RIP, EIGRP, OSPF, IS-IS, BGP, MPLS, VTP, STP.
Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Cisco ACI

Fri Apr 25, 2014 12:43 pm

Anyone running this yet? What are your thoughts in regards to reducing complexity, monitoring your fabric, and/or defining application profiles?

User avatar
that1guy15
Post Whore
Posts:
3224
Joined:
Thu Apr 29, 2010 6:12 pm
Certs:
CCNP, CCDP, CCIP

Re: Cisco ACI

Fri Apr 25, 2014 12:49 pm

can it? will it? yes
Does it now? No

Just like any other API you have to develop applications or scripts to utilize it. I see this opening up the market and I think we are going to see a lot of very interesting NMS tools once this become standard on all hardware.
http://blog.movingonesandzeros.net/

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: Cisco ACI

Fri Apr 25, 2014 12:55 pm

that1guy15 wrote:can it? will it? yes
Does it now? No

Just like any other API you have to develop applications or scripts to utilize it. I see this opening up the market and I think we are going to see a lot of very interesting NMS tools once this become standard on all hardware.


Not sure I follow - ACI is an entire platform - not just an API (It does leverage north/southbound APIs with certain tech partners though). They say it's not SDN but it really is - just not a.... "stereotypical controller". It's still SDN because the APIC is defining how the network will operate. It's just not pulling the control plane into the controller and are instead leaving it as a distributed architecture so it can still operate in case the APIC, or cluster of APICs, fail.

My eyes have really been opened recently into the garbage that Cisco marketing puts out... sorry to offend but it's true. Every company does it, sure, but jeez.

User avatar
Vito_Corleone
Moderator
Posts:
9850
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Cisco ACI

Fri Apr 25, 2014 3:11 pm

What's "garbage" about it? It's not really out yet.
http://blog.alwaysthenetwork.com

User avatar
burnyd
Post Whore
Posts:
3160
Joined:
Fri Nov 13, 2009 5:15 pm
Certs:
CCIE R&S/SP,CCNP-SP,JNCIA,VCP510,VCA-DCV

Re: Cisco ACI

Fri Apr 25, 2014 3:37 pm

Here comes the vendor bashing!

Its not out yet and you cannot purchase it. However, you can purchase some of the 9k switches but they really do not do very much as far as features go. As far as SDN goes everyones opinion differs on what it truely is.

Why do you feel it is garbage? I feel the idea is excellent. Have the API's directly talk to and leverage the network from a application perspective. From a server perspective having any encapsulation come in one port can come out another port decapsulated into a different L2 protocol is really interesting.
http://danielhertzberg.wordpress.com - I blog about networks!

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: Cisco ACI

Fri Apr 25, 2014 4:55 pm

So... first of all, you're right - it does sound like vendor bashing. For that I apologize.

Let me clear the air on a few things though and elaborate:
1. I wasn't calling the concept of ACI garbage - I was calling Cisco marketing garbage, much like Soni Jiandani's comments that Arista doesn't have 100G when not only do we have it, we're selling it - today, and have been for a little while now. I understand it's not relevant to the current conversation - I just want you to understand part of the reason I'm in the mindset that I'm in.

2. True - everyone's opinion of what SDN means does differ, however my personal opinion is that the methods to perform SDN may differ, but the overall meaning of SDN doesn't change - using software to define a network - in the most basic form.

Cisco is saying that they're purposely moving away from SDN like it's a bad thing. I feel they're saying this because other vendors embrace it, so this is a way they can try to make themselves sound "different/better". They're not moving away from SDN in my opinion - they're moving away from one METHOD of SDN which is to use a controller that all traffic must go through. If that controller dies, down goes the network. I agree this is less than optimal (Duh). However, I would argue that ACI in it's current method IS SDN! It still uses a controller (APIC) to DEFINE (they even use that word) what a network "should look like" through application network profiles. If I really wanted to grasp at straws, since APIC sits on three UCS servers (at a minimum), and they call it an appliance, I'd go so far as to call it "Appliance Defined Networking". One difference from the METHOD of SDN they're moving away from is now if the controller (APIC) dies, the forwarding plane still functions in a distributed manner. Anyway, I will say that if these application network profiles pan out to what they are saying it is, kudos to them in that regard because it seems pretty cool, although a little complex with the multiple tiers of stuff like Tenant Model > Context > Bridge Domain > IP Spacing and policy model > EPG > Contract > Subject > Filter|Action| Label. Good luck.

