Cisco Blogs

Cisco Blog > Data Center

What is Cisco’s SDN Strategy for the Data Center?

Cisco has a broad spectrum of customers across a wide range of markets and geographies. These customers have a diverse set of requirements, operational models and use cases, meaning that a one size fits all SDN strategy does not fit all our customers. As a result, we made a series of announcements earlier this summer (at Cisco Live San Diego) that continued to showcase how our SDN strategy provides customers with a high degree of choice and flexibility. This blog will review key elements of the strategy, as well as provide a bit of background and context around them.

Cisco SDN in the DC

Cisco’s SDN strategy for the Data Center is built on 3 key pillars:

  • Application Centric Infrastructure (ACI)
  • Programmable Fabric
  • Programmable Network

This approach enables our customers to choose the implementation option that best meets their IT and business goals by extending the benefits of programmability and automation across the entire Nexus switching portfolio. Let’s consider each of these pillars.


A lot has been said and written about ACI already, so I’ll keep this section on ACI brief. ACI is Cisco’s flagship SDN offering. It offers the most comprehensive SDN solution in the industry. Based on an application centric policy model, ACI provides automated, integrated provisioning of both underlay and overlay networks, L4-7 services provisioning across a broad set of ecosystem partners, and extensive telemetry for application level health monitoring. These comprehensive capabilities deliver a solution that is agile, open, and secure, offering customers benefits no other SDN solution can.

I know the paragraph above was a bit of a mouthful. For a quick snapshot of what that all translates to in terms of actually helping a customer, check out this report from IDC.   If you want to learn more about ACI, go here.

Programmable Fabric

This pillar is all about providing scale and simplicity to VXLAN Overlays. Beyond that, it provides a clear path forward for the overall Nexus portfolio to participate in and derive the benefits of SDN.

VXLAN has gained huge momentum across the industry for a wide variety of reasons that, in many cases, involve improvements over traditional technologies such as VLANs and Spanning Tree. These involve attributes such as more efficient bandwidth use via Equal Cost Multi Pathing (ECMP), higher theoretical scalability with 16 million segments, and more flexibility through use of an overlay model upon which multi tenant cloud networks can be built. As momentum for VXLAN networks grows, so does the demand for 2 key things:

  • A standards based approach to scale out VXLANs, and
  • Simplified provisioning and management of them.

Regarding a standards based approach to scale out VXLANs, Cisco is now supporting “Multipoint BGP EVPN Control Plane” on Nexus switches. Why does this matter? Well, the original VXLAN spec (RFC 7348) relied on a multicast based flood-and-learn mechanism without a control plane for certain key functions (e.g. VTEP peer discovery and remote end host reachability). This is a suboptimal approach. To overcome the limitations inherent with this approach, the IETF developed MP BGP EVPN Control Plane as a standards-based control plane for VXLAN overlays. This reduces traffic flooding on the overlay network, yielding a more efficient and more scalable approach.

As far as the second item, simplified provisioning and management, Cisco announced an overlay management and provisioning system. This new solution, called Virtual Topology System (VTS), automates provisioning of the overlay network, so as to enhance the deployment of cloud based services. Through an automated overlay provisioning model and tight integration with 3rd party orchestration tools such as OpenStack and VMWare VCenter, VTS simplifies overlay provisioning and management for both physical and virtual workloads by eliminating manually intensive network configuration tasks. These whiteboard sessions provide an overview and also a bit more technical detail, if you’re interested.

Programmable Network

Infrastructure programmability is a big deal because it drives automation, which drives speed, which is an obvious prerequisite for the success of just about any business dealing with digital disruption. As programmability evolves, Cisco continues to roll out more and more capabilities across the Nexus portfolio. We have a broad range of features in this space including things such as Programmable Open APIs, integration with 3rd party DevOps and Automation tools, Custom App Development, and Bash shell commands. This set of capabilities within NX-OS facilitates the concept of the Programmable Network pillar.   Let’s consider how this may be useful for you.

A while ago, a small number of customers with very large networks started shifting the way they operated. Their networks were growing very large because (not too surprisingly) the number of users, thus servers, was growing very large. As the number of servers grew larger and faster, they realized they had a choice:

  • Hire a zillion new sys admins, or
  • Brutally overwork their existing sys admins, or
  • Deploy and manage servers in new and different ways.

The last option won out (in many cases, anyhow), and the revelation was automation. That is, tools that automated server deployment and management helped these sys admins and their employer’s scale the business. In the process, they paid close attention to metrics like the number of servers a given admin was managing. These “device to admin” ratios went up a lot…like in some cases orders of magnitude. With automation tools and other changes (to culture, process, etc.), some companies saw admins managing not 10’s or 100’s of servers, but 1000’s of servers. They also started experimenting with and employing DevOps – a term that at this point has a multitude of meanings, but is defined here in simple English.

