0915920514 cs@booksvn.com
EN VI JA KO ZH
Log in Sign up
BooksVN
Trang chủeBookACI Advanced Monitoring and Troubleshooting, 1st edition
ACI Advanced Monitoring and Troubleshooting, 1st edition

ACI Advanced Monitoring and Troubleshooting, 1st edition

BRAND: PEARSON
Publisher:
PEARSON
Author:
Sadiq Memon; Carlo Schmidt; Joseph Ristaino
Edition:
(October 22, 2020) © 2021
eBook ISBN:
9781587145285
Print ISBN:
Type:
ebook
eBook edition. 1 Year Subscription. Dành cho Cá nhân | Trường ĐH, Nhóm, Thư Viện: Gọi 0915920514 để báo giá Pearson, Vital Source eBook hoặc mua Sách In

Tổng quan sách

Giám sát và khắc phục sự cố nâng cao ACI cung cấp nền tảng khái niệm vững chắc và kiến ​​thức kỹ thuật chuyên sâu để giám sát và khắc phục sự cố hầu như mọi sự cố gặp phải trong quá trình thử nghiệm, triển khai hoặc vận hành cơ sở hạ tầng Cơ sở hạ tầng lấy ứng dụng làm trung tâm (ACI) của Cisco. Được biên soạn bởi các chuyên gia hỗ trợ ACI hàng đầu tại Cisco, cuốn sách bao gồm tất cả những gì sinh viên cần học để duy trì hoạt động triển khai ACI một cách tối ưu. Bảo hiểm bao gồm: Các khái niệm và thành phần ACI cốt lõi, bao gồm nền tảng Nexus 9000 Series, bộ điều khiển APIC và giao thứcCái nhìn sâu sắc về mô hình chính sách của ACICác tùy chọn thiết kế vải ACI: trung tâm dữ liệu đơn và nhiều, kéo dài so với nhiều loại vải và nhiều nhóm/nhiều vị tríTự động hóa, điều phối và đám mây trong môi trường ACICấu trúc liên kết ACI và thông số kỹ thuật phần cứng/phần mềmKết thúc kết nối máy chủ và mạngTích hợp VMMCấu hình quản lý mạng, bao gồm SNMP, AAA và SPANGiám sát vải và sức khỏe ACINhận kết quả ngay lập tức thông qua giao diện dòng lệnh NX-OS Khắc phục sự cố các trường hợp sử dụng: khám phá cấu trúc, APIC, quyền truy cập quản lý, hợp đồng, kết nối bên ngoài, kết nối lá/cột sống, kết nối máy chủ cuối, sự cố VMM, sự cố nhiều nhóm/đa trang ACI, v.v.

  1. Foreword by Yusuf Bhaiji xxviiiForeword by Ronak Desai xxixIntroduction xxxPART I: INTRODUCTION TO ACI
  2. Chapter 1 Fundamental Functions and Components of Cisco ACI 1ACI Building Blocks 8 Hardware Specifications 8ACI Key Concepts 14 Control Plane 15 Data Plane 17 VXLAN 17 Tenant 18 VRF 19 Application Profile 20 Endpoint Group 21 Contracts 22 Bridge Domain 24 External Routed or Bridged Network 25Summary 26Review Key Topics 26Review Questions 27
  3. Chapter 2 Introduction to the ACI Policy Model 31Key Characteristics of the Policy Model 32 Management Information Tree (MIT) 33 Benefits of a Policy Model 37Logical Constructs 37Tenant Objects 38VRF Objects 39Application Profile Objects 40Endpoint Group Objects 41Bridge Domain and Subnet Objects 43 Bridge Domain Options 45Contract Objects 46 Labels, Filters, and Aliases 48 Contract Inheritance 49 Contract Preferred Groups 49 vzAny 50Outside Network Objects 51Physical Construct 52 Access Policies 52 Switch Policies 53 Interface Policies 54 Global Policies 55Managed Object Relationships and Policy Resolution 57Tags 58Default Policies 58How a Policy Model Helps in Diagnosis 60Summary 63Review Key Topics 63Review Questions 64
  4. Chapter 3 ACI Command-Line Interfaces 67APIC CLIs 68 NX-OS–Style CLI 68 Bash CLI 74ACI Fabric Switch CLIs 78 iBash CLI 78 VSH CLI 81 VSH_LC CLI 83Summary 84Reference 84
