Guest post from Lori Mac Vittie (@lmacvittie) from F5 Networks
How you provision all the network things matters
Polymorphism is a concept central to object-oriented programming. The notion of polymorphism is used to extend the capabilities of a basic object, like a mammal, to specific implementations, like cats or dogs or honey badgers, even though they don’t care about such technical distinctions. A good example of this is cats and dogs, which are both of the type “mammal” but that “speak” in a different voice.
This becomes important as we consider the way in which Cisco Application Policy Infrastructure Controller (APIC) enables the extension of automation across the network, particularly to the application layers (L4-7), because it deviates from traditional protocol-based methods as a way to facilitate and automation service insertion in a common way without limiting the robust capabilities of best-of-breed solutions. In other words, it doesn’t require all mammals to speak in the same voice.
Traditional protocol-based methods rely on a common data model. A TCP packet, for example, contains a specific set of headers that describe a variety of options and characteristics of the flow. The specific format is prescribed by RFCs and no deviation is allowed. Network integration has generally followed this model and you can see the results in a variety of ongoing efforts to provide orchestration and automation across the network. All devices are treated like mammals. There are no dogs, there are no cats, and there are certainly no honey badgers. The result is a commoditized set of network capabilities which do not allow the differentiation in services or enable the per-application attention required to address application-specific challenges with security, performance and scalability.
Which brings us back to Cisco APIC and its Application Centric Infrastructure (ACI) approach, which lets honey badgers be honey badgers and cats be cats while still both being mammals.
The Cisco ACI approach is very object-oriented. Its integration model requires the existence of a set of functions, but in no way prescribes how those functions act. This means that a variety of solutions in the same market can all integrate with Cisco APIC, but any capabilities that go above and beyond the lowest common denominator are not lost. Because of the dynamic nature of the integration – via device packages that can be loaded at any time – that also means that integrations can continue to be developed that enable even greater ranges of flexibility and choices for customers. In other words, you aren’t stuck with just cats, dogs or honey badgers. You can also bring in guinea pigs, rabbits and horses, as long as they’re mammals and each implements the basic set of functions required of a device package deployable on Cisco APIC.
It is that extensibility that has enabled F5 to continue to expand the choices available for integrating the automation of L4-7 application service insertion with Cisco APIC. Initially our focus was on direct integration with BIG-IP, providing the means by which prescriptive provisioning and configuration of services was easily accomplished. But the reality is that the applications central to driving the application economy are not all one size fits all. An approach that enables more specific, per-application service provisioning is necessary to achieve the operationalization of app deployments needed to relieve the increasing pressure faced by 9 out of 10 executives to release apps more quickly (CA and Vanson Bourne, Global Application Economy Study 2014).
Because of the approach Cisco has taken to enabling that provisioning via Cisco APIC, F5 Networks is able to provide another integration path through its orchestration and management solution, BIG-IQ. This new integration option facilitates the use of per-app service templates, iApps, to ensure not only rapid deployment but custom and consistent configuration. Consistency is an important capability necessary for maintaining stability in an infrastructure ultimately responsible for delivering the hundreds of applications supported by the average enterprise that must be balanced against the need for faster, more frequent deployments. Customization is required by the very concept of application-centricity, as no two applications are alike in terms of the services and characteristics of those services required to meet business and customer expectations.
This application-focused approach to provisioning allows network and application operators alike to codify per-application service requirements along with common policy such as base security using an app template approach. These templates then become the core of a custom device package that can be loaded and executed via Cisco APIC, resulting in a rapid, consistent deployment of the app services critical to ensuring the performance, security and scalability of the applications driving the application economy.
We are as excited today with the introduction of our BIG-IQ integration with Cisco APIC as we were with our BIG-IP integration. We’re particularly pleased with Cisco’s model of integration precisely because it enables us to continue to protect our customers’ investment in the technologies and capabilities that go above and beyond the basics when it comes to delivering application services.
You can experience the integration between Cisco APIC and both F5 BIG-IQ and BIG-IP in a live demonstration covering design and deployment options, troubleshooting and monitoring as well as customer use case scenarios in our upcoming SDx Central Demo Friday, March 13th at 10am PST
We also have workshops for you to attend in case you happen to be in Toronto March 24, Montreal March 25 or Ottawa March 26. Register now for the Cisco and F5 Synthesis Workshop: Accelerating Application Deployments.
Tags: Cisco APIC, F5, OO, SDN
Data traffic has grown dramatically in the recent years, leading to increased deployment of network service appliances and servers in enterprise, data center, and cloud environments. To address the corresponding business needs, network switch and router architecture has evolved to support multi-terabit capacity. However, service appliance and server capacity remained limited to a few gigabits, far below switch capacity.
Cisco Intelligent Traffic Director (ITD) is an innovative solution to bridge the performance gap between a multi-terabit switch and gigabit servers and appliances. It is an hardware based multi-terabit layer 4 load-balancing, traffic steering and clustering solution on the Nexus 7000 and 7700 series of switches.
