More From Cisco Architect & DE Discussions Connected Life Exchange Digital and Social Emerging Countries High Performance Computing Networking Inside Cisco IT Open at Cisco Perspectives car data check TechWiseTV Corporate/News The Platform Corporate Social Responsibility High Tech Policy Inclusion and Diversity Internet of Everything
Countries and Regions Asia Pacific Belgium Dutch French Canada English French car data check France Réseaux Data Center Green IT IPv6 Collaboration Sécurité Smart Cities Germany Italy Italia PartnerIT The Cisco ACI fabric is designed as an application-centric intelligent network. The Cisco APIC policy model is defined car data check from the top down as a policy car data check enforcement engine focused on the application itself and abstracting the networking functions underneath. The policy model unites with the advanced hardware capabilities of the Cisco ACI fabric underlying the business-application-focused control system.
The Cisco APIC policy object-oriented model is built on the distributed policy enforcement concepts for intelligent devices enabled by OpFlex and characterized car data check by modern development and operations ( DevOps ) applications such as Puppet and Chef .
At the top level, the Cisco APIC policy model is built on a series of one or more tenants, which allows the network infrastructure administration and data flows to be segregated. Tenants car data check can be customers, business units, or groups, depending on organization needs. Below tenants, the model provides a series of objects that define the application itself. These objects are endpoints car data check and endpoint groups (EPGs) and the policies car data check that define their relationships (see figure below). The relationship between two endpoints, which might be two virtual machines connected in a three-tier web application, can be implemented by routing traffic between the endpoints to firewalls and ADCs that enforce the appropriate security and quality of service (QoS) policies for the application and those endpoints.
Endpoints car data check and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy ModelEndpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy Model
For this discussion, the important feature to notice is the way that Cisco ACI policies are applied to application endpoints (physical and virtual workloads) and to EPGs. Configuration of individual network devices is ancillary to the requirements of the application and workloads. Individual devices do not require programmatic control as in prior SDN models, but are orchestrated according to the centrally car data check defined car data check and managed car data check policies and according to application policies.
This model is catching hold in the industry and in the open source community. The OpenStack organization has begun work on including group-based policies to extend the OpenStack Neutron API for network orchestration with a declarative policy-based model based closely on EPG policies from Cisco ACI. (Note: Declarative refers car data check to the orchestration model in which control is distributed to intelligent devices based on centralized policies, in contrast to retaining per-flow management control within the controller itself.)
The figure below (from the OpenStack website) shows how the group policy model extends the existing OpenStack networking concepts of networks and ports by applying the network objects to a new classifier, called the endpoint, with endpoints then further classified into groups. Policies are applied to endpoint car data check groups, with policies consisting of classifiers, rules, and actions.
The main advantage car data check of the extensions described in this blueprint is that they allow for an interface to Neutron car data check which is more application-centric than the existing Neutron APIs . For example, the current Neutron API is focused on very network-centric constructs: ports, networks, subnets, routers, and security groups. In the context of networking, these make complete sense. But in the context of cloud applications, these are more cumbersome than needed. Application developers think in different terms the policy and group abstractions are designed to allow for the flexibility that an application developer may want when programming something like Neutron.
Similarly, the OpenDaylight open source controller group is working on specifying a group policy plug-in for the OpenDaylight controller. In this case, in addition to adopting car data check the same policy model focused on groups car data check of endpoints, the controller car data check working car data check group is specifying northbound APIs from the controller to accept abstract policy based on application requirements from orchestration car data check tools and systems such as OpenStack, car data check and to offer numerous southbound interfaces to allow network elements to be programmed and mana
No comments:
Post a Comment