SDN is much more than just one METHOD. It's more than just OpenFlow, or just OpenStack, or just integration with technology partners - it's all of it - and more.

Formerly being a Cisco fanboi I think also adds to the irritation because I feel they're out of touch. You don't work where I do so you don't see it like I do, call it bias if you wish, but it's true - what a large portion of what Cisco calls innovation with ACI, we've already been doing for a long while now. We provide products that today leverages merchant silicon, that today leverages APIs into technology partners such as F5, Riverbed, Palo Alto, VMWare (Including NSX) etc. etc. etc., that today provides high density 10, 40, and 100G (TODAY - not future/roadmap) with non-blocking hardware architectures.

Anyway, it's just maddening to watch someone leverage their marketing monster to propose that they're innovating with something not available yet when in my opinion, they're following - and many folks will believe it.

I'll get off my soapbox now, and I wasn't aware that ACI still wasn't publicly available - the webcasts I've watched made me think customers were deploying it but I assume that's early adopters.

EDIT - I should also add that maybe they're not out of touch - but purposely being dismissive.

User avatar
Vito_Corleone
Moderator
Posts:
9850
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Cisco ACI

Fri Apr 25, 2014 5:22 pm

I read part of that, but then I realized I don't think I've seen the marketing info you're referencing. I haven't seen anything from Cisco saying they're moving away from SDN. Every Cisco employee I've spoken with acknowledges that ACI/APIC/APIC EM/etc, is SDN.
http://blog.alwaysthenetwork.com

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: Cisco ACI

Fri Apr 25, 2014 5:37 pm

Gotcha - watch TechWise TV episode 137. You'll see what I mean.

EDIT - Sorry, 136 - Inside the Application Centric Infrastructure, at around 2:00. They call SDN a subset of ACI. There's other webcasts as well that eluded to similar statements.
Last edited by Retired Account on Fri Apr 25, 2014 5:48 pm, edited 1 time in total.

User avatar
Beginners_mind
Senior Member
Posts:
287
Joined:
Fri Jan 31, 2014 2:29 am

Re: Cisco ACI

Fri Apr 25, 2014 5:45 pm

IDK about the negative campaigning man. whether the criticisms are factual or not, it's easy to see that sort of thing as being self serving, that's ultimately the problem with it.

First it was ipv6 ra's, then it was STP interoperability (I guess your beef was with the tunneling mechanism PVST+ uses to get it's vlan specific bpdus across non-Cisco switches), now it's marketing of a product...that hasn't even come to market yet.. Kind of a pattern of constant criticism emerging there and it makes it difficult to engage you in a meaningful dialog. Which sucks because you strike me as a really bright and articulate guy.

Just trying to be helpful and offer an outsider's perspective. I have no interest in vendor trench warfare. I'm just a network geek who comes here to socialize with other network geeks and learn a thing or two.

Best regards

-b
"Certs: CCIE written but expire"

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: Cisco ACI

Fri Apr 25, 2014 5:53 pm

Ah jeez. I see this is pointless and will only be seen as vendor bashing because of where I work. I could point out several things that are direct examples from Cisco Live breakouts describing what ACI will bring that we already do, and not because I'm trying to push a product - I'm totally not. It's just to highlight bogus marketing.

It's unfortunate that you folks that I discuss these things with don't acknowledge what I feel are facts, or provide rebuttals which I'd love to understand/discuss, and instead brush it off as vendor bashing.

Sorry for wasting your time, and I'll leave it alone from here out.

Again, just want to re-iterate, my problem isn't with the product - from that phase I very much have a, "let the best man win" mentality - it's just the marketing methods.

I seriously just want to know when you guys deploy this, what are the things you like about it, and what are the things you hate about it. Just like I'd like to know if you deploy Arista what are the things you like about it, and what you hate about it.

EDIT - P.S., I'd also hope for those who've known me and my history on this forum that even before I started working for a competitor, I questioned everything I came across that "didn't seem quite right" - it didn't matter if it was Cisco, Brocade, HP, or Juniper. When I was an engineer, I pissed off our Cisco team several times with my constant questioning/prodding (As well as Brocade for their lack of a Loop Guard-like function, and Juniper for their misleading bandwidth statement on their datasheet regarding the Netscreen).

