NDFC Multi-Cloud Support

Cisco NDFC Hybrid Multi-Cloud Support

This section explains about Hybrid Cloud functionality which allows connectivity between on-prem and public cloud networks. Using Cisco Nexus Dashboard Orchestrator (NDO) connectivity is orchestrated between NDFC managed Virtual Extensible Local Area Network fabric and Cloud Application Policy Infrastructure Controller (cAPIC) deployed in a public cloud.

NDFC manages and monitors VXLAN, VXLAN Multi-site, and Classic LAN fabrics using NX-OS based devices in both greenfield and brownfield deployments. NDFC also supports managing and monitoring IOS-XE, IOS-XR, and other third party switches.

From Cisco NDFC Release 12.1.1p, NDFC supports the discovery and management of Cisco Catalyst 8000v (C8000v) router.

The Layer-3 connectivity ensures seamless and secure communication between the workloads on-premises and the AWS cloud (Azure). The connectivity is provisioned through the C8000v routers which are managed by Cisco NDFC for on-prem and cAPIC for cloud. BGP EVPN is employed for the control plane and VXLAN is employed for the data plane. Secure IPsec VPN tunnel is established between Site A in the on-premise and the Cisco C8000v in the public cloud for secure communication.

You can connect to hybrid cloud solution with two different connecting options:

  • Internet

  • Direct Connect

This chapter contains the following sections:

Topology Overview

Topology Overview of Public cloud Connectivity

The above figure shows on-premise data center VXLAN EVPN fabric which is (Site A) managed by NDFC and is securely connected to the AWS cloud (Azure) over internet. The Cisco C8000v routers in Site A and Site B which is on the Infra vPC/vNet acts as the core router for the transmission of data between the on-premise and cloud data center.

The Border Gateway (BGW) of Site A interfaces with the Cisco C8000v router for WAN connectivity to the public cloud. This BGW supports Layer-3 DCI extension between on-premise VXLAN fabric and public cloud. BGP EVPN is used between BGW and C8000v in public cloud for building Vxlan Multisite Overlay tunnel as DCI used between on-prem and public cloud networks.


Note

IPsec tunnel connectivity is optional if BGW is connected to the public cloud through a direct connection.

The above topology shows hybrid cloud solution using direct connect. The BGW managed by NDFC has a private connection through a express route circuit to Azure.

Cisco Nexus Dashboard Orchestrator (NDO) provisions VXLAN EVPN, External Border Gateway Protocol underlay, and IPsec tunnel configurations in the on-premise from NDFC. Similarly, NDO provisions the configurations on C8000v through cAPIC.

Guidelines and Limitations

From Release 12.1.1p, below mentioned NDFC functionalities allow NDO to perform operations in hybrid cloud connectivity:

  • External fabric created on NDFC with on-premise IP Security (IPsec) tunnel interface IPN devices such as CSR 1000v, ASR 1k, and C8000v can be imported in Cisco NDO.

  • NDFC supports eBGP underlay between BGW and IP Security (IPsec) IPN devices.

  • NDFC supports IP Security (IPsec) tunnel with eBGP underlay provision on this IPsec IPN device to access C8000v in the public cloud.

  • BGP EVPN peering from BGW to C8000v in the public cloud is supported.

  • NDFC supports VRF stretch and VRF leak.

Prerequisites

  • Ensure that you upgraded to the supported versions of the software required for this use case:

    • Cisco Nexus Dashboard release 2.2.1 or later

    • Cisco Nexus Dashboard Orchestrator release 4.0(2) or later

  • Create an account with Microsoft Azure.

  • Hybrid cloud is supported for AWS or Azure cloud sites only.

  • Ensure that Cisco Nexus Dashboard Orchestration to orchestrate connectivity between cAPIC and added fabric in Cisco NDFC.

Task Summary

The following section lists the task summary cloud connection between the on-premises data center and hybrid cloud.

  1. Create a Fabric and Import Switches

  2. Deploying Infra Configurations

  3. Providing Cloud Tenant Information

  4. Create Schema and Templates

  5. Importing VRFs and Networks from NDFC Sites

  6. Creating VRFs and Networks

Create a Fabric and Import Switches

  1. To create a VXLAN BGP EVPN fabric, see Creating a New VXLAN BGP EVPN Fabric.

  2. To add switches to VXLAN BGP EVPN fabric, see Adding Switches to a Fabric.

  3. To create an external fabric, see Creating an External Fabric.

  4. To add switches to an external fabric, see Adding Switches to the External Fabric.

Deploying Infra Configurations

  1. To configure general Infra settings for your NDFC sites that are on board and managed by Cisco Nexus Dashboard Orchestrator, see Configuring Infra: General Settings.

  2. To configure site-specific Infra settings for cloud sites and establish connectivity between the cloud sites and the on-premises NDFC fabrics, see Configuring Infra: NDFC Site-Specific Settings.

  3. To deploy the Infra configuration to each APIC site, see Deploying Infra Configuration.

Providing Cloud Tenant Information

To add cloud site information to the default NDFC tenant, see Providing Cloud Tenant Information.

Create Schema and Templates

To create a schema and template, see Creating Schema and Templates.

Importing VRFs and Networks from NDFC Sites

To import VRFs and Networks from your existing NDFC fabric, see Importing VRFs and Networks from NDFC Sites.

Creating VRFs and Networks

To create VRFs and Networks, see Creating VRFs and Networks.