As these elements have converged, people across different silos have started to collaborate a bit more, and as a result, tips, tricks and tools have started to spill across the silos. So, for example, as sys admins saw efficiency gains from using tools like Puppet and Chef to automate tasks on their servers, there was a desire to use the same tools on networks. In other cases, someone who was comfortable with Linux and wanted to work from a Bash shell wanted to use those commands for configuration and troubleshooting on the network as well as servers. Others wanted APIs that would allow extraction of all sorts of arcane box info to be massaged and acted upon by scripts and other tools.

Essentially, there was a need for more elements of the box to be more accessible and programmable in a wide variety of ways. It’s worth noting that although these trends started with a small subset of customers, many of the elements are working their way out to a much broader, more diverse cross section of customers. As this evolution has occurred, Cisco has been adding more programmability to the Nexus switches. This paper provides a more detailed view of various use cases and the functionality Nexus provides.

In summary, these 3 pillars of ACI, Programmable Fabric and Programmable Network provide a wide range of capabilities to help our customers across the broad spectrum of challenges they have. In the coming weeks and months, we’ll provide more information – here, as well as other venues – to help you better understand the strategy and its components. If this blog was too geeky and you’re looking for upleveled info, we’ll have that.  If this was too fluffy, and you want more technical depth, we’ll have that as well.  To punctuate this point, I’ll be hosting a webinar on September 15 that will cover the above in more detail. You can register here.

Tags: , , , , , , ,

ITD Deployment with Transparent mode security devices

ITD (Intelligent Traffic Director) is getting a lot of interest about transparent (Layer 2) mode device support.

Here is a 10 minute video that shows step by step ITD deployment for Transparent mode security devices, such as Firewalls, IPS, IDS, Web application Firewalls (WAF), ASA, Cisco Sourcefire, etc:

ITD is a hardware based multi-Tbps Layer 4 load-balancing, traffic steering and clustering solution on Nexus 5k/6k/7k/9k series of switches. It supports IP-stickiness, resiliency, NAT (EFT), VIP, health monitoring, sophisticated failure handling policies, N+M redundancy, IPv4, IPv6, VRF, weighted load-balancing, bi-directional flow-coherency, and IPSLA probes including DNS. There is no service module or external appliance needed.

Solution Guide: ITD with Layer 2 Firewall / IPS / IDS

Here is more information about ITD:

Please send email to if you have any questions.


Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ITD: Learn how to deploy ITD in 10 minutes

ITD (Intelligent Traffic Director) is being deployed by a large number of customers, and it is saving them massive CAPEX and OPEX, while providing unprecedented scale and high availability.

Here is a 10 minute video that shows step by step ITD deployment.


ITD is shipping on Nexus 9k/7700/7k/6k/5k Series of switches. ITD won the Best of Interop 2015 in Data Center category.

Here is more information about ITD:

Please send email to if you have any questions.



Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ITD and RISE: New innovations at Cisco Live San Diego

ITD (Intelligent Traffic Director) and RISE (Remote Integrated Services Engine) have been helping Cisco partners and customers save massively on CAPEX and OPEX, while providing unprecedented scalability, high availability and ease and deployment. We had several events at Cisco Live San Diego 2015:

  • ITD and RISE Whisper suite meetings for Nexus 9k/7k/5k. For further discussions, please email to
  • A large number of people came to ITD Booth in the World of Solutions, to watch a demo.
  • Breakout sessions :
  • New innovation demo at the Hub:
    • ITD and Analytics Driven Green Networking : First prize winner in Hackathon 2015
  • ITD won the Best of Interop, 2015 in Data Center category. Read blog.
  • Nexus 7702 announcement : Nexus 7702 has a sweet spot in being a “services chassis” with RISE and ITD.
  • Nexus 5k/6k : RISE and ITD are now shipping: NX-OS 7.1.1N1(1)
  • Nexus 9k : ITD is now shipping: NX-OS 7.0(3)I1(2)

We hosted 1:1 customer meetings in whisper suites, during Cisco Live 2015 in San Diego. We had BU Executives, Product Managers, and Engineering Managers on  site to meet with customers. It was a unique opportunity for customers to engage directly with the Business Unit. For further discussions, please send email to

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ITD: Winner of the Best of Interop 2015

When the Best of Interop 2015 award winners were announced at the Mandalay Bay Convention Center in Las Vegas, the ITD team members couldn’t control their emotions. This team is well known to work in a startup-mode — comes up with new ideas, builds a prototype, demonstrates it to the executives and SEs, goes into execution mode, and delivers a world class solution.

As the leader of this team, I was asked by several media representatives for an interview. Here is an interview by Information Week news desk (watch full-screen for HD):

ITD (Intelligent Traffic Director) is now shipping on Nexus 9k/7k/5k series of switches.

Here is an informative blog on ITD.


Tags: , , , , , , , , , , , , , , , , , , , , , , ,