Cisco’s SDN Portfolio


Whew… short post for once. I’m kidding, but only sort of.

A while back I attended the ‘Simplified Networking Roadshow’ and I’ve been meaning to write some things about it. It was pretty awesome. Cisco clearly has some really smart guys and gals and its great to get to interact with them in a low-key non sales-y type environment like the roadshow (obviously they are ‘selling’ Cisco, but it’s not like it’s in front of a customer… so it’s a bit more low-key). While I jest that ACI is Cisco’s entire SDN portfolio it really is the center piece at the least. Cisco has invested a ridiculous sum of money and time and engineering resources into ACI, perhaps more than any other product ever, and they really do have their eggs firmly in the ACI basket. ACI is not alone though — the other major pieces to the overall portfolio are: ONE, Intercloud, APIC-EM, XNC, CML or VIRL if you like because it sounds way cooler(I’ll lump this in for now), and OnePK. While the roadshow didn’t really hit on Intercloud, I think its pretty important to include in the group as it clearly is a major piece to the overall picture. Lets get a quick overview and since you are reading my blog, my awesome opinion of these products/technologies:



The worst named product ever…. I say that because APIC to me = ACI, but APIC-EM is NOT that… its not even really close. APIC-EM isn’t even planned to roll into ‘normal’ APIC/ACI realm (at least anytime soon) — they are completely different products that do totally different things in different parts of the network. APIC-EM may (probably?) get rolled into Prime at some point in the future though, as this would actually make sense. APIC-EM is actually really interesting though, and is rapidly getting hooks into everything it seems. iWAN, which should maybe be on this list too, will be tightly integrated with the APIC. It seems to me that the APIC-EM really is about understanding traffic flows and implementing policy across a network. The reason I say that it should get rolled into Prime is that it really is like an extension of what Prime already is — Prime is kind of a policy definition engine, whereas the APIC-EM is more about programmatically reaching out to, and configuring the network. I’ll be totally honest… 2-3 months ago I thought APIC-EM was a total snooze, but there are some seriously interesting things brewing, so it should be on your radar!



This one is easy. Basically a magical product that will allow you to MODEL (hence the name) Cisco networks. The idea is great (Junosphere… GNS3… eNSP… IOU-web (plug for if you have not checked that out you should!), etc.), but the product isn’t there in my opinion. Titanium, the virtual NX-OS software, is still very beta feeling, XRv/IOS-XR in CML is cool, but of course it can’t do in hardware things, which limits it, and IOSv is basically IOU except you have to deal with CML to use it. Moral of the story for me is that IOU/GNS3 is still a better (free!) option in my book. It sounds like the BU (didn’t Cisco say BUs weren’t a thing anymore recently?) for Nexus is getting pressure to get Titanium up to snuff which would be great. As of now there is only a ‘commercial’ version, but there is supposedly still a laptop/commercial version coming eventually which is HUGE since that was one of the big sellers for me and most everyone else I’m aware of. This is supposedly, maybe, probably, hopefully happening by the end of the year.

Now that I’m done being a downer on CML there is some very cool stuff in there currently, and in the pipe. Right now, there are some very powerful auto kit tools that visually represent where and how routing protocols act upon the virtual network. This sounds like it only works when using auto kit to deploy the protocols, but is nevertheless very cool. It also sounds that as new versions of IOS/XR/NX-OS are released, there will be corresponding CML images released. The implications of this (if its done right) is super powerful — upgrade planning/testing could be done on essentially the exact same software, and the interactions of said software upgrades could be seen in real-time without impacting the production network. Very cool stuff.



This is just a licensing thing really, but there is a fair amount of focus on it, so it is worth talking about briefly. On a side note, I have no idea if ‘ONE’ stands for something, or it’s just referring to the kind of model it represents… Anyway, ONE’s goal is to provide a perpetual type subscription/ELA. Licenses will no longer be tied to an individual box, which means that there is supposedly no need to pay for licensing on new hardware purchases. Assuming that the new gear is covered under some ONE subscription, you just ‘get’ the licenses for the cost you are already paying. ONE will be divvied up into ONE for DC, WAN, and Access, and the products you would imagine basically fall where they should within those categories. ONE will be in the wild this month (I think) for ASRs, ISR G2s, and ASAs, and coming possibly Q2CY15. Presumably this would also apply to the newly announced ISR4000 routers, but I’m not 100% on that.



OnePK is a weird one in my opinion. Very niche it seems, but in fairness I’m not sure I fully understand it. My impression is that this is almost exclusively used for data path manipulation — OpenFlow like. The obvious use case of a data path manipulation tool to me is the kind of typical controller based ‘SDN’ use case of redirection to taps and/or service insertion. OnePK is all C, Java or Python, but apparently C is the ‘best,’ most powerful way to interact. It seems that if we want this type of functionality perhaps ‘normal’ OpenFlow is a better option? Interestingly OnePK is supported across TONS of devices… not sure how relevant it is in the grand scheme of things though. I *think* that OnePK and XNC can live in harmony to an extent in that OnePK can be used with the XNC controller for managing flows on devices that do not support standard Openflow. Interesting stuff, but I’ve not seen any customers interested in it at this point.



XNC is a Openflow controller based on OpenDaylight which Cisco is a contributing Platinum member of. Basically this is Cisco’s commitment to the open source world, which is pretty cool. I don’t think you would have seen this from Cisco five years ago. I don’t have a ton to say about this as I’ve never actually done anything with it, but the moral of the story I think is that it’s exactly what you would find in a ‘normal’ Openflow controller.



This…. probably deserves a post all to itself. Intercloud seems interesting in that as I understand it, it basically takes all my favorite Cisco things and puts it into one shiny SKU. 1000v, CSR1000v, VSG, and VXLAN generically are combined to make magical connections to clouds! There is for sure more to it than that, including some hooks into AWS at the very least. It does all this because these cloud providers (or colo facilities, or anyone with a datacenter that wants to be an Intercloud Provider I think), have an Intercloud Provider box on site which allows for some of the magic to happen. I’m working to get some more detail here, but I know that there is some traction building. Sungard is working on getting this up to speed right now and so Intercloud is not vaporware… but it’s also not a ‘shipping’ product yet. More to come on this one I think.



As I’ve written extensively on my experience at the Partner SE boot camp, and will hopefully be doing the same for the FE boot camp in January I won’t spend much time here. But… This is the big one. I look at it like the Cisco SDN mothership. I feel like ACI is pretty slick and is going to be getting much cooler, and it’s certainly showing signs of that now. ACI’s vision truly encompasses the entire data center — not just hardware as Cisco has been historically good at, but also the virtual networking, and perhaps more importantly than all of that ACI is open to poking and prodding from other management platforms. I am really looking forward to seeing how Azure and ACI and/or Prime and ACI grow together. It can only get better!


So hey, turns out its not just all about ACI! I know for me personally, and the customers and networks that I see, ACI, Intercloud, and APIC-EM (mostly because of iWAN integration) are what I want to be focusing on most.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.