Availability caveats aside, Cisco has spent a great deal of time describing ACI's vision to the network community. The solution is complex, with many elements working together to rethink how networking is accomplished.
The most tangible element of the ACI platform is the Nexus 9000 switch line, which is shipping today. The 9000 switches are high-density 10GbE and 40GbE built on the idea of "merchant plus" silicon, as in merchant silicon plus custom Cisco ASICs. The merchant silicon is Broadcom Trident II, used by several other switch suppliers. The custom ASICs are used to aid in ACI service delivery, but the details about how and why have not been released by Cisco yet.
The Application Policy Infrastructure Controller (APIC) translates application policies for security, segmentation, prioritization, etc. into network programming. Cisco delivers APIC in a physical form factor with redundancy options, since delivering APIC as a virtual machine would present a "chicken and egg" problem. Mike Dvorkin, chief scientist and co-found of Insieme Networks, makes the point that, "For the [ACI] fabric to bootstrap, you need APIC. But for APIC to be installed and powered on as a VM, you'd need the fabric.
As with many SDN models, APIC sits in between applications and the network, translating what applications need into a network configuration meeting those needs. Cisco says that APIC is open, in that the APIs to access APIC data are to be made available to anyone wishing to write to them. In fact, customers will be able to download "open device packages" that allow network hardware not currently part of an ACI infrastructure to be exposed to APIC.
A new Cisco virtual switch, called the Application Virtual Switch (AVS), supports multiple hypervisors and extends ACI's programmatic network control into the virtualization layer. While the Nexus 9000 products are the physical switches ACI will be programming, AVS is the virtual switch. Customers of Cisco's Nexus 1000V virtual switch should be aware, however, that AVS is a different piece of software, and a migration will be necessary for environments desiring a wholesale commitment to ACI.
As with NSX, an overlay is a key element of the solution, in this case VXLAN. However, while NSX uses overlays to connect hypervisors no matter where they are in the network, ACI uses VXLAN in a way most customers will never see. In ACI, VXLAN is a transport that carries traffic between Nexus 9000 leaf and spine switches. Cisco has tweaked VXLAN slightly, using a proprietary extension to label the VXLAN header in way that's useful to the Nexus 9000 hardware, but is otherwise transparent to network operators.
As with NSX, multi-hypervisors are supported, including those from Microsoft, VMware, Red Hat and Citrix. With multi-hypervisor support, VMware and Cisco have recognized that customers don't want to be locked into specific virtualization platforms, but still want to be able to automate their network virtualization.
Sign up for CIO Asia eNewsletters.