Christmas Offer - Every Learner Must Check Out - Flat 88% OFF on All Access Pass
PyNet Labs- Network Automation Specialists

Cisco ACI Architecture and Its Components

Author : PyNet Labs
Last Modified: June 12, 2023 
Components of Cisco ACI


Before discussing the components of Cisco ACI and its architecture, it is crucial to understand why ACI was introduced in the first place when we already had SDN technology with us, which was robust, with a simple mechanism to control and manage devices in the entire network from one centralized plane.

Cisco ACI provides security, performance, and scalability to all the demanding applications in today’s market as organizations are widely adapting it.

For any organization looking to improve its data center network, Cisco ACI may be the best solution for them. In this article, you will learn what is Cisco ACI including its architecture, working, benefits and uses.

So, let’s start with What is SDN in Networking?

What is SDN in Networking?

SDN stands for Software-Defined Networking. It is a network management technology introduced to virtualize the network. Virtualizing makes SDN networks more dynamic, programmatically efficient for network configuration, and constant monitoring improves network performance.

When we talk about traditional routing, the router or switch architecture used to have its control plane and data plane in the same device. And the functions like routing decisions and packet forwarding are the responsibility of the device operating system.

Unlike traditional routing, SDN architecture moves the control plane from each network device to a central network intelligence and policy-making entity called the SDN controller. The SDN controllers, especially the control plane, are considered the SDN network’s brain, where the whole intelligence is incorporated.

So, using SDN, network administrators can have an abstracted centralized view of the network from the control plane.

OpenFlow was the first SDN standard introduced to facilitate the communications interface defined between the controls and forwarding layers of SDN architecture. But it lacked scalability, visibility, security and were complex; That’s why Cisco introduced a new approach and architecture driven from SDN called Application Centric Infrastructure (ACI).

ACI was a new approach emphasizing an essential part of the Datacenter.

What is Cisco ACI?

Application Centric Infrastructure (ACI) is the policy-based SDN solution for the Data Center environment. It is pretty popular in industries as it offers high software flexibility, efficient configuration, and scalability of hardware performance. Also, its management, policy framework, and protocols make it different from other SDN technologies.

ACI use the latest Cisco Nexus 9000 family of switches as the hardware and comprise Data Center Policy Engine, Additional Data Center Pod, and Non-directly Attached Virtual and Physical Leaf Switches along with its software.

In addition to bare-metal server installations, ACI offers unified policy definition and application across physical and virtual resources. An intuitive graphical user interface or programmatically using APIs can be used to accomplish this. With the latter choice, you may incorporate ACI into your current DevOps procedures.

How Does ACI Work?

ACI (Application Centric Infrastructure) is a data centre network architecture that provides more flexible and efficient application deployment and management. Both physical and virtual networks can be controlled by one point of control which allows greater transparency for easy management of complex networks.

By introducing ACI, the efficiency and agility of the Data Centre as it helps in automating the tasks that are done manually and are error prone in some or other ways. As we take an example, ACI can identify the error correctly in a configuration of any application which can be automatically replaced by deploying the correct and new application on the infrastructure and the network automatically adjusting itself to provide the right resources when and where they are needed.

Moreover, it provides a highly enhanced security and compliance capability. It comes with amazing features such as built-in firewalls and intrusion detection/prevention systems, which help in protecting the Data Center’s assets from malicious attacks.

We can say, ACI is a data centre network architecture that enables more flexible and efficient application deployment and management. ACI can assist increase data centre agility, efficiency, security, and compliance.

ACI has n number of benefits and some of them are mentioned below.

Cisco ACI Benefits

Here are some of the significant benefits of using ACI,

  • The application-driven policy model offers simplified Automation.
  • Focus on Applications and their velocity. So, Data Center can handle any workload, anytime.
  • Integration Capabilities – Investment protection by integrating with the existing fabric infrastructure, e.g. Nexus 7000
  • Virtualization
  • Container networking
  • Orchestration
  • Public Cloud networking
  • Centralized visibility with real-time, application health monitoring
  • Open software flexibility for DevOps teams and ecosystem partner integration
  • Scalable performance and multi-tenancy in hardware

Cisco ACI Architecture

Cisco ACI enables you to construct the network of your data centre according to the requirements of your applications therefore infrastructure is known as application centric. To automate and simplify network configuration, deployment, and management it uses a centralized policy model. This allows greater flexibility, scalability, and manageability as its architecture helps to decouple from the data forwarding plane to the network control plane.

ACI consists of majorly three important components:

  • Application Policy Infrastructure Controller (APIC)
  • Leaf switches,
  • Spine switches.

ACI fabric is managed by the Application Policy Infrastructure Controller (APIC), a centralised controller. The connectivity required between servers and external networks is provided by the leaf switches also known as ToR switches. The spine switches are collective Layer 3 switches that give leaf switches high-bandwidth communication.

For the complete ACI fabric, the APIC provides a common control and management point. To expose the ACI policy model to external application and orchestration tools, it uses an open standard-based application programming interface (API). Also, for the manual configuration and monitoring of ACI Fabric, the APIC provides an intuitive web-based user interface (UI).

For the connectivity between the servers and external networks the connectivity is provided by the leaf switches are ToR switches. All Layer 2 and Layer 3 protocols can be programmed and supported by Leaf Switch. Also, it supports quality of service (QoS), security features, and virtualization capabilities.

Between the leaf switches, high-bandwidth connectivity is required, and which is provided by the spine switches that are the collective Layer 3 switches. Also, they are fully programmable and support all Layer 2 and Layer 3 protocols.

Components of Cisco ACI

Cisco ACI fabric comprises the APIC, ANP, and the Cisco Nexus 9000 series switches using two-tier spine-leaf topology as the core components of ACI architecture.