Also, watching that Techwise TV episode I pointed out a second time, the verbiage is confusing and maybe I misunderstood it. Earlier in the webcast it sounded pretty distinct that they were treating SDN separate from ACI, but in other parts it sounds blended.
Last edited by Retired Account on Fri Apr 25, 2014 6:04 pm, edited 1 time in total.

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: Cisco ACI

Fri Apr 25, 2014 6:02 pm

I wish I could delete this entire thread now.... it totally went a direction I didn't even intend it to because I have a bad habit of letting thoughts floating at the top of mind flow through my fingers.... :D

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: Cisco ACI

Fri Apr 25, 2014 6:08 pm

Beginners_mind wrote:IDK about the negative campaigning man. whether the criticisms are factual or not, it's easy to see that sort of thing as being self serving, that's ultimately the problem with it.

First it was ipv6 ra's, then it was STP interoperability (I guess your beef was with the tunneling mechanism PVST+ uses to get it's vlan specific bpdus across non-Cisco switches), now it's marketing of a product...that hasn't even come to market yet.. Kind of a pattern of constant criticism emerging there and it makes it difficult to engage you in a meaningful dialog. Which sucks because you strike me as a really bright and articulate guy.

Just trying to be helpful and offer an outsider's perspective. I have no interest in vendor trench warfare. I'm just a network geek who comes here to socialize with other network geeks and learn a thing or two.

Best regards

-b


Just to be clear, please do not mistake pointing out facts as "having a beef". I have no "beef" with Cisco's SSTP mechanism - I point it out because it's important to know about when working in multi-vendor environments with non-Cisco switches running MSTP.

User avatar
Vito_Corleone
Moderator
Posts:
9850
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Cisco ACI

Fri Apr 25, 2014 6:51 pm

Steven King wrote:Ah jeez. I see this is pointless and will only be seen as vendor bashing because of where I work. I could point out several things that are direct examples from Cisco Live breakouts describing what ACI will bring that we already do, and not because I'm trying to push a product - I'm totally not. It's just to highlight bogus marketing.


Can you post the examples (just session and page is fine)? I won't say that Cisco isn't a marketing machine and that they don't occasionally spin things to seem as if they're the first ones to do something... But I think this is true of most/all vendors. I think it's just the nature of the industry (maybe most industries?).

That said, and forgive me for not being intimately familiar with the offerings, but what does Arista do that Cisco doesn't? I've always been curious about and respectful of Arista, but I feel like their (your) edge is diminishing. My impression of Arista's products are that they're low-latency, large buffered, and EOS is cool (shell availability, built-in Python, etc). At this point I think Cisco is on par or better in most areas. Not to mention that Arista plays in a very limited scope where Cisco does pretty much everything at this point (other than a hypervisor?).

So instead of pointing out stupid vendor marketing, which, again, is not unique to Cisco, can you tell me what differentiates Arista?

Edit: I forgot to mention that Arista used to kill Cisco on pricing. That's also not true with the release of the 9K (that shit is sooo cheap). It's also not just Broadcom silicon. The ALE is Cisco silicon.
http://blog.alwaysthenetwork.com

User avatar
burnyd
Post Whore
Posts:
3160
Joined:
Fri Nov 13, 2009 5:15 pm
Certs:
CCIE R&S/SP,CCNP-SP,JNCIA,VCP510,VCA-DCV

Re: Cisco ACI

Fri Apr 25, 2014 7:33 pm

That is my take on the arista products that they are used in trade and other businesses that need the low latency for applications.

Not to take this into a vendor debate but what is Aristas SDN solution? I recall a few years ago they were the first to come forward with a really good trill solution but nothing I ever played with only read about in articles.
http://danielhertzberg.wordpress.com - I blog about networks!

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: Cisco ACI

Fri Apr 25, 2014 8:18 pm

Could you point out any documentation regarding what you're talking about burny regarding TRILL? I'm not familiar with anything like that. I could simply be brain farthing though.

As far as our SDN solution - it's about doing more with less and not locking you into a proprietary product. I know that's a hard concept to understand, but that's how I feel about the subject to generalize it.

