The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
At-a-glance: The Cisco ACI solution
Cisco® Application Centric Infrastructure (Cisco ACI®) is the industry’s most secure, open, and comprehensive solution for intent-based networking for datacenters. It enables businesses to innovate faster and minimize downtime by radically simplifying, optimizing, and accelerating infrastructure deployment through consistent security and automation for any workload, in any location, and in any cloud.
Cisco ACI delivers an intent-based networking framework that extends to the WAN and campus, capturing higher-level business and user intent in the form of a policy, and translates this intent into the network constructs necessary to dynamically provision the network, security, and infrastructure services.
Cisco ACI: any workload, any location, any cloud.
The Cisco ACI solution consists of the following blocks:
● Cisco Application Policy Infrastructure Controller (APIC)
● Cisco Nexus® 9000 Series Spine and Leaf Switches for Cisco ACI
● Cisco Nexus Dashboard Orchestrator
● Cisco ACI Remote Leaf
● Cisco Mini ACI Fabric
● Cisco Cloud Network Controller
Cisco ACI Architecture
1. Cisco ACI solution components
The minimum set of components required to enable an on-premises ACI fabric are:
a. Cisco Application Policy Infrastructure Controller (APIC)
The infrastructure controller is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC appliance is a centralized, clustered controller that optimizes performance and unifies the operation of physical and virtual environments. The controller manages and operates a scalable multitenant Cisco ACI fabric.
b. Cisco Nexus 9000 Series spine and leaf switches for Cisco ACI
The Cisco ACI fabric is a full-mesh topology of high-speed links (40/100/400 G) between redundant spine switches and leaf switches. The Cisco Nexus® 9500 Series Switches operate as ACI spine switches and the Cisco Nexus 9300 Series Switches as ACI leaf or spine switches. Modular spines provide the scale and capability to incrementally add ACI leafs to the ACI fabric and grow the ACI fabric to the maximum scale.
Cisco ACI: Spine Leaf Architecture
2. Cisco ACI deployment models
In addition to the core capabilities enabled by the mandatory building blocks, Cisco ACI provides additional functions that span virtualization, infrastructure, and security. Depending on the deployment architectures, customers can choose to enable any or all of the following additional optional components for their solutions:
● Cisco Nexus Dashboard Orchestrator
● Cisco ACI Remote Leaf
● Cisco Cloud Network Controller
For further details on the capabilities of these components and the Cisco ACI solution, click here.
Cisco ACI Multi-Site
3. Cisco ACI licensing components
3.1 On-premises physical ACI fabric
The on-premises ACI fabric is licensed per the Cisco Nexus 9000 devices running in the fabric. There are tiered license options along with add-on licenses for on-premises ACI deployments.
For more information, refer to section 5: Greenfield ACI fabric deployment Ordering Guide.
3.2 Cisco Cloud Network Controller
Cisco Cloud Network Controller is a comprehensive solution for simplified operations, automated network connectivity, consistent policy management, and visibility for multiple on-premises data centers and public cloud environments.
Cisco Cloud Network Controller, which runs natively on a public cloud, is the key component of this solution. Cisco Cloud Network Controller enables policy translation of ACI policies into cloud-native policies and programs them in every Virtual Machine (VM) workload running application logic. Cisco Cloud Network Controller is licensed per workload managed by the solution.
3.3 Licenses bundled with APIC clusters
APIC clusters (APIC-CLUSTER-L4, APIC-CLUSTER-M4) are now bundled with 2 (two) Advantage XF2 3-year-term licenses that can be applied to any switch that uses XF2 licenses. Please reference Table 3 below for full switch-to- license-class mapping. When ordering in Cisco Commerce, these licenses will be automatically added to the APIC cluster. The inclusion and quantity of licenses cannot be modified.
APIC L4 Cluster with subscription licenses
APIC M4 Cluster with subscription licenses
Cisco ACI licenses are applied per Cisco Nexus 9000 device in a physical on-premises ACI deployment.
The per-device ACI licenses are offered as tiered licenses for easy consumption. Add-on licenses are charged per device, based on value-added feature offerings. For details on Datacenter licenses, please see the DCN software licensing BDM here.
For the full breakdown of what features are included in each tier (Essentials, Advantage, and Premier), please reference the Cisco DCN Software Subscriptions page.
