News Stay informed about the latest enterprise technology news and product updates.

Networkers on Cisco SDN: Far superior, if you're into rip-and-replace

Network pros say the Cisco SDN strategy beats the competition in programmability, but they question what happens to their existing Nexus investment.

Network engineers said Application Centric Infrastructure, the hardware-centric Cisco SDN product line, could outclass the competition, but they're leery about investing in a technology that won't incorporate legacy network equipment and won't be available for at least another half year.

"Cisco has such a strong ecosystem that when they announced ACI [Application Centric Infrastructure], the customers who were already evaluating SDN said they would take a pause and wait for [the] Cisco product to come out before making a decision," said Tarun Raisoni, vice president of worldwide sales at Fremont, Calif.-based Rahi Systems, a Cisco partner that focuses on data center infrastructure. "But ACI doesn't address the legacy network that is still out there. A lot of customers we work with still have Catalyst 6500s and are still buying Nexus 7000s," he said.

ACI includes a new portfolio of Nexus 9000 switches and a controller that can manage tens of thousands of ports from one point. Together the technology can be used for automated network provisioning in a system that is entirely application-aware with centralized policy enforcement.

ACI doesn't address the legacy network that is still out there. A lot of customers we work with still have Catalyst 6500s and are still buying Nexus 7000s.
Tarun Raisonivice president of worldwide sales, Rahi Systems

The new Nexus 9000 switches are available now, but the controller won't be out until April 2014. The switches can run either a simplified version of the NX-OS or in ACI mode, so Cisco said users can buy the 9000 switches today to run in Nexus shops and then transition them for ACI later.

But some users see this as a catch-22. The expensive Nexus 7000s and the newer Nexus 7700s they recently bought won't work in an ACI fabric. What's more, it's unclear whether 9000s in standalone mode are feasible for existing Nexus shops.

Randal Echterling, a network architect at Wellspan Health Systems, runs a Nexus shop and said the 9000 in standalone mode cannot replace the 7700s. "While the 7700 chassis is similar to the 9000, and the 9000 will have a lower cost-per-port density with a higher speed fabric, the 9000s will not have the same functionality or features as the 77000 [line on] day one." If ACI takes over, this makes the 7700s "dead on arrival," he said.

Cisco never intended for the 9000s to have the same kind of feature richness as the 7000s because an ACI network places network intelligence into the controllers that run the new fabric. Cisco executives have said that Nexus 9000s can act as inexpensive access switches today. Later, when they're transitioned into ACI, they'll be part of a leaf-spine architecture and the 7000s can take on the role of core switches -- or devices that interconnect ACI pods.

But many engineers are frustrated by the idea of turning such a costly set of switches into basic interconnect devices. In the meantime, engineers don't know what to buy because it is still unclear what the feature gaps are between the 7000s and the 9000s. "Making an announcement is great, but a lot of times a product announcement happens and then the execution and delivery of the product is just not there," Echterling said. "There is no direct path to ACI. So if the 9000s don't have the features of the 7000 and then I am two years into this and they say they've made a mistake with ACI, then what?"

Eric Murray, a senior network engineer at Louisville, Ky.-based Kindred Healthcare, runs a Nexus shop that is not yet up for refresh. But he's excited about the promise of ACI and will consider investing in the technology for a new data center his organization may build. But for his current Nexus shop, he will consider working the 9000s in as aggregation points.

 "I could see where we could bring UCS [traffic] into the 9000s and then connect that to the 7000s. Right now I am using 5000s as an aggregation point, but the 5000s are just doing Layer 2 forwarding. The 9000 would give me all the ACI functionality. That could be a way to wedge them into the current environment and then promote the 7000s to a WAN edge or access edge switch later," Murray said.

Cisco SDN outweighs VMware NSX in many ways, users say

Critics have blasted Cisco for not creating an SDN strategy that works on existing infrastructures, especially considering that VMware's NSX network virtualization overlay technology can run on top of any vendor's network. But Cisco users said technically there is no comparing an overlay-only strategy to Cisco's engineering, which tightly integrates hardware and software.

"NSX is just doing an overlay on top of a traditional network, but traditional networks are inflexible and there's a 30-year-old design that we are dealing with [beneath the overlay]. ACI is a native abstracted network, which in my mind is a preferable scenario," Murray said.

ACI will eliminate the need for CLI once controllers take over management of the switches, he explained. The system allows engineers to move virtual or physical servers anywhere in the network, provisioning applications at any time with policy intact. Meanwhile, there is complete visibility of every port, plus a timing system that measures every packet over every link and reports dropped packets in real time. Flow prioritization is also built into the system, Murray said. An overlay cannot replicate most of these features.

"They've done a lot of engineering here," he said. What's more, Cisco can move VXLAN traffic, but "they are forwarding it native in hardware," which Murray said brings it an added level of performance stability and scalability.

Raisoni and Echterling both said the Cisco SDN strategy is more technically advanced than most competitors' products. It enables end-to-end provisioning and integrates into a range of orchestration systems, they said. It also has fully open application programming interfaces (APIs) so developers can create a range of networks apps, and the system can work with any hypervisor environment. But Raisoni warned that if Cisco doesn't move swiftly, customers will begin to consider NSX and other alternatives -- and third parties will make that possible.

"The problem with NSX is that there are no tools available. You have no visibility of network traffic," Raisoni said. "But there are technologies that will address this part of the market [to make overlays work better]." While enterprises may have time to wait, cloud providers, for example, need network flexibility now. They may invest in overlay technology along with third-party tools now, rather than waiting another six months for ACI, he said.

More on Cisco ACI and network programmability

Dig Deeper on Software-defined networking

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Actually, VMware NSX does have a strategy for integrating the physical network but it's not a priority or valuable feature to many customers. Cisco has successfully tagged that many of their customers will be looking for legacy integration as part of the purchasing decision. That's not a very wise SDN choice since ACI will change your legacy network completely.

Also, Cisco has a directly competing strategy against with AVS that includes software networking and virtual appliances. They have chosen to keep that part quiet I think and focus on customers short term goals.

Interesting times ahead. It's not as simple as this, differences between NSX and ACI are very small indeed. Its just a question of how you implement them.
Hardware centric infrastructure seems to be a better name and I really don't see the point.
Hi Greg, What is AVS? And is that part of NCS? And if not, do you also consider NCS a competing product to ACI? Here's the link we ran about it.