Data centers

07:10 AM
Marcia Savage
Marcia Savage
News
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Cisco Expands On Its ACI Strategy

Networking giant touts its SDN platform at Cisco Live and offers ways for customers to extend ACI policy to legacy Nexus infrastructure.

Cisco talked up its Application-Centric Infrastructure (ACI) vision for the future of networking this week at Cisco Live in San Francisco, providing customers with migration paths and highlighting business use cases, particularly security.

"ACI is designed to help you be more efficient and agile," Soni Jiandani, senior vice president of Cisco's Insieme Business Unit, said in a keynote Wednesday. "It spans the virtual and the physical and has security as an ingrained part."

In November, Cisco unveiled ACI, its software-defined networking platform, along with new Nexus 9000 switches that can run in ACI mode with a software upgrade. Jiandani described the Application Policy Infrastructure Controller (APIC) -- the heart of the ACI model -- as a single point of management from which organizations will be able to push policy out at the application level. "It provides full visibility. You don't have to manage networks on a box-by-box basis," she said.

APIC will be available this summer, Cisco said; executives have declined to provide a more specific date. Cisco claims more than 1,000 customers "in the pipeline" for ACI and about 70 customers and partners that are actually testing it.

In her ACI keynote, Jiandani said investment protection is a hot button for Cisco customers, and that the company responded by providing ways for them to extend ACI policy to their existing Nexus datacenter infrastructures.

Cisco recently announced that customers with Nexus 2000, 3000, 5000, 6000, and 7000 switches have a couple options for applying ACI policy to physical and virtual workloads in their networks. For virtual workloads, they can use the Cisco Application Virtual Switch (AVS), which is a version of the Nexus 1000V virtual switch that provides support for the ACI application policy model. For bare-metal servers in traditional Nexus infrastructure, they can use a Nexus 9300 switch, deployed as a leaf.

Also, Cisco said it will integrate the Nexus 7000 switch series and ASR 9000 router into the ACI fabric as a datacenter interconnect gateway/router.

Bob McCouch, a networking consultant and Network Computing contributor, said in an email interview that he was still trying to understand all the details about how the older Nexus lines will interact with ACI, but called the migration strategy an important step in Cisco's ACI vision. The AVS could be big, he told us.

"By rolling ACI policy-control capability into its multi-hypervisor virtual switching solution, Cisco is suddenly able to push the ACI vision right to the virtual host, sort of like what VMware is doing with NSX, but Cisco's solution can work with every mainstream hypervisor including VMware vSphere, Microsoft Hyper-V, and Xen/KVM," he said. "If well executed, this could be a major advantage for Cisco in the virtual-networking wars."

Security use case
During Cisco Live, executives touted security as a top use case for ACI, from the datacenter to the WAN and access layer. Rob Lloyd, president of development and sales at Cisco, called "end-to-end security the No. 1 use case" for ACI during a media Q&A session Tuesday.

At Wednesday's ACI keynote, Robert Soderbery, SVP and general manager of Cisco's Enterprise Networking Group, showed how integration of Sourcefire security (Cisco acquired the IPS vendor last year) with APIC and Cisco Identity Services Engine can be used to respond to potential network security threats. A Sourcefire alert could trigger a new policy -- perhaps kicking a user off the network or just monitoring him or her -- that APIC would push out to the network.

"Most threats are already in our network, so the problem we're facing in security isn't how to build higher walls, but how to find the threats, remediate them, and revert to normal operations," Soderbery said.

Bob Laliberte, senior analyst at Enterprise Strategy Group, said Cisco's security focus with ACI is on the mark. "Given the fact that security is now a CEO issue as well as CIO it makes sense to focus on this area as it could be another driver to accelerate adoption," he said in an email.

Overall, "organizations are still trying to figure out their SDN strategy as it is still early in the game," he said. "That said, Cisco has done a good job of executing against its ACI vision and is now talking about customers  -- about 175 with Nexus 9000 now and several dozen testing APIC -- that is pretty impressive adoption in a short time."

