[Note: This is the last installment of a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not.  Part 1 | Part 2 | Part 3]

As noted earlier in this series, modern DevOps applications such as Puppet, Chef, and CFEngine have already moved toward the declarative model of IT automation, so there is already some obvious synergy between DevOps and the Cisco ACI policy model. DevOps automation products are also optimizing application delivery processes and are designed to automate critical IT tasks to make the organization more agile and efficient.

In an early 2014 blog post, Andi Mann, vice president of strategic solutions at CA Technologies, wrote about the evolution to DevOps and the synergy with the Cisco ACI policy model:

Though the DevOps approach of today—with its notable improvements to culture, process, and tools—certainly delivers many efficiencies, automation and orchestration of hardware infrastructure has still been limited by traditional data center devices, such as servers, network switches and storage devices. Adding a virtualization layer to server, network, and storage, IT was able to divide some of these infrastructure devices, and enable a bit more fluidity in compute resourcing, but this still comes with manual steps or custom scripting to prepare the end-to-end application infrastructure and its networking needs used in a DevOps approach.

The drag created by these traditional application infrastructures has been somewhat reduced by giving that problem to cloud providers, but in reality this drag never really went away until Cisco innovated application-centric programmability with Cisco ACI. This innovative new solution is now poised to greatly benefit the whole application economy, especially management of the DevOps application environment…

Cisco ACI and DevOps are the match made in heaven

Cisco ACI enables the automation needed for the many hardware infrastructure changes and application endpoint configurations that are essential in an application-centric, DevOps-style development environment. With Cisco ACI policy-driven network configuration, DevOps application environments are more closely controlled and aligned to application release automation needs.

Cisco ACI multi-tenancy, along with context configurations, also creates a powerful partitioning and security mechanism to manage independent application environments. This enables rapid release for applications that require their own private environments and secure endpoint management, as part of the enterprise application DevOps lifecycle.

Lastly, a key facet of DevOps is a closed-loop approach to iteration and quality improvement. It is therefore also very important to have real-time telemetry on application endpoints. Cisco ACI provides the ability to probe these application components for their network performance, and to accelerate virtualization of services with consistency and accuracy.


IT automation and cloud orchestration solutions are evolving from initial SDN programmability techniques to application-oriented group-based policy infrastructure. The Cisco ACI infrastructure uniquely supports the requirements of a group-based policy model through the:

  • Declarative control model inherent in the OpFlex protocol
  • Abstract policy language itself
  • Focus on application of policy to endpoint groups
  • Flexibility of incorporating a wide-range of network devices as policy endpoints to implement policy directives

Prior SDN solutions that focused on network protocols rather than application requirements and that incorporated centralized control on top of centralized policy management cannot match the scalability, flexibility, or integration of non-network devices into the policy model that Cisco’s approach enables. OpenFlow and OVSDB are particularly limited in this regard, with their primary focus on managing the virtual switch and overlay environment only, and the requirement that the network control plane be centralized in the controller and management cluster.

With Cisco ACI leading the way as an initial implementation, Cisco is contributing the foundational elements of this new policy-based approach to other vendors and the open source community to guide the next-generation policy.

Orchestration tools, the open source community, and DevOps products are rapidly incorporating this new policy-based approach. This incorporation will enable development of value-added cloud automation suites and compatible alternative controller and networking devices that support the new application policy model.


Gary Kinghorn

Sr Solution Marketing Manager

Network Virtualization and SDN