  5. Chapter 4 ACI Fabric Design Options 85Physical Design 85 Single- Versus Multiple-Fabric Design 87 Multi-Pod 97 Multi-Site 116 Remote Leaf 131 Hardware and Software Support 134 ACI Multi-Pod and Remote Leaf Integration 143Logical Design 149 Design 1: Container-as-a-Service Using the OpenShift Platform and Calico CNI 149 Design 2: Vendor-Based ERP/SAP Hana Design with ACI 165 Design 3: vBrick Digital Media Engine Design with ACI 175Summary 180Review Key Topics 181Review Questions 181
  6. Chapter 5 End Host and Network Connectivity 185End Host Connectivity 185 VLAN Pool 186 Domain 186 Attachable Access Entity Profiles (AAEPs) 186 Switch Policies 187 Interface Policies 188 Virtual Port Channel (VPC) 191 Port Channel 197 Access Port 201 Best Practices in Configuring Access Policies 206 Compute and Storage Connectivity 207 L4/L7 Service Device Connectivity 210Network Connectivity 213 Connecting an External Bridge Network 213 Connecting an External Routed Network 218Diagnosing Connectivity Problems 242Summary 245Review Questions 245
  7. Chapter 6 VMM Integration 249Virtual Machine Manager (VMM) 249 VMM Domain Policy Model 250 VMM Domain Components 250 VMM Domains 250 VMM Domain VLAN Pool Association 252VMware Integration 257 Prerequisites for VMM Integration with AVS or VDS 257 Guidelines and Limitations for VMM Integration with AVS or VDS 257 ACI VMM Integration Workflow 258 Publishing EPGs to a VMM Domain 258 Connecting Virtual Machines to the Endpoint Group Port Groups on vCenter 259 Verifying VMM Integration with the AVS or VDS 259Microsoft SCVMM Integration 260 Mapping ACI and SCVMM Constructs 261 Mapping Multiple SCVMMs to an APIC 262 Verifying That the OpFlex Certificate Is Deployed for a Connection from the SCVMM to the APIC 262 Verifying VMM Deployment from the APIC to the SCVMM 263OpenStack Integration 263 Extending OpFlex to the Compute Node 264 ACI with OpenStack Physical Architecture 264 OpFlex Software Architecture 265 OpenStack Logical Topology 265 Mapping OpenStack and ACI Constructs 266Kubernetes Integration 272 Planning for Kubernetes Integration 272 Prerequisites for Integrating Kubernetes with Cisco ACI 273 Provisioning Cisco ACI to Work with Kubernetes 274 Preparing the Kubernetes Nodes 277 Installing Kubernetes and Cisco ACI Containers 279 Verifying the Kubernetes Integration 280OpenShift Integration 281 Planning for OpenShift Integration 282 Prerequisites for Integrating OpenShift with Cisco ACI 283 Provisioning Cisco ACI to Work with OpenShift 284 Preparing the OpenShift Nodes 287 Installing OpenShift and Cisco ACI Containers 290 Updating the OpenShift Router to Use the ACI Fabric 291 Verifying the OpenShift Integration 291VMM Integration with ACI at Multiple Locations 292 Multi-Site 292 Remote Leaf 295Summary 298
  8. Chapter 7 L4/L7 Service Integration 299Service Insertion 299The Service Graph 300 Managed Mode Versus Un-Managed Mode 301 L4–L7 Integration Use Cases 302 How Contracts Work in ACI 303 The Shadow EPG 306 Configuring the Service Graph 307 Service Graph Design and Deployment Options 312Policy-Based Redirect (PBR) 322 PBR Design Considerations 323 PBR Design Scenarios 324 Configuring the PBR Service Graph 325 Service Node Health Check 326 Common Issues in the PBR Service Graph 328L4/L7 Service Integration in Multi-Pod and Multi-Site 332 Multi-Pod 332 Multi-Site 338Review Questions 342
