100% Real Cisco CCNP Data Center Certification Exams Questions & Answers, Accurate & Verified By IT Experts
Instant Download, Free Fast Updates, 99.6% Pass Rate.
Implementing and Operating Cisco Data Center Core Technologies (DCCOR)
Includes 180 Questions & Answers
Download Free CCNP Data Center Practice Test Questions VCE Files
TitleImplementing and Operating Cisco Data Center Core Technologies (DCCOR)
Cisco CCNP Data Center Certification Exam Dumps & Practice Test Questions
Prepare with top-notch Cisco CCNP Data Center certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection. All Cisco CCNP Data Center certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format.
Now we reach Section 1-5 and 1 dot 6. In section one five we have to learn understand aboutthe ACI policy, the access policy and the fabric policy. And in Section 1, we have to learn about various types of constructs that we have inside the ACI, like the tenant application profile, VRF bridge domain, EPG contract, etc. For the time being, I've only done it for the ACI construct. The next video you can watch is for ACIconstruct, and then the remaining seven videos After this, we have to show eight videos. First video we'll learn understand about various typeof terminologies used inside ACI, what is theuse and where we are using those things? Those are the building block orthe construct of the ACI. Now once you understand that what is finance,what is VR, 3D, EPG contract etc. But then that knowledge can be applied inside the access policy. So you will see that we have a nice example related to how we can create the policy within the EPG. So you can think like this: "Intel EPG into EPG," correct? the same type of EBG or a different APG. If there are multiple EPGs or end point groups, the contract must be applied. Obviously, if you have the contract, you should have subject and filter, and if you have the same type of EPG, you don't need the contact or the handshake in between those. So all those concepts are divided into videos, actually in seven videos, and then you will learn to understand that one is for construction and the remaining videos are for the lab related to understanding the access policy.
Now that we have the ACI construct, what are the top few ACI building blocks? If you see that in AC, it actually has two types of components. So what are the components we have in ACI? One should be logical; the other should be physical. Now, we know all these Sdn solution, whateverwe have in the market that you havethe control plane, you have the data plane. So let me draw a picture here so you can understand more about this. That means you have a data plane that is doing the actual data forwarding, and you can think, "Okay, that is my underlying device," and then you can abstract those things to the overlay. So that means if you have some physical connectivity, that physical connectivity can be seen in another view, or maybe I have different views of that physical connection over the overlay to these underlays. As a result, you'll find that okay in all SDN solutions, such as ACA, and you also have two types of things: one is the logical means, one part will be the logical, and one part will be the physical. Now if you see the overall fabric structure, you'll find that okay, I have the management plane called the Epic controller, from where I can manage the spine and the leaf infrastructure. So I have a spine, leaf spine, leaf misclosurefabric I have I can manage entire fabric correct. Now, when you are thinking or when you're seeing this spine and leaf structure, and then you have some edge devices, maybe the next seven or maybe some other devices, all these connections are related to fabric; they are physical connections. You can create templates, and you can reuse those templates over the same type of interface. Either it's connected here, here, or maybe you have N number of leaf nodes, so it's fine, and with the N number of leaf nodes you have, you can use those configurations. The other part is the logical configuration, which I'd like to highlight here so you can see in the diagram that, okay, I have the logical construct that is tenant, which may represent a customer, a business unit, or a group of some logical entities. Now, these tenants are part of virtual routing and forwarding. You can see VRF in the context; they are part of the bridge domain. This bridge domain you can think as aVLAN for example, these VLANs have some subnets. Now again, you can see that this particular VLAN is tied with an end point group. What is an end point group where I have the end point? What is an end point where I have the virtual or physical systems? So overall the structure you can see that okay, youcan create the template, you can push the configuration. You have some logical entities, you have some physical entities, and in between the logical and the physical entities, you have some sort of glue, something that will join the physical and the logical constructs, or the physical and the logical configurations, and yes, we have glue named AAAP, attachable access entity point, or something like that. You can