After Cisco‘s launch on Wednesday of the products prepared by spin-in Insieme, competitors predictably assaulted the hardware-heavy architecture. But what might be more significant are their claims that they already do the policy management that’s so central to Cisco’s Application-Centric Infrastructure (ACI).
Cisco’s Application Policy Infrastructure Controller (APIC) is ACI’s brains for policy and management. It’s the crucial ingredient to Cisco’s software-defined networking (SDN) plan, and one of its central functions — the automatic assigning of policy to traffic flows — is something other vendors say they already do.
Assigning policy to a flow, having the policy move with it, creating service chains to apply the policy properly, automatically attaching policy to certain types of workloads — all these things are already doable in NSX and have conceptually been in vSphere for years, VMware representatives say. And such things can be done well or done in mediocre fashion, they add.
“Part of the discussion is: What do you have control over? It’s the levers. That’s going to determine the type of policy you can deliver. Do you have levers into the hypervisor? Do you have levers into the vSwitch? Your reach will define how you can do that policy,” says Chris King, VMware’s vice president of product marketing.
HP says it has similar technology called the Virtual Application Network (VAN), a module in the Intelligent Management Center (IMC). It attaches delivery instructions to an application — quality-of-service requirements, or restrictions on which networks can talk the virtual machine in question, for instance.
VAN was announced last year and is available now (note that APIC won’t be available until the second quarter).
Cisco didn’t divulge many details about APIC, so it’s possible there’s a lot more under the hood. We might have to wait until the second quarter of 2014, when APIC becomes available, to find out.
Target Practice on the Nexus 9000
On the hardware side, competitors made the usual arguments about Cisco steering customers into a closed, all-Cisco network. It’s the usual stuff — and yet, Cisco made it especially easy for them.
Not only does ACI require new switches (the Nexus 9000 line), but they’re not line-card compatible with the old switches (the Nexus 7000s), and they’re going to require a software upgrade of their own when ACI comes around.
Cisco will end up maintaining two architectures. ACI, running on Nexus 9000s with the Application Policy Infrastructure Controller (APIC), represents the future. And the Nexus 7000s with the onePK toolkit of APIs, will serve the installed base. They’ll cross paths, but they do represent a stark division between today’s network and tomorrow’s.
“Since 2008, Cisco customers keep being asked to make a choice between one product line and another product line. They’ve gotten it down to a science,” says Mike Marcellin, senior vice president of strategic marketing at Juniper.
Cisco officials paint the Nexus 9000 as just another product upgrade, analogous to the way the CRS core routers displaced the GSR 12000s. In that case, the 12000s simply got nudged toward the edge of the network. Analogously, the Nexus 7000 will eventually be able to act as leaves to the Nexus 9000′s spine.
(Here’s my objection to that argument: The CRS and 12000 served the same network. Insieme and ACI, by contrast, represent a break from the past. In that sense, the spin-in method did its job, disrupting the Nexus 7000. Politically, they couldn’t do that within Cisco. And I would guess that politics, along with built-up resentment over the spin-in model, will make Insieme more awkward to integrate than your usual Cisco acquisition.)
You Know the Routine
Competitors also argued that Cisco is trying to twist SDN, a concept supposedly rich in openness, into a Cisco-proprietary form. Cisco can counter by saying partners, such as Layer 4-7 vendors, can tap into ACI through APIs. But the switching has to be wholly Cisco’s.
“I understand they have a vested interest in saying hardware’s important, but I also think their [anti-] overlay argument makes sense. The overlay with nothing underneath it is not that realistic yet,” says Dana Cooperson, an analyst with Ovum. Cooperson’s colleague, David Krozier, noted in a report that a generic-hardware approach “is unlikely to match the performance capabilities of ACI.”
What other vendors are hoping is that SDN is the breaking point igniting a customer revolt. “Increasingly, everybody’s talking about it. There are other ways to do this, other than getting locked in,” says Kash Shaikh, director of marketing for HP’s networking business.
Aside: VMware Still Wants to Be Friends
VMware has to be diplomatic in its criticism, since Cisco is a partner in so many directions. It’s also in VMware’s best interest to run NSX on as much hardware as possible — so, yes, VMware’s stuff runs on Cisco gear, and that could even include NSX.
“We definitely see NSX running on the Nexus 9000 as a clear use case,” says Brad Hedlund, a chief architect at VMware. That would be a use case for the switches’ standalone mode, where they aren’t running ACI. Standalone mode will be used by customers that don’t want to adopt ACI, so this use case actually seems plausible.
What Cisco Could Accomplish
As much as other vendors like to criticize Cisco’s monolithic architectures, some customers do prefer it that way. It’s the “one throat to choke” mantra.
In that sense, Cisco has an opportunity with ACI: It could “solve” IT, Cooperson says, providing one answer for handling items such as compliance and auditing.
“If they can provide a common infrastructure for all these groups who have been trying to run these different silos — not just technology silos but political — if they can put this umbrella over it, then certainly that would be a tremendous boost on the business side,” Cooperson says.
As large and ambitious as ACI is, it will take a while to find out if Cisco can accomplish all that. It would certainly go a long way toward Cisco’s dream of becoming the world’s No. 1 IT player.
(Image: The Cisco/Insieme Nexus 93128T. Oooh, shiny.)