Traffic treatment in the ACI model also includes secure separation. D'Agostino makes the case that, "Each of the containers are completely isolated based on policy and based on their segment ID. And whether it's VXLAN oriented, whether it's VLAN oriented, whether its NVGRE oriented - to us, it doesn't matter at the edge. We bring it, we isolate it based on the logical architecture or the system and based on the policy definition. We can keep complete and strict isolation with full visibility into the workloads and resource consumption of any resource that's defined for any tenant or application that's running."
With ACI then, policies that govern application communications are pushed down into the network infrastructure by the APIC. The APIC's interface is open such that, over time, any number of third parties can interact with it.
Like VMware, Cisco has gone to great lengths to build a partner ecosystem, although Cisco stresses that APIC is an open platform, implying that partnerships are not exclusive relationships. BMC, Citrix, Embrane, F5, Microsoft, NetApp, PuppetLabs, Red Hat, Splunk and several others are already listed as working with Cisco on ACI integration of a variety of applications.
Cisco is sometime criticized for the high cost of its solutions, and has made a point of keeping ACI acquisition costs low. Capex for the Nexus 9000 switches is reportedly quite reasonable. Within Cisco, the 9000s are seen as a viable migration path from the aged Catalyst 6500 platform.
In conjunction with the Nexus 9000 switching products that offer high density 40G Ethernet, Cisco has introduced a 40GbE "BiDi" LC-terminated optic that allows 40GbE to run over a single pair of multimode OM3 grade fiber. As most 40GbE optics require 12 strands of fiber, the BiDi strategy gives customers a migration path from 10GbE to 40GbE that doesn't require a complete overhaul of their fiber cabling plant. Cisco customers making an investment in Nexus 9000 switches to build their ACI foundation can cost-effectively move to 40GbE at the same time.
Customers invested in the Nexus 7000 product line will be glad to know that ACI support is roadmapped for the latter half of 2014.The obvious downside of ACI is that it requires compatible network hardware to do what it does. While ACI appears to be one of the most complete architectural approaches yet to software defined networking, even if ACI wins significant mindshare, implementation will be slow as ACI depends on the right hardware to function.
Most network gear has a five to seven year life, so even with reasonable acquisition costs, many organizations still depreciating recent hardware purchases are going to find ACI a tough sell. The promised Nexus 7000 integration with ACI will go a long way to speeding up ACI adoption, if Cisco can pull off the integration successfully.
Sign up for CIO Asia eNewsletters.