5. Greenfield ACI fabric deployment ordering guide
This section lists the steps to order a base ACI fabric for greenfield ACI deployments.
5.1 Cisco Application Policy Infrastructure Controller (APIC)
The following table lists the SKUs for a physical APIC.
Table 1. Orderable SKUs for physical APIC
Product SKU |
Product description |
Number of physical appliances |
APIC-CLUSTER-M4 |
APIC cluster for medium configurations (up to 1200 edge ports) |
3 |
APIC-CLUSTER-L4 |
APIC cluster for large configurations (more than 1200 edge ports) |
3 |
APIC-M4 |
APIC appliance for medium configurations (up to 1200 edge ports) |
1 |
APIC-L4 |
APIC appliance for large configurations (more than 1200 edge ports) |
1 |
APIC-M4= |
APIC appliance for medium configurations (up to 1200 edge ports) (SPARE) |
1 |
APIC-L4= |
APIC appliance for large configurations (more than 1200 edge ports) (SPARE) |
1 |
5.2 Cisco ACI tiered and add-on licenses
ACI software licenses are available as subscription and perpetual consumption models.
Subscription – These term-based software licenses are available in 3-year, 5-year, and 7-year terms.
● Tiered licenses are available in DCN Essentials, DCN Advantage, and DCN Premier levels tiers as well as add-ons that support Cisco ACI.
● For customers that have a net Total Contract Value (TCV) of more than $100,000, we recommend data-center enrollment for a Cisco Enterprise Agreement. Learn more about Enterprise Agreements to cover your data-center technologies.
Perpetual – This is a nontransferable, fixed-price, traditional licensing model with the right to use covered features for a perpetual term. DCN Perpetual licenses are not portable between devices.
● The DCN Advantage tier is available as a perpetual license, as well as add-ons that support Cisco ACI.
Nexus licenses are categorized on platform bandwidth capacity. The following sections list the switches mapped to each license class and the SKUs required to order ACI software licenses for ACI deployment. Licenses are required for both leaf and spine switches.
Table 2. License categories and associated supported platforms (Cisco Nexus 9000 Series Switches)
1G Fixed Platform (GF) License |
10G/25G/40G/100G Fixed Platform (XF) License |
10G/25G/40G/100G Fixed Platform (XF2) License |
4-Slot Modular Platform License |
8-Slot, 16-Slot Modular Platform License |
8-Slot Centralized Modular Platform License |
4-Slot Distributed Modular Platform License |
8-Slot Distributed Modular Platform License |
N9K-C9348GC-FXP N9K-C92348GC-X |
N9K-C9332C N9K-C93180YC-EX N9K-C93108TC-EX N9K-C93180LC-EX N9K-C93180YC-FX N9K-C93108TC-FX N9K-C93240YC-FX2 N9K-C93216TC-FX2 N9K-C93360YC-FX2 N9K-C9336C-FX2 N9K-C93180YC-EX-24 N9K-C93108TC-EX-24 N9K-C93180YC-FX-24 N9K-C93108TC-FX-24 N9K-C93180YC-FX3S N9K-C93180YC- FX3 N9K-C93108TC-FX3P |
N9K-C9364C N9K-C9316D-GX N9K-C93600CD-GX N9K-C9364C-GX N9K-C9332D-GX2B N9K-C9348D-GX2A N9K-C9364D-GX2A |
N9K-C9504 |
N9K-C9508 N9K-C9516 |
N9K-C9408 |
N9K-C9408 |
N9K-C9808 |
5.2.1 Cisco ACI subscription software license SKUs
Select the options below when selecting the Cisco Nexus 9000 Series device, or standalone (without hardware) under top-level PID C1-N9K-ADD-T.
