Cisco ACI – New Features in Release 1.2(1i)

Cisco released the newest ACI Software this Week, called 1.2(1i).
There are a lot of great new features that i will try to cover in more detail in the future, for now the overview from the release notes.

To install this new software, you can follow one of my blog posts:
Through GUI or Through CLI

Feature Description Guidelines and Restrictions
Basic GUI and Advanced GUI for the APIC The APIC GUI now has two operating modes: the Basic GUI and Advanced GUI.

The Basic GUI is simplified compared to the Advanced GUI, which provides for easier and faster configuration of ACI constructs. The Basic GUI has intelligence embedded that enables the APIC to create some of the ACI model constructs automatically for you, and the Basic GUI provides validations to ensure consistency in the configuration. This functionality reduces and prevents faults.

The Advanced GUI is equivalent to the GUI of the previous releases. You should use the Advanced GUI to manage any policy that you created prior to release 1.2.

For more information, see the Cisco APIC Getting Started Guide.
The performance for some Layer 3 configurations using the Basic GUI can be slow.
NX-OS-Style CLI for APIC The APIC CLI is now similar to the NX-OS CLI. The NX-OS CLI has intelligence embedded that enables the APIC to create some of the ACI model constructs automatically for you, and the CLI provides validations to ensure consistency in the configuration. This functionality reduces and prevents faults.

For more information, see the Cisco APIC Getting Started Guide and Cisco APIC NX-OS Style Command-Line Interface Configuration Guide.
The performance for some CLI commands can be slow in a scale setup. For more information, see Verified Scalability Limits.
Common Pervasive Gateway This feature enables you to configure multiple ACI fabrics with an IPv4 common gateway on a per bridge domain basis. Doing so enables moving one or more virtual machine (VM) or conventional hosts across the fabrics while the host retains its IP address. VM host moves across fabrics can be done automatically by the VM hypervisor. The ACI fabrics can be co-located, or provisioned across multiple sites. The Layer 2 connection between the ACI fabrics can be a local link, or can be across a routed WAN link. None
Common Tenant In the troubleshooting wizard, you can now configure a session with a bridge domain and context in the “Common” tenant. None
Class of Service Preservation The ACI fabric enables preserving 802.1p class of service (CoS) within the fabric. Enable the fabric global QoS policy dot1p-preserve option to guarantee that the 802.1p value in packets which enter and transit the ACI fabric is preserved. None
Direct Server Return The direct server return feature enables a server to respond directly to clients without having to go through the load balancer, which eliminates a bottleneck in the server-to-client path.

For more information, see the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.
None
Ingress Policy Enforcement for Layer 3 Out Scale Starting with release 1.2(1), ingress-based policy enforcement enables defining policy enforcement for Layer 3 Out traffic with regard to egress and ingress directions. The default is ingress. During an upgrade to release 1.2(1) or higher, existing Layer 3 Out configurations are set to egress so that the behavior is consistent with the existing configuration; no special upgrade sequence needs to be planned. After the upgrade, an administrator changes the global property value to ingress. Once changed, the system reprograms the rules and prefix entries. Rules are removed from the egress leaf and installed on the ingress leaf, if not already present. If not already configured, an Actrl prefix entry is installed on the ingress leaf. Direct server return (DSR), and attribute-based EPGs require ingress-based policy enforcement. vzAny and taboo ignore ingress-based policy enforcement. Transit rules are applied at ingress.

In Ingress Policy enforcement mode, if a contract is defined between an L3InstP and an endpoint group, all of the prefixes of the L3InstP are installed in a non-border leaf where that endpoint group is present.
None
Local Policy Enforcement This feature enforces a physical leaf’s policy on traffic that is across the fabric. None
Maximum Prefix Limit Tenant networking protocol policies for BGP l3extOut connections can be configured with a maximum prefix limit that enables monitoring and restricting the number of route prefixes received from a peer. Once the max prefix limit is exceeded, a log entry can be recorded, further prefixes can be rejected, the connection can be restarted if the count drops below the threshold in a fixed interval, or the connection is shut down. Only one option can be used at a time. The default setting is a limit of 20,000 prefixes, after which new prefixes are rejected. When the reject option is deployed, BGP accepts one more prefix beyond the configured limit and the APIC raises a fault. None
Microsegmentation for Microsoft Virtualization This feature supports virtual machine attribute-based endpoint groups for virtual endpoints that are attached to a VMM domain that has Microsoft SCVMM associated with it.

This feature is dependent the Microsoft System Center UR9 release and the appropriate APIC agent.

For more information, see the Cisco ACI Virtualization Guide.
None
Microsegmentation with IP-based Endpoint Groups This feature supports IP-based endpoint groups for physical or virtual endpoints as they are admitted into the fabric. This policy is applied at the physical node level.

For more information, see the Cisco ACI Virtualization Guide.
You must use any of the following hardware to use this feature:

· Nexus 9372PX-E

· Nexus 9372TX-E

· N9K-M6PQ-E
Role-Based Access Control Rule Enhancements Layer 4 to Layer 7 policy configurations in a multi-tenant environment required administrator intervention to create certain objects that cannot be created by tenant administrators using the classic role-based access control (RBAC) domains and roles model definition. An Application Policy Infrastructure Controller (APIC) provides more granular RBAC privileges in the management information tree (MIT) such that you can grant tenant administrators the privileges that are required to create the objects. Tenant administrators can also create RBAC rules through self-service without administrator intervention to grant permissions for resources under their tenant subtree to other tenants and users in the system.

For more information, see the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.
None
Shared Layer 3 Out A shared Layer 3 Out configuration provides routed connectivity to external networks as a shared service. An l3extInstP endpoint group (EPG) provides routed connectivity to external networks. It can be can be provisioned as a shared service in any tenant (user, common, infra, or mgmt.). Prior to release 1.2(1x), this configuration was only supported in the user and common tenants. An EPG in any tenant can use a shared services contract to connect with an l3extInstP EPG regardless of where in the fabric that l3extInstP EPG is provisioned. This simplifies the provisioning of routed connectivity to external networks; multiple tenants can share a single l3extInstP EPG for routed connectivity to external networks. Sharing an l3extInstP EPG is more efficient because it consumes only one session on the switch regardless of how many EPGs use the single shared l3extInstP EPG. None
Simple Network Management Protocol support for APIC The Simple Network Management Protocol (SNMP) is now supported for APIC. None
Fabric Secure Mode Fabric secure mode enhances physical fabric security by enforcing checks for leafs, spines, and APICs that join the fabric by requiring manual approval before they can join the fabric. None
Static Route with Weights The ACI fabric static route preference feature keeps static route preferences intact across leaf switches so that route selection happens based on this preference. None
Unmanaged Mode The unmanaged mode for services enables you to choose the APIC's behavior for allocating network resources and programming the fabric. When enabled, the unmanaged mode restricts the APIC to allocate only the network resources for a service appliance and to program only the fabric (leaf). The configuration of the device is left to be done externally by you.

For more information, see the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.
None
vRealize Integration You can integrate ACI with VMWare's vRealize Orchestration (vRO), vRealize Automation (vRA), and vCenter.

For more information, see the Cisco ACI Virtualization Guide.
None
vSphere vMotion support across two vSphere Distributed Switches (vDSs)

vSphere vMotion support across two vCenters
vSphere vMotion capabilities have been enhanced in this release, enabling users to perform live migration of virtual machines across virtual switches, and vCenter Server systems.

For more information, see the VMware vSphere 6.0 Release Notes.
None

Source:
Release Notes

Link to the Software:
Cisco Download Page

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *