Cisco Stretches ACI Network Fabrics, Eases Management
October 13, 2017 Jeffrey Burt
For disaster recovery, political, and organizational reasons, enterprises like to have multiple datacenters, and now they are going hybrid with public cloud capacity adding in the mix. Having networks scattered across the globe brings operational challenges, from being able to easily migrate and manage workloads across the multiple sites and increased complexity around networks, security to adopting emerging datacenter technologies like containers.
As the world becomes more cloud-centric, organizations are looking for ways to gain greater visibility and scalability across their environments, automate as many processes as possible and manage all these sites as a single entity.
Cisco Systems is putting new features into the latest release of its Application Centric Infrastructure (ACI) software that they say can address many of those problems, including more easily managing multiple ACI network fabrics in different geographical locations and integrating Kubernetes for better container management.
ACI 3.0 is the latest version of the software that drives Cisco’s software-defined networking (SDN) strategy. The networking giant unveiled ACI in late 2013 as an answer to the growing network virtualization trend that was being driven by the likes of VMware (with its NSX technology inherited when it bought Nicira), smaller startups, and open source projects. The idea was to create a network architecture that responded to the demands of applications, ensuring the necessary resources were available. The response has been good. The company has more than 4,000 ACI customers, and in Cisco’s fiscal fourth quarter, ACI revenue grew 38 percent year-over-year.
In addition, earlier this year, Cisco unveiled an initiative called Network Intuitive, which is designed to drive the development of intent-based networks that are intelligent enough through machine learning and advanced analytics to anticipate needed actions, offer predictive network analysis, address security threats before they become a problem and essentially evolve by learning over time. Intent-based networks are a key part of Cisco’s larger efforts to address customer needs in an increasingly multi-cloud world, CEO Chuck Robbins said during a conference call in August to discuss the quarterly numbers.
“We are helping our customers take full advantage of a multi-cloud world that has become the norm in managing their applications and hybrid cloud solutions,” Robbins explained, noting the combination of ACI with the company’s Unified Compute Systems (UCS) as well as the new intent-based network. “Our goal is to deliver the best multi-cloud platform built on an intelligent Intuitive Network enabling faster automated and highly secured delivery of applications in the cloud.”
ACI 3.0 is the latest step in that direction. A key new feature is Multi-Site Management, which enables ACI customers to more seamlessly connect and manage multiple ACI fabrics, whether they’re scattered across multiple datacenter or private cloud sites or within the same on-premises environment but running on multiple clusters. Much of the work, from connectivity to policy management, can be automated, according to Srini Kotamraju, director of product management for Cisco datacenter networking. Using traditional datacenter interconnect technologies in such distributed environments is difficult, complex and expensive.
“This is a solution that really allows them to automate that connectivity,” Kotamraju told The Next Platform, adding that for enterprises with ACI fabrics in multiple sites, “this will create a federated model where you can bring in an ACI multi-site pipeline and be able to create a policy that can span across these multiple geographies. A single pane of management for you from a policy standpoint, and what customers get is the ability to have a global view across all these datacenters. So I can define an application profile and an application [is] spread across all geographies.”
The Multi-Site Management software, which runs in an appliance, improves availability be being able to isolate the infrastructure down to a single cluster as well as disaster recovery by working active-active or active-standby modes. In addition, a single instance will support up to 256 sites, though initially it’s only qualified on up to five sites. That will ramp up, he says. The technology will support up to 1 second of latency between sites.
“You get the ability to troubleshoot,” Kotamraju says. “You can take a global view to see what the traffic flows are, you can add sites, you can delete sites. You have the ability for seamless workflow migration in active-active and active-standby architectures.”
The integration of Kubernetes enables users to better leverage containers through ACI. Through the integration, they can deploy workloads as micro-services in containers as well as defined ACI network policies for the containers. ACI is hypervisor-agnostic, so with container support, enterprises can use ACI to develop unified network environments that support virtual machines (VMs), containers and bare-metal systems. Essentially, containers now integrate with ACI to the same extent that VMs have.
For security, Cisco is integrating its First Hop Security features into ACI, which will automatically authenticate workloads in-band and then put those workloads into trusted security groups and support endpoint policy enforcement within the same security group. The goal is to protect the network from such attacks as IP/MAC spoofing.
Kotamraju expects the Multi-Site Management capability to be popular among many of Cisco’s 4,000 ACI users, especially service providers and enterprises with two or more datacenters, which includes most customers. Most are asking for a single view of their multiple sites to help simplify management. There will be a fixed cost for the appliance, and then flexible cost for the software depending on the size of the sites being managed.
Looking forward, Cisco also plans to bring the policy automation capability to smaller remote sites, Kotamraju says.
“Think of this like a satellite datacenter,” he says. “It’s a small footprint where perhaps the customer doesn’t really have the ability from a space-constraint standpoint or a cost-constraint standpoint to deploy a fabric. They don’t want to deploy a big cluster. They don’t want to deploy two spines and two leaves. What we’re doing there is giving them the ability to just deploy a 1RU leaf on an IP network and we will manage their 1RU leaf to an on-prem system. So with all their satellite datacenter instances, we can manage on-prem and extend ACI policy into their environment.”