Regardless of industry, organizations operating geographically distributed IT infrastructures and/or multiple data centers have in common a number of critical requirements. For IT departments, the most important ones are: reducing the effort of network management, increasing the resilience and scalability of the infrastructure, as well as improving the level of security. To meet all these needs, while also ensuring the necessary flexibility for further developments, Datanet Systems recommends adopting a Software-Defined Network (SDN) architecture through Cisco Application Centric Infrastructure ( Cisco ACI).

Cisco ACI is a mature market-leading technology, with tens of thousands of global implementations, including in Romania, which enables multiple usage scenarios with ACI Multi-Pod and ACI Multi-Site network architectures. Each of the SDN topology models proposed by Cisco responds to specific needs and they are not mutually exclusive, being able to use together. As a concrete example, please check the recent CISCO ACI implementation by Datanet Systems at BCR.

 

Here are the main work scenarios of the Cisco ACI architecture models:

 

ACI Multi-Pod: Fast expansion and unified management

 

ACI Multi-Pod allows the expansion of a pre-existing ACI architecture, which can consist of two to 12 modules, called a “Pod” – a Pod is a cluster of switches interconnected in a spine-leaf topology. The pods are connected to each other via a network – Inter-Pod Network (IPN) – with IP routing and are managed centrally via the Application Policy Infrastructure Controller. APIC functions as a single point of management for the entire infrastructure and acts as its orchestrator, allowing the definition and uniform application of configuration policies on all equipment in various locations and Data Centers. Thus, all the switches included in the Pods are under the control of a single APIC cluster, and each Fabric and the associated Pods constitute a single administration domain.

ACI Multi-Pod provides organizations with full network-level resiliency between Pods—each Pod runs its own instances of multiple control protocols, any failure will not affect the other Pods’ operation — and is a rapid method of expanding a center’s network of data with minimal effort and reduced administrative overhead. For example, if an organization deploys a pool of equipment – servers, virtual machines, containers, etc. – in a given location, they can be grouped into End-Points Groups, which, through the Cisco architecture, can be accessed by all Pods. Also through EPGs, administrators can control how groups communicate with each other, creating network segments, and the method can be taken further by using Endpoint Security Groups (ESG), which allows micro-segmentation of the network by creating groups of devices per application level.

Another common use case is for campus data center architecture implementations, as the Multi-Pod model is being frequently used by colocation centers that operate multiple geographically distributed facilities – a Pod is installed in each building/center, and all Pods are interconnected and managed in a single logical architecture with increased resilience.

The ACI Multi-Pod architecture is also useful for organizations that operate a data center in a metropolitan area and have a Disaster Recovery site in another region. The Cisco topology model simplifies the administration of the disaster recovery site – by having all Pods in the same management domain, configuration errors that affect compliance with key requirements in Business Continuity scenarios such as Recovery are avoided Time Objective (RTO) and Recovery Point Objective (RPO).

 

ACI Multi-Site: centralized management of several data centers, but independently

 

The Multi-Site model arose out of the need to provide complete isolation between ACI networks, and while it shares similarities with Multi-Pod, it is a different architecture with its own use cases. Multi-Site allows organizations to achieve management of two or more centers, each managed through its own ACI fabric, but independent of each other. The architecture is composed of two or more ACI Fabrics, each managed in turn by its own APIC cluster. In this topology model, each Fabric is considered a separate Availability Zone, with all sites managed coherently through the ACI Multi-Site Orchestrator. The MSO is a cluster of virtual machines that serves as a central point to monitor the health of ACI sites and apply configurations to multiple sites at once. With this approach, there is a guarantee that any event that occurs on a site – network-level failures, configuration errors, etc. – does not automatically propagate and has no impact on other sites.

By simplifying the extension of a Layer-2 domain across data center boundaries and ensuring Layer-3 connectivity between centers, and the MSO communicating both with individual APIC clusters in on-premises infrastructure and with developments on AWS or Microsoft Azure platforms, the Multi-Site model is frequently used to simplify the integration of ACI architectures with public Cloud environments.

Another common application of the ACI Multi-Site architecture is the interconnection of several independent, geographically dispersed data centers. MSO facilitates the provisioning of multi-tenant Layer-2 and Layer-3 connectivity between sites and is used to develop and deploy independent policies on each ACI fabric, enforce contracts and create tenants across multiple sites, and extend policy from one factory to another. The orchestrator reduces the complexity of these operations while automating the processes of configuring connectivity between sites.

Multi-Site also supports disaster recovery scenarios where IP mobility between sites and configuring the same IP subnets across multiple sites is required. This architecture model is also used to create an active-active data center with increased scalability, enabling live migration of virtual machines.

 

Datanet, Datanet, the partner you need for Cisco ACI projects

 

Implementing an efficient and secure SDN architecture requires advanced technical competences, system integrator skills, and experience in complex infrastructure projects. Datanet Systems meets all these criteria and is the first recommendation in this regard as:

• We have most Cisco ACI projects implemented locally, in various architectures, including in industries with critical availability and security requirements, such as the financial-banking field.
• We are the local Cisco partner with the largest market share and the largest team of Cisco specialists in Romania.
• We were the first company in Romania that invested in the creation of its own ACI laboratory dedicated to testing Cisco SDN technology in real conditions, on infrastructure models capable of replicating the configurations of client companies.

For more information on Cisco ACI benefits and use cases, we recommend reading:

• Case study Cisco ACI implementation by Datanet Systems for Raiffeisen Bank România
• Case study Cisco ACI implementation by Datanet Systems for BCR
• Datanet Systems Guide for switching to Application Centric Infrastructure (ACI) 

Also, the following materials prepared by Datanet specialists Datanet:

• Software Defined Network, an old solution for new problems   
• Cisco ACI, from theoretical advantages to concrete benefits 

For more technical or commercial information about Cisco ACI, and Datanet Systems team provided services, contact us at sales@datanets.ro.