Summary of "Cisco ACI Part 2 | Pushing policy to the data center"

This video is a detailed tutorial on how to push configuration policies into Cisco ACI (Application Centric Infrastructure) focusing on practical setup steps and key concepts. It builds on a prior introductory video about Cisco ACI.

Key Technological Concepts and Product Features Covered:

Accessing the APIC (Application Policy Infrastructure Controller):
- Three main methods:
Tenants in ACI:
- Logical separation of resources within ACI.
- Multiple tenants allow isolation for different customers or organizational groups.
- Preloaded tenants include management, infra, and common.
- The common tenant allows resource sharing (e.g., a single internet route shared across tenants).
VRFs (Virtual Routing and Forwarding):
- Each tenant requires at least one VRF, which acts as a Layer 3 routing instance.
- VRFs logically separate IP routing tables within tenants.
- Previously called "private L3 networks" in older ACI versions.
Bridge Domains:
- Layer 2 forwarding domains or broadcast domains within a VRF.
- Not VLANs; instead, Bridge Domains are VXLAN VNIDs (overlay networks).
- Must have at least one bridge domain per VRF.
- Can contain multiple subnets with one primary subnet and additional secondary subnets.
- Subnets define gateway IPs and create switch virtual interfaces on leaf switches.
Application Profiles and Endpoint Groups (EPGs):
- Application profiles group multiple EPGs and define policies between them.
- EPGs are collections of endpoints (servers, VMs, legacy devices, storage, etc.) sharing the same policy.
- Communication is allowed within an EPG but restricted between different EPGs unless contracts are defined.
Contracts:
- Define allowed traffic between EPGs.
- Specify providers (data sources) and consumers (data recipients).
- Filters can be applied to restrict traffic by protocol and port (e.g., TCP port 3306 for SQL, HTTPS port 443).
- Contracts enforce segmentation and security policies within the ACI fabric.
Integration with Load Balancers and Firewalls:
- These devices can be assigned to their own EPGs with contracts controlling traffic.
- Cisco ACI supports L4-L7 services (firewalls, load balancers, etc.) via service graphs, which are specialized contracts for managing traffic through these devices.
- Cisco maintains a compatibility list of supported third-party devices for seamless integration.
Automation and API Access:
- Cisco DevNet provides resources to automate ACI configurations using REST APIs.
- ACI supports exporting configurations in JSON format for automation and integration purposes.
Future Topics Teased:
- Extended topologies for ACI to cover multi-data center or inter-data center environments.

Practical Tutorial Steps Demonstrated:

Logging into the APIC web GUI.
Creating a new tenant and explaining tenant roles.
Creating a VRF within a tenant.
Creating Bridge Domains and associating subnets with gateway IPs.
Creating an application profile.
Defining multiple EPGs within the application profile and associating endpoints (e.g., VMs).
Creating contracts between EPGs with traffic filters (e.g., SQL traffic, HTTPS traffic).
Associating contracts with provider and consumer EPGs.
Brief explanation of how to handle firewalls/load balancers with service graphs.

Main Speakers/Sources:

Rich, the presenter and host of the "Rich Tech Guy" YouTube channel, who provides the walkthrough and explanations throughout the video.

Summary:

This video serves as a practical guide and walkthrough for network engineers or administrators learning to configure Cisco ACI by pushing policies through the APIC GUI. It covers tenant creation, VRF and bridge domain setup, application profiles, Endpoint Groups, and contract creation for traffic control. The video also touches on advanced topics like L4-L7 service integration and automation via REST APIs, with promises of future content on extended ACI topologies.