ADC SG-1 Bedienungsanleitung PDF herunterladen (Seite 11)

Reference Architecture | Dynamic L4-L7 Service Insertion with Cisco ACI and A10 Thunder ADC

The following are some of the key ACI concepts to understand how ACI applies an application-centric approach

to provision the network infrastructure and support the applications.

Leaf Switches: Leaf switches provide 10GbE and 40GbE connectivity for endpoints and non ACI switches and

routers. Cisco APIC is also attached to the leaf switches. These switches are policy controlled by APIC.

Spine Switches: Spine switches provide high-density 40GbE connectivity between leaf switches. These

switches form the backbone of the ACI fabric providing one hop connectivity to the leaf switches.

Tenant: Tenant is a logical container for an application policy. The container object allows segregation of

resources from a policy perspective. The key objects contained in the tenant are application proﬁles, bridge

domains, Endpoint Groups (EPGs), and security contracts and service graphs.

Application Prole: The application proﬁle models application requirements and contains EPGs. It acts as a

logical container for grouping EPGs that are needed for an application. An application proﬁle may contain one

or more application EPGs.

Bridge Domain: This represents an L2 forwarding construct within the fabric. A bridge domain can have one or

more subnets associated with it, and can be tied with one or more EPGs.

Endpoint Group (EPG): EPG is the most important object in the policy model. It is a logical representation of a

collection of endpoints such as servers, virtual machines, network interface cards (NICs), clients on the Internet,

etc. In the ACI model, the security policies are applied through the notion of an EPG (and not directly on an

endpoint).

Contracts: The security contract object dictates how endpoints in one EPG communicate with those in

another EPG. There is no communication allowed between EPGs by default; for example, a device in EPG1

can’t talk to a device in EPG2 if there is no security contract between the two EPGs that allow communication.

Devices within the same EPG can talk to each other.

Context: The context represents a unique L3 forwarding domain. It can contain multiple bridge domains, and

outside network object policies control connectivity to outside of the tenant.

Figure 10 shows a tenant with an application proﬁle named “webx” that has four EPGs attached to it.

webx

app1

EPG

app2

EPG

web1

EPG

web2

EPG

Figure 10: Application prole “webx” with four EPGs

1 2 ... 6 7 8 9 10 11 12 13 14 15 16 ... 20 21

Keine Kommentare

ADC SG-1 Bedienungsanleitung Seite 11