds: http://blogs.cisco.com/cloud/cliqr
Videos
vRA-ACI integration: https://www.youtube.com/watch?v=-ZFypiNAExE
WWT demo of ACI+F5+Ansible: https://www.youtube.com/watch?v=R6HBY9c_QK4
AVI integration with ACI in 3 videos, here the first one: https://www.youtube.com/watch?v=pJdNaiBC_0s
A nice video showing ACI integration with IBM Cloud Orchestrator (ICO): https://youtu.be/uOY5Ti8odGM
QBranch case study: orchestrating Fortinet with ACI: https://www.youtube.com/watch?v=2caI0Ik0rwk
Cisco ACI optimizer demo by Carly: https://www.youtube.com/watch?v=m7_C5htXAr4
Du and ACI (4:44): https://www.youtube.com/watch?v=n_yfj3trHNc
NterOne automates its network with ACI (5:00): https://www.youtube.com/watch?v=1wHgvVqMfdw
Cisco ACI videos by ScienceLogic:
What is Cisco ACI and how it relates to SDN? (2:00): https://www.youtube.com/watch?v=41VlDx_h1og
How to get the most out of Cisco ACI (2:53): https://www.youtube.com/watch?v=RhW1945js-c
Accessing the Business Value of Cisco DC SDN solutions (1:29): https://www.youtube.com/watch?v=l_YfJ7BzzoM
0 notes
Text
Configuring your network from Excel
What is the best way to configure a network? There are probably a lot of different opinions out there. Some will say there is nothing like CLI. Others will prefer GUIs. And in this last point people will not agree on what is the best GUI: this one is too complex, this one has too few functions, that one is too slow...
So let me tell you my opinion. There is not such a thing as “the” best way to configure a network, but I bet we could try to find “your” best way to configure “your” network.
I would start looking at your processes. When you get network requirements, which form do they have? Wouldn’t it be nice being able to put the requirements into the network, in the same form that you get them?
And that is exactly what you can do with API-based networks. More specifically, with ACI we have tried to build a good GUI, with some wizards to make it easier. Additionally we are going to bring a simplified version of the GUI and a CLI in the next release (see in Youtube for previews of the simplified GUI and the CLI).
But the best thing we have in ACI (in my opinion) is its API. For example, imagine you have a cable plan in an Excel spreadsheet. Why bothering in opening up the APIC’s GUI? Why not letting Excel configuring ACI directly?
This is what I have tried to show here:
youtube
Calling up a REST API from Excel VBA running on a Mac is not as easy as Python, but I managed to find an HTTP client and a JSON parser.
So after you have documented the way you want your servers connected, you press a button and your network gets configured. And if you don’t like that, you have an “deprovision” button to remove everything.
This is just an example, in my opinion the future of infrastructure configuration will not be using the CLI or the GUI that your network vendor gives you, but getting your own tools to speak to the software and hardware in your DC.
BTW, in case you are interested, I put the spreadsheet here: https://github.com/erjosito/stuff/blob/master/VBA-Cable_Plan.xlsm
What do you think about this? What is your favourite network config tool?
1 note
·
View note