Table 3. PIDs for subscription tier-based licenses for DCN (ACI+NX-OS) (Cisco Nexus 9000 Series Switches in fixed platforms)
License |
1G Fixed Platforms (GF) |
10G/25G/40G/100G Fixed Platforms (XF) |
Cisco Nexus 9364C and 9300-GX Platforms (XF2) |
Essentials package |
C1E1TN9300GF-3Y C1E1TN9300GF-5Y C1E1TN9300GF-7Y |
C1E1TN9300XF-3Y C1E1TN9300XF-5Y C1E1TN9300XF-7Y |
C1E1TN9300XF2-3Y C1E1TN9300XF2-5Y C1E1TN9300XF2-7Y |
Advantage package |
C1A1TN9300GF-3Y C1A1TN9300GF-5Y C1A1TN9300GF-7Y |
C1A1TN9300XF-3Y C1A1TN9300XF-5Y C1A1TN9300XF-7Y |
C1A1TN9300XF2-3Y C1A1TN9300XF2-5Y C1A1TN9300XF2-7Y |
Premier package5 |
C1P1TN9300GF-3Y C1P1TN9300GF-5Y C1P1TN9300GF-7Y |
C1P1TN9300XF-3Y C1P1TN9300XF-5Y C1P1TN9300XF-7Y |
C1P1TN9300XF2-3Y C1P1TN9300XF2-5Y C1P1TN9300XF2-7Y |
Add-on licenses |
|||
NDB |
C1-N9K-NDB-3Y C1-N9K-NDB-5Y C1-N9K-NDB-7Y |
C1-N9K-NDB-3Y C1-N9K-NDB-5Y C1-N9K-NDB-7Y |
C1-N9K-NDB-3Y C1-N9K-NDB-5Y6 C1-N9K-NDB-7Y |
Security |
C1-N9K-SEC-XF-3Y C1-N9K-SEC-XF-5Y C1-N9K-SEC-XF-7Y |
C1-N9K-SEC-XF-3Y C1-N9K-SEC-XF-5Y C1-N9K-SEC-XF-7Y |
C1-N9K-SEC-XF-3Y C1-N9K-SEC-XF-5Y C1-N9K-SEC-XF-7Y* |
Storage |
Not supported |
C1-N9K-STRG-XF-3Y C1-N9K-STRG-XF-5Y C1-N9K-STRG-XF-7Y |
Not supported |
Sync-E |
Not supported |
C1-N9K-SYNCE-XF-3Y C1-N9K-SYNCE-XF-5Y C1-N9K-SYNCE-XF-7Y |
C1-N9K-SYNCE-XF-3Y C1-N9K-SYNCE-XF-5Y C1-N9K-SYNCE-XF-7Y |
A security add-on license is mandatory for the N9K-C9348D-GX2A platform. This platform is targeted for use cases that require MACsec on all ports.
Table 4. PIDs for subscription tier-based licenses for DCN (ACI+NX-OS) (Cisco Nexus 9000 Series Switches in modular platforms)
License |
4-Slot Modular Platforms |
8- to 16-Slot Modular Platforms |
8-Slot Centralized Modular Platforms |
8-Slot Distributed Modular Platforms |
8-Slot Distributed Modular Platforms |
Essentials package |
C1E1TN9500M4-3Y C1E1TN9500M4-5Y C1E1TN9500M4-7Y |
C1E1TN9500M816-3Y C1E1TN9500M816-5Y C1E1TN9500M816-7Y |
C1E1TN9400CM8-3Y C1E1TN9400CM8-5Y C1E1TN9400CM8-7Y |
C1E1TN9800M8-3Y C1E1TN9800M8-5Y C1E1TN9800M8-7Y |
C1E1TN9800M8-3Y C1E1TN9800M8-5Y C1E1TN9800M8-7Y |
Advantage package |
C1A1TN9500M4-3Y C1A1TN9500M4-5Y C1A1TN9500M4-7Y |
C1A1TN9500M816-3Y C1A1TN9500M816-5Y C1A1TN9500M816-7Y |
C1A1TN9400CM8-3Y C1A1TN9400CM8-5Y C1A1TN9400CM8-7Y |
C1A1TN9800M8-3Y C1A1TN9800M8-5Y C1A1TN9800M8-7Y |
C1A1TN9800M8-3Y C1A1TN9800M8-5Y C1A1TN9800M8-7Y |
Premier package7 |
C1P1TN9500M4-3Y C1P1TN9500M4-5Y C1P1TN9500M4-7Y |
C1P1TN9500M816-3Y C1P1TN9500M816-5Y C1P1TN9500M816-7Y |
C1P1TN9400CM8-3Y C1P1TN9400CM8-5Y C1P1TN9400CM8-7Y |
C1P1TN9800M8-3Y C1P1TN9800M8-5Y C1P1TN9800M8-7Y |
