Competitors are blasting the new Cisco SDN technology from Insieme Networks, calling it unnecessarily hardware-driven, lacking in standards, late to market and, most notably, noninteroperable, even with Cisco's existing equipment.
Cisco's Application Centric Infrastructure includes a new line of Nexus 9000 switches that run either Nexus OS or a new ACI mode of the OS. Cisco ACI also includes an SDN controller that lets data center switches act as a single fabric and allows users to manage tens of thousands of ports from a central point. With the combined technology, ACI users can automatically provision and de-provision network segments or tenants to support specific applications with complete policy and Layer 4-7 services.
To just state flatly that the [one-time] hardware cost is the main issue in that transition is glossing over real-world change management cost. Ripping out every switch in your data center and all your branch offices is not trivial.
vice president of marketing, VMware's networking and storage unit
ACI will provide many of the same provisioning and virtualization features offered by software-only overlays from VMware and Nuage Networks, but hardware is the foundation of the technology.
VMware on Cisco ACI: A hardware-defined software strategy isn't flexible -- or affordable
The difference between Cisco and VMware's network virtualization strategies boils down to this: Cisco says software-only strategies are not scalable, reliable or manageable because they're not aware of what's happening on the underlying infrastructure.
VMware counters that placing hardware at the center of a software strategy makes the strategy inflexible and requires costly redesign. VMware's NSX network virtualization technology, announced in August, lets users automatically provision and de-provision virtual networks using a tunneling technology that is programmed at the edge and managed with virtual switches or hypervisors. The theory goes that what happens in those virtual networks stays in those virtual networks and shouldn't have to be integrated into the physical infrastructure beneath.
"We think customers want to do this on their existing physical networks," said Chris King, vice president of marketing of VMware's networking and security business unit. "Our software-defined data center technology works great over Cisco hardware today. Doing it in software is investment protection in the physical plant."
While unveiling ACI last week, Cisco CEO John Chambers said an all-software approach would cost 75% more than implementing a hardware-centric technology, because customers would have to manage both virtual and physical infrastructure, as well as pay the "per-VM tax" associated with VMware's technology.
But Cisco was "playing fast and loose with the numbers," King said. Once NSX segments are spun up, they come with all Layer 4-7 services intact -- which is not the case with Cisco. Neither ACI nor NSX pricing is yet clear. But King points out that Cisco ACI would require investment in hardware and the need for architecture redesign. In many cases, Cisco customers who have only recently invested in Nexus 7000 switches will have to buy new switches for ACI. Chambers said the initial hardware investment would pay itself back with lower operational expenditures over time, but King questions that math.
"To just state flatly that the [one-time] hardware cost is the main issue in that transition is glossing over real-world change management cost. Ripping out every switch in your data center and all your branch offices is not trivial. And the Capex is not the major portion of that. … It's shipping and scheduling and all of that kind of stuff," King said.
Beyond the redesign requirements, placing hardware at the center of a software strategy only makes it less nimble, King continued. The whole point of virtualization is to enable cloud bursting where IT shops can provision resources on demand.
"When you go down a hardware-defined path, everywhere you might burst needs that same hardware, and every company you acquire needs that same hardware too. There is flexibility inherent in that software-defined vision," King said.
Nuage on Cisco ACI: Where's the inter-data center answer?
Like VMware, Nuage offers network overlay software that works on top of existing hardware and is directed by a centralized controller. Nuage CEO Sunil Khandekar pointed out that while Cisco attacks the use of software overlays, networkers have always depended on overlay technology. VPNs are a perfect example.
"It seems like overlays are only bad when others do it," Khandekar said.
But Nuage's bigger beef with Cisco ACI is that it creates "pods" of programmable networks but doesn't go beyond the internal data center to address the WAN or inter-cloud connectivity. Nuage uses IP networking to peer routers at the edge of a data center, essentially extending network overlays through a VPN. This stretches the control plane across multiple domains.
"What we are talking about is not a single data center problem; we are talking about [connecting] multiple data centers," Khandekar said. "They haven't talked about how to connect data centers back to users over a VPN. There are a lot of things missing here."
Creating these "islands" of automation will make it difficult to integrate networks into a larger orchestration framework within a data center, and even more difficult to extend orchestration among multiple data centers, he said.
Last week, Chambers said Cisco's SDN strategy will begin in the data center but eventually extend to every part of the network.
Hewlett-Packard on Cisco ACI: What about standards?
Cisco is "trying to pull a Bill Clinton" by going for the "middle ground" in programmability, said Mike Banic, vice president of global marketing at HP Networking. Cisco ACI is only fully programmable if users deploy all Cisco equipment, he said. Instead, Cisco should have embraced emerging industry standards that would allow controllers to work across multivendor environments.
HP offers OpenFlow-friendly switches from the edge to the core, which means they'd be able to run with any controller using the same version of the protocol. HP is also working with the Open Networking Foundation to develop a universal northbound application programming interface (API) framework so that developers can create applications that are portable to any network. In the meantime, it has created a software development kit for its northbound APIs and is creating a network apps store.
"It will be like building an app for the Windows environment; it will work on any underlying hardware," Banic said.
More on Cisco's programmable networks
Programmable networks, not necessarily SDN, Cisco says
Cisco's response to VMware NSX
Cisco software business to double due to SDN
In fact, Cisco's ACI controller can use OpenFlow as a southbound protocol, but Cisco said users won't get quite the same leverage out of the fabric that way. Cisco will, however, publish its controller code and northbound APIs so that a wide range of developers can create applications for the network. Cisco has also said it will enable its controller hook into the OpenDaylight controller set to be released in December. That too won't be the prime way to run ACI, Cisco executives said.
HP also has criticized Cisco for not better integrating into VMware's NSX strategy. While ACI can work in any hypervisor environment, it is not geared specifically toward optimizing an NSX environment. HP, on the other hand, will federate its controller, along with VMware's NSX controller, for deeper integration.
"We realize people want choice and flexibility, and we realize there is energy around VMware NSX," Banic said.
Why isn't Cisco ACI fully available yet?
With all the hubbub around the Cisco ACI release, so far only the Nexus 9000 is generally available, while the controller won't be out until 2014.
While most customers are in the early stages of evaluating SDN and not necessarily ready to buy, the technology must available for testing ASAP, VMware's King said.
"From a production deployment perspective, [a nine- or 12-month delay] doesn't matter. But from the perspective of learning about it and building a taste for it, yeah, it matters," he said.