Just a week after I shipped my Battle of the Multi-Clouds: SD-WANs, VPNs, and More post, Cisco made an announcement that has sent me back to the drawing board. Well, perhaps not quite a revamp. The analysis in that article is still valid but the announcement definitely compelled me to put together an updated post.
My previous post mentioned the failed Cisco Intercloud Fabric and that Cisco had not yet shipped a viable multi-cloud solution. I guess you could have used multiple CSR1000v virtual routers (vRouters) across multi-cloud VPCs, but that’s not quite the same. Well, Cisco finally announced the availability of Cisco ACI Anywhere. Originally discussed in the fall of 2017, it took about 16 months but it’s finally here. Cisco indicates that with Cloud ACI, they have a complete end-to-end ACI Strategy:
ACI Anywhere — Source: Cisco Corporate Blog
Cisco announced this release alongside their Hyperflex Anywhere solution, software which provides management of computing resources in all locations and all the way to the edge. The combination of both ACI Anywhere and Hyperflex Anywhere provides a unified solution that can span core data centers to the edge. And with updates to its CloudCenter orchestration platform, management of compute and networking resources can span private and public clouds as well.
ACI Anywhere, Meet NSX EverywhereSo, does this story sound familiar? Well, you heard something similar around the middle of last year from a different vendor:
NSX Everywhere — Source: VMware Corporate Blog
VMware’s NSX Everywhere is an extension of the NSX and NSX-T story, joining their solutions under one naming umbrella. Yes, vendors do that all the time. And to be fair it’s not just VMware. Cisco, Juniper, and (name your favorite vendor) are all guilty of the same because collecting different pieces of software under the same appellation makes us all feel like they are more integrated. Though I know many network and IT engineers who will disagree vehemently. Regardless, as a former marketing exec, I totally get it.
In any case, what this sets up is the new battle between the two giants – Cisco ACI and VMware NSX – to assume the mantle of universal networking fabric. Perhaps I should coin the acronym UNF, or better yet, fabric for universal networking (FUN).
No one should be surprised at this latest round in the rally between Cisco and VMware. Juniper is working hard to join the fray with their Contrail umbrella. And Nokia’s Nuage Networks will basically say, “I told you so,” because they were one of the earliest commercial implementations of a universal SDN fabric with unified policy from the data center to the edge. Plus, I’m certain Huawei wants in on this game too.
Switching or Routing, SD-WAN or Data Center NetworkingEssentially, the vendors are converging toward the concept of a universal connectivity fabric that connects from the edge – enterprise edge, telco edge, consumer edge, device edge with IoT; to the cloud – private cloud, public clouds, multi-clouds; to everywhere. And this fabric should provide everything that an enterprise or telco needs: security; segmentation; policy- and intent-driven; built-in troubleshooting; auto-scaling, identity aware; automated on-boarding of new nodes; full visibility; and telemetry. And of course this fabric needs to be completely programmable and software-defined, as well as be agnostic to or compatible with all forms of physical transport.
A pipe dream perhaps, but that will not stop all of us in the networking space from trying to get there. There’s certainly a question around span of control and fit. For instance, whether a single spanning fabric makes sense, or whether different domains have different requirements and trying to create the universal fabric is an exercise in futility. But, fundamentally what we’re seeing is two paths to get to the universal fabric – one from a routing perspective and the other from a switching perspective.
Driving Toward the Pipe Dream – Cisco vs. VMwareAs indicated in my previous post, the SD-WAN vendors will start from the edge and inch their way to take over edge routers and then expand into the branch and the data center (wait, what about campus?). We’re already seeing SD-Branch and SD-WAN in cloud VPCs. Data center networking solutions like Cisco ACI will start in the data center and expand their way into the cloud and the edge. While VMware will unify their market from both sides: NSX/NSX-T in the data center and NSX SD-WAN in the branch. But wait, you say, Cisco has an SD-WAN solution too. But it doesn’t really unify with their data center story.
Let’s look at Cisco’s SD-WAN. First, you have to decide which flavor of Cisco SD-WAN you want:
Pick your SD-WAN — Source: Cisco Website
So before putting together a unified fabric story, Cisco needs to unify their own SD-WAN story. At least we don’t have to deal with iWAN vs. Viptela vs. Meraki now, it’s just two choices. Regardless, say we treated Cisco’s SD-WAN as one offering. In that case, here’s all the devices that Cisco’s SD-WAN runs on:
SD-WAN platforms — Source: Cisco Website
I don’t see any DC switches there. But again, it’s called SD-WAN, and the data center isn’t exactly part of the WAN. However, the SD-WAN team at Cisco wants you to be able to manage a unified networking fabric that goes everywhere:
SD-WAN goes everywhere, including data center — Source: Cisco Website
Yes, vManage will manage centralized policies across all areas including the data center, but vManage doesn’t talk to Cisco ACI. So, from a story perspective, perhaps the NSX narrative ties together a little better and is more unified. Again, some of what both are pitching are visions in progress that still have to be completely realized, though there’s significant investment on both the VMware and Cisco camps in this area, so we can expect forward momentum.
Getting to Somewhere or Going NowhereSo, where does this lead? We haven’t even explored IoT devices at the extreme edge with 5G and network slicing or cloud-native networking with Kubernetes, containers, and service meshes. The mind boggles at how to tie it all together.
Despite VMware putting elements like 5G and mobile networks into their marketing-architecture diagram it doesn’t mean it will magically happen. I bet, as in the past, that we’ll see all the vendors marching toward unified networking as a vision and then come to realize that domain-specific approaches might be more realistic. I posit that we’ll end up with domain-specific networks with constrained span of control and a set of interoperating APIs that federate between them (at least for policy and control). That’s not the holy grail, but getting to that somewhere is better than an eventual nowhere.