  9. Chapter 8 Automation and Orchestration 343The Difference Between Automation and Orchestration 343 Benefits of Automation and Orchestration 344REST API 349Automating Tasks Using the Native REST API: JSON and XML 351 API Inspector 351 Object (Save As) 353 Visore (Object Store Browser) 355 MOQuery 357 Automation Use Cases 364Automating Tasks Using Ansible 372 Ansible Support in ACI 375 Installing Ansible and Ensuring a Secure Connection 378 APIC Authentication in Ansible 382 Automation Use Cases 384Orchestration Through UCS Director 392 Management Through Cisco UCS Director 392 Automation and Orchestration with Cisco UCS Director 393 Automation Use Cases 395Summary 402Review Questions 402PART II: MONITORING AND MANAGEMENT BEST PRACTICES
  10. Chapter 9 Monitoring ACI Fabric 405Importance of Monitoring 405Faults and Health Scores 407Faults 407Health Scores 411ACI Internal Monitoring Tools 415 SNMP 415 Syslog 420 NetFlow 426ACI External Monitoring Tools 430 Network Insights 430 Network Assurance Engine 437 Tetration 453Monitoring Through the REST API 473 Monitoring an APIC 475Monitoring Leafs and Spines 482 Monitoring Applications 499Summary 505Review Questions 506
  11. Chapter 10 Network Management and Monitoring Configuration 509Out-of-Band Management 509 Creating Static Management Addresses 510 Creating the Management Contract 510 Choosing the Node Management EPG 513 Creating an External Management Entity EPG 513 Verifying the OOB Management Configuration 515In-Band Management 517 Creating a Management Contract 517 Creating Leaf Interface Access Policies for APIC INB Management 518 Creating Access Policies for the Border Leaf(s) Connected to L3Out 520 Creating INB Management External Routed Networks (L3Out) 522 Creating External Management EPGs 524 Creating an INB BD with a Subnet 527 Configuring the Node Management EPG 529 Creating Static Management Addresses 530 Verifying the INB Management Configuration 530AAA 533 Configuring Cisco Secure ACS 533 Configuring Cisco ISE 542 Configuring AAA in ACI 547 Recovering with the Local Fallback User 550 Verifying the AAA Configuration 550Syslog 551 Verifying the Syslog Configuration and Functionality 555SNMP 556 Verifying the SNMP Configuration and Functionality 562SPAN 566 Access SPAN 567 Fabric SPAN 571 Tenant SPAN 572 Ensuring Visibility and Troubleshooting SPAN 575 Verifying the SPAN Configuration and Functionality 576NetFlow 577 NetFlow with Access Policies 580 NetFlow with Tenant Policies 582 Verifying the NetFlow Configuration and Functionality 585Summary 587PART III: ADVANCED FORWARDING AND TROUBLESHOOTING TECHNIQUES
  12. Chapter 11 ACI Topology 589Physical Topology 589APIC Initial Setup 593Fabric Access Policies 595 Switch Profiles, Switch Policies, and Interface Profiles 595 Interface Policies and Policy Groups 596 Pools, Domains, and AAEPs 597VMM Domain Configuration 601 VMM Topology 601Hardware and Software Specifications 603Logical Layout of EPGs, BDs, VRF Instances, and Contracts 605 L3Out Logical Layout 606Summary 608Review Key Topics 608References 609
  13. Chapter 12 Bits and Bytes of ACI Forwarding 611Limitations of Traditional Networks and the Evolution of Overlay Networks 611High-Level VXLAN Overview 613IS-IS, TEP Addressing, and the ACI Underlay 615 IS-IS and TEP Addressing 615 FTags and the MDT 618Endpoint Learning in ACI 626 Endpoint Learning in a Layer 2–Only Bridge Domain 627 Endpoint Learning in a Layer 3–Enabled Bridge Domain 635 Fabric Glean 640 Remote Endpoint Learning 641 Endpoint Mobility 645 Anycast Gateway 647 Virtual Port Channels in ACI 649Routing in ACI 651 Static or Dynamic Routes 651 Learning External Routes in the ACI Fabric 656 Transit Routing 659Policy