Tag: sdn

How to Advertise a Route from ACI Layer2 BD Outside the Fabric?

Sometimes you will have some L2 domains (Bridge Domains – BD) in your datacenter that will be used with hardware appliances like F5 NLB or something like an additional firewall, WAF or something similar. That is the case where ACI will not route or bridge but the only L3 point of exit from that kind of segment would be on actual hardware appliance outside ACI Fabric – connected to the Leaf port.

We will take an example here and use it throughout the article where BIG IP F5 NLB is used as an L3 termination of L2 BD 10.10.10.0/24.

F5 is directly connected to ACI Leaf and routing from 10.10.10.0/24 subnet (L2 BD) is done directly on F5 device which is default gateway for that subnet endpoints.

ACI L2 BD Host Routing

In those cases for some particular implementations when you decide not to use PBR or Service graphs, it will happen that appliances like our F5 would become L3 termination for some ACI L2 BD like the 10.10.10.0/24 from my beautiful image above.

| Continue Reading.. |

ACI MultiPod – Enable Standby APIC

APIC Controller Cluster

You actually need three APIC controller servers to get the cluster up and running in complete and redundant ACI system. You can actually work with only two APICs and you will still have a cluster quorum and will be able to change ACI Fabric configuration.

Loosing One Site

In the MultiPod, those three controllers need to be distributed so that one of them is placed in the secondary site. The idea is that you still have a chance to keep your configuration on one remaining APIC while losing completely primary site with two APICs. On the other hand, if you lose secondary site, two APICs in the first site will still enable you to do configuration and management of ACI Fabric as nothing happened.

Losing DCI Interconnect

The second type of MultiPod fail is when you lose DCI (datacenter interconnect). In that case, both sites will keep working but will alert that the other side is down. The secondary site with one APIC will be in read-only mode and the primary site will be fully functional with two remaining APICs on that site. If some changes are made on the primary site, those changes will be replicated to the third controller on the secondary site when DCI recovers and configuration relating site B POD will be then pushed to POD 2 fabric.

DCI issues are not a good time for APIC replacement, just wait for DCI to start working normally and continue to use ACI APIC controllers as before the issues. You will still have the option to manage primary site if DCI fails and after DCI starts working again changes will be replicated to secondary site APICs and Fabric.

Please note that temporary DCI issues are not a good time to replace the APIC. If you are experiencing just a DCI outage the second site still works but it cannot be configured. Think about it, perhaps the best thing to do in this case is not to change the configuration of your fabric on either side while DCI doesn’t get back up and running. That way you are sure your configuration does not affect the MultiPod stability once DCI gets back up and sites start to communicate again.

| Continue Reading.. |

What is Cisco ACI?

Hello World

This is an overview of what I think Cisco ACI actually is. It uses some examples from the lab environment to show you how the things look like when you start to work with ACI. There are other articles in the works which will be online soon and which will go in details through the real configuration of ACI and best practices while doing it.

What is this Cisco ACI Fabric?

Cisco ACI is a datacenter network Fabric. It actually means that it is a networking system of more networking L3 switches that have a modified, next-generation OS which enables them to be centrally provisioned and configured through APIC controller to work as one device from access port perspective.

ACI APIC GUI Topology

The view at Cisco ACI APIC GUI where we see complete ACI Fabric Topology

| Continue Reading.. |

SDN SOFTWARE DEFINED NETWORKS: AN OVERVIEW

Flowing text is a project done as a part of academic work that I am involved with for last few years at the University of Rijeka – Department of Informatics. It’s a short overview at latest achievements in the field of network automation with some lab experiments done to test different paths across the network. The work was presented at 6th International Conference on Information Technologies and Information Society (ITIS2014).

The scope of ITIS events are the applications of IT, particularly in social sciences. The conference also covers a wider range of topics related to IT and computational modeling and analysis, in the context of our Creative Core project “Simulations” and our Research Program “Complex networks”. These include cloud computing, complex systems and complex networks, bioinformatics, graph theory and optimization, statistical analysis, business and industrial processes, logistics, information systems and security.

Okaj, let’s go…

Authors

dr. sc. Božidar Kovačić & mag.edu.inf Valter Popeškić (me)
University of Rijeka – Department of Informatics

| Continue Reading.. |

Why numbering should start at zero?

Please note:

This has nothing to do with networking in particular! Not if you look from only one perspective. If you look from totally different perspective, with Cisco ACI and all other SDN solutions, you will probably meet with Python programming language (because you will) and then, somewhere in beginning of Python exploration this is the first question that will cross your mind. Of course, if you think like me!

Although not directly related to networking, the question bothered me for some time now and the answer is not only really logical when you read it but it is also given by a cool guy named prof.dr. Edsger W. Dijkstra

For almost every networking geek it will be enough to read through it.

Intro

After getting the CCIE I found the next thing I wanted to get my hands around. Python. As it seems, Cisco ACI fabric will be the next big thing in Cisco world. Other vendors all have something about SDN to offer these days. Most important part for us, networking engineers, is that they want us to give up the CLI and get us to use Python and REST calls to speak with our network equipment. Python was the logical next step.

I signed and passed Dr. Chuck’s Coursera Python class:

And got some books:

  • Python for Informatics by Charles Severance (Coursera Professor)
  • Learning Python, Fifth Edition by Mark Lutz
  • Python Pocket Reference, Fifth Edition by Mark Lutz
  • Fluent Python by Luciano Ramalho

After first few great lectures on Coursera by Dr.Chuck the question was born!

The Question

So my questions arose: “Why the hell in Python slices and range exclude the last item?”, “Why?”, “It’s not logical to me!”

The Answer

| Continue Reading.. |