Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cisco extends SDN for VMware integration, Docker containers

Jim Duffy | Dec. 4, 2015
New release of ACI and NX-OS software intended to further extend capabilities for multivendor environments.

surreal software defined network sdn

Cisco Systems this week rolled out new software releases for its Nexus 9000 switches and Application Centric Infrastructure (ACI) SDN that feature enhanced integration with VMware environments and support for Docker containers.

The software is intended to further extend the capabilities of ACI into multivendor environments where a variety of hypervisors, cloud management platforms and workloads – physical, virtual or container-based – exist. Cisco now has 5,000 customers for its Nexus 9000 switch and 1,100 for ACI and its APIC controller; SDN rival VMware says it now has 900 paying customers for its NSX network virtualization platform.

That rivalry in SDN does not preclude Cisco from supporting VMware server virtualization environments. So Release 1.2(1x) of ACI’s APIC software and NX-OS 11.2(1X) feature extensions to support VMware VDS and vRealize environments.

Cisco has added micro-segmentation for both physical and virtual workloads in the new software releases, including those in VMware vSphere Distributed Switch (VDS) and Microsoft Hyper-V environments. This is in addition to the ACI micro-segmentation capabilities already resident in Cisco’s Application-centric Virtual Switch (AVS).

The micro-segmentation capability allows for attribute-based isolation – IP address, operating system or namespace -- for physical bare metal and virtual VDS and Hyper-V workloads. It also allows intra-group workload isolation, where VMs and bare metal workloads within same endpoint policy group can be isolated using firewalls.

The new ACI software also features support for VMware vRealize and OpenStack cloud automation tools, including native OpFlex support for Open vSwitch. OpFlex is a policy protocol written by Cisco, IBM, Microsoft, Citrix and Sungard.

Policies defined in ACI can drive vRealize automation blueprints to accelerate application deployment, Cisco says. Such policies can include when to bring the ACI fabric up, infrastructure provisioning, establishing security domains, shared services plans, virtual private cloud configurations, and other network, subnet and security definitions.

Adding OpFlex to OpenStack is designed to extend ACI’s policy-based network automation to the Linux hypervisor, where Open vSwitch resides. An OpFlex agent resides in the hypervisor while an OpFlex proxy exposes an API in the ACI fabric to the OpenStack controller.

This allows ACI to extend policies to distributed Neutron network functions, including NAT; provide an integrated and centrally-managed overlay and underlay fabric, with operational visibility into OpenStack, Linux and APIC; and offer a choice of virtual network or group-based policy networking, Cisco says.

Integration of Docker containers with ACI and APIC is accomplished through a plugin developed by Cisco’s open source Project Contiv. Project Contiv is an effort to define policy for containerized applications.

With this plugin, ACI policies can be extended across Docker containers, as well as physical workloads and virtual machines. The Docker plugin will be available in the first quarter of 2016, while those for Kubernetes and Mesos containers are planned future extensions.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.