Foreword by Yusuf Bhaiji xxviii Foreword by Ronak Desai xxix Introduction xxx PART I: INTRODUCTION TO ACI Chapter 1 Fundamental Functions and Components of Cisco ACI 1 ACI Building Blocks 8 Hardware Specifications 8 ACI Key Concepts 14 Control Plane 15 Data Plane 17 VXLAN 17 Tenant 18 VRF 19 Application Profile 20 Endpoint Group 21 Contracts 22 Bridge Domain 24 External Routed or Bridged Network 25 Summary 26 Review Key Topics 26 Review Questions 27 Chapter 2 Introduction to the ACI Policy Model 31 Key Characteristics of the Policy Model 32 Management Information Tree (MIT) 33 Benefits of a Policy Model 37 Logical Constructs 37 Tenant Objects 38 VRF Objects 39 Application Profile Objects 40 Endpoint Group Objects 41 Bridge Domain and Subnet Objects 43 Bridge Domain Options 45 Contract Objects 46 Labels, Filters, and Aliases 48 Contract Inheritance 49 Contract Preferred Groups 49 vzAny 50 Outside Network Objects 51 Physical Construct 52 Access Policies 52 Switch Policies 53 Interface Policies 54 Global Policies 55 Managed Object Relationships and Policy Resolution 57 Tags 58 Default Policies 58 How a Policy Model Helps in Diagnosis 60 Summary 63 Review Key Topics 63 Review Questions 64 Chapter 3 ACI Command-Line Interfaces 67 APIC CLIs 68 NX-OS-Style CLI 68 Bash CLI 74 ACI Fabric Switch CLIs 78 iBash CLI 78 VSH CLI 81 VSH_LC CLI 83 Summary 84 Reference 84 Chapter 4 ACI Fabric Design Options 85 Physical Design 85 Single- Versus Multiple-Fabric Design 87 Multi-Pod 97 Multi-Site 116 Remote Leaf 131 Hardware and Software Support 134 ACI Multi-Pod and Remote Leaf Integration 143 Logical Design 149 Design 1: Container-as-a-Service Using the OpenShift Platform and Calico CNI 149 Design 2: Vendor-Based ERP/SAP Hana Design with ACI 165 Design 3: vBrick Digital Media Engine Design with ACI 175 Summary 180 Review Key Topics 181 Review Questions 181 Chapter 5 End Host and Network Connectivity 185 End Host Connectivity 185 VLAN Pool 186 Domain 186 Attachable Access Entity Profiles (AAEPs) 186 Switch Policies 187 Interface Policies 188 Virtual Port Channel (VPC) 191 Port Channel 197 Access Port 201 Best Practices in Configuring Access Policies 206 Compute and Storage Connectivity 207 L4/L7 Service Device Connectivity 210 Network Connectivity 213 Connecting an External Bridge Network 213 Connecting an External Routed Network 218 Diagnosing Connectivity Problems 242 Summary 245 Review Questions 245 Chapter 6 VMM Integration 249 Virtual Machine Manager (VMM) 249 VMM Domain Policy Model 250 VMM Domain Components 250 VMM Domains 250 VMM Domain VLAN Pool Association 252 VMware Integration 257 Prerequisites for VMM Integration with AVS or VDS 257 Guidelines and Limitations for VMM Integration with AVS or VDS 257 ACI VMM Integration Workflow 258 Publishing EPGs to a VMM Domain 258 Connecting Virtual Machines to the Endpoint Group Port Groups on vCenter 259 Verifying VMM Integration with the AVS or VDS 259 Microsoft SCVMM Integration 260 Mapping ACI and SCVMM Constructs 261 Mapping Multiple SCVMMs to an APIC 262 Verifying That the OpFlex Certificate Is Deployed for a Connection from the SCVMM to the APIC 262 Verifying VMM Deployment from the APIC to the SCVMM 263 OpenStack Integration 263 Extending OpFlex to the Compute Node 264 ACI with OpenStack Physical Architecture 264 OpFlex Software Architecture 265 OpenStack Logical Topology 265 M.