C1P1TN9800M8-3Y C1P1TN9800M8-5Y C1P1TN9800M8-7Y |
Add-on licenses |
|||||
NDB |
C1-N9K-NDB-M4-3Y C1-N9K-NDB-M4-5Y C1-N9K-NDB-M4-7Y |
C1-N9K-NDB-M816-3Y C1-N9K-NDB-M816-5Y C1-N9K-NDB-M816-7Y |
|
|
|
Security |
C1-N9K-SEC-M-3Y C1-N9K-SEC-M-5Y C1-N9K-SEC-M-7Y |
C1-N9K-SEC-M-3Y C1-N9K-SEC-M-5Y C1-N9K-SEC-M-7Y |
C1-N9K-SEC-M-3Y C1-N9K-SEC-M-5Y C1-N9K-SEC-M-7Y |
C1-N9k-SEC-M-3Y C1-N9k-SEC-M-5Y C1-N9k-SEC-M-7Y |
C1-N9k-SEC-M-3Y C1-N9k-SEC-M-5Y C1-N9k-SEC-M-7Y |
Storage |
C1-N9K-STRG-M-3Y C1-N9K-STRG-M-5Y C1-N9K-STRG-M-7Y |
C1-N9K-STRG-M-3Y C1-N9K-STRG-M-5Y C1-N9K-STRG-M-7Y |
|
|
|
5.2.2 Cisco ACI perpetual software license SKUs
Select the options below while selecting the Cisco Nexus 9000 Series device, or standalone (without hardware) by adding an equal sign and searching in Cisco Commerce (for example, ACI-AD-GF=.)
Note: There is no perpetual offer for Cisco ACI Premier; Premier must be purchased as a subscription.
Table 5. PIDs for perpetual tier-based licenses for DCN (ACI+NX-OS) (Cisco Nexus 9000 Series Switches)
License |
1G Fixed Platforms (GF) |
10G/25G/40G/100G Fixed Platforms (XF) |
Cisco Nexus 9364C and 9300-GX Platforms (XF2)1011 |
Advantage package |
ACI-AD-GF |
ACI-AD-XF |
ACI-AD-XF2 |
Add-on licenses |
|||
Security |
Not supported |
ACI-SEC-XF |
ACI-SEC-XF2 |
Storage (FC NPV, FCoE NPV, and SAN switching) |
Not supported |
ACI-STRG12 |
Not supported |
SyncE |
DCN-SYNCE-XF* |
DCN-SYNCE-XF* |
Table 6. PIDs for perpetual tier-based licenses for Cisco ACI (Cisco Nexus 9000 Series Switches in modular platforms)
License |
4-Slot Modular Platforms |
8- to 16-Slot Modular Platforms |
8-Slot Centralized Modular Platforms |
4-Slot Distributed Modular Platforms |
8-Slot Distributed Modular Platforms |
Advantage package |
ACI-AD-M4 |
ACI-AD-M8-16 |
ACI-AD-CM8 |
ACI-AD-DM4 |
ACI-AD-DM8 |
Add-on licenses |
|||||
Security |
ACI-SEC-XM |
ACI-SEC-XM |
ACI-SEC-XM |
ACI-SEC-XM |
ACI-SEC-XM |
Table 7. PIDs for port-upgrade licenses
Description |
Spare licenses (select without any hardware) |
Nexus 9300 48 Port-upgrade license for 24-port EX/FX platforms (N9K-C93180YC-EX-24, N9K-C93180YC-FX-24, N9K-C93108TC-EX-24, N9K-C93108TC-FX-24) |
N9K-EX-24P-UPG= N9K-FX-24P-UPG= |
6. Brownfield ACI deployment ordering guide
6.1 Cisco ACI upgrade for tiered licenses
This section lists the SKUs required to order upgrade licenses for Cisco ACI deployments. This is typically applicable for brownfield deployments when customers have purchased a lower-tier Cisco ACI license and want to migrate to a higher-tier license for existing hardware.
