Cisco Blogs

Cisco Blog > Perspectives

Summary – Network Design for Automation

There has been a lot of recent online discussion about automation of the datacenter network, how we all may (or may not) need to learn programming, the value of a CCIE, and similar topics. This blog tries to look beyond all that. Assume network configuration has been automated. How does that affect network design?

Read my full article to find out more..

Tags: , , , , , , , , ,

Network Design for Automation

20140519-CISCO-spine-and-leafThere has been a lot of recent online discussion about automation of the datacenter network, how we all may (or may not) need to learn programming, the value of a CCIE, and similar topics. This blog tries to look beyond all that. Assume network configuration has been automated. How does that affect network design?

Automation can greatly change the network landscape, or it may change little. It depends on what you’re presently doing for design. Why? The reason is that the programmers probably assumed you’ve built your network in a certain way. As an example, Cisco DFA (Dynamic Fabric Automation) and ACI (Application Centric Infrastructure) are based on a Spine-Leaf CLOS tree topology.

Yes, some OpenFlow vendors have claimed to support arbitrary topologies. Arbitrary topologies are just not a great idea. Supporting them makes the programmers work harder to anticipate all the arbitrary things you might do. I want the programmers to focus on key functionality. Building the network in a well-defined way is a price I’m quite willing to pay. Yes, some backwards or migration compatibility is also desirable.

The programmers probably assumed you bought the right equipment and put it together in some rational way. The automated tool will have to tell you how to cable it up, or it  might check your compliance with the recommended design. Plan on this when you look to automation for sites, a datacenter, or a WAN network.

The good news here is the the Cisco automated tools are likely to align with Cisco Validated Designs. The CVD’s provide a great starting point for any network design, and they have recently been displaying some great graphics. They’re a useful resource if you don’t want to re-invent the wheel — especially a square wheel. While I disagree with a few aspects of some of them, over the years most of them have been great guidelines.

The more problematic part of this is that right now, many of us are (still!) operating in the era of hand-crafted networks. What does the machine era and the assembly line bring with it? We will have to give up one-off designs and some degree of customization. The focus will shift to repeated design elements and components. Namely, the type of design the automated tool can work with.

Some network designers are already operating in such a fashion. Their networks may not be automated, but they follow repeatable standards. Like an early factory working with inter-changeable parts. Such sites have likely created a small number of design templates and then used them repeatedly. Examples: ”small remote office”, “medium remote office”, “MPLS-only office”, or “MPLS with DMVPN backup office”.

However you carve things up, there should only be a few standard models, including “datacenter” and perhaps “HQ” or “campus”. If you know the number of users (or size range) in each such site, you can then pre-size WAN links, approximate number of APs, licenses, whatever. You can also pre-plan your addressing, with, say, a large block of  /25′s for very small offices, /23′s for medium, etc.

On the equipment side, a small office might have one router with both MPLS and DMVPN links, one core switch, and some small number of access switches. A larger office might have one router each for MPLS and one for DMPVN, two core switches, and more access switches. Add APs, WAAS, and other finishing touches as appropriate. Degree of criticality is another dimension you can add to the mix: critical sites would have more redundancy, or be more self-contained. Whatever you do, standardize the equipment models as much as possible, updating every year or two (to keep the spares inventory simple).

It takes some time to think through and document such internal standards. But probably not as much as you think! And then you win when you go to deploy, because everything becomes repeatable.

Read More »

Tags: , , , , , , , , ,

Delivering Policy in the Age of Open Source

This is an exciting time in the history of datacenter infrastructure.  We are witnessing the collision of two major trends: the maturation of open source software and the redefinition of infrastructure policy.
The trend towards open source is self-evident.  Platforms such as OpenStack and OpenDaylight are gaining huge developer mindshare as well as support and investment from major vendors.  Even some newer technologies like Docker, which employs linux kernel containers, and Ceph, a software-based storage solution, offer promising paths in open source.  Given the fundamental requirements of interoperability in architecturally diverse infrastructure environments, its no surprise that open source is gaining momentum.

