Cisco ACI - My Take

Recently Cisco introduced Application Centric Infrastructure and the Nexus 9000 family. I have read many terrific posts about ACI and everything ACI brings to the table.

Assistant network Engineer
My New Assistant
Network Engineer

To recap, ACI uses the Application Policy Infrastructure Controller (APIC) to unite physical and virtual networks. APIC is a policy management application, which creates application profiles and their associated physical, virtual, layer 4-layer7 dependencies, and automates their deployment. Think data center automation combined with SDN.

Sounds like a Software Defined Data Center (SDDC) doesn’t it? Well…there is more. Insieme, now part of Cisco, also developed the hardware and ASICs for the Nexus 9000 as the Infrastructure.

To support ACI, the Nexus 9000s are deployed in a leaf and spine architecture and run in ACI mode. Together the Nexus 9000 and APIC provide an integrated hardware, software, custom ASIC, 40Gb, smoking fast, secure, multi-tenant cloud infrastructure.

Application Deployment in ACI Fabric


So with ACI and the Nexus 9000, can better define this as a Software Defined Hardware Implemented Data Center?  SDHDID….

Needs a better acronym


Home

Cisco Live 2013 and Alligators

Cisco Live and alligators. What could these possibly have in common? What they have in common starts with a tweet from @CommsNinja (aka Amy Lewis, Data Center and Cloud Marketing @Cisco).

“Are you faster than an alligator? Find out 6/26 in Orlando. http://on.fb.me/11beA5K #CLUS (RT please!)”

I have been to Cisco Live twice and I know things can get crazy. So I was thinking the Cisco Appreciation Event could include alligator races. Instead I found something very serious, important, and very close to my heart.

The 2nd Annual Unofficial CLUS Charity 5K. This year donations are going to the Wounded Warrior Project. The Cisco Live Charity Fun Run donation page for the Wounded Warrior Project is here. I would love to know if I am faster than an alligator, but running a 5K would require a small medical contingent and an oxygen tank.

I am not able to run but I would like to donate. I will donate $1.00 for every one runner faster than an alligator ($300 max).

I challenge other Cisco Live attendees. I challenge you to also donate $1.00 for every one faster than an alligator.

I will donate an extra $10 if John Chambers and $10 if Richard Branson are faster than an alligator.

Donations may be given at Wounded Warriors Project.

See you at Cisco Live 2013 Orlando!!

Home

Cisco ASA Static NAT Multiple Global IPs to Single Real IP

I am finally getting comfortable with Cisco ASA Object NAT introduced with software version 8.3. I like that ACLs use the real IP address not the global/translated IP Address.

I am still struggling when in the CLI trying to parse the different elements of the of the object because there are two "object network XYX" references in the configuration, one for the host and one for the NAT mapping.

Now on to the NAT fun....

I had an interesting Static NAT configuration scenario with Cisco ASA software version 9.1(1) recently. A customer has a domain registered and hosts their own public DNS servers. Originally they had two Authoritative Name Servers (NS) with different IP Addresses.

NS1
Public IP X.X.X.1
Private IP Z.Z.Z.1

NS2
Public IP X.X.X.2
Private IP Z.Z.Z.2

The ASA had the standard object with static nat translations:

object network inside-NS1
 host Z.Z.Z.1
 nat (inside,outside) static X.X.X.1
!
object network inside-NS2
 host Z.Z.Z.2
 nat (inside,outside) static X.X.X.2


They wanted to decommission the NS2. The NS records with the Internet Domain Name Registrar where updated, NS2 was powered off, and object inside-NS2 NAT and access list references was removed from the ASA configuration.

After a few days I saw in the ASA logs, packets blocked for DNS requests to X.X.X.2/Z.Z.Z.2. Since there was no long a real server at Z.Z.Z.2 I could not recreate the NAT translation.

I found Cisco documentation for Static NAT with One-to-Many. This allows for multiple public/global/outside IP addresses to be mapped to a single real/internal address.

1st we have to remove the remaining NS1 translation

object network inside-NS1
 host Z.Z.Z.1
 no nat (inside,outside) static X.X.X.1


2nd we create the object range for the global/outside addresses

object network outside-ns1-ns2
 range X.X.X.1 X.X.X.2


3rd we add a new nat statement

object network inside-ns1
 host Z.Z.Z.1
 nat (inside,outside) static outside-ns1-ns2


The nice thing about this solution is how it handles traffic flows. When Internet traffic sent to X.X.X.1, the returning traffic has a source IP of X.X.X.1, and Internet traffic sent to X.X.X.2, the returning traffic has a source IP of X.X.X.2.

Cisco ASA One to Many Static NAT
Cisco ASA One to Many Static NAT



For this post:
 X.X.X.# = external, public, Internet routable IP Addresses
Z.Z.Z.# = internal, private, IP Addresses.

References:
Cisco Support Forums ASA 8.3 Upgrade - What You Need to Know
Cisco ASA CLI Configuration Guide, 9.0


Home

A Network Engineer Jumps into VMware with The Official VCP5 Certification Guide

Assistant Network Engineer Recovering from stressful day dealing with SAN Admins
My Assistant Network
Engineer Margo.
I have worked in the IT industry for 18 years. All this time I have been focused on the Network and Network Infrastructure. I have worked on everything network, from Token Ring to ATM, Frame Relay to MPLS, 10Mbps Ethernet to Fibre Channel over Ethernet, and even Fibre Channel over Token Ring.

I decided I was ready to officially jump into virtualization. I say officially because 1) I have been "touching" VMware for the last two years and 2) I'm ready to earn VCP5 certification.

To start my journey, I recently attended the vSphere 5.1 Install, Manage, and Configure class (the official class is required for VCP5 certification). The class was great for the lecture, lab, and discussion. I needed more. To prepare for the VCP5 Exam I also need a guide to further solidify my understanding.

I am making my way through The Official VCP5 Certification Guide (VMware Press Certification). This book is great! Each section provides thorough details and explanations.

Given my networking background, I enjoyed the section "Planning and Configuring vSphere Networking". I have to admit, I have felt a little out-of-the-loop when the Virtualization guys talk about virtual switches, virtual ports, virtual networks. I'm the networking guy!! I'm supposed to be working on anything with the word "network" in it. Here they are building virtual networks I know nothing about....Rude!

The book has also helped me understand storage (don't get me started on being left out with Fibre-Channel and iSCSI networking). Storage is an area that I felt was surprisingly complicated. I saw an enclosure with a bunch of hard drives connected to a mysterious box called a "Controller" and all was good. Storage admins started talking all "Zone this", "LUN that", "my HBA flogged the target via the WWN". I think the Jets and the Sharks have been replaced with the SANs and the LANs.

Thanks to Bill Ferguson's "The Official VCP5 Certification Guide" my studies in VMware vSphere are flourishing. The book is well written, provides thorough and precise explanations. I will schedule my VCP5 exam in the next few weeks and provide an update.

Thumbs Up, Great Book!!
Billy Carter
CCIE 5022