Table 8. License-upgrade SKUs
Description |
Perpetual -> Perpetual upgrade license |
Subscription -> Subscription upgrade license |
ACI 1G Base-to-Essentials upgrade license |
N/A |
|
ACI 10/25/40G Base-to-Essentials upgrade license |
N/A |
|
ACI 1G Base-to-Advantage upgrade license |
ACI-UPG-B-AD-GF= |
|
ACI 10/25/40G Base-to-Advantage upgrade license |
ACI-UPG-B-AD-XF= |
|
ACI 1G Base-to-Premier upgrade license |
N/A |
|
ACI 10/25/40G Base-to-Premier upgrade license |
N/A |
|
ACI 1G Essentials-to-Advantage upgrade license |
ACI-UPG-ES-AD-GF= |
|
ACI 10/25/40G Essentials-to-Advantage upgrade license |
ACI-UPG-ES-AD-XF= |
|
ACI 400G Essentials-to-Advantage upgrade license |
ACI-UPG-ES-AD-XF2= |
|
ACI 1G Essentials-to-Premier upgrade license |
N/A |
|
ACI 10/25/40G Essentials-to-Premier upgrade license |
N/A |
|
ACI 400G Essentials-to-Premier upgrade license |
N/A |
|
ACI 1G Advantage-to-Premier upgrade license |
N/A |
|
ACI 10/25/40G Advantage-to-Premier upgrade license |
N/A |
|
ACI 400G Advantage-to-Premier upgrade license |
N/A |
6.2 Cisco ACI perpetual to subscription upgrade
● No upgrade is available to migrate from a perpetual to a subscription license model. For this case, order new subscription licenses under C1-N9K-ADD-T (refer to Table 5. PIDs for subscription tier-based licenses for DCN (ACI+NX-OS).
Alternatively, some credit may be offered for migrating to an Enterprise Agreement. For more information on the Enterprise Agreement, please refer the Cisco Enterprise Agreement page.
6.3 Cisco NX-OS to Cisco ACI upgrade licenses
This section is applicable for customers who had purchased perpetual licenses for Cisco Nexus 9000 in Cisco NX-OS standalone mode and want to migrate to perpetual ACI licenses.
Table 9. Perpetual to subscription upgrade license SKUs
Description |
Perpetual upgrade license |
Subscription licenses |
Cisco NX-OS Essentials to Cisco ACI Essentials upgrade license for 1G device |
N/A |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS Essentials to Cisco ACI Essentials upgrade license for 10G+ device |
N/A |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS Advantage to Cisco ACI Advantage upgrade license for 1G device |
NXOS-ACI-UP-AD-GF= |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS Advantage to Cisco ACI Advantage upgrade license for 10G+ device |
NXOS-ACI-UP-AD-XF= |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS LAN to Cisco ACI Essentials upgrade license for 1G device |
N/A |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS LAN to Cisco ACI Essentials upgrade license for 10G+ device |
N/A |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS LAN to Cisco ACI Advantage upgrade license for 1G device |
Step 1: NXOS-UPG-L-AD-GF= Step 2: NXOS-ACI-UP-AD-GF= |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS LAN to Cisco ACI Advantage upgrade license for 10G+ device |
Step 1: NXOS-UPG-L-AD-XF= Step 2: NXOS-ACI-UP-AD-XF= |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS Essentials to Cisco ACI Advantage upgrade license for 1G device |
Step 1: NXOS-UPG-ES-AD-GF= Step 2: NXOS-ACI-UP-AD-GF= |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
Cisco NX-OS Essentials to Cisco ACI Advantage upgrade license for 10G+ device |
Step 1: NXOS-UPG-ES-AD-XF= Step 2: NXOS-ACI-UP-AD-XF= |
N/A Current subscription SKUs include both Cisco ACI and Cisco NX-OS features |
7. Product solution purchasing reference
7.1 Cisco Nexus Dashboard Orchestrator
Cisco Nexus Dashboard Orchestrator provides a single point of provisioning for multiple Cisco ACI fabrics.
