Categories Massive MIMO

Cisco ACI and VMM Integration – Cisco Operating Cisco ACI

Cisco ACI and VMM Integration

Cisco Application-Centric Infrastructure (ACI) virtual machine (VM) networking supports hypervisors from multiple vendors. It provides the hypervisors programmable and automated access to a high-performance, scalable, virtualized data center infrastructure. The Cisco ACI Open REST API enables virtual machine integration and orchestration of the policy model-based Cisco ACI fabric. Cisco ACI VM networking enables consistent enforcement of policies across both virtual and physical workloads that are managed by hypervisors from multiple vendors.

Cisco ACI supports virtual machine managers (VMMs) from the following products and vendors:

  • Cisco Unified Computing System Manager (UCSM)
  • Cisco Application-Centric Infrastructure (ACI) Virtual Pod (vPod)
  • Cisco ACI Virtual Edge
  • Cloud Foundry
  • Kubernetes
  • Microsoft System Center Virtual Machine Manager (SCVMM)
  • OpenShift
  • OpenStack
  • Red Hat Virtualization (RHV)
  • VMware Virtual Distributed Switch (VDS)

VMM domain profiles specify connectivity policies that enable virtual machine controllers to connect to the ACI fabric. Figure 9-6 provides an overview of the VMM domain policy model.

  

Figure 9-6 VMM Domain Policy Model Overview

The following are the essential components of an ACI VMM domain policy:

  • Virtual machine manager domain profile: An APIC VMM domain profile is a policy that defines a VMM domain. It groups VM controllers with similar networking policy requirements. For example, VM controllers can share VLAN pools and application endpoint groups (EPGs). The APIC communicates with the controller to publish network configurations such as port groups that are then applied to the virtual workloads. A VMM domain profile contain VM controllers such as VMware vCenter or Microsoft SCVMM Manager and the credential(s) required for the ACI API to interact with the VM controllers.
  • EPG association: Endpoint groups regulate connectivity and visibility among the endpoints within the scope of the VMM domain policy. VMM domain EPGs behave as follows:
    • The APIC pushes these EPGs as port groups into the VM controller.
    • An EPG can span multiple VMM domains, and a VMM domain can contain multiple EPGs.
  • Attachable entity profile association: Associates a VMM domain with the physical network infrastructure. An attachable entity profile (AEP) is a network interface template that enables deploying VM controller policies on a large set of leaf switch ports. An AEP specifies which switches and ports are available as well as how they are configured.
  • VLAN pool association: A VLAN pool specifies the VLAN IDs or ranges used for VLAN encapsulation that the VMM domain consumes.

The following modes of Cisco ACI and VMware VMM integration are supported:

  • VMware VDS: When integrated with Cisco ACI, the VMware vSphere distributed switch (VDS) enables you to configure VM networking in the Cisco ACI fabric.
  • Cisco ACI Virtual Edge: Cisco ACI Virtual Edge is a hypervisor-independent distributed service VM that leverages the native distributed virtual switch that belongs to the hypervisor. Cisco ACI Virtual Edge operates as a virtual leaf.

Figure 9-7 outlines the workflow of how an APIC integrates with VMM domain (VMware vCenter in this case) and pushes policies to the virtual environment.

  

Figure 9-7 Cisco ACI and VMware VDS Interworking Workflow

The APIC administrator configures the vCenter domain policies in the APIC. The APIC administrator provides the following vCenter connectivity information:

  • The vCenter IP address, vCenter credentials, and VMM domain policies
  • Policies (VLAN pools, domain type such as VMware VDS)
  • Connectivity to physical leaf interfaces (using attach entity profiles)

Following outlines the workflow of how a APIC integrates with VMM domain (VMware vCenter in this case) and pushes policies to the virtual environment.

The Cisco APIC performs an initial handshake, opens a TCP session with the VMware vCenter specified by a VMM domain, and syncs the inventory.

The APIC creates the VDS—or uses an existing VDS if one is already created—matching the name of the VMM domain. If you use an existing VDS, the VDS must be inside a folder on vCenter with the same name.

The vCenter administrator or the compute management tool adds the ESXi host or hypervisor to the APIC VDS and assigns the ESXi host hypervisor ports as uplinks on the APIC VDS. These uplinks must connect to the ACI leaf switches.

The APIC learns the location of the hypervisor host using the LLDP or CDP information of the hypervisors.

The APIC administrator creates application EPG policies.

The APIC administrator associates EPG policies to VMM domains.

The APIC automatically creates port groups in the VMware vCenter under the VDS. This process provisions the network policy in the VMware vCenter.

The vCenter administrator or the compute management tool instantiates and assigns VMs to the port groups.

The APIC learns about the VM placements based on the vCenter events. The APIC automatically pushes the application EPG and its associated policy (for example, contracts and filters) to the ACI fabric.

Leave a Reply

Your email address will not be published. Required fields are marked *