Extending APIC to the campus and WAN, and helping organizations understand how it fits with legacy infrastructure will be important to accelerate adoption, Laliberte told us. Earlier this year, Cisco announced a module for APIC that provides functionality in the LAN and WAN.

New switches
Cisco's recent ACI update also included three new form factors in the 9000 Nexus line. Called the "baby spine" by Cisco engineers, the 9336PQ is a 2RU device designed to be a spine switch in a small or midsized ACI network. It supports 1.44 Tbit/s of bandwidth across 36 fixed 40 QSFP+ ports.

The Nexus 9396TX is a top-of-rack switch that is designed to run in either traditional three-tier network designs or with a software upgrade, in ACI mode. It provides 100M/1G/10G copper-based front panel port connectivity. Meanwhile, a new linecard, the N9K-X9736PQ, targets customers that want to enable the ACI modular spine for the Nexus 9500 platform. The linecard has 36 non-blocking 40GbE QSFP+ ports.

Cisco also released a new version of its UCS Director that integrates with APIC and supports Nexus 9000 series switches.

Marcia Savage is the managing editor for Network Computing, and has been covering technology for 15 years. She has written and edited for CRN and spent several years covering information security for SC Magazine and TechTarget. Marcia began her journalism career in daily ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jgherbert
50%
50%
jgherbert,
User Rank: Ninja
5/29/2014 | 9:59:22 PM
Re: I'll believe it, when I see it
*laughs* Fair point. I think the gap between announcement and availability of product has been longer than anybody is comfortable with (customers especially). My guess is that Cisco felt that they just had to get their message out there in order to bolster confidence in them embracing SDN wholeheartedly when the market (and customers) were beginning to wonder what the heck their strategy was. That leaves us with a whacking great gap from talk to action which then generates an expected level of cynicism all around.

The real test will be when we see not only what the hardware itself can do, but how the software ecosystem develops around it and what new capabilities can be offered to make it a compelling investment.
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
5/23/2014 | 3:20:01 PM
Re: I'll believe it, when I see it
Good point -- still a lot of talk of concepts at this point and no APIC until sometime this summer.
ReturnoftheMus
50%
50%
ReturnoftheMus,
User Rank: Moderator
5/23/2014 | 5:39:58 AM
I'll believe it, when I see it
As always, it appears there's no better place than CLUS for JC to get out his sunshine pump, nearly three years on and we're still talking 'STRATEGY'. The only story so far is that they've got a bunch of switches that have two chips, instead of one and wait for it...........can be implemented in a leaf/spine architecture....WOW!
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
5/22/2014 | 12:07:08 PM
Re: ACI developments
Hi Drew -- I believe Cisco talked about investment protection for Catalyst switches and ASR routers when it announced the APIC Enterprise Module earlier this year.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
5/22/2014 | 11:36:20 AM
Re: ACI developments
No, not that I've seen, and that's likely by design. That level of backward integration would be a disincentive to buy new hardware, after all. In contrast, spending the R&D on a security focus seems smart. Salespeople can walk in and yell, "Target! eBay!" and get attention. 
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Strategist
5/22/2014 | 11:22:46 AM
Re: ACI developments
Was there any mention of investment protection for folks who haven't bought into the Nexus line yet?
Susan Fogarty
50%
50%
Susan Fogarty,
User Rank: Strategist
5/22/2014 | 10:11:40 AM
ACI developments
Marcia, thanks for the great overview of the new developments with ACI. I know readers have been asking for more information, and there's been a lot to digest in terms of the migration path. Most of the customers I talked to at Cisco Live seemed pretty positive about the strategy and are planning to deploy it -- maybe not immediately, but at some point. Are others receiving similar feedback?
Cartoon
Hot Topics
7
VMware NSX Banks On Security
Marcia Savage, Managing Editor, Network Computing,  8/28/2014
5
How To Survive In Networking
Susan Fogarty, Editor in Chief,  8/28/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed