netbraintech.com |

Table of Contents

Executive Summary

1. Background

2. Manage The Hybrid Network In a Consistent Way

Discover The Hybrid Network

Map ACI Fabric Alongside The Traditional Network

Decode Underlay and Overlay Design

Visualize Information from Multiple Data Sources

3. Transition to an Application-Centric Mentality

Map Logical Structure of Endpoint Groups

and the Contracts Between Them

Decode Underlay Network Dependencies for Any Application

4. Troubleshoot Applications Across Complex and

Dynamic Environments

Map Application Flows Across Hybrid Infrastructures

Diagnose Routing and Performance Along the Path

Make Knowledge Executable

Diagnose the Underlay Network

Automate “Just-in-Time”Diagnosis at the Moment of an Event

5. Conclusion

About The Author

2

1

3

3

4

6

4

7

7

9

9

10

10

11

12

13

14

8

netbraintech.com |

Executive Summary

01 | Executive Summary

Network teams have been managing their networks

the same way for decades. Social media, mobile

devices and cloud computing are pushing traditional

data centers to their limit. Today’s networks need to be

able to evolve at the speed of software to quickly meet

changing business demands. Cisco ACI networking has

the potential to revolutionize traditional data centers by

providing a more flexible way to provision and control

the network. With all these benefits, many challenges

are introduced, and every new technology comes with

a steep learning curve. Network teams have been

provisioning devices manually through the command

line interface for decades and are suddenly being asked

to wrestle with the new layers of abstraction which

Cisco ACI brings. Devices that we used to be able to

see and touch are now virtualized and being spun up in

minutes causing us to wonder what is in the network.

Complete visibility into the hybrid network is a must-

have. This white paper will focus on how NetBrain solves

the operational challenges of managing and supporting

hybrid networks and how that extends to a Cisco ACI

environment.

netbraintech.com | 02 | Background

Business IT needs have evolved, applications are at the heart of your

data center and core to any enterprise IT strategy. Today’s applications

are highly virtualized and are more distributed than ever. Business

requirements are continuously changing, requiring rapid and continuous

delivery of new services and applications causing the shifting of

communication needs within the data center.

Making the transition to an application-centric approach is no small feat.

Network teams must understand their software-defined architectures to

manage them effectively, along with the rest of the traditional network it

connects to. Without effective tooling support, the task of managing such

an evolving heterogeneous network has proven to be very challenging.

NetBrain helps network teams address the key challenges below by

providing them with effective tools to improve their operational workflows

by leveraging automation and providing visibility into the entire hybrid

environment enabling an effective transition.

Challenges in Managing the ACI Network Alongside the

Traditional Network

» Knowledge and Skills Gap - Network teams are being forced to

change their habits and operate with a new application-centric

frame of mind. Managing their infrastructure through a central

controller rather than box-by-box requires a new way of thinking.

» End-to-End visibility into the entire network – Network teams need

a better way to visualize the overlay structure and applications

deployed on top of it and how it connects to the underlying network

without having to hop between different systems.

» High degree of abstraction and complex to troubleshoot - When

there’s an application problem, layers of abstraction in the data

center architecture make it less straightforward to identify the root

cause of the problem.

1. Background

netbraintech.com | 03 | Manage The Hybrid Network In a Consistent Way

» Highly complex traffic flows - Traffic traverses through non-ACI

traditional network to ACI-enabled data center in a multi-tiered

architecture without clear visibility of the application context for

each individual device and how it maps to the underlay network.

» Highly dynamic network that enables frequent changes –

The network is continually changing, and network teams struggle

to maintain a common understanding of what is deployed in the

network.

Discover The Hybrid Network

NetBrain’s Dynamic Mapping and Automation platform provides network

teams with end-to-end visibility and automation across hybrid networks.

With NetBrain, you can use the same set of tools to understand and manage

your hybrid network with Cisco ACI working in tandem with the rest of the

traditional network.

To understand the hybrid infrastructure, you must first discover your entire

network. The NetBrain discovery process uses API calls to integrate with

the APIC controller. NetBrain discovers the ACI devices from the APIC

controller and uses CLI commands and SNMP to discover the traditional

network and creates a unified workspace that includes both ACI and

traditional device data.

2. Manage the Hybrid Network in a Consistent Way

netbraintech.com | 04 | Manage The Hybrid Network In a Consistent Way

Map the ACI Fabric Alongside the Traditional Network

Many enterprise environments deployed today are hybrid environments

with Cisco ACI working closely with many other traditional network devices.

Due to the size and complexity of these deployed fabrics, virtualization

and specialized hardware strategically placed in the network, complete

visibility into the entire network without having to hop between systems

is invaluable. Network engineers are being challenged more than ever

trying to manage a hybrid architecture that include both a centralized and

decentralized approach in managing, troubleshooting and supporting this

complex network environment. NetBrain’s Dynamic Maps provide the

ability to visualize the ACI fabric and the connected traditional network in

a single view for data correlation across your ACI and traditional network

environment. Users can view not only the neighboring devices but also

seamlessly map ACI and non ACI networks to get a clear picture of their

hybrid environment and their intercommunications.

