.svg)
It’s been 12 years since Cisco ACI was released and 10 years since my first implementation. In that time, I’ve had numerous conversations about the future relevance of the platform. However, by providing Centralised Management, Micro-Segmentation, Integration, and a fast Clos fabric, I believe Cisco ACI is still the most complete data centre SDN solution on the market today.
Centralised Management provides automated deployment, network visibility, and analytics amongst other things. There is little differentiation here with most vendors offering some sort of management platform, Cisco ACI has Application Policy Infrastructure Controller (APIC), Arista has CloudVision, Juniper uses Apstra (can be used with other vendor), VMware provides SDN using NSX, Huawei has iMaster NCE-Fabric, and Cisco provides an ACI alternative with Nexus Dashboard Fabric Controller.
The hardware that forms the data centre fabric is of course vital. Arista, Juniper, Huawei, and Cisco (with NDFC) all take a VXLAN/EVPN approach (EVPN for control plane and VXLAN for data plane). Many customers will rightly prefer the greater level of control, the reduced cost, and the avoidance of vendor lock-in, provided by these solutions. Furthermore, there are also good alternatives to Cisco ACI at the policy plane. Illumio and Zero Networks allow for micro-segmentation without integration with the network stack, Illumio uses a client and Zero Networks programmes the Windows Firewall or the IPTables on Linux.
However, where ACI is unique is the ability to combine both the fabric and the policy, whilst allowing for large scale multi-Pod and multi-Site deployments with Layer 2 and 3 overlays. The VXLAN/EVPN solutions do of course allow for segmentation but lack a method to manage this at an endpoint level. This can be done by the micro-segmentation solutions, but these are software only and do not provide the physical network fabric. Also, ACI provides integration for Layer 4 to 7 network functions, physical and virtual endpoints, and hypervisors such as Hyper-V, VMware ESXi, Nutanix AHV, and KVM.
On a final note, VMware NSX is no longer available as an individual product and must be purchased as part of the VMware Cloud Foundation (VCF) bundle, so this is not going to be viable for customers who are not all in on VMware. There are certainly situations where VXLAN/EVPN solutions are more appropriate than ACI but if you’re looking for a turnkey data centre SDN solution that combines a highly scalable network fabric with segmentation policy for both physical and virtual endpoints, and integrates with all data centre infrastructure components, then Cisco ACI is still your best option.