Official commentary on the topic from Doug Gourlay:
http://www.aristanetworks.com/products/eos/software-defined-networking

I'd have to write a book to go into all the ways we're programmable and align to SDN, but as far as what differentiates us from Cisco? As far as what you can actually purchase today? Off the top of my head to name a few(Feel free to educate me on similar Cisco offerings you can purchase today):

* Data Analyzer (DANZ) - Suite of tools to improve network visibility and provide proactive congestion notification
- Latency Analyzer (LANZ) - Configurable thresholds on port/global buffer utilization; takes traffic samples upon high threshold event and can provide notification via console, syslog, email.. Provide visibility at a nanosecond level to identify microbursts
- Agile Ports - Can convert 4 10G ports to a 40G port (Similar to performance mode with a 6500 line card except you don't have to do it just to avoid oversubscription)
- Tap Aggregation - Convert a switch into a tap aggregator with filtering, truncation, traffic steering, time stamping at 1/10th the cost of a Gigamon solution
* VM Tracer - Easily see what VMs are hanging off what ports directly on the switch and automatically provision/prune VLANs as needed; leverages VMware API (Cisco will get there with ACI)
* MapReduce Tracer - Tracer for Big Data job tracking
* Python scripting (Is this available outside of ACI?)
* Multi-CLI - Have your switches join a XMPP server to give you the ability to administrate groups of switches via a chat server.
* Ability to run a Spunk Forwarder, Chef Agent, Wireshark, and other things directly on the switch.
* Truly modular network OS. All processes run in user space and work in a publish/subscribe model with the SysDB. You can literally type "bash", do a ps -ef, find the STP process, sudo kill -9 it, and the switch won't stop forwarding traffic - it won't even have to reconverge.

This is just a few things - frankly I don't feel like typing them all out.

EDIT - Actually, I will also say that every single one of our platforms, from a ToR switch, to the 7500E chassis, uses a single binary image, and are wire speed non blocking (Although yes, I understand that with the 9k they're improving that aspect as well).

User avatar
Vito_Corleone
Moderator
Posts:
9850
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Cisco ACI

Fri Apr 25, 2014 9:14 pm

That list is helpful, though a lot of it seems like accessory items that aren't uber useful. The DANZ thing sounds cool, I'll have to look into it more. Agile ports sound interesting, but how does it really work? Is it 4x10g lanes, or is it true 40g (this wouldn't make sense to me). Cisco can break out 40g, but doesn't go the other way. The tap functionality seems nice on paper, but probably wouldn't be used a ton in real life. It doesn't seem nearly as robust as Gigamon or the other players. VM Tracer is awesome and I'm excited to see it come to the Cisco world.

The rest of the list doesn't really do anything for me. The 7k and 9k, and I think 5k/6k all have built-in Python interpreters. NX-OS is modular as well.

So there are a few compelling things about Arista, but I don't see them as deal makers/breakers for any customers I've worked with. Arista is solely focused on the DC, which is nice, but not ideal for many customers. The idea of training admins on multiple vendors doesn't appeal to most unless one product is leaps and bounds ahead of another. IOS, NX-OS, and the ASA OS are similar enough to appease most people (though they're also different enough to annoy most people as well). I think there are many vendors who offer products that are equal to, or slightly better than their Cisco equivalents, but the slight edge usually isn't enough. I think the biggest differentiator is cost, but Cisco is fixing that in the DC with the 9k, and will typically drop their pants to beat a competitor in the campus space.

Anyway, this thread was originally about anger over allegedly misleading marketing, which is debatable, but also not surprising if true. Putting that aside, I think it's hard to argue that Cisco is, and will likely remain, the leader in enterprise networking (campus, DC, mobility, etc). They're very entrenched and I haven't seen another vendor giving them too much trouble yet. There will always be niche players, but I doubt they'll see market-share anywhere close to Cisco's... unless Cisco buys them. :)

Edit: I would like to add that I'm not really a Cisco evangelist. I think there are various things Cisco is bad at, like WAAS (Riverbed is a far better product) and ACE (F5 and Citrix were way ahead long before Cisco killed ACE). The ASA was also lagging far behind the competition until recently, and they've only really caught up on paper - I haven't seen anyone running CX yet. But for campus and DC, I'd almost always go with Cisco.
http://blog.alwaysthenetwork.com

killabee
Post Whore
Posts:
1474
Joined:
Sat Dec 19, 2009 11:52 pm
Certs:
CCNP, CCDA, JNCIA

Re: Cisco ACI

Fri Apr 25, 2014 9:16 pm

I see this as another one of those "the more time I spend learning it, the less time I have to spend learning something else" type of things. And since it's still too early to tell, I'd rather spend the time learning that something else.