refer to the ACI documents. So what we have at the moment is a study that confirms that yes, I have the logical entity tenants; these are the logical containers. We have some default tenants to manage the fabric, the IPS, and the management like that. So we have management tenants, we have Infra that will manage the ACI fabric, we have tenants for common tasks, and we have Tina for management purposes as well. So by default, once you open the Epic Controller, you'll find three default tenants that should be there because of their use cases. Here in the diagram you can see that, okay, something is coming from outside. So inside the logical entity I have an application profile, and in that I can define endpoint groups. Remember, endpoint groups are nothing but common tasks. So common endpoint-related tasks, for example, webapp TB, can be grouped inside endpointgroup bridge domains from where you are getting the gateways or the subnets or the IPS. So the gateways are defined here in the bridgedomain; they may be part of VRF Yes, that's an indirect relationship, so they're part of VRF, and if you have different endpoint groups, say a web endpoint group and an application endpoint group, they'll communicate about proposals and contracts. So inside contact, I have a subject and a filter. In our ancient program, we are going to create the tenant. With the program, we'll create the application profile, we'll create the bridge domain, and we can create the contracts as well. So, in that regard, you should be aware of the following: what are the common terminologies we use within the tenant? Again, you have the VRF map to the bridge domain, and VRF is like a virtual routing and forwarding instance, correct? We've been using VR at Cisco for a long time. The bridge domain is bound to the private network; that is, the VRF represents a layer two boundary that can be span across and that can operate in proxy; that is, the default mode or traditional flood mode limits the scope of broadcast, and the flood also includes any layer three subnets. So the bridge domain is also very important because whatever endpoint group you have, you are mapping toward the bridge domain to get the gateways. Then we have the application profile, which is the logical entity inside the application profile we use to define the endpoint group, correct? So a logical container for endpoint groups provides a label for health monitoring keywords that can be applied on the application profile. Finally we have an example where we can seethat okay, I can group the common tasks. So endpoint group related to VMs, related to webapplication endpoint group in application related to application VMs or possibly physical devices also EPG in database related to EPG services these services require contracts to communicate with each other because they are the different EPG endpoint groups. Because, once again, they are the stateless features at the end of the day. All right, then finally, you can see the end point group. Now, endpoint group, why do we have this slide? because you will find that most important objecttype in ACA model represents a collection ofsimilar endpoints which will share policy like security,VM mobility, QS, L four, L seven servicescompletely decoupled from the logical and physical topology. So all the important things you are seeing here in the endpoint group can be categorised as application, infancy, long list application EPG, and L3 EPG management EPG in band two typesof EPG we have regular or attribute based. Attribute-based means assuming HR. So I have end point groups, theyhave the common name called HR. I have 25 endpoint groups like that. It's like you have some common term or common name in between them. So you can have the attributeslist endpoint group as well. Now again, if you go deeper into the ACI fabric and the structure, you'll find, OK, all these endpoint groups are mapped to the bridge domain, correct? So bridge domain means you are getting some common subnet web service https endpoints; they have this subnet. It's just an example. And for the http endpoint, you have this subnet 1010; the others are ten 1011 different endpoints. If you want to communicate by default, they will not. You need a contract. You need to define subjects, and the filter filters are nothing but the SEL increase. So you can see the subject's content group, defined scope, global tenant AP group of filter, unidirectional bidirectional that is the subject inside the subject, and you can define the ACL entries. So, suppose you want to allow ICMP over HTTP port 80 or HTTP port 43. So you have to create the ACL lines, and you have to define who is the provider and who is the consumer. So for example, the provider is app, consumer is web. So, along with your ACL entries, you must create that relationship. So that was the thing that we have discussed so far. In continuing this or adding this, we have totaled three videos for ACI. Just make sure you understand ACI before diving into Ansible programming. From the following module on, we have ansible programming to create various logical entities within the ACI fabric.