Cisco Nexus Dashboard Orchestrator Licensing Components
Cisco Nexus Dashboard Orchestrator requires purchase of the following:
● Cisco ACI spine-leaf architecture with an APIC cluster for each fabric
● One Data Center Networking Advantage or Premier License per device for all of the connected fabrics
Ordering option 1: Purchase virtual APIC (vAPIC) bundle
Table 10. vAPIC ordering option 1
Product SKU |
Quantity to purchase |
ACI-C9332-VAPIC-B1 |
1 |
Any ACI-supported leaf switches |
2 minimum |
Any ACI license |
3 per device |
Ordering option 2: Purchase virtual APIC standalone
Table 11. vAPIC ordering option 2
Product SKU |
Quantity to purchase |
DCN-VAPIC |
3 |
Any ACI-supported fixed spine switches |
2 |
Any ACI-supported leaf switches |
2 |
Any ACI license |
Per device |
7.3 ACI security feature licensing
MACsec is an IEEE 802.1AE standard that provides MAC-layer hop-by-hop encryption for data confidentiality and integrity for media-access-independent protocols. MACsec uses out-of-band methods for encryption keying. The APIC will be responsible for the MACsec keychain distribution to all the nodes in a pod or to specific ports on a node.
MACsec Encryption Licensing Components
The encryption capability requires purchase of the following:
● ACI spine-leaf architecture with an APIC cluster for the main fabric
● One Essentials, Advantage, or Premier license per device in the fabric
● An add-on license ACI-SEC-XF/GF per device (leaf) for encryption
● An add-on license ACI-SEC-XF per device (fixed spine) for encryption
● An add-on license ACI-SEC-XM per device (modular spine) for encryption
7.3.2 Encryption (CloudSec)
Cisco ACI Multi-Site uses VXLAN overlay tunnels over the Intersite Network (ISN) to interconnect each ACI data center site; these VXLAN tunnels are not encrypted. CloudSec is a new technology that solves this problem by providing site-to-site encryption for all data center interconnect traffic in a Cisco Nexus Dashboard Orchestrator deployment. Encryption keys are configured on each site’s APIC, and Cisco Nexus Dashboard Orchestrator will automatically exchange and distribute keys to sites as well as refresh keys automatically periodically.
CloudSec encryption licensing components
The CloudSec encryption capability requires purchase of the following:
● ACI spine-leaf architecture with an APIC cluster for each site
● Deployment of a Cisco Nexus Dashboard Orchestrator to manage each site
● One Advantage or Premier license per device in the fabric
● An add-on license ACI-SEC-XF per device (fixed spine) for encryption
● An add-on license ACI-SEC-XM per device (modular spine) for encryption
7.4 Fiber Channel over Ethernet (FCoE)
Cisco ACI enables the configuration and management for Fibre Channel over Ethernet (FCoE) traffic on the ACI fabric. A typical implementation of FCoE protocol support on the ACI fabric enables hosts located on the Ethernet-based ACI fabric to communicate with SAN storage devices located on a Fibre Channel network.
ACI FCOE licensing components
The FCoE solution requires purchase of the following:
● ACI spine-leaf architecture with an APIC cluster for the main fabric
● One Essential, Advantage, or Premier license per device for the main fabric
● An add-on license ACI-STRG per device with FCOE/FC NPV configuration
8. Cisco Cloud Network Controller
Cisco Cloud Network Controller (formerly Cloud ACI) is a comprehensive solution for simplified operations, automated network connectivity, consistent policy management, and visibility for multiple on-premises data centers and public cloud environments. This solution introduces the Cisco Cloud Application Policy Infrastructure Controller, which runs natively in public clouds in a virtualized form factor.
Cisco Cloud Network Controller is being offered natively on AWS, Azure, and Google Cloud Platform. The Cisco Network Controller binary image is available on AWS Market Place and Google Cloud Marketplace and supports the Bring Your Own License (BYOL) model. AWS Market Place also supports the Pay As You Go (PAYG) model.
Cisco Cloud Network Controller
The licenses for Cisco Cloud Network Controller (CCNC) are charged per workload (VM instance) under policy management of the CCNC. Typically, these virtual-machine instances will be used to deploy application workloads on a public cloud. The Essentials Cloud tier includes licenses for a single policy domain or a single instance of CCNC on a public cloud. If multiple instances of CCNC need to be deployed for scale reasons, then the Advantage Cloud licenses need to be purchased for each workload instance managed by the Cisco Cloud Network Controllers.
For example, assume that a single instance of Cisco Cloud Network Controller can manage instances spread across sixteen different regions in AWS/Azure/Google Cloud. If a customer needs to deploy 100 EC2 instances under the policy management of the CCNC, and these are running within a single region on AWS/Azure/Google Cloud, 100 Essentials Cloud licenses will be required. If these 100 EC2 instances are spread across seventeen or more different AWS/Azure/Google Cloud regions, then two instances of CCNC will be needed. In this case, 100 Advantage Cloud licenses need to be purchased. The licenses are portable across AWS, Azure, and Google clouds, and the license SKUs are the same for all the clouds.
