Tidbit: ACI and 9k Updates

I got to hang out today for a while at the local Cisco office for the ACI Roadshow. After my ridiculous notes from the SE bootcamp I won’t bother to get into too much detail in this post, but I wanted to do a quick post about some of the interesting things I heard today.

  • Shipping ACI supports the Icehouse release of Redhat KVM — I think this was pending as of the last posts I wrote
  • ACI with KVM leverages Openstack; specifically there is an ACI Neutron driver as well as OVS drivers to configure VLANs/VXLANs in OVS
  • Hyper-V is still pending at this point — AVS is coming as well
  • AVS is now shipping in ‘phase 1’ — basically this phase has to send traffic that transits between EPGs up to a leaf node. ‘Phase 2’ is going to add support for the AVS to switch traffic (and perform contract type stuff) locally on the hypervisor
  • While it’s an option, there doesn’t seem to be any ACI+Openstack integrations happening yet. In fact one of the SEs mentioned he has a customer that deployed Openstack and is now trying to get rid of it! (not with ACI, but was interesting to me)
  • Remote physical and virtual leafs are coming! Not exactly soon, but it’s looking like by mid next year this will be a reality. Additionally, around the same time frame there will be support for Inter-ACI communication — meaning an ACI domain in San Francisco can be ‘linked’ to the DR site ACI domain in Raleigh, and EPG/Application profile definitions could be shared (I think; this is obviously a ways out but thats what i got out of the talk surrounding this)
  • If the APIC dies, VMs can still vMotion and have their application profiles follow them — this isn’t new, but I thought it was good to call out. Basically the leafs just track this via ARP/GARP and the profiles follow. Obviously if the APIC cluster is totally dead no new configurations are going to be made — just like 1000v and VSM
  • An ACI domain can be extended over CWDM/DWDM/Dark fiber — the magic number at the moment is 30km, not nearly enough to have a single APIC manage a primary and backup DC, but cool if you have a campus and have two data centers that you want managed under a single APIC
  • Software is targeted to be released every three months for maintenance releases, and every six months for feature releases
  • Next major features to be added Q3CY15: native IPv6 support, routing support for eBGP, EIGRP, and OSPF, support for vSphere 6

Also some good information about NX-OS mode Nexus 9ks.

  • VXLAN routing coming in January!
  • BGP control plane support also coming in January
  • SFLOW is coming mid next year
  • This one is weird, but apparently the mid next year release will also include NAT… I have no idea why, but I guess thats pretty cool

All in all some good stuff in the pipe. I’m most stoked about the NX-OS mode VXLAN enhancements coming so soon since I have some customers that will be able to take advantage of that right away. Also I have a crush on VXLAN… which you already know if you’ve read anything else I’ve written ever 🙂

Cisco’s SDN Portfolio


Whew… short post for once. I’m kidding, but only sort of.

A while back I attended the ‘Simplified Networking Roadshow’ and I’ve been meaning to write some things about it. It was pretty awesome. Cisco clearly has some really smart guys and gals and its great to get to interact with them in a low-key non sales-y type environment like the roadshow (obviously they are ‘selling’ Cisco, but it’s not like it’s in front of a customer… so it’s a bit more low-key). While I jest that ACI is Cisco’s entire SDN portfolio it really is the center piece at the least. Cisco has invested a ridiculous sum of money and time and engineering resources into ACI, perhaps more than any other product ever, and they really do have their eggs firmly in the ACI basket. ACI is not alone though — the other major pieces to the overall portfolio are: ONE, Intercloud, APIC-EM, XNC, CML or VIRL if you like because it sounds way cooler(I’ll lump this in for now), and OnePK. While the roadshow didn’t really hit on Intercloud, I think its pretty important to include in the group as it clearly is a major piece to the overall picture. Lets get a quick overview and since you are reading my blog, my awesome opinion of these products/technologies:



The worst named product ever…. I say that because APIC to me = ACI, but APIC-EM is NOT that… its not even really close. APIC-EM isn’t even planned to roll into ‘normal’ APIC/ACI realm (at least anytime soon) — they are completely different products that do totally different things in different parts of the network. APIC-EM may (probably?) get rolled into Prime at some point in the future though, as this would actually make sense. APIC-EM is actually really interesting though, and is rapidly getting hooks into everything it seems. iWAN, which should maybe be on this list too, will be tightly integrated with the APIC. It seems to me that the APIC-EM really is about understanding traffic flows and implementing policy across a network. The reason I say that it should get rolled into Prime is that it really is like an extension of what Prime already is — Prime is kind of a policy definition engine, whereas the APIC-EM is more about programmatically reaching out to, and configuring the network. I’ll be totally honest… 2-3 months ago I thought APIC-EM was a total snooze, but there are some seriously interesting things brewing, so it should be on your radar!



