Cisco ACI

[wintermute000]

Just to keep the water cooler chat going here...

With 1.3 out now and apparently more like 2.0 (basically fills in a LOT of the former blanks + all the bugs that the first wave of implementations hit), Cisco's pushing it HARD.  They're not happy with flogging open N9K, they want the hardware lock-in badly.

[deanwebb]

There I times when I wonder if Cisco is about to go the way of Novell or IBM, from being an 800-pound gorilla to just another player in the grand scheme of things.

[wintermute000]

A nice alternative view I found (i.e. a pro-ACI post for a change!)

http://ciscomonkey.org/2015/01/08/nsx-vs-aci-its-a-no-brainer-my-shirt-makes-no-difference/

Some of his claims on NSX seem a bit overdone though. But I'll admit he has some good points (like firewalling done on the hypervisor being a single attack vector)


Just for kicks...
https://www.reddit.com/r/vmware/comments/45570r/nsx_be_very_careful_rebooting_vsphere_server/

[NetworkGroover]

Yeah I'm still somewhat interested to see where ACI goes - if they'll actually take it to a point where folks embrace it, or if they'll continue to lose money on it.  I still have yet to hear any real traction (No, giving away gear for free only to be used in Non-ACI mode does not count).  To be completely frank, it's gotten to the point that a vendor I know will openly tell customers to invite Cisco to bring in ACI to do a bake-off against them.  It only helps their case when it takes an army of CCIEs a week to try to set things up versus a vendor's single SE doing it in a day or two.

To be honest I didn't thoroughly read your article winter, but as I glanced through it what kept reverberating in the back of my mind is, "Look at the Cloud Titans (Facebook, Google, Microsoft, etc.).  I'm sure they have smart guys that think about stuff like this.... and are any of them using ACI?"  Considering ACI is a proprietary fabric that other vendors can't play in, and knowing what I know, I'd almost be willing to bet my paycheck that answer is no.

[NetworkGroover]

There I times when I wonder if Cisco is about to go the way of Novell or IBM, from being an 800-pound gorilla to just another player in the grand scheme of things.

It's heading that way for the DC at least.  I think they still have a very strong grip on Campus and other areas.

[wintermute000]

I've been seeing stuff internally re: ACI integration with Openstack. Basically using ACI to extend the 'vxlan' tunnels between ovs-switch instead of the native agent, and performing the L3 routing in place of neutron.

If there ever was an award for 'the most complicated way to get from A to B', that would appear to be it.... though you could take the alternative view that since Vmware's locked them out of vswitching from 6.x, their only chance of integrating properly with the virtual layer is via open vswitch, so might as well switch targets.

If I had to guess, its trying to ram a square peg into a round hole for Cisco Intercloud (even though blind freddy can see that if you had to use a Cisco leaf-spine with Openstack, just EVPN it and be done with it)


I really need to be put on one of these leaf-spine projects, instead of armchair commentating from the sidelines and endlessly reading white papers!!!

[ggnfs000]

Yeah I'm still somewhat interested to see where ACI goes - if they'll actually take it to a point where folks embrace it, or if they'll continue to lose money on it.  I still have yet to hear any real traction (No, giving away gear for free only to be used in Non-ACI mode does not count).  To be completely frank, it's gotten to the point that a vendor I know will openly tell customers to invite Cisco to bring in ACI to do a bake-off against them.  It only helps their case when it takes an army of CCIEs a week to try to set things up versus a vendor's single SE doing it in a day or two.

To be honest I didn't thoroughly read your article winter, but as I glanced through it what kept reverberating in the back of my mind is, "Look at the Cloud Titans (Facebook, Google, Microsoft, etc.).  I'm sure they have smart guys that think about stuff like this.... and are any of them using ACI?"  Considering ACI is a proprietary fabric that other vendors can't play in, and knowing what I know, I'd almost be willing to bet my paycheck that answer is no.

I aint huge network export, however certain issues exist with the public cloud i.e. the likes of Amazon, Google, etc. in respect to security, long-term cost etc., So many orgs are embrazing private cloud + public -> hybrid. I have read at least once regarding a case study where specific organization was paying excess of 1million dollar monthly in a run-away public cloud cost and they switched back most of their computing needs back to in-premise equipments.