Decode Underlay and Overlay Design

The evolving network is complex, changing constantly and is requiring

network teams to obtain new skills to manage it. Overlay networks provide

greater agility and flexibility by allowing network teams the ability to rapidly

deploy new applications, services and virtualized infrastructure to quickly

meet changing business goals and objectives to keep pace with the speed

of change. With all these benefits, there are added layers of complexity

which decrease visibility into the entire network infrastructure. Overlays

netbraintech.com | 05 | Manage The Hybrid Network In a Consistent Way

provide a layer of software abstraction to allow multiple discrete, separate

virtualized network layers that run on top of the underlay network.

Overlays separate the location of a device or endpoint from its identity.

Endpoints in your network are now identified by a tag allowing them to be

located anywhere within the network structure and found simply by its tag.

All these layers of abstraction, virtualization, new applications and services

overlaid on top of the underlay network are putting more demands on

network teams to understand and decode the network design.

NetBrain simplifies understanding the ACI-enabled data center network,

the overlay structure and the applications running on top of it by organizing

a data model of the network into different views to help bridge the

knowledge gap that a network engineer could face when supporting

an application-centric network. NetBrain makes it possible to quickly

understand the Cisco ACI fabric and support the deployed infrastructure in

the following aspects:

» Visualize the ACI fabric and the connected network

in a consistent and familiar way using pre-built views.

» Visualize the hybrid network in a single pane of glass with

Dynamic Map

» Conceptualize Overlay/Underlay designs, logic layer

dependencies and connectivity inside or outside an application.

The overlay and underlay maps allow you to see what devices, VRFs,

endpoint groups (EPGs) and endpoints are part of the ACI fabric. The

ability to visually represent information about the entire network

seamlessly, regardless of technology and quickly locate the logical

structure then drill down to the corresponding physical components

during troubleshooting is crucial. Network teams need a way to demystify,

decode and simplify managing a hybrid network.

netbraintech.com | 06 | Manage The Hybrid Network In a Consistent Way

Overlay Map: Represents the logical fabric structure, including VRFs, subnets, and the endpoint devices connected without showing all the L2

connectivity.

Underlay Map: shows the network devices and interfaces configured for this VRF and filters relevant leaves and endpoints in the structure to help

you visualize the VRF design.

Visualize Information from Multiple Data Sources

NetBrain’s Dynamic Maps are a single pane of glass where network teams

can visualize any network data on the map by turning on and off data layers

dynamically. Engineers who manage the hybrid infrastructure need not worry

about the method to retrieve information from devices such as CLI, SNMP or

API; they need only to turn on the data. The data views applied below displays

various information including infrastructure, maintenance, and design

netbraintech.com | 07 | Transition to an Application-Centric Mentality

information for each device on the heterogeneous network map.

3. Transition to an Application-Centric Mentality

Map Logical Structure of Endpoint Groups and the Contracts Between Them

Due to the size, complexity, abstraction and the number of applications

deployed on top of a single fabric in a typical ACI deployment, network

teams need the tools to make the transition from the network-centric

approach to an application-centric approach in managing their data center

network and a way to quickly decode ACI constructs. NetBrain seamlessly

maps the hierarchical structure making it easy for the engineer to visualize

both the logical and underlay structure of a given application.

The Logical Structure provides an overview of the hierarchical structure

between tenant, application, endpoint group (EPG) and contracts between

the EPGs.

netbraintech.com | 08 | Troubleshoot Applications Across Abstract Environments

Decode Underlay Network Dependencies for Any Application

The Underlay map represents the physical infrastructure in which the

overlay or virtual network is built on top of. Troubleshooting is enhanced

with this map because the network and interfaces are automatically filtered

to the ones carrying the traffic for a specific application and the underlying

network components used to support it.

4. Troubleshoot Applications Across Complex and Dynamic Environments

With the high degree of abstraction, complex traffic flows and admins

being able to rapidly deploy new applications, services and virtual

infrastructure in minutes, network teams are being challenged to meet the

same SLA times and MTTR. Network teams who are used to operating in a

relatively static data center environment now have to deal with the dynamic

nature of their new software-defined environment.

Engineers are typically faced with troubleshooting a slow application. A

typical ACI deployment includes a large amount of applications and being

netbraintech.com | 09 | Troubleshoot Applications Across Abstract Environments

able to visualize the application flow from both a physical and logical

perspective when a problem happens is indispensable in identifying the

problem area and the root cause. Due to the increased complexity and

lack of visibility in these hybrid network environments, it is becoming a

greater challenge for network teams in their troubleshooting workflows.

A typical troubleshooting workflow is often a time-consuming process

made up of analyzing data from a vast number of sources which include

results from CLI commands, third party tools and other disparate tools.

Today’s SLA’s are based on quick turnaround times that challenge

traditional troubleshooting methods. Without the tools that automate

and speed up the process, the engineer is forced to use time-consuming

manual efforts until the issue can be isolated. NetBrain helps provide real-

time insights of the problem you are troubleshooting in the following ways:

Map Application Flows Across Hybrid Infrastructures

NetBrain’s powerful A/B calculator will map the flow of any application

traversing across both the ACI and non-ACI environment. To diagnose

network slowness, you need to understand the flow of application traffic.