This one is easy. Basically a magical product that will allow you to MODEL (hence the name) Cisco networks. The idea is great (Junosphere… GNS3… eNSP… IOU-web (plug for http://www.routereflector.com if you have not checked that out you should!), etc.), but the product isn’t there in my opinion. Titanium, the virtual NX-OS software, is still very beta feeling, XRv/IOS-XR in CML is cool, but of course it can’t do in hardware things, which limits it, and IOSv is basically IOU except you have to deal with CML to use it. Moral of the story for me is that IOU/GNS3 is still a better (free!) option in my book. It sounds like the BU (didn’t Cisco say BUs weren’t a thing anymore recently?) for Nexus is getting pressure to get Titanium up to snuff which would be great. As of now there is only a ‘commercial’ version, but there is supposedly still a laptop/commercial version coming eventually which is HUGE since that was one of the big sellers for me and most everyone else I’m aware of. This is supposedly, maybe, probably, hopefully happening by the end of the year.

Now that I’m done being a downer on CML there is some very cool stuff in there currently, and in the pipe. Right now, there are some very powerful auto kit tools that visually represent where and how routing protocols act upon the virtual network. This sounds like it only works when using auto kit to deploy the protocols, but is nevertheless very cool. It also sounds that as new versions of IOS/XR/NX-OS are released, there will be corresponding CML images released. The implications of this (if its done right) is super powerful — upgrade planning/testing could be done on essentially the exact same software, and the interactions of said software upgrades could be seen in real-time without impacting the production network. Very cool stuff.



This is just a licensing thing really, but there is a fair amount of focus on it, so it is worth talking about briefly. On a side note, I have no idea if ‘ONE’ stands for something, or it’s just referring to the kind of model it represents… Anyway, ONE’s goal is to provide a perpetual type subscription/ELA. Licenses will no longer be tied to an individual box, which means that there is supposedly no need to pay for licensing on new hardware purchases. Assuming that the new gear is covered under some ONE subscription, you just ‘get’ the licenses for the cost you are already paying. ONE will be divvied up into ONE for DC, WAN, and Access, and the products you would imagine basically fall where they should within those categories. ONE will be in the wild this month (I think) for ASRs, ISR G2s, and ASAs, and coming possibly Q2CY15. Presumably this would also apply to the newly announced ISR4000 routers, but I’m not 100% on that.



OnePK is a weird one in my opinion. Very niche it seems, but in fairness I’m not sure I fully understand it. My impression is that this is almost exclusively used for data path manipulation — OpenFlow like. The obvious use case of a data path manipulation tool to me is the kind of typical controller based ‘SDN’ use case of redirection to taps and/or service insertion. OnePK is all C, Java or Python, but apparently C is the ‘best,’ most powerful way to interact. It seems that if we want this type of functionality perhaps ‘normal’ OpenFlow is a better option? Interestingly OnePK is supported across TONS of devices… not sure how relevant it is in the grand scheme of things though. I *think* that OnePK and XNC can live in harmony to an extent in that OnePK can be used with the XNC controller for managing flows on devices that do not support standard Openflow. Interesting stuff, but I’ve not seen any customers interested in it at this point.



XNC is a Openflow controller based on OpenDaylight which Cisco is a contributing Platinum member of. Basically this is Cisco’s commitment to the open source world, which is pretty cool. I don’t think you would have seen this from Cisco five years ago. I don’t have a ton to say about this as I’ve never actually done anything with it, but the moral of the story I think is that it’s exactly what you would find in a ‘normal’ Openflow controller.



This…. probably deserves a post all to itself. Intercloud seems interesting in that as I understand it, it basically takes all my favorite Cisco things and puts it into one shiny SKU. 1000v, CSR1000v, VSG, and VXLAN generically are combined to make magical connections to clouds! There is for sure more to it than that, including some hooks into AWS at the very least. It does all this because these cloud providers (or colo facilities, or anyone with a datacenter that wants to be an Intercloud Provider I think), have an Intercloud Provider box on site which allows for some of the magic to happen. I’m working to get some more detail here, but I know that there is some traction building. Sungard is working on getting this up to speed right now and so Intercloud is not vaporware… but it’s also not a ‘shipping’ product yet. More to come on this one I think.



As I’ve written extensively on my experience at the Partner SE boot camp, and will hopefully be doing the same for the FE boot camp in January I won’t spend much time here. But… This is the big one. I look at it like the Cisco SDN mothership. I feel like ACI is pretty slick and is going to be getting much cooler, and it’s certainly showing signs of that now. ACI’s vision truly encompasses the entire data center — not just hardware as Cisco has been historically good at, but also the virtual networking, and perhaps more importantly than all of that ACI is open to poking and prodding from other management platforms. I am really looking forward to seeing how Azure and ACI and/or Prime and ACI grow together. It can only get better!


So hey, turns out its not just all about ACI! I know for me personally, and the customers and networks that I see, ACI, Intercloud, and APIC-EM (mostly because of iWAN integration) are what I want to be focusing on most.