Latest

Datacenter Basics : Cisco ACI Multi-Tenant environment

Whenever people are going to study on the Spine-Leaf architecture they always heard about the concept called Tenant while when they study or configure the traditional datacenter they talk about the VDC which is called as virtual device context.

What is Multi-Tenant here in Cisco ACI or VMware NSX which is used a lot ?
Well talk about the multi-tenant, Multi-tenancy is a concept that refers to the logical isolation of shared virtual compute, storage, and network resources. In multi-tenant data center, tenants subscribe to virtual data center (VDC), and based on the services hosted by the tenants I within the virtual data center, each virtual data center can have multiple VN-Segments. 

So if you talk about the traditional datacenter where we logically separated it via VDC and here in Cisco ACI we divide or logical separate with Tenant.

Multi-tenant data center handles the traffic segregation between different tenants, and also within tenant traffic, for security and privacy. Data centers have deployed VLANs to isolate the machines of different tenants on a single Layer-2 network. 
Fig 1.2- Cisco ACI- Multi-tenant
This could be extended to the virtualized data centers by having the hypervisor encapsulate VM packets with a VLAN tag corresponding to the VM owners. This approach provides a Layer-2 abstraction to the tenants and, with VRF, it can completely virtualize the Layer-2 and Layer-3 address spaces. However, the VLAN is a 12-bit field in the VLAN header, limiting this to at most 4K tenants.

Another important requirement for multi-tenant data center is to support the mobility of VMs within and across SPDC, and also into enterprise data centers. Mobility within SPDC allows for dynamic tenant growth and maximizes resource utilization and sharing. 

For instance, if a tenant needs to add a VM to the existing SPDC POD but all the servers are overloaded then the VM for the tenant can be accommodated on another SPDC POD, which has the capacity and is available in server. This means that the VN-Segment must be able to extend virtually anywhere within and across multi-tenant data center.