Table 12. Required license components for Cisco Cloud Network Controller
Description |
Essentials Cloud |
Advantage Cloud |
Cloud interconnect automation |
||
Automation of interconnect between on-premises data center and public cloud |
||
Centralized management across multiple cloud regions |
||
Fault management |
||
Monitoring and troubleshooting |
||
API-driven automation and orchestration |
||
Ecosystem |
||
Third-party integration via open APIs |
||
Policy and security |
||
Cloud-native policy and segmentation |
||
Zero-trust policy model on cloud |
||
Role-based access control on cloud |
||
Audit support and logging on cloud |
||
Policy domains on public cloud |
||
Single-policy domain on cloud |
||
Multiple-policy domains on cloud |
|
The Cisco Cloud Network Controller solution requires the following license components:
On the on-premises data center (If applicable)
1. ACI Device licenses
One ACI Essentials/Advantage/Premier license per device for all Cisco Nexus 9000 devices running in Cisco ACI mode.
Note: A single physical on-premises site can run in the Essentials license tier if it is connected to one or more cloud sites. More than one physical on-premises sites connected to Cisco Nexus Dashboard Orchestrator and one or more cloud sites will require a minimum of one ACI Advantage license per device.
On public cloud
1. Workload licenses for Cisco Cloud Network Controller
Cisco Cloud Network Controller licenses are subscriptions of 3-, 5-, or 7-year duration. A Cisco Smart Account is mandatory for ordering Cisco Cloud Network Controller licenses.
Table 13. Cloud Network Controller workload license SKUs
Product SKU |
Product description |
ACI-CAPIC ACI-CAPIC-ES |
ACI Essentials Cloud for single-policy domain on public cloud |
ACI-CAPIC ACI-CAPIC-AD |
ACI Advantage Cloud for single-policy domain on public cloud |
2. Cisco Catalyst 8000V license SKUs for Cisco Cloud Network Controller solution
At least two Cisco Catalyst 8000V (Cat8kV) Cisco DNA Advantage licenses are required to run the Cisco Cloud Network Controller solution on a public cloud.
The PID for adding Cat8kV license is L-DNA-C8000V, and it has two mandatory configuration options that have to be chosen.
Table 14. Catalyst 8000V license and its components
Top level SKU |
Configuration SKUs required |
L-DNA-C8000V |
- C8000V-PF IOSXE-AUTO-MODE-PF |
In addition to that, the choice of subscription must be made based on bandwidth requirements and term of the license.
Table 15. Subscription tiers for Catalyst 8000V
Product SKU |
Product description |
DNA-P-T0-A-3Y |
Cisco DNA License SKU for 25 Mbps for 3 years |
DNA-P-T0-A-5Y |
Cisco DNA License SKU for 25 Mbps for 5 years |
DNA-P-T0-A-7Y |
Cisco DNA License SKU for 25 Mbps for 7 years |
DNA-P-T1-A-3Y |
Cisco DNA License SKU for 250 Mbps for 3 years |
DNA-P-T1-A-5Y |
Cisco DNA License SKU for 250 Mbps for 5 years |
DNA-P-T1-A-7Y |
Cisco DNA License SKU for 250 Mbps for 7 years |
DNA-P-T2-A-3Y |
Cisco DNA License SKU for 1G for 3 years |
DNA-P-T2-A-5Y |
Cisco DNA License SKU for 1G for 5 years |
DNA-P-T2-A-7Y |
Cisco DNA License SKU for 1G for 7 years |
DNA-P-T3-A-3Y |
Cisco DNA License SKU for 10G for 3 years |
DNA-P-T3-A-5Y |
Cisco DNA License SKU for 10G for 5 years |
DNA-P-T3-A-7Y |
Cisco DNA License SKU for 10G for 7 years |
3. CSR 1000V to Catalyst 8000V tier mapping
Catalyst 8000V provides new bandwidth tiers. The table below provides the mapping that should be used for picking up the right Catalyst 8000V tier during the migration from CSR 1000V.
