Category: Design

Cloud ACI 5.2: ACI/Azure Tenant vNET Peering across Azure Acitive Directories

June 21, 2021

From Cloud APIC 5.2 you can configure Tenant vNET peerings across Azure Active Directories. This will be very useful for B2B connectivity. Prior to this tenant vNET peerings for Azure using cAPIC was only possible across subscriptions in the same Azure Active Directory. To Follow along this Proof Of Concept Lab in your own Azure … More Cloud ACI 5.2: ACI/Azure Tenant vNET Peering across Azure Acitive Directories

Cloud ACI 5.2: Azure Brownfield Integration with ACI Fabric

June 19, 2021

If you already have resources deployed in Azure, you can now connect your brownfield vNETS to the Azure cAPIC vNETs using vNET Peering.  This means your connectivity from ACI Fabric vNETS to the brownfield vNETS can go over Azure’s backbone directly.  Security Policies can be attached for this connectivity based on requirements. You can follow … More Cloud ACI 5.2: Azure Brownfield Integration with ACI Fabric

Cloud ACI 5.2: Interconnecting ACI Fabrics Over Cloud Provider’s Backbone at High Speed for both AWS and Azure

June 16, 2021

If you have 2 or more Cloud Fabrics in the same Cloud Provider you can now (from cAPIC 5.2) use the Cloud Providers backbone for interconnecting these Data Centers (DCI). Prior to this you needed to build IPSec tunnels over the Internet between the sites to achieve this. This gives you the benefit of high … More Cloud ACI 5.2: Interconnecting ACI Fabrics Over Cloud Provider’s Backbone at High Speed for both AWS and Azure

ACI with IPv6

May 10, 2021

This is a running list of ACI/IPV6 support notes that I will add to as I learn more items.  Most of the items here have been taken from Cisco ACI Infrastructure Fundamentals Release 5.1(x), Networking and Managemcnt Connectivity.  In addition I’ve also added items here that I’ve obtained by querying the field. Supported: IPv4 only, … More ACI with IPv6

Using ESGs (Endpoint Security Group) in ACI fabric to migrate from Network Centric to Application Centric

February 24, 2021

In Release 5.0 of ACI a new feature, ESGs was released.  This feature effectively allows us to decouple the security policy construct FROM EPGs which have a relationship to BDs  TO  ESGs which have a relationship to VRFs. I had planned to read up on this feature and rewrite the previous article that I had … More Using ESGs (Endpoint Security Group) in ACI fabric to migrate from Network Centric to Application Centric

Understanding ACI TCAM Utilization & Optimization

January 6, 2021

Being organized and creating consistent configurations is a great virtue in the Networking / SDN / Cloud and computing field.  ACI is no exception to that rule.  Haphazard, Inconsistent and thoughtless configurations will increase your work and complexity/understanding of your infrastructure once your  Fabric grows.  In addition it will make it more prone to failures … More Understanding ACI TCAM Utilization & Optimization

ACI/Cloud Extension Usage Primer (Azure) – Multi-Node Service Graph with North South Firewall Scaling using vNET peering and hosting service devices in HUB vNET (overlay-2)

August 19, 2020

In a previous article for Multinode Service Graphs with Horizontal Scaling of Firewalls for East/West traffic on Azure I had described and guided you step by step on how to configure and test that scenario. I have had quite a few folks reach out to me and request that I do a similar writeup for … More ACI/Cloud Extension Usage Primer (Azure) – Multi-Node Service Graph with North South Firewall Scaling using vNET peering and hosting service devices in HUB vNET (overlay-2)

CPOC Series: ACI Service Chaining using Policy Based Redirect (PBR) for east-to-west traffic through an ASA FW

August 1, 2020

In this video we explore using Policy Based Redirects to identify either a subset or ALL traffic between EPGs and forcing that traffic to an external device, in our case, an ASA FW. In our case, our ACI Fabric is the L3GW for all traffic. With the PBR feature, we are going to use an … More CPOC Series: ACI Service Chaining using Policy Based Redirect (PBR) for east-to-west traffic through an ASA FW