Diagnose Routing and Performance Along the Path

NetBrain can map both L2 and L3 application paths based on live or already

baselined data. NetBrain emulates real packet forwarding to analyze how

traffic flows across the network and considers deep network protocol

analysis such as routing, ACLs, PBR, NAT, and VRF to identify problem

areas within your network and visually displays the results on the map.

netbraintech.com | 10 | Troubleshoot Applications Across Abstract Environments

In the A/B path below you can see that the traffic is allowed by the firewall,

the virtual IP translation done by the load balancer and the overall health of

all devices along the path.

Make Knowledge Executable

With executable runbooks network teams can make their ACI knowledge

executable. An executable runbook is an active flow chart. Each node of

the chart corresponds to a step of a network task and can take the form of

an executable application (called a Qapp™), a built-in function such as ping

or traceroute or simply text with a note or a description and the results can

be displayed on the map..

netbraintech.com | 11 | Troubleshoot Applications Across Abstract Environments

Diagnose the Underlay Network

In virtually every network environment today, network teams are often

faced with troubleshooting application issues and the finger pointing

between teams and Mean Time to Innocence (MTTI) begins. In today’s

multi-tier architectures in which the web, application and database

processing are physically separated, getting to MTTI quickly is often

challenging. Problems like this do not discriminate so having access to a

visual representation of the problem on a map can help network teams

dramatically speed up the time to resolution and MTTI. Network teams can

usually prove that it is not the network by simply proving that the physical

port that is connected to the webserver is up but being able to identify

and isolate that a backend application is down is very time-consuming and

often takes collaboration among multiple teams to identify and resolve the

issue.

NetBrain can help you abstract and maintain clear visibility of the

application context for each individual device. Using NetBrain’s search

function, you can quickly locate an application context by simply searching

for an internal IP address of a webserver. Without this capability, the

engineer would have to manually troubleshoot hop by hop through the

traditional and ACI network to isolate the problem which can be very time-

consuming.

netbraintech.com |

Automate “just-in-time” Diagnosis at the Moment of an Event

NetBrain can also be used in triggered mode or “Just-in-Time” automation

to perform fully automated diagnostic procedures in real-time without

human intervention. This means when the APIC controller detects an

event such as interface status change, it will send out notification via

RESTful API. NetBrain can be configured to listen to this event notification

and immediately trigger the generation of a map, run a sequence of

customizable diagnostic steps in a pre-defined Runbook that captures all

the data and analytics about the event in real-time and save all the results

with the map. This gives the engineer a head-start in the troubleshooting

process by automatically collecting, analyzing and displaying the data in

context on a Dynamic Map to dramatically reduce Mean Time to Repair

(MTTR).

NetBrain fully automated the troubleshooting process and isolated the

issue at the time of the incident. Without this capability, the network

engineer would have to perform their traditional troubleshooting

workflows until they isolated and resolved the issue, which can be very

time-consuming.

12 | Troubleshoot Applications Across Abstract Environments

netbraintech.com |

5. Conclusion

With the adoption of virtualization and networks continuing to evolve and

advance to this the new application-driven paradigm, network teams can

no longer manage their networks in the same way. The network is no

longer static and is now highly dynamic with real-time changes occurring

in an instance. This highly dynamic network with layers of abstraction and

complex traffic flows is causing significant gaps in visibility into the hybrid

networks and is requiring a new set of skills, tools and agility from network

teams. NetBrain reduces complexity, provides the needed visibility and tools

for network teams to understand and manage their hybrid network the

same way they always have, effectively equipping engineers to rapidly meet

the changing business demands and maintain agile network operations.

13 | Conclusion

netbraintech.com | 14 | About The Author

About The Author

Terrilyn Mauro is currently a Senior Technical Marketing

Engineer at NetBrain. She has over 15 years of

networking experience holding many senior engineering

roles for large matrixed organizations. Her experience

includes working across diverse industries that span

large retail, consulting companies, ISP and hosting

services. She holds the CCDP and CCNP certification.

netbraintech.com |

Founded in 2004, NetBrain is the market leader in network

automation. Its ground-breaking platform leverages the power

of Dynamic Maps and Executable Runbooks to provide CIOs and

network teams with end-to-end network visibility and analysis

across physical, virtual, and software-defined networking

environments.

Today, more than 1,800 of the world’s largest enterprises and

managed service providers use NetBrain to automate network

documentation, accelerate troubleshooting, and strengthen

network security—while integrating with a rich ecosystem of

partners. NetBrain is headquartered in Burlington, Massachusetts,

with offices in Sacramento, California; Munich, Germany; and

Beijing, China.

For more information, visit https://www.netbraintech.com/.

NetBrain® and the NetBrain logo are registered trademarks of

NetBrain Technologies.

NetBrain Technologies, Inc.

15 Network Drive

Burlington, MA 01803

+1 800 605 7964

info@netbraintech.com

www.netbraintech.com

About NetBrain Technologies, Inc.