Table 16. Bandwidth tiers for Catalyst 8000V
CSR 1kV bandwidth |
Cat8kV Tier |
Cat8kV Bandwidth |
10 Mbit/s |
0 |
Up to 25 Mbit/s |
50 Mbit/s |
1 |
Up to 200 Mbit/s |
100 Mbit/s |
1 |
Up to 200 Mbit/s |
500 Mbit/s |
2 |
Up to 1 Gbit/s |
1 Gbit/s |
2 |
Up to 1 Gbit/s |
2.5 Gbit/s |
3 |
Up to 10 Gbit/s |
5 Gbit/s |
3 |
Up to 10 Gbit/s |
While any of Catalyst 8kV tiers mentioned above are available for ordering, for customers who are migrating from CSR1kV to Catalyst 8kV as a part of their Cloud ACI setup the suggestion is to use Tier 2 and Tier 3 as the closest matches of previous CSR1kV licenses for Cloud ACI production customers.
8.1 Cloud Network Controller bundle
The Cloud Network Controller bundle is a single SKU for purchasing all the licensing components required for the Cloud Network Controller solution. The following are the components of the bundle with limited-time built-in discounts:
● CAPIC-C8KV-B
◦ ACI-CAPIC (15% discount)
◦ Catalyst 8000V (15% discount)
8.2 Cloud Network Controller evaluation licenses
Cloud Network Controller evaluation licenses can be requested using this site (choose Product Family as APIC).
For Catalyst 8000V: use L-C8000-DEMO PID on CCW. This demo PID has no tiers, and the customer will get full bandwidth access for the time of evaluation.
Note: Cisco Cloud Network Controller Catalyst 8000V licenses are Cisco® licensing-enabled SKUs. A Cisco Smart Account is mandatory while placing an order for these SKUs. It is recommended to keep the customer’s Cisco Smart Account ready at the time of placing the order. For a more detailed overview of Cisco Licensing, go to cisco.com/go/licensingguide.
Cisco’s Day 2 Operations solution stands out as the first comprehensive technology solution in the industry developed by Cisco for network operators to manage day-2 operations in their networks. Our solution automates, monitors, and analyzes your data center fabric in real time. The components of Day 2 Operations include:
● Cisco Nexus Dashboard Platform
● Cisco Nexus Insights
See Cisco Nexus Dashboard and Cisco Data Center Day 2 Operations Solution Suite Ordering Guide.
Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure – you control what users can access. With Smart Licensing you get:
● Easy Activation: Smart Licensing establishes a pool of software licenses that can be used across the entire organization—no more PAKs (Product Activation Keys).
● Unified management: My Cisco Entitlements (MCE) provides a complete view into all your Cisco products and services in an easy-to-use portal, so you always know what you have and what you are using.
● License flexibility: your software is not node-locked to your hardware, so you can easily use and transfer licenses as needed.
To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central (software.cisco.com).
For a more detailed overview of Cisco Licensing, go to cisco.com/go/licensingguide.
11. Cisco services and support
Achieve business outcomes faster with Cisco Services for Cisco ACI: The Cisco ACI Services portfolio provides a range of professional and support services for each stage of your Cisco ACI journey. Cisco ACI can deliver significant advantages for your business. To help you quickly gain the benefits of your Cisco ACI solution while also mitigating risk, we offer a comprehensive portfolio of services. These services provide expert guidance to enable you to accomplish your business and technical outcomes. Cisco Services can help ensure your success with Cisco ACI, delivering expert support for planning, designing, deploying, and supporting your new infrastructure. To get started in learning more about Cisco Services for ACI, visit this link.
Flexible payment solutions to help you achieve your objectives
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services, and complementary third-party equipment in easy, predictable payments. Learn more.
Cisco Commerce ordering tool |
|
Cisco ACI solution data sheet |
|
Cisco APIC data sheet |
|
Cisco Nexus 9000 Series Switches data sheets |
|
Cisco Nexus Insights |
|
Cisco Nexus Dashboard |
|
Cisco Cloud Network Controller solution overview |
|
Technical white papers |
|
Solution overviews |
|
Release notes for Cisco ACI and APIC solutions |
|
Release notes for Cisco Nexus 9000 Series Switches |
|
Download Cisco ACI software |