Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract
Ciscos Application Centric Infrastructure (ACI) and F5 Synthesis are focused on efficiently delivering
applications by taking a fabric-based approach to networking and services architectures. Cisco ACI is
designed to translate application requirements into services required for successfully deploying
applications in a simplified and automated fashion.
In this session, youll learn how F5 and Cisco technologies integrate and collaborate to enable IT to
execute on its strategic mission. Learn how:
Cisco ACI and F5 Synthesis SDAS can accelerate application deployment
Cisco ACI translates application requirements into network services by taking advantage of F5 SDAS
architectural components
Assure the performance, security and reliability of applications by taking advantage of applicationcentric network services
For Your
Reference
F5 Agility 2014
Agenda
F5 Synthesis Software Defined Application Services (SDAS) Overview
Cisco Application Centric Infrastructure (ACI) L4-7 Services Insertion
F5 BIG-IP and Cisco ACI Integration
Topologies
Terminologies
How does F5 BIG-IP integrate with Cisco ACI?
L4 SLB workflow
Key Takeaways
Q&A
F5 Agility 2014
F5 Synthesis
Overview
Applications
Impact on Data Center Architecture
MICRO-ARCHITECTURES
API DOMINANCE
Load balancing
Authentication / authorization
Security
Layer 7 Services
May be API-based, expanding
services required
More applications needing services
Service A
Service C
Service B
Service D
API versioning
Client-based steering
API Load balancing
Metering & billing
API key management
More intelligence needed in services
API v1
API v2
Cloud and
DevOps
SDN and
Private Cloud
Accelerate time
to market
Software Defined
Data Centers
Applications
without constraints
Failed to Address:
Rapid deployment
network and operations
velocity
F5 Agility 2014
Virtual Edition
Network
F5 Agility 2014
Control Plane
Appliance
Management Plane
Chassis
f5 Synthesis
High-Performance Services
Fabric
Simplified
Business Models
New licensing models
Easy to procure
Save by purchasing bundles
F5 Agility 2014
F5 DEVICE PACKAGE
FOR APIC
APIC
ACI Fabric
Virtual Edition
F5 Agility 2014
Appliance
Chassis
App x
App y
App z
TENANT (HR)
TENANT (FINANCE)
L4-L7
L4-L7
NETWORK CONNECTIVITY
COMPUTE + VM
NETWORK CONNECTIVITY
COMPUTE + VM
STORAGE
STORAGE
L4-L7
L4-L7
NETWORK CONNECTIVITY
App q
COMPUTE + VM
STORAGE
STORAGE
L4-L7
L4-L7
NETWORK CONNECTIVITY
COMPUTE + VM
App r
Time to operationalize
purchased assets is longer
due to inefficient provisioning
NETWORK CONNECTIVITY
COMPUTE + VM
STORAGE
F5 Agility 2014
App p
NETWORK CONNECTIVITY
COMPUTE + VM
STORAGE
Configure Network to
insert Firewall
FW
Configure firewall
network parameters
Configure firewall rules as
required by the application
Router
LB
Switch
vFW
Server
Service insertion
takes days
Network configuration
is time consuming
and error prone
Difficult to track
configuration on
services
Physical
Networking
Hypervisors
and Virtual
Networking
Compute
L4L7
Services
Storage
Multi DC
WAN & Cloud
BIG-IP
Physical and or Virtual
Traditional
3-Tier
Application
F/W
ADC
WEB
APP
ADC
DB
DB
DB
DB
SLA
Extensible Scripting Model
QoS
APPLICATION
NETWORK PROFILE
CONNECTIVITY
POLICY
DB
QOS
BANDWIDTH
RESERVATION
AVAILABILITY
Security
SECURITY
POLICIES
Load
Balancing
APPLICATION
NETWORK PROFILE
HYPERVISOR
WEB
WEB
HYPERVISOR
WEB
HYPERVISOR
APP
14
DB
APPLICATION
L4-L7
SERVICES
DB
STORAGE AND
COMPUTE
F5 Agility 2014
15
Func:
SSL offload
Connectors
F5 Agility 2014
Terminals
SSL params
Ipaddress <vip> port 80
Func:
Load Balancing
Load-Balancing params
virtual-ip <vip> port 80
Lb-aglorithm: round-robin
16
EPG - APP
Consumes
MSSQL: Accept
MySQL: Accept
HTTP: Accept, Count
Provides
DB
DB
DB
DB
EPG - DB
Contract
Filter
17
F5 Agility 2014
Action
17
Traditional
3-Tier
Application
F/W
ADC
WEB
ADC
APP