Next, we have a fabric access policy. Before understanding fabric access policy, I want to make one point clear: in the ACI fabric, we have leaf and spine structures, correct? So we know what you've connected to the spine; let me change the colour so it's more visible. So we have such a type of structure along with the database. So we have the leaf connected with the spine, then we have leaps, then we have the spine, and they are connected like this, correct? So all the leaves are connected with the spine, and vice versa. Now, here, somewhere, we have the database as well, and that's the network you have. So you have the management plane as your Epic Controller, you have your Leaf, and it's fine as a collapsed data and control plane. Now, the important thing here is tounderstand that where these policies fit in. So we have a fabric policy. Inside the fabric policy, you will find that you have a fabric policy. So I have a fabric policy, and then I have a fabric access policy. This is one fabric access policy. So whenever you are going to create thepolicies here so maybe these leaf switches, theyare connected with Nexus nine K, maybe theyare connected with physical virtual world. Here is the fabric access policy. You're creating the policy for the end points, correct? In between the leaf and spine somewherehere you are creating the fabric policy. So I have a leaf. I have a spine. In between, I have policies related to fabric policy. Now, since this is the hardware, say, for example, the underlay for a moment, So since these guys, they are the underlay that Ihave and on the top of these underlay what Ican do that I can create multiple logical views. So these are the underlay; I can think of this as the underlay, and then on top of that, I can create multiple logical networks. Technically, those are multiple virtual networks. So. Virtual Network. Virtual Network. Now, the virtual networks that we are creating on top of the underlay – so these are the underlying – and then I have the overlay – these are nothing more than the term "tiny" in ACI, so Tina is nothing more than the virtual network. Because the tin is a virtual network, or an abstraction from physical hardware in terms of logical plus the virtual network, this tenant could represent a customer, a business unit, or any logical entity; it could represent all of these things. This tenant is nothing more than the logical but physical configuration you must perform here. So that's why if you see the entire configuration inside the ACI, what you will find is that you have something called the physical configuration. So you are creating interface profiles, switch policies, global policies, et cetera. But somewhere, you have the virtual network or you have the logical configuration as well. You're creating an application profile and then an application profile, say, an endpoint group, just like inside tenant. Inside that, you have the endpoint; those are physically connected here. So apart from that, not only do we have the application profile, but we also have the bridge domains, the VRS, and the contract like the rule in between the endpoints, it's like that.But you have the physical infrastructure structure. On top of that, you are doing the abstraction, and you are creating the logical network per customer or business unit, et cetera. It depends on what type of logic or what type of virtual network you want. Now, as you can see, we have a lot of slides to make or explain this clearly. So this is something like we used to do. So we used to log into the switch. We used to go inside the interface, say ethernet zero. If it is a switch port, we are providing a switchboard. If it is a switchboard mode, access the switchboard mode, and run those things we use to assign what Vlad should do, what they want to participate in, etc., etc. What interface policy it has selling policy, CDP,LCP, LLDP, STP and so many correct. So here, these things are very familiar. The only thing that we are doing differently in this case with the AC is the way that we are configuring is different.The way we are configuring it is something like template based.We are creating the template, and then we are associating those templates with those configurations. That's the difference we have. But what is the overall scenario? We know that you have something called, say, physical devices. We are creating multiple instances. For instance, ABC as a virtual network Virtual Network. Virtual Network. And these underlay. So this will be the overlay. On top of that, this is the underlay from which you are taking the abstraction. They are combined called as a fabric. And we are talking about ACA fabric. Correct. So now we can debate, okay, what is the glue between—who is connecting the underlay with the overlay? So that's why we have attachableentity policy, AAP or sometimes accessibleattachable entity profile or policies. There's glue in between the underlay and the overlay. And then things will connect and work. Okay, so this is actually key. Here we have the acid itself. In the next section, the upcoming section, we will talk more about the theories only.But if you understand the theory that from where thetraffic is coming so suppose I have my ACI fabric. So, where is the traffic coming from, what is going on inside the ACI fabric, and how is it getting out? So either your traffic is moving inside the single fabric or maybe you have two data centres and then you have ACI this place and ACI this place this.So, how will the data arrive as a source here and leave as a destination here? That may be use case number two. The third use case you may have is that your source is inside, you are going outside to the cloud or maybe you are going outside to the van, and then you may go somewhere to the branches, etc. So how can we go outside so those things will be there? so within ACI. Outside of the ACI from one ACI fabric to the other ACI fabric with the DCI connection and all this traffic flow. You can understand once you understand the basics behind the scenes. All right, so let's just stop here. The following section will pick up where we left off.