On a different note, it seems that on the firewall side Check Point has been doing similar SDN-type things for years. They run a management server where you define the FW policy and push out the policy to the FWs (the FWs sometimes being glorified Linux servers with minimum networking config), the management server has a complete view of the individual FWs (good for monitoring, reporting, etc), and they have an API (OPSEC) that allows other vendors to interoperate with the management server. No, I'm not a CP fanboy...this is just an observation.

User avatar
wintermute000
Post Whore
Posts:
1008
Joined:
Mon Jan 14, 2013 10:40 pm

Re: Cisco ACI

Fri Apr 25, 2014 9:21 pm

killabee wrote:I see this as another one of those "the more time I spend learning it, the less time I have to spend learning something else" type of things. And since it's still too early to tell, I'd rather spend the time learning that something else.



Yep thats it. LIke my goddamned CCIE material lol. Or just boning up simple Nexus stuff (just coz u know 5k/2k means squat when it comes to 1k and fully virt....)

I have a colleague who's decided to screw all this vendor SDN stuff and just learn python/php for the next 12 months and get familiar with openflow, then see where the market is. I think that's not a bad step at all since all this SDN scripting stuff is all going to be based on open source interpreted languages.

User avatar
Vito_Corleone
Moderator
Posts:
9850
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Cisco ACI

Fri Apr 25, 2014 9:26 pm

killabee wrote:I see this as another one of those "the more time I spend learning it, the less time I have to spend learning something else" type of things. And since it's still too early to tell, I'd rather spend the time learning that something else.

On a different note, it seems that on the firewall side Check Point has been doing similar SDN-type things for years. They run a management server where you define the FW policy and push out the policy to the FWs (the FWs sometimes being glorified Linux servers with minimum networking config), the management server has a complete view of the individual FWs (good for monitoring, reporting, etc), and they have an API (OPSEC) that allows other vendors to interoperate with the management server. No, I'm not a CP fanboy...this is just an observation.


I think many (most?) firewalls products have some level of centralized management options. Palo Alto has Panorama, Cisco has CSM (ugh), and I'm sure Fortinet and Sonicwall have something similar as well. I don't know that I'd call it SDN though (but the term is so ambiguous, who knows - "cloud" anyone?). To me, SDN is when the intelligence exists at the controller, not just the management. The idea (again, this is just how I see it) is that the controlled devices have very little intelligence. The controller makes the real decisions and then informs the devices of the result of that decision. The devices can remember these results if they lost contact with the controller, but I don't think they ever really make the decisions themselves. A device that can run autonomously doesn't really feel like SDN to me. I'd view wireless controllers and lightweight APs more SDNish than firewalls with central management.

That's just my SDN interpretation though. It seems to be a pretty dynamic idea...
http://blog.alwaysthenetwork.com

User avatar
Vito_Corleone
Moderator
Posts:
9850
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Cisco ACI

Fri Apr 25, 2014 9:31 pm

wintermute000 wrote:I have a colleague who's decided to screw all this vendor SDN stuff and just learn python/php for the next 12 months and get familiar with openflow, then see where the market is. I think that's not a bad step at all since all this SDN scripting stuff is all going to be based on open source interpreted languages.


I'm trying to do that as well. At first I put a script together to log into various IOS devices and run commands/gather data, but this doesn't really address the stuff we'll probably need to know. So I ended up building a Python script that pulls all my movies into a database, queries a couple APIs, presents the info (based on random movie, genre, year, etc) to the user and then plays it on the room's XBMC device if desired.

I figured this would get me some exposure to the things I may need to do in the future.
http://blog.alwaysthenetwork.com

Next

Return to Cisco Routing and Switching

Who is online

Users browsing this forum: Google [Bot] and 165 guests