This 12 months has been fairly vital for Cisco’s multicloud networking software program evolution. Earlier within the 12 months Cisco launched, together with different thrilling software program options bulletins, Google Cloud Platform (GCP) assist for Cisco Cloud Network Controller (CNC), previously generally known as Cisco Cloud APIC. This weblog collection introduces the GCP assist capabilities subdivided into three components:
- Part 1: Native Cloud Networking Automation
- Part 2: Contract-based Routing and Firewall Rules Automation
- Part 3: External Cloud Connectivity Automation
More concerning the rebranding and different expanded capabilities on our Modernize your Multi-Cloud Network with Cisco Cloud Network Controller weblog. For brevity, Cisco CNC will likely be used all through the collection.
The Need for Multicloud Networking Software
While organizations are more and more turning into extra mature with their to the cloud methods, these days there was a shift in focus to within the cloud networking, as additionally noticed by Gartner of their first Market Guide for Cloud Networking Software and subsequent releases. This collection will present how a cloud-like coverage mannequin might help addressing contained in the cloud challenges with the goal to maintain enhancing operations in public cloud environments and augmenting native cloud networking capabilities, as wanted.
High Level Architecture
Google Cloud sources are organized hierarchically, and the Project stage is essentially the most related from the Cisco CNC perspective as a tenant is mapped one-to-one to a GCP challenge. Cisco CNC is deployed from the Google Cloud Marketplace right into a devoted infra VPC (Virtual Private Cloud) contained inside a challenge mapped to the infra tenant, whereas person VPCs are provisioned in devoted or shared initiatives related to their very own tenants throughout the Cisco CNC.
The Cisco CNC structure on GCP is just like that of AWS and Azure, because it additionally helps BGP IPv4 or BGP EVPN to on-premises or different cloud websites utilizing Cisco Cloud Router (CCR) primarily based on Cisco Catalyst 8000v. It additionally helps native GCP Cloud Router with Cloud VPN gateway for exterior connectivity. As for inner cloud connectivity, it leverages VPC Network Peering between person VPCs throughout the similar or throughout areas as illustrated on the diagram under.
Native Cloud Networking Automation
A quick overview of the Cisco CNC GUI earlier than continuing. The left facet of the GUI incorporates the navigation pane which will be expanded for visualization of cloud sources or configuration. The utility administration tab is the place one can go to make configurations, or alternatively, use the blue intent icon on the high proper which gives easy accessibility to numerous configuration choices.
To show how Cisco CNC automates inter-region routing throughout VPCs, let’s construct a easy situation with two VPCs in several areas contained throughout the similar user-tenant challenge referred to as engineering. Note that the identical situation may exist with these two VPCs in the identical area, as VPC networks in GCP are international sources and never related to any area, in contrast to subnets that are regional sources.
Provisioning VPC Networks and Regional Subnets
The first step is to create a Tenant and map it to a GCP Project as depicted under. The entry kind is ready to Managed Identity, which permits Cisco CNC to make modifications to user-tenant initiatives via a pre-provisioned service account throughout the preliminary deployment.
The configuration under illustrates the creation of two Cloud Context Profiles used as a mapping software for a VPC. It is contained inside a Tenant and gives the area affiliation to find out which area(s) a VPC will get deployed to, together with regional subnets. Additionally, a Cloud Context Profile is all the time related to a logical VRF.
By creating these two profiles and mapping to VPCs in several areas, every with their respective CIDR and subnet(s), the Cisco CNC interprets them into native constructs within the Google Cloud console below VPC networks as seen under. Note that the VRF identify defines the identify of the VPC, on this instance, network-a and network-b.
Cisco CNC GUI gives the identical stage of visibility, below Application Management the place further VPCs will be created or below Cloud Resources.
Route Leaking Between VPCs
For this situation, a route leak coverage is configured to permit inter-VRF routing which is completed independently of contract-based routing or safety insurance policies to be reviewed on half 2 of this weblog collection. As seen beforehand, the VRF affiliation to a specific VPC is completed throughout the Cloud Context Profile.
While the “Add Reverse Leak Route” choice shouldn’t be depicted for brevity, it is usually enabled to permit for bi-directional connectivity. In this situation, since it is just inter-VPC route leaking, VRFs are labeled as inner and all routes are leaked.
In the GCP console, it automates VPC community peering between network-a and network-b with correct imported and exported routes.
Peering routes are auto generated for each VPCs, together with default routes automated throughout VPC setup.
Summary
This is a straightforward situation with solely two VPCs as to introduce Cisco CNC capabilities in automating cloud networking inside GCP. It goes from provisioning VPCs to organising route ads, automating peering, and offering visibility and management over what’s being deployed.
Cisco CNC can automate different eventualities and use circumstances in just some clicks. Those will be single VPC throughout a number of areas or a number of VPC networks in the identical area, throughout the similar or completely different initiatives. This permits prospects to scale their cloud environments utilizing a standard coverage mannequin that abstracts native cloud networking and accelerates their cloud journey.
Part 2 of this weblog collection will present how Cisco CNC also can use contract-based routing together with automating VPC firewall guidelines in GCP by extending the identical coverage mannequin.
Resources
Cisco Cloud Network Controller for Google Cloud – Installation Guides
Cisco Cloud Network Controller for Google Cloud – User Guides
Modernize your Multi-Cloud Network with Cisco Cloud Network Controller – weblog
Blog Series: Introducing Cisco Cloud Network Controller on Google Cloud Platform
Part 2: Contract-based Routing and Firewall Rules Automation- Coming Soon
Part 3: External Cloud Connectivity Automation – Coming Soon
Share: