The real barrier to software defined networking (SDN) adoption is education. Network engineers have stated for the past 31 years that, “Real engineers manage via command-line interface (CLI),” as if it were a badge of honor to manage a network with thousands of lines of code on a black screen. With all of the benefits of leading SDN solutions, it is only a matter of time until decision-makers determine it is time to adopt a next generation networking solution.
Today, most networks are managed on a switch-by-switch basis via command line; with an SDN solution, they will be managed via a GUI from a single point. SDN provides the automation of network provisioning that bring Google and Amazon-style IT self-service to the corporate data center. The two emerging leaders in the battle for SDN market share are Cisco ACI and VMWare NSX. ACI is typically marketed to the network teams, while NSX is marketed to the server teams. The reality is that SDN decisions need to include all data center teams: application, network, server, storage and virtualization teams. This blog will provide a deep dive into the Cisco ACI solution, so let’s get started.
Cisco’s ACI solution is based on a policy model which uses objects that represent a complete hierarchy of data center interactions. ACI uses the declarative model based on Promise Theory in which the desired end state is communicated by the APIC (Application Policy Infrastructure Controller) to the Nexus 9000 Switches. It is the role of the switches to dynamically apply the policy based on traffic flow. This highly scalable solution requires Nexus 9000 Switches in physical leaf spine architecture and three APIC controllers.
There are many benefits to ACI, including a sizable reduction in the time to provision networks. Rather than configuring each switch independently via CLI, ACI can be configured from a single point via a graphical interface using HTML5 or through scripts such as Python. ACI provides telemetry, as well as health check information in real time which can be viewed through the GUI interface. This visibility into both the physical and logical (virtual) network is a real advantage for troubleshooting. Cisco has nearly 40 ecosystem partners that provide seamless integration into physical or virtual layer 4-7 devices such as firewalls and load balancers into ACI. Traffic can be redirected to layer 4-7 devices via ACI policies.
Engineers working with ACI will approach networking from an Application Centric perspective. Rather than immediately configuring switches, ACI configuration will begin on a whiteboard mapping out the flow of traffic in multi-tier applications. All virtual or physical servers that have common policy needs are grouped together into an End Point Group (EPG). Policies which include filters, QOS, and layer 4-7 service integration are then grouped together into contracts. Contracts are associated to the EPGs and can be consumed by an EPG or provided by an EPG. Policy – via the contract – is applied dynamically at the leaf switch as traffic flows into an application within an EPG. The filters and other components of the contracts can be reused throughout the ACI fabric. Once the constructs of the ACI model are created, when a new physical or virtual server is added to the network, the network is provisioned by simply adding the new server to the correct EPG.
Savings in network provisioning time, day-to-day network maintenance, and even the cost of power and cooling in the data center can be realized by implementing Cisco ACI. Managing switches at command line on a per-switch-basis is time consuming and prone to human error.
The same team of Cisco engineers responsible for Catalyst, MDS, Nexus and UCS had the vision to provide us with a better, more efficient way to manage a network with Cisco ACI. It is time to quit saying “real engineers manage via CLI” and start saying real engineers are ready to embrace the next generation of data centers.
Interested in learning more about how software-defined networking can help your organization? Download CDW’S white paper titled, “Defining Moment: The Software-Defined Data Center,” or check out this BizTech article about the software-defined path that Columbia Sportswear took to more effectively manage their growth. Lastly, in my next blog post, I will take deep dive into VMware NSX, so stay tuned!