ADC SG-1 Manual do Utilizador descarregar pdf (Página 6)

Reference Architecture | Dynamic L4-L7 Service Insertion with Cisco ACI and A10 Thunder ADC

Cisco Application Policy Infrastructure Controller (APIC)

Within Cisco ACI, the Application Policy Infrastructure Controller (APIC) is the creation, repository and

enforcement point for application policies, which can be set based on application-speciﬁc network

requirements. The Cisco APIC policy model provides automated L4-L7 service insertion capabilities through a

concept called service graph. The service graph shown in Figure 3 represents the ordered set of service nodes

for a given application proﬁle. The service graph identiﬁes the set of network or service functions (ﬁrewall,

server load balancing, SSL oﬄoad, etc.) that are required by a policy for an application, and each function is

represented as a node in the graph.

Application Network Proﬁle

Service

Chain

Service

Chain

SLBWeb SLB DatabaseApplication

Figure 3: L4-L7 service graph

The APIC automatically provisions and conﬁgures the L4-L7 service nodes from the available L4-L7 device pool

and stitches them together to create the data path forwarding according to the service graph. The APIC also

automatically conﬁgures the underlying network infrastructure for data path forwarding according to the needs

of the service nodes as speciﬁed in the service graph. A service graph typically represents two or more tiers of

an application, with the appropriate service function inserted as service nodes in the graph. The service graph

is a template that is rendered using physical resources in the data center by APIC.

APIC renders the service graph by allocating a preconﬁgured pool of L4-L7 devices like load balancers and

ﬁrewalls to the service nodes. The L4-L7 devices are inserted in the data forwarding path based on the device

selection criteria for the tenant. Cisco APIC communicates with the L4-L7 application and security devices

using a preinstalled device package that helps it conﬁgure and monitor those devices. Figure 4 shows a device

package from A10 Networks that has been added to the Cisco APIC. The device package in this particular case

enables APIC to conﬁgure and deploy L4-L7 ADC services using A10 Thunder ADC devices.

Cisco APIC appliances are deployed as a cluster of fully redundant and load-balanced controllers with a

minimum recommendation of three. APIC provides multiple options to conﬁgure service graphs, some of

which are:

• APIC GUI interface available from a standard web browser

• REST API calls with XML or JSON formatted payloads sent to the APIC

• CLI option to navigate and conﬁgure object model from the APIC CLI interface

• Python scripts using Cisco ACI libraries to control and conﬁgure APIC

1 2 3 4 5 6 7 8 9 10 11 ... 20 21

Sem comentários

ADC SG-1 Manual do Utilizador Página 6