APP
APP
APP
DB
DB
DB
DB
APPLICATION
NETWORK PROFILE
End Point Group (EPG) collection of bare metal servers, VMs, vNIC
Ex: WEB EPG - all web servers (bare metal or VMs) are grouped into this EPG
Ex: APP EPG - all APP servers (bare metal or VMs) are grouped into this EPG
NETWORKING POLICY
SECURITY POLICY
Contract services between the WEB and APP EPG (web graph, HTTP graph)
Graph can be single graph or muti graph
Ex: APP is a provider and WEB is the consumer
Define services within a contract: FW, ADC in this example ADC defined
TROUBLESHOOTING POLICY
SPAN, ERSPAN ETC
MONITORING POLICY
(EVENTS, SNMP ETC)
F5 Agility 2014
18
F5 BIG-IP
Integration with
Cisco ACI
Topology Consistency
Core/Aggregation/Access model 1 ARM mode + HA pair
For Your
Reference
Active
Active
Standby
Topology Consistency
Core/Aggregation/Access model 2 ARM mode + HA pair
Active
Standby
Standby
Active
For Your
Reference
External /
Internal
Active
External /
Internal
Standby
APIC
External
Internal
Active
External
Standby
Internal
Open DevicePackage
APIC
Policy
Engine
Python Scripts
Script Engine
APIC Script Interface
Python Scripts
APIC Script Interface
F5 Agility 2014
23
Device Script
24
F5 Agility 2014
APIC
Service Graph
Function Node level
L4-L7 config
iControl
Python
Device
Package
BIG-IP
Physical or
VE
24
WebProfile
HTTPS
Application-1
To Consumer
EPG
F5 Agility 2014
F5 BIG-IP
ASM
F5 Provided
Device Package
F5 BIG-IP
LTM
To Provider
EPG
26
Use cases
Functions
Virtual Server
Layer 4 Server Load balancing
More than 80% of F5 customers use the L4 SLB / L7 SLB / MSFT SharePoint / SSL offload hence 1st release targets these use cases
27
F5 Agility 2014
27
Reference Material
For Your
Reference
F5 BIG-IP LTM and Cisco ACI Integration white paper Coming Soon !
Cisco Validated Design (CVD) on F5 BIG-IP LTM and Nexus 9000 (Standalone) Coming Soon !
Follow us on Twitter @CiscoDC -> Official Cisco Channel, @f5Networks Official F5 Networks Channel
28
F5 Agility 2014
28
Key Takeaways
F5 Software Defined Application Services (SDAS) vision perfectly aligns
with Ciscos Application Centric Infrastructure
How Cisco ACI solves network services insertion challenges
F5 BIG-IP automated integration into Cisco APIC
Cisco ACI integration into existing F5 BIG-IP LTM deployments
Key benefits of BIG-IP / ACI model:
F5 Agility 2014
30
Tenancy Model
31
F5 Agility 2014
32
Multiple Graph
Single Tenant
Multiple Virtual Servers for
different applications in the
same BIG-IP partition/APIC
Tenant, sharing the same
device
APIC partition:
apic1234
Route Domain A
Virtual Server 1
App EPG
1
Virtual Server 2
App EPG
2
Client EPG
Single BIG-IP
physical / virtual
instance
F5 Agility 2014
33
F5 supports TRUE
Multiple Graph
Multiple Tenancy
Multiple Virtual Servers for
different applications in the
different BIG-IP
partitions/APIC Tenants,
sharing the same device
Tenant N
Route Domain N
Tenant B
Client EPG
Tenant A
Client EPG
APIC partition:
apic7890
App
EPG 1
Virtual
APIC partition:
Server 1
apic2345
Route Domain B
VirtualVirtual
APIC partition:
Server
2
apic1234
Server
1
App App
2
EPG EPG
1
Route Domain A
Virtual
Virtual
Server
2
Server
1
App App
EPG 1
EPG 2
Client EPG
Virtual
Server 2
App
EPG 2
F5 Agility 2014
35
APIC
Contract:
Including L4-L7
services
Server
EPG
Client
EPG
Contract
BIG-IP
Ext
EPG
BIG-IP
Int
EPG
Contract
Server
EPG
APIC Partition
Common Partition
User can define custom iRules under Common partition and they can be called by APIC,
F5 Agility 2014
36
Monitoring
APIC can provide EPG level
atomic counters on the Function
Node (F5 BIG-IP)
F5 Agility 2014
37
4 4
Internet
Internet
EPG
Web
EPG
App
EPG
Web
EPG
App
2
3
Client IP
172.16.1.10
38
F5 Agility 2014
Tenant A
10.10.1.2:80 10.10.1.2
10.10.1.3:80 10.10.1.3
10.10.1.4:80 10.10.1.4
3
Tenant B
10.10.1.2:80 10.10.1.2
10.10.1.3:80 10.10.1.3
10.10.1.4:80 10.10.1.4
Client IP
173.17.1.10
38