I recently delivered a webinar titled “Cisco ACI vs. VMware NSX: Which Software-Defined Solution is Right for You?” It has been my experience that although there has been a lot of press and industry coverage on the topic, there remains a lack of clarity around what a software-defined data center (SDDC) is, how it works and most importantly why the industry is moving in this direction. During the webinar, I shared my personal thoughts on the following topics:
- What is a software-defined data center (SDDC)?
- What is the difference between an overlay and an underlay?
- Why is the industry moving to SDDC?
- The components and solution workflows of Cisco ACI and VMware NSX
- What impact does an SDDC have on traffic visibility and management?
The popularity of the webinar was overwhelming, driving a record number of registrations and attendees, and as such, I thought it would be helpful to post a blog reviewing what I covered and include a link to the recording for better context of the content.
Software-Defined Data Centers
According to Wikipedia, in an SDDC, all elements of the infrastructure (networking, storage, CPU, and security) are virtualized and delivered as a service. Within an SDDC there exists the concepts of an underlay and overlay. Personally, I define the underlay as the physical network infrastructure, i.e. switches and routers where traffic-forwarding decisions have traditionally been handled on a next-hop basis using industry standard L2/L3 protocols. I define the overlay as software that sits on top of the physical network and abstracts forwarding and filtering decisions based on the needs of applications and devices. The webinar explores the analogy of traditional next hop networking being like a turn-for-turn set of directions you would get from Mapquest, and an SDDC acts as a GPS for applications. A GPS, like Waze, has contextual awareness of traffic volumes and delays and can, in real time, re-route traffic to better utilize the available system of roads (or per the analogy) network capacity.
Cisco ACI & VMware NSX Components and Forwarding Paradigms
The webinar takes a high-level but systematic approach to reviewing the components and traffic forwarding paradigms for both Cisco ACI and VMware. As a summary for this blog, Cisco ACI is comprised of the Nexus 9K Series of switches, the Cisco Application Policy Infrastructure Controller (APIC), Virtual Switches (from both Cisco and VMware), and a robust set of ecosystem partners. Cisco ACI is built upon a leaf-spine architecture and creates a programmable fabric that is treated as a single entity when it comes to configuration and management. Cisco APIC is deployed as a three-server cluster and acts as the central point of configuration of security and provisioning policies for endpoint groups and application network profiles. VMware NSX is software that includes a data plane integrating logical switching, routing, and firewalls into the hypervisor. NSX Controller acts as the control plane, allowing you to manage the logical networks of the overlay as well as defining the control plane protocols for traffic forwarding. NSX Manager acts as the management plane providing a single configuration portal for the SDDC. RESTful APIs allow you create self-service portals enabling a cloud consumption model. NSX simply requires IP connectivity across the data center, meaning any existing network configuration (leaf/spine or three-tiered hierarchical) is supported. NSX leverages the ability to encapsulate traffic across the data center allowing for virtual machines (VMs) to remain in the same layer two domain even when they are physically located across layer 3 boundaries. The webinar provides a visual representation of the solution components and workflows for each solution, and it may be helpful to watch for better clarity.
Questions to Ask
While evaluating solutions, it can be important to ask a few questions to determine which solution may be right for you. Although these question may seem obvious, they can help keep the conversation focused and let you clearly compare your options.
- What is my gap analysis?
- How do I migrate from current state?
- How long will it take to implement?
- What is the operational impact?
- Who are references similar to me?
- How can I integrate these new solutions into my existing monitoring troubleshooting and security tools?
Visibility, Management, and Troubleshooting
When traffic forwarding and filtering decisions are no longer made exclusively from next hop rules found in routing and switching tables, the products, and solutions you have traditionally used to understand your traffic patterns and find root cause may be impacted. Cisco ACI and VMware NSX both offer inherent visibility and troubleshooting capabilities within the software-defined data center, but they also both export NetFlow v9 (ACI)
and IPFIX (NSX) data
to third party systems like Scrutinizer from Plixer. The webinar explores the data each solution exports and why that matters. Network traffic extends from the user, across Wi-Fi, into the wired network and on to the data center. True visibility can only exist when you are able to associate all of the traffic together from a single view as well as correlate what is happening in both the physical and virtual environments.
The webinar was intended to be educational and help explain what an SDDC is and why the industry is moving in this direction. I attempted to provide a high-level overview (from my understanding of Cisco ACI and VMware NSX). If the topic is of interest, I encourage you to watch it and provide any comments or feedback you may have.