At Cistor we are still seeing a number of key use cases for data centre networks, particularly in hybrid and managed cloud environments. Managed cloud is typically deployed by MSPs for customers who want a cloud experience on dedicated infrastructure, as they plan a longer-term strategy for migration to the cloud. Hybrid cloud is another common use case for organisations with difficult corner cases and the need to maintain on premise deployments. With this in mind, we believe that enterprise data centre networking is still very much alive in 2022 and will continue to be for some time to come. In this blog post, we explore three of the most common solutions today and list some considerations for anyone investing in this space.
For almost 10 years there has been two leading solutions in the data centre SDN market, Cisco ACI and VMware NSX-T. Cisco ACI is a full stack data centre SDN solution and VMware with an overlay solution that sits on top of a network fabric from any vendors such as Arista, Juniper, HPE or even Cisco ACI itself. Both products were acquired, which speaks to the innovation of our large vendors, but that is a separate discussion. ACI came to Cisco through the acquisition of Insieme Networks and the famous MPLS (Mario, Prem, Luca and Soni) gang responsible for so much of the Cisco portfolio. NSX is based on Nicira and the team at Stanford (Casado and McKeown) who burst networking open with SDN around 2011. More recently a third new architectural option has presented itself with the emergence of the Smart NIC market, with one of the leading contenders being Pensando (now part of AMD), which is the latest movie from the aforementioned MPLS gang. We will focus on these three solutions, as we believe they are the three main options for enterprise scale data centre networking in 2022.
Cisco ACI is a data centre network architecture, consisting of switches, controllers, and software. The switches are organized in a Spine and Leaf Clos topology, with the Spine responsible for high-speed connectivity between leafs and inter-Pod or inter-Site connectivity to other ACI Pods and Sites. The leafs are used to terminate workload and endpoint connections, including everything from bare metal, storage, compute, hypervisor, and cloud. The controllers deal with all configuration and analytics, are based on an object model for programmability and sit outside of the traffic flow. The result is an architecture which provides Layer 2 and Layer 3 overlays, micro-segmentation, and a common policy plane across private, public and hybrid cloud environments.
Almost seven years after initial launch, ACI is a mature and stable platform with deployments across many large enterprises and continues to be a market leading solution. We regularly recommend Cisco ACI as a solution due to its universal reach, support for bare metal workloads and the increasing need for zero-trust, which can be achieved through ACI’s native micro-segmentation capabilities. However, ACI is not suitable for all environments and when we don’t recommend ACI is it usually because the environment is too small to justify the cost or customers are aiming to avoid lock-in to a single vendor.
A key difference between NSX and ACI is that NSX is hardware agnostic. The underlying network fabric can be built using hardware from a variety of vendors, such as Arista, Juniper, Dell, HPE or whitebox combinations such as Cumulus Linux (now an Nvida company) on Mellanox. However, an IP routed fabric is recommended for performance and resilience. NSX-T then sits within the hypervisor and creates an SDN overlay with switching, routing, security, micro-segmentation, and load balancing (derived from the AVI Networks acquisition) functions.
Similar to ACI, NSX is an very mature and stable technology with a wide enterprise customer base. In the last couple of years, anecdotally we have seen customers becoming more focused on NSX-T, sometimes even over the top of ACI. This is partly due to the prevalence of VMware as a hypervisor, but it is also a means of obtaining vendor independence and allows customers to take advantage of network policy implementation at the hypervisor level, rather than at the physical switch. However, the architecture doesn’t natively deal with bare metal workloads and requires an agent, which still gives ACI an edge in dealing with legacy and storage workloads.
But currently, the biggest concern is the uncertainty surrounding the upcoming acquisition of VMware by Broadcom. The Broadcom acquisition runbook involves taking a mature product, increasing margins through a combination of reduced cost (layoff and reduction in R&D budgets) and increased pricing, and then wringing the market for everything it’s got. Optimists and outward communication will say that the acquisition is about enabling Broadcom’s software capability, they will be about 50/50 on hardware and software once the acquisition completes. This may be the case but at the very least, there is no getting away from the fact that the acquisition brings uncertainty.
Finally, there is an exciting new option for consideration in Pensando, a Smart NIC SDN solution. It provides a chip on the Smart NIC that can deliver switching, routing, and network policy, with a cluster of NICs communicating back to a central controller. This approach has two significant advantages, the first being cost as network equipment is essentially reduced to packet forwarding, similar to NSX, as cost instead goes into the NIC. The second is that all network policy is implemented at line rate within host itself and very close to the workload. The primary concern here is not the solution itself but our own lack of knowledge on Pensando, we need to understand the technology better before we consider proposing it to customers. Although this is an internal problem, we suspect that a lot of organizations will be in a similar situation.
We always endeavor to make bespoke recommendations with a Network Discovery, based on the customers unique requirements and circumstances. However, while the Broadcom acquisition of VMware plays out and Pensando emerges, our internal skills investment will continue to focus on Cisco ACI.
