Game on: Cisco has acquired spin-in Insieme Networks and rolled out a family of its switches that are the network giant's strategic answer to the growing software defined network movement.
Game on: Cisco has acquired spin-in Insieme Networks for up to $863 million depending on revenue targets and rolled out a family of its switches that are the network giant's strategic answer to the growing software defined network movement.
And as expected, that response – Application Centric Infrastructure (ACI) -- is largely hardware-based, with a new line of application aware Nexus 9000 switches supporting custom ASICs and/or merchant silicon, depending on what you want to do with it. It also includes a policy controller called Application Policy Infrastructure Controller (APIC) for assigning service levels and access privileges to applications, a new version of Cisco’s NX-OS operating system and a multiplicity of big name endorsers. (See our first look slideshow of Cisco's product.)
They include: BMC, Computer Associates, Citrix, EMC, Embrane, Emulex, F5, IBM, Microsoft, NetApp, OpsCode, Panduit, Puppet Labs, Niksun, Red Hat, SAP, Splunk, Symantec, VCE and VMware.
Insieme’s launch is sure to heat up competition with VMware, which acquired Nicira for $1.26 billion to virtualize networks the way it virtualizes servers. VMware’s NSX ecosystem includes some of Cisco’s most bitter rivals.
[Insieme FAQ: a few key facts]
Cisco says ACI and its group of allies will provide data centers and cloud providers with unobstructed visibility and integrated management of both physical and virtual networked IT resources built around the needs of applications, which the company says are “the lifeblood of business.” The company says ACI is designed to unify all the component parts of IT – networking, storage, compute, network services, applications, security – and manage them as a single dynamic entity.
Cisco says this ecosystem, combined with APIC’s APIs and some open source acknowledgements, makes ACI “open.” Yet much of that openness apparently depends on whether the APIC is deployed.
The Nexus 9000 switches can run in either standalone mode with merchant silicon, or ACI mode, with a combination of merchant and custom Cisco silicon. Merchant silicon on the Insieme Nexus 9000 switches will get you open source, OpenFlow and OpenDaylight controllers, and Cisco’s onePK programmability, and other industry understood SDN-friendly hooks like decoupled control and data planes.
Custom Insieme silicon-based Nexus 9000 hardware will get you Insieme’s anti-SDN: ACI and the APIC controller, with hardware acceleration, deep visibility into application interaction and behavior, and granular service level metrics.
ACI incorporates XML, JSON and RESTful APIs to speak with higher level orchestration and automation systems, including OpenStack, Puppet, Chef, CFEngine and Python scripting. These APIs also enable the ACI ecosystem for management, orchestration, monitoring, virtualization, network service, and storage partners, and open up the environment for OpenDaylight, virtual switches and VXLAN, Cisco says.
But the full value of ACI is in the APIC controller, managing Nexus 9000 switches in ACI mode. APIC is capable of managing 1 million endpoints, Cisco says, and unlike traditional SDN controllers, it operates independently of switch data and control planes – meaning it does not decouple data and control planes.
Cisco says this allows the network to respond to endpoint changes even when the APIC is offline.
APIC is the brains of ACI. It is designed to unify physical and virtual networks, and provide security, compliance and real-time visibility at the system, tenant and application levels.
APIC provides centralized policy management with application network profiles and Layer 4-7 network service automation across application, network, security, virtualization, compute and storage resources and personnel. APIC allows the ACI network to adapt to application requirements through dynamic insertion and chaining of physical and virtual Layer 4-7 network services including firewalls, application delivery controllers, and intrusion detection systems, Cisco says.
One of the firewalls it supports is Cisco’s new ASAv, a virtualized version of the company’s ASA firewall.
Application and tenant security is enhanced through APIC’s ability to centralize programmable policy, and enable isolation at scale for multitenant private and public cloud environments, Cisco says. Standard APIs allow for partner security applications to be added.
APIC also provides a real-time view of per tenant and per application health, statistics, and troubleshooting analytics across physical and virtual infrastructure, to aid in application placement decisions. It monitors and isolates packet drops by application to assist in problem resolution, Cisco says.
APIC’s application network profiles define the requirements of an application and its interdependencies on the underlying ACI infrastructure. With these profiles, APIC dynamically provisions networking, services, compute, storage and security policies wherever the application is or however it changed, Cisco says.
APIC also manages Cisco’s new Application Virtual Switch (AVS), an ACI-enabled virtual switch optimized for policy enforcement, improved visibility and performance of applications running on ACI.
The Nexus 9000 switches run new versions of NX-OS “optimized” for standalone mode or fortified for ACI mode. Transitioning from one mode to the other requires a software upgrade and APIC, Cisco says, but reconfiguring the Nexus 9000 switches for true ACI mode operation requires line card and cabling replacements, sources say.
The Nexus 9000 line provides 60Tbps of switching capacity and 576 40G line rate ports with a 50%+ reduction in ASICs per module compared to merchant silicon-only alternatives, Cisco says. It also scales to 55,000+ 10G ports and 64,000 tenants the company says.
Cisco says its ACI data center switching configuration can deliver up to 75% total cost of ownership savings compared to merchant silicon-based switches and software-only network virtualization by eliminating the “per VM tax,” using existing cabling investments, and deploying a backplane-free modular switch chassis that reduces power and cooling costs by 15%.
Cisco says it can offer the Nexus 9000 with 288 ports at a starting cost of $75,000. Efficiencies in 40G cost are achieved through Cisco’s 40G BiDi optics, which feature atomic counters for system level telemetry and a built-in line rate directory, the company says.
These optics will be added to other Cisco switches over time, the company says. Cisco has also initiated a technology migration program for Catalyst 6500 data center customers, the details of which were not available at press time.
Cisco says the Nexus 9000 and ACI do not obsolete other older Nexus switches and fabrics, like FabricPath, because they serve a variety of needs in Cisco’s $15 billion installed base.