Review: Cisco ACI shakes up SDN
Hands-on with Cisco’s highly scalable data center network fabric driven by -- surprise -- a completely open API
By Paul Venezia
Senior Contributing Editor, InfoWorld |
The concept of object health is present throughout ACI. When problems are detected, an object’s health score drops from 100, with lower scores indicating greater severity. This is hierarchical, so while a port that is disconnected on a single endpoint will show a health score of 0, the fabric node containing that port may show a health score of 50, and the application containing the down endpoint may show a score of 80. This can be traced visually through the Web UI by selecting the Health view on the affected application. This makes it extremely easy to pinpoint problems on a vast fabric.
The ACI dashboard shows at-a-glance statistics on the health of an ACI infrastructure.
ACI provides several tools that assist in problem detection and resolution under the Operations section of the Web UI. From here you can choose two endpoints on the fabric by application and IP address, and ACI will show you how they are connected across the fabric by identifying the leaves and spines that the packets traverse.
ACI even provides a way to go back in time to see where faults or problems may have begun. This operates at a surprisingly low level, to the point where it’s possible to select several objects in the fabric and show packet-level details on traffic relating to that object several hours in the past. ACI stores this data for all objects in the fabric for 240 minutes by default, but data can be retained for up to 24 hours. Further, you can export statistics if you need data over a longer period. This tool can prove extremely helpful in troubleshooting efforts.
Using the app health display to locate the source of a problem. In this case, it's a down link on node-101/eth1/3.
There are also Switch Port Analyzer (SPAN) and Encapsulated Remote SPAN (ERSPAN) functions that can be used to direct all traffic between two endpoints or fabric objects to a port elsewhere on the fabric. Thus, a server listening on that port can capture all traffic flows identified by the SPAN configuration. In a large fabric, this approach makes tracking down packet-level problems much simpler than traditional methods.
As with most Cisco network products, the ACI configuration can be condensed into a single JSON or XML file for backup, and uploaded to a server at regular intervals. Likewise, each individual tenant configuration can be independently backed up and re-imported. This method could be used to export/import full tenant configurations that can be modified elsewhere, so template creation is as simple as importing the file.
As far as maintenance goes, firmware upgrades to fabric hardware can be scheduled and managed automatically without taking down production systems (assuming that all endpoints have multiple redundant paths to the fabric). This approach can significantly reduce the time and effort required to perform upgrades on a large fabric.
External integrations
ACI manages the networking functions of virtualization platforms such as Hyper-V, Xen, and VMware, but it does not manage VMs or provision servers. To achieve a software-driven data center, ACI can integrate with other solutions to deliver a more complete orchestration solution.
Leveraging the RESTful API, ACI can be integrated with orchestration and management solutions such as VMware’s vRealize Orchestrator and vRealize Automation to automate service deployment at every level. This includes provisioning virtual servers, storage, and networking, along with resource controls, resource costing, chargebacks, automated retirement, and so on, managing the VM resources as well as provisioning the fabric.
Through integration with vCenter, ACI can manage the distributed switches within a VMware vSphere cluster.
And of course, ACI can be integrated with Cisco Unified Computing System (UCS). With a combined ACI and UCS infrastructure, you can automate the entire data center, using UCS controls for VM and bare-metal server provisioning, and drawing on UCS Director’s integration with the ACI API to facilitate dynamic network fabric configuration.
There are also integration possibilities with Microsoft’s System Center Virtual Machine Manager and Azure Pack using an ACI administration extension.
Cisco ACI is a powerful solution that’s designed for large-scale deployments. It represents a significant step away from traditional networking in both design and scale, and a significant step forward in managing Cisco networks through an open and modern API control structure.
ACI also represents a departure from the direction the OpenDaylight SDN project was heading, introducing an application-oriented policy model and an alternative control protocol in OpFlex. Exactly how far Cisco and its customers will be able to push ACI will depend on who climbs on board.
Copyright © 2015 IDG Communications, Inc.