Getting to know Cisco ACI…

Watching Cisco present on ACI at Networking Field Day 8 was a nice expansion to the introduction I received on the product almost a year ago at the ACI launch event in New York.  Now that APIC is shipping, companies can swap over from NX-OS mode to ACI mode and start playing with the magic that is application network profiles.

The basic components of ACI are the fashionable spine/leaf architecture that is all the rage these days, an APIC controller talking OpFlex southbound, and a switch operating system on Nexus 9Ks that interprets policy and forces it down to the endpoints.  Underneath the covers, each switch uses ISIS to build a routed topology from any VTEP (virtual tunnel endpoint) to any VTEP (basically from any leaf to any leaf). Rather than the controller programming routes and handling traffic forwarding, the controller focuses on pushing down policies that are understood and then implemented by the switches.

The concept of a self provisioning network also comes into play with the ACI solution, as does the concept of one big fabric to rule them all. The fabric can be zero touch provisioned, with the controller finding new switches brought online. The controller also acts as a single point of policy provisioning – the fabric itself scaling up to 12 spines, with multiple active controllers all sharing data for redundancy.

The heart of ACI really lies with the policy model and associated concepts.  ACI works by putting things into groups – usually done with identifiers like vlan/vxlan ID, subnet, 802.1q tag, or by physical/virtual port – and then these groups are assigned policy contracts which basically “turn on” connectivity between these groups, according to the rules of the policy assigned. The level of abstraction inherent in these contracts lend themselves well to automation and consistency in network policies, as well as allowing for a clean up process as applications are removed – therefore solving some of the what-the-heck-was-this-thing-nobody-remembers problems we engineers often encounter.

Application network profiles can be home brewed as well as provided in the form of device packages from vendors.  These device packages will automagically roll out the best practices for the application at hand, and if they are from an official partner, TAC will even handle support issues that arise from using the package. As Joe Onisick put it, “think of it as an automatically deployed Cisco validated design.”

There’s much more covered in the Networking Field Day 8 presentations, including service graphs – think service chaining but with flexibility for differing behaviors for various traffic groups, an API inspector that allows you to see the API code as you make calls through the GUI so you can create automation scripts from it, and atomic counters which allow for detailed health scores and packet tracking, but as I’m a sucker for a good demo, I’ll leave you with this, Paul Lesiak showing off APIC’s mad programmability skillz.


Published: 10/14/2014

For more links to ACI resources, you can check out my previous post, check out some excellent videos by both Lilian Quan and Joe Onisick on the subject (just go to youtube and seach for Cisco ACI), or check out Lauren Malhoit’s blog where there’s some good posts on getting to know ACI as welll.

Also, mucho bonus points to Lauren for not only being generally awesome all the time, but for also providing this ginger with a desperately needed Diet Coke as a caffeine source at this 8am presentation, an un-caffeinated ginger is a scary, scary thing.

Disclaimer: While Networking Field Day, which is sponsored by the companies that present, was very generous to invite me to this fantastic event and I am very grateful for it, my opinions are totally my own, as all redheads are far too stubborn to have it any other way.



So unless you were living under a rock this week, you might have heard a little something about Cisco’s Application Centric Infrastructure (ACI) announcement. With the ongoing SDN craze, the emphasis in networking has become all about the applications, which I find amusing since, you know, previously we were building networks just because they looked cool.

But (most) snark aside, in all the tweets, blog posts, news articles, and RFC 1149 carrier pigeon delivered communications, some pretty cool tech was announced; and what it all means is likely to be hash-tagged and rehash-tagged till the proverbial cows are pingable at

Here’s a summary just in case you missed all the excitement:

The ACI announcement  brought to the table a new switch line – the 9000 series and the APIC controller. This news represents at the very least two potentially nifty things: merchant silicon mixed with custom ASICs for a more cost-effective big ole data center switch, and a controller (dubbed APIC) that provides for what I can best describe as Service Profiles for networks, a concept extrapolated from UCS.  This isn’t too surprising since several of the instrumental developers at Insieme were also key in the development of the Cisco UCS product.

Word on the street is that the controller becomes available sometime next April and between it and the 9000 series switches, the ability to do magical things with your network will be unlimited. Well, maybe not unlimited, but certainly flirting on the boundaries of freaking awesome.

Here’s what I like about this play from Cisco – it straddles the fluidly defined SDN fence quite nicely. If you’re not ready or not sure about going all in on the Cisco SDN experience but want to build a network that could potentially play in this space, the 9000 series appears to offer that opportunity. If initial pricing estimates are to be believed (yes, that makes me giggle as well), the 9K is competitive in pricing and port density.  The concept of a Service Profile for a network is also extremely intriguing and a unique way of framing the SDN picture, a picture that morphs often enough it can feel like nailing Jello to the wall.

A couple of things I would like to see more information on: licensing and compatibility. As a recovering voice engineer, I still cringe (and twitch) every time I hear the word entitlement. It’s critical that Cisco not bog this product down with a cumbersome licensing model. That kind of beating will have engineers looking for alternatives faster than the reported line rate of the new 9K.

When we talk about compatibility, I am curious to see how engineers will leverage their current investment in existing Nexus equipment given this new switching line. The 2Ks were specifically mentioned as being part of the ACI solution, but it’s a little murkier how the 5Ks and 7Ks will play into the solution.

There are quite a few resources and fabulous content on ACI that is continuing to fill in the gaps for me, so definitely check these out:

Matt Oswalt’s three part blog series on Keeping It Classless

Cisco Application Centric Infrastructure | Overview by Joe Onisick

Unicast Operation in Cisco Nexus 9000

The Cisco / Insieme ACI Launch, Part 1 by Pete Welcher

9000 Series White Papers

Class C Block – Show 12 – Insieme and the Nexus 9000

Cisco ACI Solves All Your Data Center Network Problems by Greg Ferro

Cisco Launches Its Secret Startup Insieme, Then Buys It For $863 Million

Cisco takes fight to SDNs with bold Insieme launch

Insieme’s Insides Use (Gasp!) an Overlay Protocol

Taking the Measure of Cisco’s Insieme by John Herbert

Show 167 – Cisco ACI Software Defined Networking – A First Look

Cisco Nexus 9000 and ACI: Promising P+V Architecture by Ivan Pepelnjak

Who Supports ACI and Why (Network World)

Cisco Application Centric Infrastructure: Nexus 9000 by Bob McCouch

Bonus material, Cisco also announced extremely cool BiDi 40 Gbps QSFP modules, check out the details here, this is a huge deal that saves a lot of money when making that jump to 40 gig:

Migrate to a 40-Gbps Data Center with Cisco QSFP BiDi Technology

40GbE Over A Single MMF Pair? With QSFP-40G-SR-BD, You Can. by Ethan Banks

A special thanks to Tech Field Day for inviting me and to Cisco’s Amy Lewis for making all the bloggers feel at home. Special thanks to @networkingnerd who has a special gift for cat, err, geek herding.  You all rock.

Amy Awesomeness

Standard Disclaimer: Tech Field Day covered my expenses at the ACI launch, but I am a redhead, any thought that my opinions could be bought or dictated is just crazy talk.