Now let us discuss more and build our basic, fundamental knowledge about the ACI. So, before understanding the glue between the underlay and whatever hardware I have in the underlay, what type of tenant and logical model do I have? I have so physical andlogic physical hardware and the virtual network. Let's understand a few things before moving further. So what I want here that let's discusslittle bit about the construct of the ACI. So on one side, you have the tenant. So what I have is my virtual network, and here I can have my VR context. I can name my bridge domain something like VLAN. Sometimes you are thinking about "broad VLAN" or any cast VLAN" or something like that. So VLAN is spread out across the fabric, and this gives me the subnets where I can define the gateways. Then we have something called an application profile, and we have application endpoint groups. Inside application endpoint groups, we have the endpoint. Then we can have a contract, and we have an inside contact. And then finally, we have something called a filter. very similar to the access list or something. So inside the subject, I can call it the filter. Now with this contract, I can apply it across or in between two different endpoint groups. So, if I have an endpoint group associated with weband and another endpoint group, say, associated with app, in between, I might be able to apply the contract. Correct? This is again the logical network but itis coming on the top of access policy. And if you are creating the access policy, what are the things you have to create? So you have to create the interface policy first. Inside the interface policy you will define what is theCDP, what is the LDP, what is the STP, whatis the MCP, what is the linksy, et cetera. You have so many things to see; we have slides for that. Once you have the interface policy, then you can group that interface policy inside the interface policy group, which is again very important. So what is this interface policy group? I'll write this interface policy group interface policy group somewhere on the top here, and you can have, say, AAAP here, and then you can define what VLAN pool, what domain, and so on. Correct? So domain means that we can sometimes say in switches, "Okay, the switch port mode access or no switch port, either it's a two- or three-domain VLAN pool we're associating OK VLAN ten, villain 20, villain 30, and so on." Then once you have the interface policy group, you can call that interface policy group inside the interface policy profile where you have to give the interface selector. So you're calling this example one, this example two, and inside three you are calling two. Automatically, it will call one. And then finally in number four, we are creating the switch profile, and then everything will be attached. Correct? Remember that this AEP is something that's the glue between the access policy and the tenant. Now understanding this flow, now we canmove further and discuss more about this. So now at this point in time, we understand what the end point is. Endpoint is something that may be VM, that maybe physical system where you are getting the Macaddress or where you are getting the IP addressor you have some ARP request. So these things under the fabric can reach their spine because they have to maintain the database databases. We'll learn more about these three databases and the message exchange in the upcoming section. But you have the end point. These end points are connected with the leaf. So I have the leaf, and the leaf is connected to some other third switch, maybe a catalyst threek or something, where you have the endpoint endpoints—they are carrying the Mac or IP or art—where I have the leaf and spine. They are learning those, which means the leaf will send a message, so my spine will learn those addresses, and then the exchange of traffic or traffic communication will happen, etc. And these things will happen. So I'd like to draw this diagram again just to make it a little easier to understand. So I have leaf one here and I have say endpoint one then it is connected with say for example aspine one and say for example as pine two and thenhere I have say for example leave two like this. Now we must understand that if we are in the same subnet, same EPG, whatever IP, IPS is relevant in ACI means if they are the same IP address; if they are a different IP address, it doesn't matter until they are the same EPG, endpoint group, or a different EPG. So if they are the same EPG, no contract is required at the moment, and you can contract as a filter rule. So no filter rule is required within the same EPG. That's the golden rule we have in the AC. By default, it is not required within the same EPG, but if you have a different EPG either with the same subnet or a different subnet contract, it is required. Okay, so we have actually only listed two use cases—that you have the same subnet or if you have a different subnet, if you have the same EPG, the contract is not required. However, if you are in a different EPG, it is either the same or a different subnet contractor, and the unique rules or filter rules are required. So this is actually the key point we have, and one by one in these slides we will understand more about these points before moving further. We again have this particular chart. So this is what—this is your interface policy. So your interface policy is what you are calling, and I'm calling inside the interface policy group. Now in this interface policy group, they have access entity profiles or attachable access entity profiles in the L-2 or L-3 physical domains. What's? What is the VLAN range VLAN pool? Define these things. So this is something that is point number one, and this is point number two. Then you can see that you have an interface profile where you have interfaces selected, where you are calling the interface policy group, and finally, you have the switch profile. So these are the logistics we have in this flow, and we have to understand both things. So not only are you understanding the physical connectivity, what is within the fabric? This is again become irrelevant. What is inside the fabric? This is one time set up what typeof rules and policy you are creating here. So now, as I told you, this is a mix of data and control plane in this particular diagram. So we need to isolate that. Okay, since you are saying that STM is something that I am decoupling the control plane from the management plan, But you will find that since the evolution of SDN, it doesn't mean that you have only, say, a control plane. You have only said, for example, data plane. But now we have a management plan in ACI; this is from day one. We have orchestration plans as well. So I'm not going inside the orchestration plane or maybe some software hosted over club, from which I can go and configure and deploy all these private and public clouds, et cetera. But the control plane and data plane we have inside this are fine, and the leaves and the data plane are nothing but the VXLAN. So what's with the control plane? What are the control protocols we have? As a result, we have control protocols such as the Coke Council of Oracle Protocol. We have ISIS. In between these leaves and spines, I have three regulatory layers. So that's why they are doing something called an "equal cost multipath type of thing." At the moment, these devices want to communicate, either electronically or physically, from one place to another place.We'll come to know that these leaves are referred to as a VTIP VXLINE tunnel endpoint. They are termed a "VT Vxlantennel endpoint." They will form the dynamic tunnel, and then the communication will happen. Now it seems easy; how easy is this? So you have your end point, and once the endpoint comes to this interface, he will send the message. This is the message of this endpoint, which you will learn and store inside your COUP database. Because this spine functions as a route reflector, he will reflect that information to all of the leaves within the infrared. Now I can't tell you that this is a type of route reflector, but you can think of it like a BGP type of route reflector. So once this fine has the information, he will send that information to all the leaves. So this leaf also has the information of this particular endpoint, and if they want to communicate, they will form a dynamic tunnel, the VX-Land Tunnel. So this particular VLAN that I have here associated with this will become locally significant. Why? Because this VLAN will automatically map inside the ACS, this is a feature we have. So that will be automatically mapped in the VNI. So VXLAN networks Interface here. Also, they will map with the VNI. These are the L and VNIs. And then if it is L2 traffic, they will communicate again. It appears to be a very simple thing that I connected the device, and it is working. But, over time, Cisco has optimised the data plane behind the scenes, as well as many other optimizations inside the control plane and the database learning or endpoint database learning. So these things have happened. So let's just stop here, and the next section will begin from here, where we'll go over the policies and contracts in greater detail because it's the same EPG and subnet type. So obviously we don't need contact, but we'll discuss more of the basic stuff in the upcoming sections.
