This content is part of the Essential Guide: Software-based networking broadens automation approaches
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Cisco ACI architecture deployment options point to network evolution

Cisco ACI architecture users recommend embracing the model's software-based capabilities instead of going the traditional networking route to meet automation needs.

Armed with plans to move its business into the future, Hutchinson Networks Ltd. in 2015 was ready to build its first public cloud platform. But to offer a competitive infrastructure as a service, or IaaS, platform, the network services provider, based in Edinburgh, Scotland, knew it needed to build its new Fabrix cloud service on top of a strong foundation. Its answer was to implement Cisco ACI architecture -- Cisco's framework for software-defined networking in the data center.

A central component of the Cisco Application Centric Infrastructure architecture is the Nexus 9000 switch, which creates the switching fabric for ACI. Yet, while many Cisco customers have purchased these switches, most have chosen to continue running their networks in the traditional mode instead of in the software-defined ACI mode. That's a missed opportunity, said Hutchinson Networks CTO Stephen Hampton.

SDN a necessary component

As a network integrator with more than 120 customers that include enterprises, SMBs, a few service providers and some startups, Hutchinson Networks saw SDN as the necessary technology to underpin Fabrix.

"I think there's a general recommendation that if you're building a data center environment now, and you're not building it in a software-defined fashion, then by the time you get to your next investment cycle, you could be about eight years behind," Hampton said.

He's not the only person to share that sentiment.

Kevin Tompkins, another Cisco ACI user and network architect for Scentsy, a fragrance company based in Meridian, Idaho, agreed that many Cisco customers aren't capitalizing on ACI's potential. Instead of using Cisco ACI architecture to deploy innovative networking, Tompkins said he believes many ACI users are trying to shoehorn ACI and the accompanying Application Policy Infrastructure Controller (APIC) into their traditional networks.

"In ACI, you have this incredible capability. But many customers have implemented it to basically replicate what a traditional network looks like," Tompkins said. "At that point, it's kind of like, 'What's the point?'"

Lee Doyle, analyst at Doyle Research, also said he believes many Cisco ACI customers can glean more from the technology.

"It's taken a while for ACI to roll out and for people to really see its benefits," Doyle said. "Cisco's got very good adoption of Nexus 9000 switches, and ACI is rolled out -- it's just [a question of] how much customers are taking advantage of its capabilities."

Choosing Cisco ACI architecture

Hutchinson's Hampton said his company knew it needed to evolve with the industry, and employing SDN to anchor Fabrix would be a critical component.

To that end, Hutchinson Networks considered various options, among them network fabric from Brocade, VMware NSX and Cisco ACI architecture. The integrator wasn't sure about Brocade's long-term roadmap and was the most comfortable with Cisco. Cisco ACI offered the performance and scale needed for the IaaS platform, Hampton said, and Hutchinson Networks had worked with Cisco before.

Hutchinson Networks laid the foundation for Fabrix two years ago, when it purchased Cisco ACI hardware and combined it with Cisco Unified Computing System (UCS) servers and Cisco UCS Director -- Cisco's orchestration tool. Both the ACI deployment and IaaS platform were greenfield projects for the company, so Hampton and his team weren't concerned about integrating them with legacy architecture, he said.

The ACI environment was live by September 2015, and Fabrix was completed in May 2016. Since then, Hutchinson Networks has recommended Cisco ACI to its customers, and it has become a Cisco authorized technology partner. Hutchison is also a technology partner with Juniper Networks, Riverbed and Microsoft.

"Obviously, [ACI] is a product we've heavily endorsed over the last couple of years, so we're not the most unbiased opinion," Hampton said. "But that [endorsement] is based on our experience of deploying it for ourselves and for our customers."

Users integrate Cisco ACI and NFV

A major factor in Hutchinson Networks' choice to go with Cisco ACI architecture was ACI's ability to integrate with other networking technologies, like network functions virtualization (NFV).

"When we went to buy load balancers, firewalls and routers -- things like that -- we made the decision to go all NFV, and that made significant savings," Hampton said. If Hutchinson Networks had gone the route of traditional hardware, he estimated 70% of the company's budget would have been spent on hardware. By going with SDN and NFV, Hutchinson Networks could afford to enter the public cloud market, he said.

Integrating with NFV also proved to be its biggest challenge, however. Hampton described that, in theory, the APIC -- a major element of Cisco ACI architecture -- can integrate with F5 load balancers or Cisco firewalls, for example. The APIC can push configurations to those functions and automatically "build where they sit in the policy," he said. Cisco also offers the option to skip APIC configuration and deploy functions individually, or manually manage them with a different orchestration tool.

If you take the internet of things and the sheer amount of data going through the data centers, there is no way the traditional methods of deploying networks will work in the future.
Stephen HamptonCTO for Hutchinson Networks

"At the beginning, we went down the line of trying to control all [the functions] through the APIC and ran into a number of problems," Hampton said.

When the APIC controlled Hutchinson Networks' F5 load balancers, the load balancers didn't have a full feature set, he said. In addition, the APIC configurations wouldn't allow Hutchinson engineers to use various Cisco firewall functionalities.

"We didn't have the granularity of control on those VNFs [virtual network functions] that we have when we work with them directly," Hampton said.

Instead, his team opted to use Cisco UCS Director to configure the VNFs directly, rather than configuring through the APIC, which bypassed the problem. Still, Hampton said he believes organizations looking toward NFV and SDN can benefit from Cisco ACI architecture.

The inevitable paradigm shift

Hampton said the shift to a software-centric network architecture will force organizations -- and the engineers they employ -- to rethink their operational goals and objectives.

"If you take the internet of things and the sheer amount of data going through the data centers, there is no way the traditional methods of deploying networks will work in the future," he said. Networks will have to be built to scale in a way that will be too much for manual processes. Instead, he added, these processes will need to be automated.

"And if it has to be automated, then those engineers have to be ready to work with APIs, controllers and user interfaces, rather than just using traditional CLI [command-line interface]," he said. "They have to be mentally ready to take on new things and to move away from CLI and embrace SDN."

Next Steps

One engineer chooses between ACI and VMware NSX

Learn how a Texas school district uses Cisco ACI

Explore the applications of SDN

This was last published in July 2017

Dig Deeper on Software-defined networking