A major difference between ACI and NSX is that Cisco is emphasizing hardware in addition to software. Software by itself won't cut it, in the Cisco point of view. Frank D'Agostino, senior director at Insieme (now Cisco), says, "We're going to deliver a platform that's relevant to the application, whether it's physical, virtual, a Linux container or legacy, we need to accommodate all of that."
D'Agostino says, "the battle isn't about a vSwitch or a physical switch. The battle is about how you do service enablement on top of these things, and how easy it is to stand up these things and audit them after day one."
Although some pundits mock ACI as "hardware defined networking," that criticism perhaps misses the point. Even for those who wish to de-emphasize hardware through commoditization, the fact remains that network hardware must be provisioned, monitored and optimized as well as updated to cope with changing network needs.
No amount of decoupling can change that fact. Cisco, in keeping with its business model, has embraced hardware's continuing importance, placing hardware squarely in the middle of the ACI value proposition. "We know in the fabric, on a hop-by-hop and packet-by-packet basis, such a level of detail that we can start doing traffic engineering differently," D'Agostino says.
That's a claim NSX cannot make.
With the integration of APIC controlled hardware and software, Cisco plans to deliver with ACI a network infrastructure driven by policy. Policy is created in part through the use of End Point Groups (EPG). The idea is to create EPGs that are a useful collection of server, service, virtualization, or network attributes describing an application not just the IP addresses and port numbers network engineers are used to.
Once the EPG is defined, ACI applies policy that governs the traffic flowing between EPGs. According to Joe Onisick, technical marketing engineer with Insieme (now Cisco), "We group end points together for the enforcement of policy, and use the EPG as our policy instantiation point...We instantiate our policy between groups based on the connectivity graph that we draw within the application network profile."
This point about policy and EPGs might seem a little detailed, but it raises a larger point that is key to understanding Cisco's philosophy around ACI. Applications are not merely chunks of amorphous data payload shoved into an IP packet and forwarded across a fabric. Rather, applications can be described in a more nuanced way.
Cisco uses these nuanced EPGs as a means of not only richly identifying applications, but also abstracting that group definition into an object that policy can be applied to. There's real power in that concept, as it allows network operators or application developers - to fine-tune treatment of traffic to a degree that would be pragmatically impossible if it required doing it by hand.
Sign up for Computerworld eNewsletters.