Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Cisco Unveils Insieme SDN Platform, New Switches

Cisco today unveiled details of its new software-defined networking platform from Insieme, a Cisco subsidiary. It’s designed to encompass both physical and virtual networks, enable more automation in the data center, and streamline network configuration to deploy and support applications.

The new platform has two major components: the Application Policy Infrastructure Controller (APIC) and a new switch line, the Nexus 9000 series.

More Insights


More >>

White Papers

More >>


More >>

The APIC is a software controller designed to run on UCS, Cisco’s server platform. The driving notion behind APIC is the creation of application profiles. These profiles encompass all the resources and services that an application requires (bandwidth, throughput, QoS, storage, compute, load balancing, and so on).

The APIC then configures the network to provide the required elements. The controller will support OpenFlow, onePK (Cisco’s proprietary package of southbound APIs for Cisco gear), and other mechanisms for configuring network hardware.

Administrators create the application profiles using an extensible scripting model from Cisco. “Policies remain with the application regardless of where the application resides, so you don’t have the problem of thousands of ACLs that no one is really sure what they do,” said Ish Limkakeng, vice president at Insieme. “When you change the application profile, it gets updated by the APIC to keep it consistent.”

[Whatever impact SDN will have on the data center, Greg Ferro says don’t expect less expensive networks. See his argument in “SDN Doesn’t Mean Cheaper Networking.”]

Application profiles would be created by the application team in an enterprise, with input from network, security and storage teams.

Limkakeng noted that because the controller maintains a view of the entire system, it will prevent application profiles from demanding more resources, such as bandwidth, than the network can provide. Limkakeng said the APIC should be able to scale up to tens of thousands of application profiles.

He also noted that while APIC can program the network and update application profiles, the controller is not involved in forwarding traffic. “If the APIC went out of the picture, you could still forward,” he said.

The APIC works with both a physical underlay and a network overlay. At present, the underlay requires the Nexus 9000 to serve as the spine nodes in a leaf/spine architecture.

Thus, customers looking to deploy APIC will have to purchase these new switches. Limkakeng also said that APIC will support the Nexus 7000 and Nexus 2000 Fabric Extender, as well as Cisco’s ASR, but that the 9000 is required to build out the physical fabric.

Given the requirement of Nexus 9000 switches, early deployments of APIC are likely to be set up as islands within an existing data center. “I think we’ll see customers stand up a pod within a data center…and workloads migrated over time,” said Limkakeng. He cited a low-end entry point of $75,000 for a deployment of a few hundred ports.

The Nexus 9000 series comes in two major models: the 9508, a 10/40 GbE, 13 rack-unit chassis for end of row or aggregation, and a pair of 9300 switches for top of rack that offer a mix of 1, 10 and 40GbE ports.

Note that the Nexus 9000 switches run Cisco’s NX-OS. They require an upgrade to NX-OS Plus to work with the controller.

APIC uses VXLAN for the overlay. It also supports a variety of hypervisors, including VMware vSphere, Microsoft Hyper-V and Red Hat KVM, to enforce virtual network policies and to gather telemetry.

An SDN controller is designed to present interfaces to third-party applications and services (so-called northbound APIs), and APIC is no different. Cisco has said it will support APIs for OpenStack, the popular cloud orchestration platform, as well as a number of vendors such as F5, Sourcefire. These partners will aim to provide services for APIC to link to, such as load balancing, security and so on.

Cisco will also enable its own gear to interoperate with APIC. As part of its ACI framework, Cisco announced ACI Security, which integrates management of security services into the controller, and a new virtual firewall called the ASAv.

The ASAv works with multiple hypervisors and includes all of the features of Cisco's other Adaptive Security Appliances. Unlike Cisco's existing virtual firewall, the ASA 1000v, which works with the Nexus 1000v switch, ASAv is "virtual switch agnostic," Scott Harrell, vice president of the Cisco Security Technology, said in an interview.

Cisco also updated its ASA 5585-X security appliance to interoperate with the new Nexus 9000 switches, which Harrell said can scale to 640Gbps via 16-way clustering with state synchronization. ACI Security is designed to provide visibility into both virtual and physical infrastructure.

The ability to provision and manage security via the controller will streamline what is today often a cumbersome and time-consuming firewall configuration process, Harrell said. With the ability to deploy ASAv appliances in a scalable way, security administrators can conduct more granular traffic inspection for improved security, he said.

The announcement of APIC now brings to three the total of controllers in which Cisco has some involvement. Two it owns outright: APIC and Open Network Environment (ONE), a controller Cisco debuted in February 2013.

Cisco is also closely involved in the OpenDaylight project, an effort from the Linux Foundation to build an open-source controller. Cisco contributed code from ONE that serves as the basis of the OpenDaylight controller.

Cisco also announced its intention to acquire the remaining stake in Insieme Networks, an early-stage company in which Cisco was the majority owner.

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers