Why Packetheads Need Not Fear Cisco ACI
There seems to be much mystique and confusion over Cisco’s ACI and how we as network analysts will troubleshoot in this new network environment. It’s an architecture to which few seem to have completed the move, but many are planning to do so in the near future. Now is the time to architect with visibility in mind.
With Cisco ACI there has been some misunderstanding based on early claims of ‘not needing packets anymore’ to discussions on ’how the heck are we going to do this?’ Eager to confirm my beliefs about ACI, I attended many sessions at the Cisco Live conference this year. There was a lot of clarification and confirmation of how to best instrument new networks for full visibility.
The Short Answer: Not much has changed as far as building a visibility fabric. If you have familiarity with building such a fabric in the VMware Nexus ‘Top of the Rack’ design, you will have no issue capturing in an ACI environment. Wherein the Nexus model, to get east-west traffic, you would simply tap the uplinks between the top of the rack and the aggregation layer, in an ACI environment you tap between the spine and leaf switches to obtain traffic.
The one big difference of course is that the packets in ACI are encapsulated in VXLAN (eVXLAN) and you’ll need to verify that your analyzer like Wireshark or GigaStor supports decapsulation of the protocol. If deploying using aggregators (such as Apcon, Gigamon, or Ixia) these packets will be decapsulated and deduplicated prior to being handed off to your analyzer of choice.
SPANing is still an option in ACI but remember, TAP where you can for Real data and only SPAN when you must and do not care about time.
For more in-depth discussion on monitoring ACI and VMware NSX environments, check out the on-demand Viavi Solutions educational round table series Navigating Next-Generation Networks: Virtualization and SDN featuring performance monitoring experts and data center architects.
Key Takeaways
Avoid "Top Monitoring Fails"
Establish East-West traffic visibility
Understand Cisco ACI and VMware NSX infrastructure and monitoring differences
Ease integration with existing fabric
Assess user experience and tackle visibility concerns
Define key performance indicators (KPIs)
Sign up link:
Author - Mike Canney serves as Principal Strategic Architect at Viavi Solutions. In that role, he designs monitoring solutions and serves as the company’s chief troubleshooting consultant with global enterprise. Over the past 24 years Canney has helped hundreds of companies identify and resolve their application and network performance issues. He has also developed coursework and taught engineers how to identify, remediate, and prevent network and application issues by analyzing traffic flows at the packet level.