So I think there are will be a certain needs for off-the-shelf vendors and Amazon, Google and Facebook are not likely to compete with traditional vendors to sell their equipments. With them putting all their attention to AI, VR, AV, Self driving and cloud service it is not likely they will do so any time soon. Perhaps they might but I just dont see them doing now.

Secondly the ones designed and used by Facebook, Google and Amazon are internally designed and tested and very tailored to their needs. If they decide to start selling, they have back their DC products with the same level of customer service, support (mighty expensive an erratic) just like other vendors which puts them in the same rat-hole position as vendors.

[deanwebb]

But... Cisco is now a software company! They said so! Doesn't that mean their software works now?

[ggnfs000]

i am not sure on the quality of the software. as any big name company, pretty sure confusion, messup, ball drops are rampant. yes it is going software but i think mostly on management and control plane, you want hardware always in order to move around raw, bulk massive data since hardware is inherently 100s of times faster than software. saying that, hardware is less and less profitable (if odm-s keep producing white box gears on par with that of Networking vendors) perhaps then soon cisco and the likes might as well spin off their hardware division and become true software company.

[wintermute000]

Dude with aci everything is forcefully hairpin through physical.... It's horrifically inefficient and we've seen tcam exhaustion issues nevermind the ridiculous complexity

[ggnfs000]

  i wish i had an env to eval it myself.

[burnyd]

Dude with aci everything is forcefully hairpin through physical.... It's horrifically inefficient and we've seen tcam exhaustion issues nevermind the ridiculous complexity

Hahaha yeah!  Before I went to the vendor side I did a short gig with a VAR.  It was fun but had to deploy ACI twice.  Each time it was a bunch of frustration and confusion for something that was supposed to be turn key.  But getting back to the TCAM exhaustion issues.  So the service provider I did it in ran IPv6 heavily.  IPv6 takes up 4x the tcam than IPv4 does. They wanted to get rid of firewalls so it was the lols when they were told they were restricted by certain apg/epg rules.

Also, another customer I installed it with tried the PA integration which was a huge failure on cisco's end.  Some times it took 8-9 tried to push the policies for it to actually work. It wasnt the Palo's fault but the switching fabric. I am not a fan of Hardware defined insrtucture. 

[NetworkGroover]

Yeah I'm still somewhat interested to see where ACI goes - if they'll actually take it to a point where folks embrace it, or if they'll continue to lose money on it.  I still have yet to hear any real traction (No, giving away gear for free only to be used in Non-ACI mode does not count).  To be completely frank, it's gotten to the point that a vendor I know will openly tell customers to invite Cisco to bring in ACI to do a bake-off against them.  It only helps their case when it takes an army of CCIEs a week to try to set things up versus a vendor's single SE doing it in a day or two.

To be honest I didn't thoroughly read your article winter, but as I glanced through it what kept reverberating in the back of my mind is, "Look at the Cloud Titans (Facebook, Google, Microsoft, etc.).  I'm sure they have smart guys that think about stuff like this.... and are any of them using ACI?"  Considering ACI is a proprietary fabric that other vendors can't play in, and knowing what I know, I'd almost be willing to bet my paycheck that answer is no.

I aint huge network export, however certain issues exist with the public cloud i.e. the likes of Amazon, Google, etc. in respect to security, long-term cost etc., So many orgs are embrazing private cloud + public -> hybrid. I have read at least once regarding a case study where specific organization was paying excess of 1million dollar monthly in a run-away public cloud cost and they switched back most of their computing needs back to in-premise equipments.

So I think there are will be a certain needs for off-the-shelf vendors and Amazon, Google and Facebook are not likely to compete with traditional vendors to sell their equipments. With them putting all their attention to AI, VR, AV, Self driving and cloud service it is not likely they will do so any time soon. Perhaps they might but I just dont see them doing now.

Secondly the ones designed and used by Facebook, Google and Amazon are internally designed and tested and very tailored to their needs. If they decide to start selling, they have back their DC products with the same level of customer service, support (mighty expensive an erratic) just like other vendors which puts them in the same rat-hole position as vendors.

I don't get your point - you know that you can build hybrid/private clouds without ACI, right?

[deanwebb]

I don't get your point - you know that you can build hybrid/private clouds without ACI, right?

There's what you *can* do, and then there's what you *may* do, what you *should* do, and what your manager say's it's your job to do... Don't always get a desirable overlap with those four things.

[NetworkGroover]

Huh?  I wasn't making any suggestion - just asking if he defined building a hybrid/private cloud as using ACI.