It’s the time of the year – AWS re:invent 2019 is happening this week. Cisco and AWS customers deploy workloads and applications in both their own data centers and the AWS cloud today and look forward to even better integration to achieve their infrastructure automation goals while maintaining a consistent operational model.

Cisco and AWS are extending their partnership across multiple domains such as campus, WAN, branch, data center and cloud using a policy based, automated approach. This blog will focus on how customers can leverage the new AWS capabilities and enhancements to build a better Automated Cloud Infrastructure for their data centers.

Our customers started to deploy Application Centric Infrastructure in their own data centers using Nexus 9000 fabrics 5 years ago. Key tenets of the ACI operation model have been:


  1. Intent based/ policy driven automation
  2. Define policy once – deploy automatically when and where needed
  3. Flexible and scalable multi-tenancy
  4. Automated service insertion and traffic redirection
  5. Open APIs to provide network connectivity between baremetal, hypervisor, container, and cloud environments

AWS announced multiple innovations and enhancements this week:


  1. AWS Outposts – provide AWS services on-premises
  2. AWS VPC Ingress Routing – Inbound routing control for more efficient service insertion
  3. AWS Transit Gateway – Simple and high performance connectivity between AWS VPC’s

These innovation and enhancements map very well to the ACI operational model our customers have deployed today.

ACI extension to AWS Outposts

AWS Outposts are Amazon’s on-premise services for running applications that require the lowest possible latency or that have local data-processing requirements. Earlier this year, we announced availability of Cisco Cloud ACI on AWS for hybrid clouds. Therefore, extending ACI enterprise-grade networking to AWS Outposts becomes very easy. As Figure 1 shows customers can now leverage Cisco Multi-Site Orchestrator to manage ACI fabrics on premises, Cloud ACI instances in the AWS cloud, as well as AWS Outposts instances connected to ACI or NX-OS Nexus fabrics all at the same time.

Key benefits of using ACI with AWS Outposts for our customers are:

Enterprise-grade network connectivity
Consistent segmentation (e.g. zones, tenants)
Automated service insertion and service chaining (more on this below)
End-to-end visibility and troubleshooting

Cisco Multi-Site Orchestrator
Figure 1: ACI extension to AWS hybrid cloud and AWS Outposts

A more detailed solution brief discussing how to connect AWS Outposts to existing Cisco Nexus data center fabrics is available here.

ACI integration with AWS VPC Ingress Routing

Amazon VPC Ingress Routing is a service that helps customers simplify the integration of virtual network and security appliances within their AWS VPC network topology. ACI enables customers today to define policies for automated service insertion and chaining. Many customers are using that functionality in their on-premises data centers. With the availability of AWS VPC Ingress Routing they will be able to use the same policy based approach for their AWS network designs as well.

Key benefits of using ACI with AWS VPC Ingress Steering

Enterprise-grade service chain functionality for hybrid cloud
Consistent service insertion for cloud native and 3rd party L4-& service appliances in AWS cloud and on-premises
Automated service insertion and service chaining

ACI Automated Service Insertion in Hybrid Cloud
Figure 2: ACI Automated Service Insertion in Hybrid Cloud

ACI Integration with AWS Transit Gateway

AWS Transit Gateway provides efficient and high performance interconnect between multiple AWS VPCs. The integration with Cisco ACI will provide customers the ability to maintain and manage their multi-tenant on-prem data center environment while automating connectivity to multiple AWS VPC instances in the cloud connected through AWS TGW.

ACI Integration with AWS Transit Gateway
Figure 3: ACI Integration with AWS Transit Gateway

Key benefits of using ACI with AWS Transit Gateway

Enterprise grade segmentation and multi-tenancy
Enable higher inter-VPC throughput provided by AWS TGW
Secure automated connectivity from on-premises to AWS TG

Cisco ACI and AWS integrations enable customers to also simplify their day2operations by providing a single pane of glass (Multi-Site Orchestrator) for visibility, troubleshooting their network connectivity and segmentation across on-premises and cloud environments.

In addition to enabling the above innovations, we are also helping customers to accelerate their automated cloud infrastructure deployments through a ‘Cisco Cloud ACI’ promotional offer.

‘Cisco Cloud ACI’ promotional offer

In summary, what started 5 years ago as new paradigm for Cisco data center customers to design more Application Centric Infrastructure is now the foundation to extend these designs to Automated Cloud Infrastructure. The same key tenets of policy based automation apply.



Thomas Scheibe

Vice President, Product Management

Cloud Networking