Cisco brings intent-based networking to the data center

A decade ago, one of the big knocks on Cisco was that its products were difficult to deploy and often even harder to manage. Over the past few years, though, particularly since Chuck Robbins took the helm as CEO, the company has been laser focused on making its products simpler to operate.

It’s important to understand that making products easy to use is actually much more difficult than those that are hard to use. As an example, Cisco’s network-intuitive, intent-based networking solution enables the operations for the campus network to be fully automate, dramatically cutting the operational overhead required by network engineers.

This week, Cisco is bringing the benefits of intent-based networking to the data center with the 3.0 version of its Application Centric Infrastructure (ACI) software-defined networking (SDN) product. The latest release of ACI will increase network automation, simplify operational tasks and make it easier to secure agile workloads regardless of whether they are in containers, in virtual machines, on bare metal or in on-premises data centers. 

Data centers have undergone a massive transition over the past decade from having dedicated infrastructure in silos to highly agile environments where constant change is the norm. Also, most businesses, over 80 percent, according to my research, are extending their data center out to public clouds in a hybrid, multi-cloud architecture. This has raised the value of the network, as it has become the fabric that connects all these resources together. However, legacy networks do not have the necessary levels of automation and agility, making network modernization a top priority for data centers.

New features in Cisco’s ACI 3.0 

For Cisco customers, ACI 3.0 provides a path to a modernized data center with the following new features: 

• Multi-site management. Previous versions of ACI worked in a single location. This meant customers that had multiple data centers or used public clouds needed to manage each ACI deployment independently. Keeping policies and configurations up to date required updating each location. With ACI 3.0, customers can manage multiple ACI fabrics from a single management portal regardless of location. This will make it a lot easier to scale out ACI. ACI multi-site can also stretch VRF, EPG and BD across sites using VXLAN. Think of this as what Cisco used to do with OTV but on steroids.
• Integration with Kubernetes. Containers are all the rage, and now organizations can deploy workloads in containers and define ACI network policies through Kubernetes. ACI 3.0 also provides unified network constructs for containers, virtual machines and bare-metal, bringing a consistent level of integration to containers that ACI has with hypervisors. The product also includes live statistics and health metrics for containers in APIC. The best part of this is that this will work in existing APIC controllers.
• Improved visibility and operational flexibility. ACI 3.0 has a completely rebuilt GUI to improve usability with new layouts and simplified topology views, as well as wizards for troubleshooting. Cisco added a maintenance mode that allows for graceful insertion and removal (GIR) of switches, so traffic can be diverted to alternate paths for troubleshooting, maintenance and upgrades. In addition, ACI now supports support for mixed operating systems, quota management and latency measurements across fabric endpoints for faster problem solving.
• Zero Trust Security. The solution has some new capabilities to protect networks by mitigating attacks such as IP/MAC spoofing by automatically authenticating workloads in-band and placing them in trusted zones.

Cisco

To support the new ACI, Cisco introduced the following new hardware:

• Nexus 9364C Fixed Spine Switch. This is a compact, fixed form factor switch that is ideal when space is an issue. The product can be used in mixed first- and second-generation ACI leaf designs. The switch has 64 flexible speed ports that are 1, 10, 25, 40, 50 and 100 Gig possible.
• Nexus 9500 Spine linecard for the Nexus 9K. The blade has 36 100 Gig ports and is MACSEC and CloudSec capable.
• Nexus 9348GC-FXP Leaf Switch. The switch has 48 Gig ports and up to 6969 Gbps of total bandwidth.

Hybrid, multi-cloud is rapidly becoming the new normal, and companies need to modernize the data center to simplify management and rapidly scale their environments. The multi-site and automation capabilities of ACI 3.0 are a big leap forward for the product. Customers that want to leverage the benefits of ACI can now do so regardless of where their workloads are located.