As we navigate these uncertain times, almost all industries are dealing with the rapid change of technology, increasing social changes and a more dispersed workforce.

It is more important than ever to have a network that is automated and secure from the edge, to the data center and into private and public clouds to help address some of the challenges both current and future.

We are very excited to announce the availability of Cisco® Application Centric Infrastructure (Cisco ACI™) 5.0 that helps customers future proof their networks in these challenging times.  With this release, we are extending ‘ACI Anywhere’ to enable automated Service Provider capabilities for 5G, new capabilities for Cisco’s Cloud ACI, and Day 2 operational tools.

What’s New with Cisco ACI 5.0

Power Service Provider Networks of the Future

5G transformations are challenging the telecom providers to develop the data center networks of the future, which should seamlessly scale, automate and integrate their infrastructure from the edge to the central data center and across the transport network. This requires the adoption of an end-to-end programmable SDN enabled approach across the data center applications and SP transport backbone.

To meet 5G low latency requirements, mobile services are moving closer to the subscriber edge, and drive the demand for distributed compute at the edges of the SP network. The new SP data center will be where the data is and Cisco ACI delivers the automation capability needed for the 5G telco cloud. ACI 5.0 delivers:

  • Support for Segment Routing MPLS (SR-MPLS) and EVPN handoff. Service providers can inter-connect their ACI based telco cloud to 5G transport backbone network with end-to-end segmentation.
  • Cross domain policy that automates mapping of 5G application and transport slices for end-to-end SLA that can differentiate low latency applications from non-critical applications.
  • Service Providers can now simplify and scale to 1000’s of application slices between data center and transport network using a single BGP EVPN peering.
  • With ACI Multisite Orchestrator (MSO) SR-MPLS policies can be centrally automated across the 5G Telco Cloud sites (central, regional and edge data centers).

The Cisco ACI 5.0 release delivers the tools to build a simple to manage, agile, and secure telco cloud.

Refer to Figure 1 for an example of a distributed ACI telco cloud leveraging an SR-MPLS transport.

Figure 1: ACI Integration with Segment Routing

Enable Simple To Manage Multicloud Deployments

Our customers are adopting Multicloud architectures and Cloud ACI provides the tools to have a consistent policy driven automation and security posture for their deployments.

Cloud ACI now supports the AWS Transit Gateway (TGW)  automation for efficient and high-performance interconnect between multiple Amazon AWS VPCs. The ACI 5.0 release supports automation of the TGW lifecycle along with automated route-programming on TGW route-tables for all combinations of East-West and North-South traffic patterns.  Figure 2 shows an example.

Figure 2: ACI Integration with AWS Transit Gateway

Coming soon for Azure is support for VNET Peering, Shared service deployments, native and third party L4-7 service automation functions.

Cloud ACI support for Azure VNET peering enables customers to seamlessly connect networks as a single entity within the Azure Virtual Network, and leverage Azure backbone for low-latency, high bandwidth interconnects between virtual networks.

The solution will also enable customers to leverage a hub and spoke model for hosting their shared services in the hub VNET.

As customers begin to leverage native and third party L4-7 services in the cloud, they need automated traffic redirection to these services. That capability is available for On-Premises ACI fabrics already and the ACI 5.0 releases extends similar service chaining capabilities to Cloud ACI.

Cisco ACI 5.0 delivers for Multicloud deployments:

  • Enterprise grade segmentation and multi-tenancy
  • Policy based L4-L7 services automation, incuding native services such as load balancers, and 3rd party firewalls
  • Enable automation of high performance interconnect (i) Between AWS VPCs (ii) Between Azure Virtual Networks
  • Secure automated connectivity from on-premises to public clouds, and across public clouds

Keep Pace with Customer Designs and Operations

400G Ready: Customers can now deploy 400G capable Nexus 9508 chassis in their fabric spines and add 400G line cards later this year.

Per Leaf RBAC: Building upon the built-in multi-tenancy capabilities, ACI 5.0 enables new RBAC capabilities for physical multi-tenancy, that allows tenants to have management privileges at per leaf physical switch granularity.

Ease of Use: ACI 5.0 release continues to improve the ease of use of the ACI controller for daily operations:

  • Centralized view of cloud resource inventory within AWS and Microsoft Azure
  • Optimize time required for fabric upgrades, along with upgrade status indicators
  • New Day 0 wizard providing a guided way to complete Day 0 Configuration for SNMP/Syslog policy

Security: Enhancements include increased Role Based Access Control (RBAC) for multi-tenancy, additional two factor authentication (TFA) capabilities with integration with Cisco’s DUO, and improved security policy for ACI Applications with App Center RBAC integration.

We are also introducing new flexible policy construct ‘Endpoint Security Group (ESG)’, that gives  you the ability to group endpoints based on L3 attributes, decoupled from Bridge Domain dependency,  and apply contracts between ESGs.

In addition, there are enhancements to Policy Based Redirect (PBR) capabilities to support additional service devices, symmetrical PBR for L1/L2 devices in cluster mode.

Scale: ACI 5.0 now supports upto 500 leafs per site in a Multi-Pod data center, 15 Virtual data centers in VMware vCenter Integration.

Kubernetes Orchestration: This new release enables several microservice deployment upgrades to support containerized workloads,  including support for ACI-CNI with OpenShift 4.3 on OpenStack and AWS, Docker Enterprise Release 3, and ACI Neutron Plugin support for bare-metal Servers with OpenStack.

Simplify Day 2 Operations

Customers are looking for proactive capabilities with deep insights into their networks to simplify their Day 2 Operations. Cisco enhances it’s existing Network Insights product to include:

  • Multi-fabric support: Monitor and troubleshoot geographically distributed multiple fabrics with a single instance of Network Insights
  • Multicast control plane visibility: Resolve issues through anomaly detection on PIM, IGMP & IGMP snooping control plane protocols.
  • Customizable dashboards: Customize the observable parameters to suit your preferred way of monitoring.
  • AppDynamics Integration: Detect, locate and troubleshoot application connectivity issues faster, by correlating  network and application telemetry
  • Topology view (BETA): Explore the power of overlaying logical constructs such as Tenant, VRF, EPG over physical infrastructure to zoom in on the problematic nodes and identify anomalies.
Figure 3: Network Insights For Proactive Day 2 Operations
Figure 3: Network Insights For Proactive Day 2 Operations

Through these innovations, customers can transform their Day 2 Operations from being reactive to proactive, and reduce their  OPEX and downtime  by automating detection, location, and efficiently root-cause problems.

Keeping our eyes to the future

Innovation continues to thrive at Cisco  and our  customers  rely on our technology, partnership, and support to keep their businesses running and enable their digital transformations.

Cisco ACI helps our customers to build for the future.  Stay tuned for new capabilities in upcoming releases in the months to come!

To learn more about Cisco ACI, ACI partners, as well as software licensing visit Cisco’s ACI homepage


Srini Kotamraju

Vice President, Data Center Networking

Cisco Networking