The three core components of Cisco ACI architecture:

1. Application Policy Infrastructure Controller (APIC) –

APIC stand for Application Policy Infrastructure Controller and is considered the brain of the ACI architecture. A centralized software controller designed for programmability (Automation), centralized management, policy enforcement, and health monitoring.

APIC is responsible for,

  • Fabric Activation
  • Maintenance of switch firmware
  • Translating application policies into network programming.
  • Optimizing performance.
  • Supporting any application anywhere.
  • Unifying operation of physical and virtual environments.
  • Managing and operating a scalable multitenant Cisco ACI fabric.

Also, Cisco APIC does not manipulate the data path directly compared to the controllers in SDN. It centralizes the policy definition and programs the leaf switches to forward traffic based on the defined policies.

Moreover, when communication with the APIC is lost in a network, the fabric can still forward traffic because the APIC is completely removed from the data path. So, the availability needs are consistently met in ACI.

APIC is positioned between the ANP and the ACI-enabled network infrastructure in the ACI fabric. They expose a northbound API through XML and JSON and provide both a command-line interface (CLI) and GUI that use this API to manage the fabric.

It supports multiple configuration methods, including a GUI, a REST API, a Python API, Bash scripting, and a CLI. APIC also provides an open-source southbound API allowing third-party network service vendors to implement policy control of supplied devices.

2. Application Network Profile (ANP)-

Unlike APIC, Application Network Profile (ANP) is defined as the collection of endpoint groups (EPG), their connections, and the policies that define those connections. EPG is a logical grouping of similar endpoints representing an application tier or service set requiring a similar policy.

ANP logically represents all the application components and their interdependencies on the application fabric. They are basically designed to be modelled in a logical way that matches the way the applications are designed and deployed. Moreover, the configuration, enforcement of policies and connectivity are handled by the system rather than manually by an administrator.

Steps required to create an Application Network Profile.

  • Creating EPGs
  • Building policies that define connectivity with rules such as Permit, Deny, Log, Mark, Redirect, Copy
  • Creating contracts – Reusability and policy consistency for services that typically communicate with multiple EPGs.

3. Cisco ACI Fabric: Cisco Nexus Portfolio

With the recent introduction to Cisco Nexus 9000 Series Switches for both traditional and Cisco ACI data center deployments to the family of Nexus switches, we can tell Cisco is expanding its Nexus portfolio. These switches provide an application-aware switching fabric and work with an APIC to manage the virtual and physical network infrastructure.

They are highly in-demand as they offer modular and fixed 1/10/40 Gigabit Ethernet switch configurations. Also, they are designed in such a way to operate either in Cisco NX-OS mode or in Cisco ACI mode.

Both modes offer compatibility and consistency with the current Cisco Nexus switches and let the data centers take full advantage of Cisco ACI application policy-based services and infrastructure automation features.

These capabilities of using Cisco Nexus switches makes them the core ACI component. Over it, they provide customers with investment protection and ease of migration to Cisco ACI through a software upgrade.

So, these components of ACI make this technology an excellent fit for next-generation Data Centers switching and are accessible to customers of any size.

Frequently Asked Questions

Q1 – What is Cisco ACI architecture?

Cisco ACI (Application Centric Infrastructure) is a software-defined networking architecture that simplifies data center management and automation. It integrates physical and virtual networks, enabling centralized control and policy-based automation through the Application Policy Infrastructure Controller (APIC). With ACI, organizations can achieve greater agility, scalability, and security in their data center environments while reducing complexity and operational costs.

Q2 – What are the 3 core components of ACI architecture?

The Cisco Application Centric Infrastructure (ACI) architecture consists of three core components. These components are – Application Policy Infrastructure Controller (APIC), Application Network Profile (ANP), and Cisco ACI Fiber

Q3 – What architectural model is used with Cisco ACI?

The architectural model used with Cisco ACI is the Policy-Driven Data Center (PDDC) model. It focuses on the concept of defining and implementing policies based on application requirements rather than manually configuring individual network elements. The PDDC model allows for centralized management and control, where policies are defined in a centralized controller (APIC) and propagated to the network devices (spine and leaf switches).

Q4 – What is Cisco ACI and how it works?

Cisco ACI (Application Centric Infrastructure) is a software-defined networking (SDN) solution that revolutionizes data center networking. It abstracts the underlying network infrastructure and provides a policy-driven framework for managing and automating network services.


In summary, the Cisco ACI Architecture is a powerful solution that simplifies network management, enhances security, and provides agility and scalability for organizations. The key Cisco ACI components, such as the APIC, leaf and spine network fabric, and policy-driven model, enable centralized control, low-latency connectivity, and granular policy enforcement.

By adopting Cisco ACI, businesses can streamline operations, reduce complexity, and improve overall network performance. The architecture’s features and flexibility make it an ideal choice for organizations seeking enhanced performance, scalability, and security. Embracing Cisco ACI empowers businesses to take control, adapt to changing demands, and drive innovation in their network infrastructure.

A data center specialist will require Cisco Nexus 9000 training to deploy and manage Cisco Nexus® 9000 Series Switches in NX-OS and ACI mode to fulfil the skill requirement.

With PyNet Labs, professionals can learn this trending technology as we offer Cisco DC ACI online training along with Cisco Nexus training from scratch. So, if you are looking for Cisco Nexus training in Delhi, Bangalore, Hyderabad, Pune or any part of the country? Enroll with PyNet Labs and start your online Cisco Nexus + DCACI training from the comfort of your home.

To register for our Nexus + Cisco DC ACI training, you can connect with us on Call, WhatsApp, Telegram, Viber, Signal at +91 9821215002, or write us at [email protected].

Recent Blog Post

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram