Software Defined Networks and CISCO ACI for Today’s Datacenters

Co-authored by
Peter Shand – Bin Chu

Cybersecurity and public cloud strategy are currently dominating media and conversations across the globe. The risks to business continuity increase daily with the scaling up of ransomware and malware attacks while the possible business advantages that can be gained by properly incorporating hyper-scale cloud architectures is real and cannot be ignored. However, many businesses still need to keep or provision significant on-premise computing resources. Below are a few scenarios that may still require a considerable investment to refresh or to deploy new on-premise datacenter computing and network switching platforms:

• A business cannot use cloud or outsourced services due to compliance or data sovereignty concerns.
• The business is transitioning to a software as a service or application service provider model and needs computing power and higher levels of automation to deliver these services.
• Business needs require a hybrid cloud approach instead of a cloud only or on-premise only model.
• There is a need for highly customized High Performance Computing or Big Data Analytics.
• An analysis of public cloud migration indicates that it would still be more cost effective to maintain on-premise infrastructure.

Software Defined Architecture

The continued requirement to keep and improve on-premise datacenters is driving the adoption of Software Defined Datacenter (SDDC) technology that includes CPU, storage, security, and networking being virtualized and managed via intelligent software systems. The network component of SDDC is called software defined networking (SDN) which encompasses several kinds of network technology aimed at making the network as flexible as the virtualized server and storage infrastructure of the modern datacenter. The goal of SDN is to allow network engineers and administrators to respond quickly to changing business requirements. In a software-defined network, a network administrator can shape traffic from a centralized control console without having to touch individual switches, and can deliver services to wherever they are needed in the network, without regard to what specific devices a server or other hardware components are connected to. The key technologies for SDN implementation are functional separation, network virtualization and automation through programmability. The decision-making process associated with adopting other SDDC technologies (Compute and Storage) can be simpler than making the decision to adopt SDN because it is less risky to run those technologies simultaneously on traditional architectures. There is also less of a requirement to significantly retool staff, whereas SDN involves network engineers adjusting to very new concepts and ways of doing things.

Once the decision is made to explore SDN technologies the following steps can help to determine if the technology is really a correct fit for the target environment:

• Review the real benefits to the specific environment that SDN will bring and avoid considering benefits that are not applicable. Also, avoid legacy technologies being paraded as SDN simply by applying new terminologies.
• Involve the security team and analyze the impact to network security that deploying theses new technologies will bring.
• Engage all the datacenter teams (server, virtualization and storage) needed to be intimately involved in the analysis from the initial phases, to ensure that all teams are aware of how the changes will affect each area and how to best leverage the new features to improve overall service levels.
• Take a realistic look at whether there is a skills gap that needs to be addressed with training for the current network operations team or whether new team members need to be brought in to meet the new needs of the business.

Application Centric Infrastructure

After the requisite due diligence has been done, and the decision has been made that modernization is necessary; it is time to decide on the vendor technology to be deployed. Cisco Application Centric Infrastructure (ACI) is one of a few SDN solutions to consider. The decision can sometimes be easier to make if recent investments in the Cisco Nexus 9000 platform have already been made, as these newer switches can be deployed in traditional (NX-OS) mode or in ACI mode. This allows for newer hardware to be integrated into legacy architectures that can later be redeployed as part of a software defined ACI fabric.

Application Centric Infrastructure (ACI) in the datacenter is a holistic network architecture with centralized automation and policy-driven application profiles. ACI delivers software flexibility with the scalability of hardware performance. The following core components make up an ACI deployment:

• Cisco Nexus 9000 Series switches
• The Cisco Application Policy Infrastructure Controller (APIC) for centralized policy management
• The Cisco Application Virtual Switch (AVS) for integrating into virtual networks for the leading server and desktop virtualization platforms
• An open ecosystem of network, storage, management, and orchestration vendors

The Nexus 9000 switches provide the necessary hardware for connectivity when deployed in the spine-leaf Clos network style of ACI.

• ACI Spine Layer – Provides bandwidth and redundancy between Leaf Nodes
• ACI Leaf Layer – Provides all connectivity outside the fabric – including servers, service devices, and other networks
• Optimized Traffic Flows – Accommodates new E-W traffic patterns in simple, scalable, non-blocking design
• Decoupling of Endpoint Identity – Network policies automatically move with VM/Server/Container
• Network Innovations – Dynamic load balancing, dynamic packet prioritization, congestion management

The APIC becomes single point of management for the entire fabric where all network behavior is defined and controlled with a policy-based model. The single point of control causes the fabric to act like a single (virtualized) switch.

Cisco AVS provides cross-consistency in features, management, and control through Application Policy Infrastructure Controller (APIC), rather than through hypervisor-specific management stations. As a key component of the overall ACI framework, AVS allows for intelligent policy enforcement and optimal traffic steering for virtual applications. Below is a compassion of traditional networks versus ACI networks

Characteristics of a traditional network

• Collection of Individual Devices
• Configuration is per box
• Configured based on Network Needs
• Configured via Port
• Limited API – software overlay’s only
• CLI manages local switch only
• Limited tools to configure
• Black list model
• Performance Monitoring requires external tools and correlation

Characteristics of an ACI network

• One Logical Device
• Configuration is per Fabric
• Configured based on Application Needs
• Configured via Policy
• North and Southbound API (software & hardware)
• Controller can manage switches, load balancers, firewalls and software (Cisco and non-Cisco)
• Wide range of tools to configure
• White list model
• Integrated performance visibility

Most research about SDN and ACI will usually lead to descriptions of massive Clos networks geared towards service providers and massive enterprises, but ACI can be deployed with the requisite APIC cluster and as little as 4 switches (2 spine and 2 leaf switches). This small deployment also does not require chassis based solutions as a smaller fixed configuration spine model is also available. This could be a very cost effective option to replace aging Nexus 7000\5000 deployments. The total cost of ownership of an ACI deployment compares even more favorably against a traditional deployment when the 3^rd party management platforms are also considered.

Software defined technology is here to stay, and while it represents a drastic change from the traditional way of doing things, it is worth evaluating, especially if the SDN technologies can provide real improvements to the way connectivity is delivered in the datacenter.