The second trend around policy is a bit earlier in its evolution but equally disruptive.  Today, there is a huge disconnect between how application developers think about their requirements and the languages and tools through which they are communicated to the infrastructure itself.  For example,  just to handle networking, a simple three tier app must be deconstructed into an array of VLANs, ACLs, and routes spread across a number of devices.  Storage and compute present similar challenges as well.   To simplify this interaction and create more scalable systems, we need to actually rethink how resources are requested and distributed between different components.  This really boils down to shifting the abstraction model away from configuring individual devices to focus on separately capturing user intent, operational, infrastructure, and compliance requirements.

At Cisco, we’ve really embraced both of these trends.  We are active contributors to over 100 open source projects and were founding members of OpenStack Neutron and OpenDaylight.  We’ve also made open source a successful business practice by incorporating and integrating popular projects with our products.  In parallel, Cisco has accumulated a lot of experience in describing policy through the work we’ve done with Cisco Unified Computing (UCS) and most recently with Cisco Application-Centric Infrastructure (ACI).

Building on this foundation, we see a unique opportunity to collaborate with the open source community to deliver a vision for policy-driven infrastructure.  This will enhance the usability, scale, and interoperability of open source software and benefit the entire infrastructure ecosystem.

This vision includes two initiatives in the open source community:


  1. Group-Based Policy: An information model designed to express applications’ resource requirements from the network through a hardware-independent, declarative language and leave a simple control and dataplane in place.  This approach replaces traditional networking constructs like VLANs with new primitives such as “groups”, which model tiers or components of an application, and “contracts” describing relationships between them.  Group-Based Policy will be available in the context of OpenStack Neutron as well as OpenDaylight through a plug in model that can support any software or hardware infrastructure.
  2. OpFlex: A distributed framework of intelligent agents within each networking device designed to resolve policies.  These agents would translate an abstract, hardware-independent policy taken from a logically central repository into device-specific features and capabilities.


Let’s look a bit more closely at each of these initiatives.

Read More »

Tags: , , , , , , , , , , , , , , ,

The Napkin Dialogues: “Open”-ing up to SDN

April 10, 2014 at 5:06 pm PST

I consider myself to be a reasonably intelligent individual. Well, perhaps “reasonably” is a debatable term; just ask my friends. Or my wife. (Then again, don’t ask my wife.)

Reasonable or not, though, I’ve been trying to wrap my head around what all this “software defined” stuff is supposed to mean, and I have to confess it’s been a bit circular: it’s almost as if you have to already know the information you’re trying to learn.

So where are the Napkin Dialogues written for people like me? Is everyone a super-genius programmer-cum-networker-cum-programmer and I just missed the boat? People are throwing around these “Open” terms left and right (e.g., OpenStack, OpenFlow, OpenDaylight, etc.) as if it’s an “open” and shut case.

Well shut. The. Front. Door. I’m going to have to be on the receiving end of my own napkin then. For me, it’s been feeling like I’ve been dropped into the middle of a maze with the lights turned off.

[Screenshot of "Dark Maze" game by Zomg Games Studio]

[Screenshot of "Dark Maze" game by Zomg Games Studio]

Yeah, kinda like that.

If you already ‘get’ this stuff, feel free to help a poor storage networking guy along in his journey, because I already know this iceberg goes all the way down.

To someone who is familiar with tried-and-true Data Center designs, I’m just having a hard time getting my head wrapped around 1) getting from here to there, and 2) just where there is! Read More »

Tags: , , , , ,

How a Snowboarding ‘Wipeout’ Can Guide You On SDN Deployment

February 27, 2014 at 10:49 am PST


As I was thinking about how best to advise you on how to “experiment” with SDN technologies, and more specifically why you should run a formal pilot to evaluate SDN technology options (a topic I covered in my previous blog), I was reminded of this “wipeout” picture I took last year at a “freeride” competition – the “Coe Cup“  -- at my local ski mountain, Glencoe Moutain Resort, here in the UK.   Let me tell you why!

Why you may want to "pilot" new technology adoption!

Why you may want to “pilot” new technology adoption!

Read More »

Tags: , , , , , ,