Enforcement 661 Shared Services 664 L3Out Flags 668Quality of Service (QoS) in ACI 669 Externally Set DSCP and CoS Markings 671CoS Preservation in ACI 672Multi-Pod 674Multi-Site 680Remote Leaf 684Forwarding Scenarios 686 ARP Flooding 686 Layer 2 Known Unicast 688 ARP Optimization 690 Layer 2 Unknown Unicast Proxy 690 L3 Policy Enforcement When Going to L3Out 693 L3 Policy Enforcement for External Traffic Coming into the Fabric 695Route Leaking/Shared Services 695 Consumer to Provider 695 Provider to Consumer 698Multi-Pod Forwarding Examples 698 ARP Flooding 700 Layer 3 Proxy Flow 700Multi-Site Forwarding Examples 703 ARP Flooding 703 Layer 3 Proxy Flow 705Remote Leaf 707 ARP Flooding 707 Layer 3 Proxy Flow 710Summary 713Review Key Topics 713References 714Review Questions 714
  14. Chapter 13 Troubleshooting Techniques 717General Troubleshooting 717 Faults, Events, and Audits 718 moquery 722 iCurl 724 Visore 726Infrastructure Troubleshooting 727 APIC Cluster Troubleshooting 727 Fabric Node Troubleshooting 734How to Verify Physical- and Platform-Related Issues 737 Counters 737 CPU Packet Captures 743 SPAN 748Troubleshooting Endpoint Connectivity 751 Endpoint Tracker and Log Files 752 Enhanced Endpoint Tracker (EPT) App 756 Rogue Endpoint Detection 758Troubleshooting Contract-Related Issues 759 Verifying Policy Deny Drops 764Embedded Logic Analyzer Module (ELAM) 765Summary 769Review Key Topics 769Review Questions 769
  15. Chapter 14 The ACI Visibility & Troubleshooting Tool 771Visibility & Troubleshooting Tool Overview 771Faults Tab 772Drop/Stats Tab 773 Ingress/Egress Buffer Drop Packets 774 Ingress Error Drop Packets Periodic 774 Storm Control 774 Ingress Forward Drop Packets 775 Ingress Load Balancer Drop Packets 776Contract Drops Tab 777 Contracts 777 Contract Considerations 778Events and Audits Tab 779Traceroute Tab 780Atomic Counter Tab 782Latency Tab 785SPAN Tab 786Network Insights Resources (NIR) Overview 787Summary 790
  16. Chapter 15 Troubleshooting Use Cases 791Troubleshooting Fabric Discovery: Leaf Discovery 792Troubleshooting APIC Controllers and Clusters: Clustering 795Troubleshooting Management Access: Out-of-Band EPG 799Troubleshooting Contracts: Traffic Not Traversing a Firewall as Expected 801Troubleshooting Contracts: Contract Directionality 804Troubleshooting End Host Connectivity: Layer 2 Traffic Flow Through ACI 807Troubleshooting External Layer 2 Connectivity: Broken Layer 2 Traffic Flow Through ACI 812Troubleshooting External Layer 3 Connectivity: Broken Layer 3 Traffic Flow Through ACI 814Troubleshooting External Layer 3 Connectivity: Unexpected Layer 3 Traffic Flow Through ACI 816Troubleshooting Leaf and Spine Connectivity: Leaf Issue 821Troubleshooting VMM Domains: VMM Controller Offline 826Troubleshooting VMM Domains: VM Connectivity Issue After Deploying the VMM Domain 829Troubleshooting L4–L7: Deploying an L4–L7 Device 832Troubleshooting L4–L7: Control Protocols Stop Working After Service Graph Deployment 834Troubleshooting Multi-Pod: BUM Traffic Not Reaching Remote Pods 837Troubleshooting Multi-Pod: Remote L3Out Not Reachable 839Troubleshooting Multi-Site: Using Consistency Checker to Verify State at Each Site 841Troubleshooting Programmability Issues: JSON Script Generates Error 844Troubleshooting Multicast Issues: PIM Sparse Mode Any-Source Multicast (ASM) 846Summary 860Appendix A Answers to Chapter Review Questions 861Index 873
Chat Zalo