Cisco ACI: Multi-Site Stretched Layer 3

Cisco ACI(Cisco Application Centric Infrastructure) 
Multi-Site Stretched Layer 3

Communication between EPGs can be established only after applying a proper security policy (that is, a contract between them), unless the policy component is removed to initially focus only on connectivity. 

What is Cisco ACI Multisite ?
Cisco ACI Multisite that enables several data centers to be linked together and managed as a single entity. Administrators are able to set up, monitor, and control network rules, application profiles, and other network resources across numerous sites using Cisco ACI Multisite from a single central console. 

In managing multi-site network settings, this offers a high degree of consistency, automation, and orchestration, assisting enterprises in enhancing network agility, lowering operational complexity, and boosting efficiency.

Cisco ACI: Multi-Site Stretched Layer 3
Fig 1.1-Cisco ACI: Multi-Site Stretched Layer 3

Main functional components of Multi-Site architecture

  • Two or more Cisco ACI fabrics built with Nexus 9000 switches deployed as leaf and spine nodes.
  •  One APIC cluster domain in each fabric.
  •  An inter-site policy manager, named Cisco ACI Multi-Site, which is used to manage the different fabrics and to define inter-site policies.

Different types of Layer 3 connectivity can be established across sites: 

Intra-VRF communication: The source and destination EPGs in this instance are members of distinct bridge domains that are mapped to the same VRF instance (the same tenant). Since the tenant and VRF instance are spread over many sites, MP-BGP EVPN permits the sharing of host routing data, facilitating inter-site communication.

Inter-VRF communication: The needed route-leaking function in this case is simply driven by the formation of a contract between the source and destination EPGs, where the source and destination bridge domains are members of distinct VRF instances (either belonging to the same tenant or different tenants).

Shared services: In one specific case of the inter-VRF communication scenario described earlier, multiple source IP subnets are placed in separate VRF instances or tenants that require access to a shared service offered in a separate VRF instance or tenant. 

This is a typical n:1 connectivity requirement, but again the required exchange of routing information is driven simply by the establishment of a proper security policy between the source and destination EPGs. A separate template (or schema) will be defined for each consumer VRF instance and for the provider VRF instance. 

Continue Reading...
Cisco Nexus Dashboard Cluster Upgrade - The Network DNA
Introduction to Cisco Nexus Cloud - The Network DNA
Cisco ACI: Part 1-Multi-Site Orchestrator Deployment (MSO) - The Network DNA
Cisco Nexus Dashboard Cluster Upgrade by CLI manual Process - The Network DNA
Cisco ACI: Backup and Restore in Nexus Dashboard (MSO) - The Network DNA
Part 1: 10 Basic interview questions on Cisco ACI - The Network DNA
Cisco ACI: RMA procedure for one node in APIC cluster - The Network DNA