Read More »
Tags: ACE, ASA, ASA 1000V Cloud Firewall, cache engines, Cisco Prime NAM, Cisco WAAS, citrix, F5, Imperva, Imperva SecureSphere WAF, IPS, ITD, load balancer, Load Balancing, server load balancer, Web Application Firewall
In a few days at the Moscone Center in San Francisco, we will be celebrating the 25th anniversary of Cisco Live. This year we are expecting record attendance exceeding 20,000 participants, 9 amazing keynotes, 600 sessions, live demos at world of solutions, big analyst and partner presence, and last but not least, the opportunity for you to meet and network with top minds in high-tech. If you are new to Cisco Live and feel overwhelmed by the grandness of the event, let me assure you that you are not alone. I have been there before. I have set out in this blog to give you an easy walkabout of Cisco Datacenter highlights, particularly the Cisco ACI key activities over the duration of the event.
Much like you I will also be eagerly looking to attend John Chambers’ majestic keynote that starts the proceedings on Monday, May 19. John in his unique style will lead with the Theme “Tomorrow Starts Here” covering leading industry trends such as Internet of Everything (IOE), Fast IT, and Application Centric Infrastructure (ACI) among many others. So, do not miss this opportunity. I want to shift gears and take you on a fast cruise of Cisco Data Center and Cisco ACI highlights at the event.
In less than a year since the announcement, Cisco ACI has taken the industry by storm with a large customer base and several of the industry’s key partners such as Microsoft, Red Hat, Citrix, F5, et al endorsing and building joint solutions. There is so much excitement around ACI at this year’s Cisco Live. I want to give a structure to how I am planning to cover the topic in this blog. Essentially, I consider them as Cisco-led and Partner led.
Cisco has a packed agenda of ACI activities and announcements. Cisco APIC, which enables ACI Fabric mode on Nexus 9000 networks, will be available this summer along with a robust Go-To-Market (GTM) strategy that includes additional eco-system partners, Cisco Validated Designs (CVD), additional platform support and leading-edge hardware innovations across the portfolio. We are also introducing two new additions to the existing portfolio of Nexus 9000 to meet scalability, flexibility and performance requirements of standalone and ACI mode deployments.
Executive ACI speaking sessions feature prominently this year with Cisco President Rob Lloyd’s session “Infrastructure for the Agile Enterprise” keynote, May 20, 10 AM, at the North Hall. Rob’s keynote also features Soni Jiandani, who will present how ACI delivers agility. Rob Soderbery and Soni Jiandani are presenting a technology trends keynote (GENSK 1109) on May 21, 8.30 am, titled “Fast Track to Fast IT: Cisco’s Application Centric Infrastructure”, another choice from a catalog of exciting offers.
Read More »
Tags: ACI, APIC, Ciscolive 2014, citrix, Device Package, Embrane, F5, IoE, netapp, Nexus9000, Splunk, UCS, VCE
Continuing on its tradition of contributing and committing to open source and open standards over the last 25 years, today Cisco announced “OpFlex” – a new open standards-based protocol for Application Centric Infrastructure that has been submitted into the IETF standardization process. We believe this will accelerate multi-vendor innovation in data center and cloud networks to drive operational simplicity, lower costs and increased agility.
Why is this required?
Traditional SDN models today function on the basis of an imperative control model with a centralized controller and distributed network entities that support the lowest common denominator feature set across vendors such as bridges, ports and tunnels. As the network scales, the controller becomes a bottleneck due to the need to maintain increased state, and starts to impact performance and resiliency. Likewise, because the applications, ops and infrastructure requirements need to be translated into network configuration, it impacts agility and introduces a manual learning process, requiring app developers to describe their requirements in low-level constructs.
If we contrast that with the vision of the ACI model with the Application Policy Infrastructure Controller (APIC), ACI adopts a declarative management approach. This model abstracts applications, operations and infrastructure providing simplification and agility. By distributing complexity to the edges, it also increases better scalability, and allows for resiliency – i.e. the data forwarding can still continue to happen even if there is no controller. It further provides ease of use with self-documenting policies automatically deployed or cleaned up from devices as necessary. All of these help circumvent the issues seen in traditional SDN models.
For this declarative model to work across a multi-vendor environment, to translate and map policy definition into the infrastructure, there has hitherto been no standard protocol to do that across physical/virtual switches, routers and L4-L7 network services. This vacuum has led to the development of “OpFlex” – a new open standard recently submitted to the IETF.
Who is contributing to OpFlex?
Several industry leaders and practitioners are actively involved in the standardization process. These include Microsoft, IBM, Citrix and SunGard Availability Services, in addition to Cisco.
Read More »
Tags: APIC, application centric infrastructure, AVI networks, Canonical, citrix, Embrane, F5, IBM, ietf, Microsoft, OpFlex, Shashi Kiran, SunGard Availability Services
When Cisco designed the concept of an Application Centric Infrastructure, we knew it wouldn’t reach its full potential without drawing in a very comprehensive ecosystem in a number of areas. Perhaps the most impressive aspect of our announcement was the breadth, quality and scope of the data center infrastructure vendors that we aligned so quickly with our ACI vision and that contributed their perspectives to the launch, and will be contributing key solutions to Cisco’s infrastructure-wide vision.
Yesterday, I blogged about the role of application controllers, network monitoring solutions, WAN optimization, firewalls, etc. have in setting up application networks, provisioning applications, and how the ACI policy model incorporates these security and services solutions. I wanted to follow up that post with some highlights from the support we received from some of our ACI ecosystem vendors in this area, that incorporate ACI policy support into their security, application delivery controller, load balancing and other solutions.
Read More »
Tags: ACI, application centric infrastructure, Cisco ASA, citrix, emulex, F5, Splunk, symantec