Cisco extends SDN for VMware integration, Docker containers

New release of ACI and NX-OS software intended to further extend capabilities for multivendor environments

surreal software defined network sdn
Credit: Shutterstock

Cisco Systems this week rolled out new software releases for its Nexus 9000 switches and Application Centric Infrastructure (ACI) SDN that feature enhanced integration with VMware environments and support for Docker containers.

The software is intended to further extend the capabilities of ACI into multivendor environments where a variety of hypervisors, cloud management platforms and workloads – physical, virtual or container-based – exist. Cisco now has 5,000 customers for its Nexus 9000 switch and 1,100 for ACI and its APIC controller; SDN rival VMware says it now has 900 paying customers for its NSX network virtualization platform.

+MORE ON NETWORK WORLD: Cisco outpacing VMware 2:1 in SDN+

That rivalry in SDN does not preclude Cisco from supporting VMware server virtualization environments. So Release 1.2(1x) of ACI’s APIC software and NX-OS 11.2(1X) feature extensions to support VMware VDS and vRealize environments.

Cisco has added micro-segmentation for both physical and virtual workloads in the new software releases, including those in VMware vSphere Distributed Switch (VDS) and Microsoft Hyper-V environments. This is in addition to the ACI micro-segmentation capabilities already resident in Cisco’s Application-centric Virtual Switch (AVS).

The micro-segmentation capability allows for attribute-based isolation – IP address, operating system or namespace -- for physical bare metal and virtual VDS and Hyper-V workloads. It also allows intra-group workload isolation, where VMs and bare metal workloads within same endpoint policy group can be isolated using firewalls.

The new ACI software also features support for VMware vRealize and OpenStack cloud automation tools, including native OpFlex support for Open vSwitch. OpFlex is a policy protocol written by Cisco, IBM, Microsoft, Citrix and Sungard.

Policies defined in ACI can drive vRealize automation blueprints to accelerate application deployment, Cisco says. Such policies can include when to bring the ACI fabric up, infrastructure provisioning, establishing security domains, shared services plans, virtual private cloud configurations, and other network, subnet and security definitions.

Adding OpFlex to OpenStack is designed to extend ACI’s policy-based network automation to the Linux hypervisor, where Open vSwitch resides. An OpFlex agent resides in the hypervisor while an OpFlex proxy exposes an API in the ACI fabric to the OpenStack controller.

This allows ACI to extend policies to distributed Neutron network functions, including NAT; provide an integrated and centrally-managed overlay and underlay fabric, with operational visibility into OpenStack, Linux and APIC; and offer a choice of virtual network or group-based policy networking, Cisco says.

Integration of Docker containers with ACI and APIC is accomplished through a plugin developed by Cisco’s open source Project Contiv. Project Contiv is an effort to define policy for containerized applications.

With this plugin, ACI policies can be extended across Docker containers, as well as physical workloads and virtual machines. The Docker plugin will be available in the first quarter of 2016, while those for Kubernetes and Mesos containers are planned future extensions.

Other features of these new software releases are a multi-site capability that enables policy-driven automation across multiple datacenters; and support for automated service insertion for any Layer 4/7 service without the need for a device package.

The multi-site feature is an application in the ACI software toolkit. It provides multi-floor, multi-building and cross campus connectivity of multiple data centers so that a single, consistent management and policy domain can be shared across multiple fabric instances.

The automated Layer 4/7 service insertion capability supports any Layer 4/7 device, Cisco says, and can insert these services without a device package. Previously required, a device package for APIC lets customers configure application policies and requirements for Layer 4/7 appliances across the ACI fabric.

Dropping the device package requirement enhances automation of Layer 4/7 service insertion, Cisco says.

Lastly, APIC Release 1.2(1x) and NX-OS 11.2(1X) include an NX-OS style CLI, optimization of ACI hardware utilization, configuration rollback, and a system-wide heat map for real-time visibility into system health.

Most of these feature are available now or later this month. Attribute-based isolation of VMware VDS and bare metal hardware, and intra-group workload isolation will be available in the first quarter of 2016.

Cisco also added two ACI ecosystem partners. ScienceLogic provides fault detection and assurance, and application infrastructure performance monitoring. One Convergence offers lifecycle management of Layer 4-7 services in OpenStack, and integration with APIC for service chaining automation.

Cisco now has 47 partners in its ACI ecosystem.

This story, "Cisco extends SDN for VMware integration, Docker containers" was originally published by Network World.

Shop Tech Products at Amazon