Ok, this weeks random topic is one I have been needing to write bout for a while. Let’s get one thing cleared up right now, for fortune 500 enterprise customers building their own private cloud infrastructure there are two options in the next generation space: Cisco ACI and VMware NSX. That is it. That is all. I am certain many well informed people will ask what about Nuage? This is a valid question but if you want my opinion they are close to being viable as well they just need to round out their partner ecosystem.
The prior statements are going to make a lot of vendors angry but nobody actually reads this blog and these are my personal thoughts so, oh well. Many other well meaning technology geeks will want to argue Openstack and I completely understand that one. I am not going to argue with you but rather say, yes I completely agree with all of your points however they are all invalid because I do not have a proper DevOps team and neither do any of the other fortune 500 enterprises customers. In the meantime feel free to talk to the major ISPs, public cloud providers and Facebook for now and come back to me in 5 years when OpenStack has a become a SKU.
Cisco’s dominance vs VMware’s rise
This topic get’s a fair amount of press as well because like the rise and fall of empires there are many that like to predict the fall of titans. Some times they are right but most times they are not. Will Cisco falter of the next 5 years in the data center space? Probably. The fact is the absolute dominance of the catalyst 6500 platform has come to an end and the likelihood that Cisco can maintain that level of dominance is very unlikely. They were bound to falter at some point but will they fall completely? I doubt it. The truth will likely reveal itself as something in between.
On the other hand can VMware maintain is meteoric rise to power as an tech industry titan? Many were disappointed with the lack of innovation featured at this years VM World expo. Is this a precursor of things to come or did VMWare take a year to catch its breath? One thing is for certain, VMware NSX is here to stay. It’s long term market-share potential and longevity are what remain to be seen.
Cisco ACI merits and pitfalls
Much has been written on this topic already so I will simply give you my opinion from the facts that I have gleaned. Let’s start with the vision that Insieme appeared to have for the solution. I think the general concepts were well thought out and solid effort was placed into building a new solution from the ground up to meet market demands. When I boil it all down, it feels to me like what Insieme developed was a controller based solution in concert with a southbound protocol that could be used to describe network properties in a way that more accurately reflects the application behavior on the network. These concepts were not new, many had been talking about application based networking prior but Insieme did a good job executing on those concepts.
From the early stages it appeared that this was going to be a home-run for Cisco. A flexible solution that would put them squarely in the driver’s seat for conversations ranging from hardware, to software and service offerings. Then the spin-in came and reality set in. The vision became polluted with typical vendor politics. *Warning: getting on a soap box* The best example I can give of this is the hardware proxy that Cisco claims is absolutely necessary to provide any reliable amount of scale. I call BS. Let’s cut to the chase here, Cisco engineers were either told or inferred that as soon as they spun this $500 million dollar toy back in they needed to find a way to marry the solution to Cisco hardware.
I still have not seen any technical reason why ACI cannot be a completely equivalent to NSX in being software only. There are migration use cases that allow you to control AVS (Application Virtual Switch) from APIC over ANY – I repeat ANY, layer 3 network. Of course they make you purchase a piece of 9300 hardware to act as a ‘gateway’ … really a proxy lookup offload. If hardware proxy lookups are so limiting why did you sell me VSM and 1000v Cisco?! Last I checked 1000v does look-ups completely in software … because there is nothing but software.
If Cisco were really as dedicated to becoming more of a software oriented company as they claim the solution could be as simple as this: advertise ACI as a software only solution with the * caveat that it only scales up to xyz macs/applications (likely a much larger ceiling than most enterprise customers require). Once you exceed this threshold (Facebook) then you are required to snap in a Cisco ACI spine for the hardware proxy look-up capabilities as the natural scale up mechanism. This strategy would also significantly help existing customers significantly with investment protection for current infrastructure. I would love to replace 1kv/OVS/vDS/etc. with APIC/AVS and put in a single pair of 9300 VTEPs for VXLAN gateway to physical workload.
*Ok it’s safe again, getting off the soap box*
The major merits of the Cisco solution is that, because integration with the physical switch infrastructure is a key element, the solution is capable of managing the network stack top to bottom. There isn’t a decoupled overlay and underlay infrastructure neither is there a differentiation between virtual workload and physical servers. It cannot be overstated how significant of a benefit benefit this is over NSX at this time.
VMware merits and pitfalls
Merits: NSXv. It just works. It is very fast (provisioning time) and cool. NFV style virtual services work great, very simple and elastic. That is if you are 100% virtual. And 100% VMware. And you like to ignore your underlay network entirely. And your security team is OK with virtual segmentation. And the network teams are good with Arista switches (or Dell Force 10).
Pitfalls: Do you have multiple hypervisors? Well then NSX multi-hypervisor it is for you! Good luck.
Do you have physical servers? Enjoy having two separate data center solutions.
Do you care about what the network is doing underneath? What? Your app team doesn’t …
*Snark off* The reality is that NSXv is slick and it just works as advertised. If you are a 100% virtualized, VMware shop then you might as well just go all the way here.
If you live in the real world and deal with many different requirements and the politics inherit to any enterprise environment there are concerns that need to be addressed. My biggest concern is the aversion VMware has to physical workloads. I’m sorry VMware but no matter how attractive you make virtualization, I will always have requirements for physical workload. I have accepted this reality, you should too. Your customers want a solution that meets all of their requirements, not 50% of their requirements. It is that simple.
Now I am not saying that VMware multi-hypervisor with key partner support (namely Arista) doesn’t provide solutions. However, the solutions are current dependant on partners solutions which are detached from NSX. Let me give you a concrete example: provisioning a new tenant for 100 VMs and 20 physical servers with NSX multi-hypervisor, what does this require? From vSphere you establish a new tenant and allocate your 100 newVMs to that tenant. Cool. Then you have to go do this all over again for the physical servers … except in a static provisioning nature. Vendors like Arista do have tools to help make this easier but it is still a separate process. You need to go create a new tenant VLAN on the physical switches and setup a new VNI on the physical VXLAN gateway and map that new VLAN segment to the VNI.
The point is the solution is decoupled and segmented. VMware only seems to care about virtual hosts at this time. The overlay and underlay networks are significantly decoupled and there is a significant differentiation in capabilities for virtual versus physical hosts. So NSX currently only really provides a solution for 33% of the environment for most enterprise customer’s private cloud infrastructure.
However, that 33% is probably more refined and easier to build and administer than Cisco’s solution. The question really becomes are you comfortable with 33% of a solution? Or do you prefer a more complete solution that brings with it the status quo in networking of hardware vendor lockin?
And with that final thought, I leave you with this gem:
Useful links & technical references:
Cisco ACI Design Guide: http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-731960.html
Cisco ACI migration session (Cisco Live): https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=77765&tclass=popup
VMware NSX Design Guide: http://www.vmware.com/files/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf
Nuage Networks (if you don’t know who they are and you do data center networking … you should probably at least check them out): http://www.nuagenetworks.net/
Dell Force 10 is also worth an exploratory look: http://www.dell.com/us/business/p/force10-networking
Arista … I’ll just assume you know how they are. If not, Google.