Companies live in an environment today in which the “time to value” is diminishing constantly. In order to attain continuous profitability, IT managers and their staffs must focus on strategic value added projects rather than dissipate their time with routine maintenance of the existing infrastructure. Multiple studies point out that routine maintenance is currently consuming as much as 80% of IT budgets. Simply put, IT Managers must find a new paradigm that can deliver their organization to the promised land.
Enter: Software Defined Networking
Software defined networking (SDN) is a buzzword today the same as virtualization was a decade ago. SDN is about virtualizing hardware and centralizing control of it as software at the application layer. SDN is about simplifying the network infrastructure of the enterprise by centralizing the control of all of its many devices such as switches and routers, into the software layer, making it application centric rather than hardware centric. Its goal is to deliver self-service network configurations, allowing applications to dynamically route network traffic, reconfigure, and even create additional network resources based on user initiated demand.
SDN sets out to make the switch and router infrastructure as agile and as flexible as the virtual server and its corresponding data storage infrastructure are today within modern-day network data centers. Switches and routers can be provisioned and then decommissioned as easily as virtualized servers and workstations. This packaging of device virtualization and network infrastructure allows users to implement a complete network experience.
But SDN is much more than just automated deployment of end-to-end network computing environments. It’s also about delivering packets across the network more efficiently and effectively. In today’s legacy based network, the firmware of the switch or network device determines how frames and packets are forwarded and ultimately delivered to their destinations. Various types of traffic can be prioritized according to QoS rules, but identical traffic destined for the redundant endpoints are treated identically. SDN removes the responsibility of managing network traffic from the device itself and puts it in the hand of a centralized controller that can make forwarding decisions based on network variances and conditions. With SDN, the total network can work in total synchronization with user and application demand.
Time is money for Enterprise Applications
The term ‘application’ can be misleading as we often think of a single application that resides on our personal device. Enterprise applications are usually far more complicated. A web application for instance is many times composed of three tiers:
- Web tier (where the users connect to a web server)
- Application tier (which may reside on the web server or another server)
- Backend tier (which usually hosts some type of database in which the application integrates)
Each of these web component devices will need IP addresses, DNS records and possible NAT assignments. On top of this, the application traffic may require a separate VLAN throughout the switch network along with QoS assignments. Routers may have to have access control lists and routing tables may be modified as well. Traditionally, this type of undertaking within a large enterprise could consume weeks if not months and in today’s global hyper competitive economy, time is money.
It’s not just the dynamic implementation of new applications that needs to be automated, but the decommissioning of applications as well. Application specific VLANs and routing entries need to be erased from the devices they were robotically created on in the first place, minimizing the footprint of these devices in order to maximize both security and performance. To sum it up, enterprise infrastructures must become application aware and more agile to support dynamic application instantiation and removal.
Imagine the following scenario for the implementation of a highly complex enterprise application such as an ERP system. Relying on your IT staff to configure the network for such a mammoth software implementation would be highly time consuming and hiring an outside consulting team would be expensive. But what if the application vendor provided you with an SDN ready configuration that could simply be pushed out onto all of your data plane devices? Imagine how much time and money that would save. Believe it or not, this scenario is completely plausible with SDN solutions that are readily available today such as Cisco ACI.
Overview of Cisco Application Centric Infrastructure
Cisco ACI stands for Application Centric Infrastructure. Automation is built from the ground up with Cisco ACI. Their design efforts were directed under a mandate of simplicity and as a result, Cisco developed a fresh approach to networking that completely streamlines the application deployment process.
