Blog :: Network Operations

Cisco ACI NetFlow Support


What is Cisco ACI? Why should I care about Cisco ACI NetFlow Support? If you have to ask, you’re not alone. Application Centric Infrastructure (ACI) is the software-defined networking (SDN) offering for data center and cloud networks introduced by Cisco after its acquisition of Insieme Networks. As you have already realized, there is Cisco ACI NetFlow support available, but one thing at a time: let’s go over the SDN benefits and what sets Cisco ACI apart first.

Software-Defined Networking Explained

Software-defined networking is an approach to computer Network Monitoringnetworking that enables network engineers and administrators to react quickly to changing business requirements via a centralized control console. It includes multiple kinds of network technologies that segregate the network’s control and forwarding planes. The network control becomes directly programmable with the underlying infrastructure abstracted for applications and network services.

As shown below, Software-defined networking offers multiple benefits to its users. For instance, its policies provide enterprise campuses with network access control and network monitoring. Carrier and service providers benefit from bandwidth on demand. For cloud and data centers, network virtualization for multi-tenants offers better usage of resources and network segregation.

SDN benefits

Cisco ACI Features and Capabilities

With a comprehensive SDN architecture, Cisco ACI accommodates distributed applications in private cloud deployments and data centers. It’s based on integrated overlays and a centralized controller to deliver centralized automation and policy-driven application network profiles. These profiles allow for automated configuration and transparent support of diverse physical and virtual nodes with Layer 2 to 7 network services. This reduces application deployment times from weeks to minutes and drastically improves visibility of the entire infrastructure.

The three major parts of Cisco ACI are:

  • Application Centric Policy (Cisco Application Policy Infrastructure Controller)
  • Cisco ACI Fabric (Cisco Nexus 9000 Series Switches and the Cisco Application Virtual Switch)
  • Cisco ACI Partner Ecosystem

The Application Policy Infrastructure Controller (APIC) manages the flow of traffic and services through the underlying Cisco 9K infrastructure. It becomes crucial to have the necessary visibility into the communication between the APIC and the nodes as well as to be able to correlate network traffic to what the controller expects the switches to be doing. This is where the Cisco ACI NetFlow support comes into play.

NetFlow Support for Cisco ACI

With Cisco ACI NetFlow support in place, a network team can determine the source and destination of the traffic, class of service, and the cause of congestion. This is very helpful in planning network capacity, optimizing resource usage, and enhancing network security by monitoring and alerting to anomalous traffic based on its behavior.

While it is worth mentioning that Cisco 9k switches support sFlow, there are some pros and cons in enabling it. Long story short, going with sFlow relieves some of the burden NetFlow exports can put on a switch, but too low of a sample rate can result in significant network events being missed. Also, as you can imagine, enabling NetFlow on an individual switch offers a limited view of traffic that the switch sees. Please refer to my colleague Jeff’s blog for more details regarding Cisco Nexus 9000 NetFlow configuration.

With this in mind, a centralized approach to NetFlow generation is a much preferable option. Not only does it offer visibility into NetFlow statistics across the network, but it also does not affect the performance of the production switches. Another bonus of the centralized approach is gaining NetFlow visibility across a multi-vendor network.

What’s Next?

As companies move towards software-defined networking and cloud computing, the need for detailed and accurate monitoring will continue to increase. If you would like to enable NetFlow on your Cisco Application Policy Infrastructure Controller, please refer to the Cisco APIC and NetFlow guide or reach out to our team for assistance.