Migrate Existing Network to ACI

Migrate Existing Network to ACI

The general methodology of migrating existing network to Cisco ACI fabric can be divided into three steps: deployment, integration, and migration.

The deployment step consists of Cisco ACI fabric design and implementation that includes activities such as:

• Selecting proper leaf and spine switches, Cisco APIC controllers.
• Bring up and initialize the Cisco ACI fabric with necessary operational and maintenance policies (NTP, DNS, syslog, firmware management, configuration management, and so on).
• Design how the network constructs should be configured in the Cisco ACI fabric such as:

• 1. BD (Layer 2 domain scope): How many subnets should one BD contain? How to map the current VLAN design into the ACI BD design and so on.

  2. VRF (Layer 3 domain scope): Is VRF separation required? Should VRF route leaking be configured and so on.

• Design how the policy (security) constructs should be configured in the Cisco ACI fabric such as:

  1. EPG: Which applications should be able to communicate without a contract? What is the best EPG grouping to optimize contract configurations? Does EPG need to include applications with more than one subnet (related to how to design BD)? How should VLANs be allocated for each EPG and so on.

• Design how the multi-tenancy should be configured in the Cisco ACI fabric such as:

  1. Tenant: How should VRF, BD, EPG, and so on be logically grouped for the best operation/management.

  2. Domain: How should VLANs and interfaces be allocated to each EPG, company organization or customer?

The integration step includes activities that are required to properly connect existing network with Cisco ACI fabric:

• Selecting and connecting interfaces on the side of the existing network and on the Cisco ACI fabric side.
• Implementing configuration on the Cisco ACI fabric side that may include extending Layer 2 domains or providing Layer 3 connectivity between the environments.

The migration step includes activities that are required to move the workloads from existing network to Cisco ACI fabric, which is typically the longest part of the migration process that may take several months to complete. The complexity and duration of this step is largely due to the requirement of no or minimum downtime. The activities here may include the following:

• Migrating whole clusters or individual servers to the Cisco ACI fabric.
• Migrating virtual workloads from old clusters that are connected to the existing network to new clusters that are connected to the Cisco ACI fabric.
• Moving default gateway function from existing network to Cisco ACI fabric.
• Migrating L4-7 network services, that is, service appliances like firewalls and load-balancers.

Connecting Existing Network to Cisco ACI

At the existing network, the interconnecting links should be placed either at the dedicated border switches or at the switches that are used to aggregate the connectivity of other switches in the topology. At the Cisco ACI fabric, the interconnecting links are connected to a pair of Cisco ACI leaf nodes. Such connectivity will be used to extend the VLAN segments from existing network. Therefore, the interconnecting links will be configured as 802.1Q trunks for the required VLANs.

In the example, the interconnection is implemented in a fully redundant manner:

• Four interconnecting links are used and configured in a double-sided vPC—this ensures that all configured links are utilized and no STP loop is created via Cisco ACI fabric.
• In the existing network, a pair of links terminates at one or another aggregating spine switch.
• At the Cisco ACI fabric, two pairs of links terminate at two leaf switches.
• The vPC is configured as 802.1Q trunk for VLANs 10 and 20 (and other VLANs that need to be migrated from the existing network).

Migrating Workloads

The mapping in the Cisco ACI is done by creating BD and EPG per VLAN. You create BD-VLAN10, EPG-VLAN10, BD-VLAN20, and EPG-VLAN20. This approach is called Network-Centric Design.

---