At the core of ACI is the Application Policy Infrastructure Controller or APIC. The APIC is a centralized clustered controller that provides the programmability and centralized management that in term governs the network fabric in order to provide an optimized ecosystem for desired applications. Underneath the APIC lies a simple two tiered switch architecture rather than the traditional three-layer system embraced by traditional networks. Though well suited for the traditional client-server traffic of yesteryear, the traditional 3-layer switch design is poorly suited for the east-west traffic flow patterns that are typical of today’s data center. Cisco’s two layered approach, referred to as a leaf-and-spine architecture, creates a redundant and highlight efficient mesh fabric that allows for nearly unlimited scalability. Spine switches are the core devices, but instead of being a large, chassis-based switching platforms (as is characteristic of traditional core switches), the spine is composed of many high-throughput Layer 3 switches with high port density. Leaf switches make up the access layer; providing network connection points for servers, as well as uplink to the spine switches.
The real genius of ACI lies in what Cisco refers to as the Network Application Profiles which they describe as an automated deployed Cisco validation design. The NAP contains all of the configuration information required by the app for the supporting network devices such as VLAN, ACL and firewall settings. Essentially the application network profile is the end to end connectivity and policy requirements for an application. Once created, the NAP can be deployed within minutes. What’s more, complicated application vendors can simply supply you a preconfigured NAP as part of your application package. Implementation can be completed the day of purchase.
What is Group-Based Policy?
Cisco describes it as:
"Group-Based Policy (GBP) is an API framework for OpenStack that offers an intent-driven model intended to describe application requirements in a way that is independent of the underlying infrastructure. Rather than offering network-centric constructs, such as Layer 2 domains, GBP introduces a generic "Group" primitive along with a policy model to describe connectivity, security, and network services between groups. While GBP has focused on the networking domain, it can be a generic framework that extends beyond networking."
OpenDaylight describes group-based policy as “an application-centric policy model… that separates information about application connectivity requirements from information about the underlying details of the network infrastructure.”
This approach offers a number of advantages, including:
-
Improved automation: Grouping constructs allow higher-level automation tools to easily manipulate groups of network endpoints simultaneously.
-
Easier, application-focused way of expressing policy: By creating policies that mirror application semantics, this framework provides a simpler, self-documenting mechanism for capturing policy requirements without requiring detailed knowledge of networking.
-
Consistency: By grouping endpoints and applying policy to groups, the framework offers a consistent and concise way to handle policy changes.
-
Extensible policy model: Because the policy model is abstract and not tied to specific network implementations, it can easily capture connectivity, security, Layer 4 through 7, QoS, etc.
Cisco ACI makes extensive use of group-based policy in its application-centric policy model, in which connectivity is defined by consolidating endpoints (physical or virtual) into endpoint groups (EPGs). Connectivity is defined when the end user specifies a contractual relationship between one EPG and another. The end user does not need to understand the protocols or features that are employed to create this connectivity. Figure 1 provides an overview of this model.
Figure 1. Application-Centric Policy Model
Differences between traditional and Application centric infrastructure (ACI)
-
Automation: ACI allows to automate configuration through a servers network.
-
Time: In traditional structures, an IT admin would need weeks to deploy a new app, while in ACI structures it’s faster because the IT admin works at the application level.
-
Efficiency: Without ACI there is no shared architectural model, causing many problems when implementing the app. With ACI there is a shared model for policy automation that enables less people do more.
-
Security: managing only one policy for many servers decreases the probability of error, thus granting a higher level of security.
-
Scale: amplifying the scope of your network is easier, being able to implement new hardware in less time.
-
Openness: With this structure, centralizing all the access to data helps to deliver more connectivity.
Cisco ACI is a Game Changer for the Digital Business
The IT industry is going through a significant transformation, with BYOD, big data, cloud computing, Software Defined Data Center, IT as service, and security now prominent concerns. At the same time, companies increasingly want to reduce overall IT spending and provide much-improved levels of service to business units by increasing overall IT agility. Many in the networking industry have cited SDN as the model to move the industry forward. Cisco ACI is a catalyst to help promote the adoption of SDN throughout the IT industry: in essence, as an enabler of the SDN vision.
DID YOU KNOW?
WEI is Cisco ACI certified and is one of the very few IT solutions providers worldwide with experience implementing Cisco ACI in production environments. Want to learn more about our experience with Cisco ACI? Contact us today to start a discussion.