SDN and Containers, a Part of Business Strategy Says Cisco Executive

By CIOReview | Friday, June 19, 2015

FREMONT, CA: “Most customers have about 5 percent or less of basic connectivity automated. Customers can realize 70 -80 percent of the OpEx benefits by automating existing use cases as opposed to waiting to get into real deep granular policy.” says Frank D’Agostino, CTO, INSBU, Technical Marketing, Cisco in an interview to John Dix, Editor-in-Chief, Network World.

ACI Evolution
Cisco delivered its vision for Application Centric Infrastructure (ACI) through the release of Application Policy Infrastructure Controller (APIC) during May 2014. Cisco Application Centric Infrastructure (ACI) is an innovative architecture that radically simplifies, optimizes, and accelerates the entire application deployment lifecycle.

D’Agostino believes that ACI is gaining traction with significant visibility in the industry. He believes the ACI platform is being adopted across all market segments, which include cloud providers, large enterprises, commercial, and public sector delivering scalability, flexibility and agility.

Security as the Key Driver
With organizations transitioning to next-generation data centers and clouds, automation of security policies is needed to support on-demand provisioning and dynamic scaling of applications. Currently, most IT departments are manually configuring security policies in the data center network using a device-centric management approach.

D’Agostino says security is one of the sensible issues and security rules on a device-to-device basis is one of things limiting agility. Complexity can be reduced using profiles and have security automated regardless of where the service is needed.

Influence of Containers
Cisco ACI is designed to offer a common policy model for managing IT operations that can span across the entire infrastructure. ACI allows applications to support any environment, including bare metal, virtual machines and containers. ACI portability is native and part of its nature, which is a natural fit with container technology.

D’Agostino states that containers expand ACI’s value. By applying consistent policies, infrastructure can be further simplified that can accelerate customer’s ability to choose the best application delivery platform without sacrificing automation, policy and visibility. He says leveraging eVPN for VXLAN provides an open standard way of connecting multiple SDN & ACI domains, enabling multiple vendors to drive their own innovations without being limited by the controller of one vendor

Delivering in a VMware world
D’Agostino points out the limitations in using VMware’s virtual network software offering. He remarks that NSX is just an application and customers need to buy a network for NSX to operate on a network. While lot of OS instances being virtualized, packets egress the hypervisor and at that point VMware has zero relevance to security. NSX is open-by-invitation-only platform, an SDB LAN emulation controller like NSX requires tight coupling between controller applications. VMware requires users to register in their lab, wait for engineers to work on any development or scale testing. D’Agostino sees nothing about NSX that is open.

SDN: The Road Ahead

D’Agostino asserts that they are seeing an open environment accelerating around SDN. Common group-based policy models extend from controllers inside a data center to multiple domains, whether it’s into the campus, into the wide area or into a branch or virtual branch. He feels Customers are starting to drive SDN across to all endpoints of the infrastructure with an automation model that’s under common controller architecture or federated controller architecture, envisaging the big shift moving forward.