In the bare metal lab. We are going to discuss that. Okay. If you have the connectivity in, say, the normal Nexus world, How to proceed with the configuration and when to perform the connectivity So from NX OS's normal, traditional network work If you are going inside ACI, then how are you doing the connectivity? These are the things we are going to discuss in this section, and in a later video recording you will see that inside ACI. How can we configure We know this thing is very easy in the Nexus world: you can go to the interface. You can enable VLAN on the switchboard, switchport maybemode access, or switchboard trunk. And you can allow whatever VLAN these endpoints or hosts belong to. So let me show you one slide I have. So for example, you have your leaf switch connected to, say, any blade server. For example, the UCSC series where you have the hypervisor You've also got your ESXi server hosted. On top of that, you have your virtual machines or guest operating system. So how it is in normal enhance or traditionalnetwork we have what switches are connected with ESXi. For example, switch one. What are the VLANs for my ESXi host? So for example, this is the range of the VLAN for the ESXi host. How do we send the right VLAN to the right place? Then we are using "allow VLAN." Remember, all these things are related to the traditional or the Nexus OS. Then what interface configurations do you have? So there's channel, group, mode, and active. What is the speed, what is the duplex, what is the CDP, LDP, etc.? Those configurations. Finally, which interface is connected to that specific server. So this configuration is something we used to do for a long time. But what happens if you convert this configuration inside ACI? So the first and second things are related to what objective we have. and how we can connect with Nexus OS. You have how you are going to do that thing inside the ACI at the bottom. So inside ACI, the VLAN and the VLAN number will be inside a VLAN pool. So I can go inside the VLAN pool. I can create that object for a VLAN pool. Then the switch put in more trunks and allowed the VLAN I have to create the domain. So is it L two domain or Lthree domain or any other domain like that. But for those things you can create from AAP, the logistics require that you go to interface policy. Inside the interface policy, you have to create these things. So next, what interface and what interface policy are things like link, label, CDP, LDP, port, channel, MCPS, etc. for? So the first step is the interface policy. Second is the interface policy group. Once you are inside the interface policy group, then you can define these things. So inside that, actually, you are calling interface policy, and along with interface policy, you are calling AEP. Inside AAP I can define the domainand I can define the VLAN pool. Okay, so I can define the domain. I can define the VLAN pool. Then, once you have those things, what is the order in ACI? So first of all, what are the things you are defining? First of all, you are defining the interface policy one, then you are defining the interface policy group where you have the AAP, where you have the domain, and where you have the VLAN pool. In the third, you are defining the interface profile. Interface profile. You are calling the Interface Policy Group. and here you have the interface selected. Once you have the interface profile, finally, you have to go and create or call all those things inside the switch profile, and that's it. Your access policy related to South Point or the access policy related to End Point will be completed. Okay, so this is actually an important slide. What you want to do, how you can do in Nexus, howyou can do in SEI, what are the terms where it isfit in, you can have a look and correlate with. All right, so let's.
ExamCollection provides the complete prep materials in vce files format which include Cisco CCNP Data Center certification exam dumps, practice test questions and answers, video training course and study guide which help the exam candidates to pass the exams quickly. Fast updates to Cisco CCNP Data Center certification exam dumps, practice test questions and accurate answers vce verified by industry experts are taken from the latest pool of questions.
Cisco CCNP Data Center Video Courses
Top Cisco Certification Exams
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from firstname.lastname@example.org and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.