The APIC integrates with a VMware vCenter instance seamlessly to extend the ACI policy framework to vSphere workloads. The APIC uses Application Profiles to represent the ACI policy. The Application Profiles model is the logical representation of all components of the application and its interdependencies on the ACI fabric. This policy framework also includes an L4–L7 service insertion mechanism, providing full-service lifecycle management based on workload instantiation and decommission.
After these Application Profiles are defined in the APIC, the integration between vCenter and APIC ensures that these network policies can be applied to vSphere workloads. The network policies and logical topologies (VLANs, subnets, and so on) that have traditionally dictated application design are now applied based on the Application Profile through the APIC.
The Cisco APIC integrates with the VMware vCenter to simplify workload connectivity, as shown in Figure 4-25. For example, you do not have to use VLANs to define basic networking connectivity. To connect VMware workloads to the Cisco ACI fabric, the virtualization administrator simply needs to associate the virtual machines with the port groups that appear under the virtual distributed switch (VDS).
Figure 4-25 Cisco ACI VMware Integration
Cisco ACI Virtual Edge
The Cisco Application Centric Infrastructure Virtual Edge is a hypervisor-independent distributed service virtual machine (VM) that is specifically designed for the Cisco ACI. It leverages the native distributed virtual switch that belongs to the hypervisor. The Cisco ACI Virtual Edge runs in the user space, operates as a virtual leaf, and is managed by the Cisco APIC. If you use the Cisco AVS, you can migrate to the Cisco ACI Virtual Edge; if you use the VMware VDS, you can run the Cisco ACI Virtual Edge on top of it.
The Cisco ACI Virtual Edge supports two modes of traffic forwarding: local switching and no local switching. The forwarding mode is selected during Cisco ACI Virtual Edge installation.
The Cisco ACI Virtual Edge is supported as a vLeaf for the Cisco APIC with the VMware ESXi hypervisor. It manages a data center defined by the VMware vCenter Server.
Integrating VMware Overlays with the Cisco ACI
VMware virtualized overlay models use Virtual Extensible LAN (VXLAN) for tunneling. This tunneling allows virtual machine connectivity independent of the underlying network. In these environments, one or more virtual networks are built using the chosen overlay technology, and traffic is encapsulated as it traverses the physical network.
The Cisco ACI integration with VMware provides overlay independence and can bridge frames to and from VXLAN, Network Virtualization using Generic Routing Encapsulation (NVGRE), VLAN, and IEEE 802.1x encapsulation. This approach provides flexibility for heterogeneous environments, which may have services residing on disparate overlays.
The Cisco APIC integration with vCenter enables dynamic workload mobility, management automation, and programmatic policy. As workloads move within the virtual environment, the policies attached to the workloads are enforced seamlessly and consistently within the infrastructure.
This integration delivers a scalable and secure multitenant infrastructure with complete visibility into application performance across physical and VMware virtual environments.
Application Profiles
An application profile (fvAp) defines the policies, services, and relationships between endpoint groups (EPGs). Application profiles contain one or more EPGs. Modern applications contain multiple components. For example, an e-commerce application could require a web server, a database server, data located in a storage-area network, and access to outside resources that enable financial transactions. The application profile contains as many (or as few) EPGs as necessary that are logically related to providing the capabilities of an application.