September 12, 2017 •Jeff Kish
Pop quiz: What does SDN mean to you? Software-Defined Networking, or Still Don't kNow?
If you're still wondering what exactly SDN is, then allow me this demonstration: Draw a network on the whiteboard. Any network. Don't worry about actual physical connections, and feel free to break the rules - if you want two branches on a single subnet, just draw it. Want two devices on the same subnet to have to route to each other? Fine! Now, and here's where the magic takes over, imagine overlaying that logical network atop your physical network devices via software.
If that's not enough. SDN transforms networks into policy-enforcement machines. In most environments, network admins spend far more time DEPLOYING policy rather than CREATING policy. And, frankly, many critical policies (security, QoS, etc) are often neglected because most admins know how difficult those policies will be to implement. SDN turns that upside-down by allowing the admins to spend their time creating the policy and leting the network worry about deploying it. You can see why SDN is so compelling.
The SDN Reality
When SDN became a buzzword back in 2012, the promises were great - simplicity, manageability, affordability, openness, visibility, automation… the list went on. In fact, the pundits were making audacious claims that this would destroy traditional networking vendors like Cisco since all networking features would be independent of the underlying hardware. As a Cisco
-certified engineer, I certainly kept my ear to the floor.
However, when OpenFlow became the SDN standard, it failed to deliver on any of this. OpenFlow increased complexity, reduced visibility, and eliminated effective troubleshooting. It
was open, to be sure, and it laid the foundation for automation, but this came at significant cost. To make matters worse, OpenFlow follows an imperative model - a techie way of saying that the controller sits in the middle of all network operations. So a network is only as stable (and available) as the controller. SDN seemed to be a missed opportunity that would never manifest.
How To Fix It
Enter: Cisco Application Centric Infrastructure (ACI), which seeks to redefine SDN in order to deliver on its original promises. How does it accomplish this? Purpose-built ASICs, right-priced hardware, and out-of-band controllers in a declarative (not imperative) model. In other words, where SDN sought to devalue network hardware, Cisco returned that hardware value while creating a software layer that results in the simplicity, manageability, affordability, openness, visibility, and automation we need.
Wait, was openness still in that list? Why, yes - Cisco ACI is open and supports a wide range of third-party vendor integrations, including direct competitors such as Palo Alto. Cisco published a new open standard called OpFlex, a protocol that is open to anyone desiring to integrate. ACI is also multihypervisor and it extends to physical machines. Who wants OpenFlow when you can have ACI?
An Intelligent Network
One of the greatest flaws with traditional SDN is the intentional dumbing down of the network. By encapsulating traffic into VXLAN tunnels and moving decision-making to the controllers, the underlay (physical) switches are useless to us - useless in providing the visibility, troubleshootin
g, and analytics that they would otherwise have every capability of providing! Why strip the network of significance when it has so much it can offer us?
Cisco ACI lets the network be the network. The network makes forwarding decisions, the network analyzes traffic, and the network enforces policy. In doing so, we deliver four key benefits to the network administrator: Centralized Management, Embedded Security, Health Monitoring, and Faster Application Deployment.
The Time is Now for SDN and ACI
ACI is proven and tested, with thousands of clients and a rapidly growing base. Because of the immense benefits that SDN delivers, NSI is seeing more demand for ACI than ever before. So give us a call - you know I'd love to whiteboard this for you.
