Cisco talked up its Application-Centric Infrastructure (ACI) vision for the future of networking this week at Cisco Live in San Francisco, providing customers with migration paths and highlighting business use cases, particularly security.
"ACI is designed to help you be more efficient and agile," Soni Jiandani, senior vice president of Cisco's Insieme Business Unit, said in a keynote Wednesday. "It spans the virtual and the physical and has security as an ingrained part."
In November, Cisco unveiled ACI, its software-defined networking platform, along with new Nexus 9000 switches that can run in ACI mode with a software upgrade. Jiandani described the Application Policy Infrastructure Controller (APIC) -- the heart of the ACI model -- as a single point of management from which organizations will be able to push policy out at the application level. "It provides full visibility. You don't have to manage networks on a box-by-box basis," she said.
APIC will be available this summer, Cisco said; executives have declined to provide a more specific date. Cisco claims more than 1,000 customers "in the pipeline" for ACI and about 70 customers and partners that are actually testing it.
In her ACI keynote, Jiandani said investment protection is a hot button for Cisco customers, and that the company responded by providing ways for them to extend ACI policy to their existing Nexus datacenter infrastructures.
Cisco recently announced that customers with Nexus 2000, 3000, 5000, 6000, and 7000 switches have a couple options for applying ACI policy to physical and virtual workloads in their networks. For virtual workloads, they can use the Cisco Application Virtual Switch (AVS), which is a version of the Nexus 1000V virtual switch that provides support for the ACI application policy model. For bare-metal servers in traditional Nexus infrastructure, they can use a Nexus 9300 switch, deployed as a leaf.
Also, Cisco said it will integrate the Nexus 7000 switch series and ASR 9000 router into the ACI fabric as a datacenter interconnect gateway/router.
Bob McCouch, a networking consultant and Network Computing contributor, said in an email interview that he was still trying to understand all the details about how the older Nexus lines will interact with ACI, but called the migration strategy an important step in Cisco's ACI vision. The AVS could be big, he told us.
"By rolling ACI policy-control capability into its multi-hypervisor virtual switching solution, Cisco is suddenly able to push the ACI vision right to the virtual host, sort of like what VMware is doing with NSX, but Cisco's solution can work with every mainstream hypervisor including VMware vSphere, Microsoft Hyper-V, and Xen/KVM," he said. "If well executed, this could be a major advantage for Cisco in the virtual-networking wars."
Security use case
During Cisco Live, executives touted security as a top use case for ACI, from the datacenter to the WAN and access layer. Rob Lloyd, president of development and sales at Cisco, called "end-to-end security the No. 1 use case" for ACI during a media Q&A session Tuesday.
At Wednesday's ACI keynote, Robert Soderbery, SVP and general manager of Cisco's Enterprise Networking Group, showed how integration of Sourcefire security (Cisco acquired the IPS vendor last year) with APIC and Cisco Identity Services Engine can be used to respond to potential network security threats. A Sourcefire alert could trigger a new policy -- perhaps kicking a user off the network or just monitoring him or her -- that APIC would push out to the network.
"Most threats are already in our network, so the problem we're facing in security isn't how to build higher walls, but how to find the threats, remediate them, and revert to normal operations," Soderbery said.
Bob Laliberte, senior analyst at Enterprise Strategy Group, said Cisco's security focus with ACI is on the mark. "Given the fact that security is now a CEO issue as well as CIO it makes sense to focus on this area as it could be another driver to accelerate adoption," he said in an email.
Overall, "organizations are still trying to figure out their SDN strategy as it is still early in the game," he said. "That said, Cisco has done a good job of executing against its ACI vision and is now talking about customers -- about 175 with Nexus 9000 now and several dozen testing APIC -- that is pretty impressive adoption in a short time."
Extending APIC to the campus and WAN, and helping organizations understand how it fits with legacy infrastructure will be important to accelerate adoption, Laliberte told us. Earlier this year, Cisco announced a module for APIC that provides functionality in the LAN and WAN.
Cisco's recent ACI update also included three new form factors in the 9000 Nexus line. Called the "baby spine" by Cisco engineers, the 9336PQ is a 2RU device designed to be a spine switch in a small or midsized ACI network. It supports 1.44 Tbit/s of bandwidth across 36 fixed 40 QSFP+ ports.
The Nexus 9396TX is a top-of-rack switch that is designed to run in either traditional three-tier network designs or with a software upgrade, in ACI mode. It provides 100M/1G/10G copper-based front panel port connectivity. Meanwhile, a new linecard, the N9K-X9736PQ, targets customers that want to enable the ACI modular spine for the Nexus 9500 platform. The linecard has 36 non-blocking 40GbE QSFP+ ports.
Cisco also released a new version of its UCS Director that integrates with APIC and supports Nexus 9000 series switches.