ltstudiooo - Fotolia
Cisco seeks to please customers in SDN framework update
Cisco has launched an update of its SDN framework. The latest features stem from customer demands for broader support for non-Cisco technologies.
Cisco has updated its software-defined networking (SDN) framework with features that meet customer demands, while keeping competitors at bay.
Capabilities introduced this week to Cisco's SDN framework, called the Application Centric Infrastructure (ACI), included extended network micro-segmentation, integration with Docker containers, and support for OpenStack and third-party products that provide Layer 4-7 network services.
Based on networking trends, the features are what many of Cisco's 1,100-plus ACI customers are requesting, experts said. Cisco introduced ACI in November 2013.
"This product is evolving rapidly to meet customer use cases," said Dan Conde, an analyst at Enterprise Strategy Group, based in Milford, Mass. "If they continue to do that, it [ACI] will gain more momentum."
Examples of Cisco's sensitivity to customer demand include extending the SDN framework's micro-segmentation to VMware vSphere Distributed Switch (vDS), Microsoft Hyper-V and applications running on bare-metal hardware. "We've heard for awhile from customers that are saying we need Cisco and VMware to keep working together, even if they are competing in this SDN world," said Shamus McGillicuddy, an analyst at Enterprise Management Associates, based in Boulder, Colo.
Micro-segmentation within ACI lets companies enforce forwarding and security policies, and quarantine infected endpoints based on virtual machine (VM) attributes that include name, guest operating system or VM identifier. Companies can also isolate endpoints through network attributes such as an IP address.
Support for non-Cisco partners
Other examples of trying to please customers include opening up ACI to Layer 4-7 products provided by non-Cisco partners. Those products include firewalls, load balancers and virtual security appliances.
To support those products, Cisco introduced an "unmanaged mode" that lets data center operators build service chains between application tiers, a process Cisco calls "network stitching." While helpful, the unmanaged mode has its drawbacks. Users will have to manage integrated products separately, instead of as a whole through ACI's Application Policy Infrastructure Controller (APIC).
While APIC will remain closed to non-Cisco partners, the company is extending the controller to Docker containers, which are packages of Linux applications and their dependencies. Many cloud providers, including Amazon Web Services, Google and Microsoft, use Docker.
Cisco is connecting APIC to containers using technology from Project Contiv, a Cisco-created open source project launched last month. The goal of Contiv is to automate the use of policies to assign network, storage, security, and compute resources to containerized applications in the cloud.
Derailing rivals with OpenStack support
Cisco's OpenStack support within the SDN framework does more than satisfy customers. It also removes a reason companies might have for using a competitor's product, McGillicuddy said. Those products include overlays that separate a network's control plane from the underlying hardware.
Cisco is countering all the network overlay vendors "that are trying to tie themselves to OpenStack," McGillicuddy said. "All the overlays that are not VMware have to some extent moved in the direction of tying themselves to some value proposition built around OpenStack."
Cisco is providing policy-based cloud automation in OpenStack environments via an OpFlex agent that would connect to an open source virtual switch, called Open vSwitch. Organizations use the switches in OpenStack deployments.
OpFlex, which is open source technology developed by Cisco, centralizes policy control across network devices. In the latest ACI release, Cisco is also using OpFlex in supporting VMware vRealize, which manages cloud environments built with VMware infrastructure technology.
ACI maturing
Cisco is aiming ACI at small and large enterprises that want a "turnkey, single-vendor approach to SDN," said Brad Casemore, an analyst at IDC Research Inc., based in Framingham, Mass. "Cisco knows that ACI isn't for everybody, but it's betting that most of its enterprise installed base will find ACI less intimidating and more acceptable than SDN alternatives."
The key to that strategy is using customer feedback to diminish the usefulness of products from SDN rivals Hewlett Packard Enterprise, Nuage Networks, VMware and others. "What you see with this release of ACI is a clear example of a product maturing," said McGillicuddy.