什么是思科 ACI

八月 6, 2024 by
Filed under: killtest 

原创 Luke 网工笔记本
和大學同學在聊天時候發現,即使大家都是從網路工程專業畢業,有著相似的背景,不過由於工作經驗差別較大,在討論問題時候時常也會先問一些基礎的問題,比如說:什麼是思科ACI ?

之前寫過不少關於 ACI 的技術分享,不過確實是忘了寫這個基礎的資訊介紹。為了更好的解釋 ACI,我整理了一些資訊僅供大家參考。


(hardware based) SDN
Cisco Application Centric。 a holistic architecture with centralized automation and policy-driven application profiles.

思科以應用程式為中心的基礎架構 (ACI) 是思科以資料中心為導向的軟體定義網路 (SDN) 解決方案。市場定位是「簡化、最佳化和加速在高度可擴展和敏捷的網路環境中部署和管理應用程式」。

ACI 透過提供具有集中自動化 (centralized automation) 和策略驅動型應用程式 (policy-driven application profiles) 設定檔的整體架構來實現這一目標。

思科 ACI 的亮點:
Centralized Management and Automation:


ACI uses the Application Policy Infrastructure Controller (APIC) as the centralized management console. APIC enables network administrators to automate and centrally manage the entire data center network.

ACI 使用應用程式策略基礎架構控制器 (APIC) 作為集中式管理控制台。 APIC 使網路管理員能夠自動化和集中管理整個資料中心網路。


Policy-Driven Architecture:


ACI allows the definition of policies that specify how applications interact with the network. These policies are abstracted from the underlying hardware, enabling easier management and consistency across different environments.

ACI 允許定義指定應用程式如何與網路互動的策略。這些策略是從底層硬體中抽像出來的,從而可以更輕鬆地跨不同環境進行管理和一致性。 從實際應用來看,這部分可以參考思科 ACI 的 managed objects

Scalability and Flexibility:


The ACI architecture can scale to accommodate thousands of devices and millions of endpoints. It supports a wide range of physical and virtual devices, providing flexibility in deployment.

ACI 架構可以擴展以容納數千台裝置和數百萬個端點。它支援各種實體和虛擬設備,提供部署靈活性。

ACI 能夠支援數百萬個 endpoint 的原因,可以從 ACI Endpoint Manager / EPM 介紹 裡面了解一下,ACI 是如何學習/同步 endpoints,如何節省 TCAM 空間。

Security and Micro-Segmentation:


ACI provides built-in security features, including micro-segmentation, which allows fine-grained control over network traffic between application components. This enhances security by isolating surworks and liponents.

ACI 提供內建的安全功能,包括微分段,可對應用程式元件之間的網路流量進行細粒度控制。這透過隔離工作負載和限制攻擊面來增強安全性。

ACI 要求不同 EPG 之間通訊必須配置 contract,同時對於相同 EPG 的 endpoints 如果需要隔離,也可以開啟 Intra-EPG contract 功能。

Multi-Cloud and Hybrid Cloud Support:


ACI extends its policy-driven model to multi-cloud and hybrid cloud environments. This ensures consistent networking and security policies across on-premises data centers and public cloud services.

ACI 將其策略驅動型模式擴展到多雲和混合雲環境。這可確保跨本地資料中心和公有雲服務實現一致的網路和安全策略。

Simplified Troubleshooting and Monitoring:


With tools like Cisco Network Assurance Engine and Telemetry, ACI provides advanced monitoring, troubleshooting, and analytics capabilities. These tools help in identifying and resolving issues proactively.

透過思科網路感知引擎和遙測等工具,ACI 可提供進階監控、故障排除和分析功能。這些工具有助於主動識別和解決問題。

Integration with DevOps Tools:

與 DevOps 工具整合:

ACI integrates with various DevOps tools and platforms, such as Kubernetes, OpenStack, and VMware. This enables seamless deployment and management of containerized and virtualized workloads.

ACI 與各種 DevOps 工具和平台集成,例如 Kubernetes、OpenStack 和 VMware。這樣可以無縫部署和管理容器化和虛擬化工作負載。

Enhanced Performance and Efficiency:


The architecture of ACI optimizes network performance by dynamically adjusting to the needs of applications. This results in improved resource utilization and lower operational costs.

ACI 的架構透過動態調整應用需求來優化網路效能。這樣可以提高資源利用率並降低營運成本。

Support for Open Standards:


ACI is built on open standards, which ensures interoperability with third-party solutions and protects against vendor lock-in. This provides flexibility in choosing the best-of-breed components for the network.

ACI 建立在開放標準之上,可確保與第三方解決方案的互通性,並防止供應商鎖定。這為為網路選擇同類最佳組件提供了靈活性。


Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
