ACI, or Cisco Application Centric Infrastructure is a new approach to managing and architecting our infrastructure. Integrated infrastructures, such as FlexPod have helped organizations streamline their approaches to designing, deploying, and running data centers. Software such as UCS Director has served as a unifying platform for managing the underlying components of the infrastructure, compute, network and storage. However, when we thought about our infrastructure, we still generally thought about it at the component level.
ACI takes a different approach. It seeks to provide the flexibility of software to our hardware. ACI takes the integration and automation of our infrastructure one step further than UCS Director does, by providing a centralized and policy based architecture, that is driven by applications rather than hardware components.
Besides your integrated infrastructure, such as FlexPod, ACI consists of the Nexus 9000 Series switches (I have a thing for really fast ethernet!) running in ACI mode, the Cisco Application Policy Infrastructure Controller (APIC), and a Cisco Application Virtual Switch, such as the Nexus 1000V for VMware. In order to get organizations on the fast track to an ACI, NetApp and Cisco have a FlexPod Datacenter with VMware vSphere 5.1 and Cisco Nexus 9000 ACI Design Guide.
What’s This APIC You Speak Of?
If you’ve head about Cisco ACI in passing, you’ve probably heard the term APIC thrown around. APIC is the Cisco Application Policy Infrastructure Controller, and it is the brains of the operation, and acts as the central management point for ACI policy. The APIC is an appliance that can run in a clustered configuration for high availability, and will never prevent the forwarding of traffic even in the event of a failure. It is completely separate from the data path. APIC will also integration with infrastructure management components from OpenStack, VMware, and Microsoft
OpFlex, the Protocol for Policy
Cisco also took a new approach for building the new protocol behind ACI. While existing protocols such as VXLAN are supported, a new protocol, called OpFlex was created. Simply put, OpFlex is a policy based protocol that an operating model called declarative control, which is based on Mark Burgess’ promise theory. To grossly oversimplify things, declarative control is based on the notion that an object is asked to reach a certain state, but isn’t told how to do so. Cisco gives a great example of this in their collateral on OpEx: An Open Policy Protocol
You could think of the air traffic control system as a good example of a declarative control system. Air traffic controllers tell pilots to take off or land in particular places but they do not describe how to actually reach them. That job, actually flying the plane, adjusting the air speed, flaps, landing gear, etc. falls on the intelligent, capable, and independent pilot.
OpFlex is designed with this in mind, to leverage all of the the components of an infrastructure, while allowing data and policies to flow between them. In addition, it seeks to provide interoperability between enterprise and open source products, with its support for OpenDaylight and Open vSwitch.
(Logical flow of OpFlex from OpEx: An Open Policy Protocol)
Life with an Application Centric Infrastructure
Because ACI can be managed through an API, we can capture our entire configuration as code in our configuration management solution like Puppet, Chef, and many others. Components like OpFlex are designed to work in conduction with the tools we are already using in our rapid development environments. Imagine if you could track all of your changes to policies and configurations centrally. In the event where a change goes wrong, you can use all the good parts of version control tools to get you back to a safe state, further enabling you to move to environment that is more capable of the CI/CD methodology.
In the same way we are automating our applications and our virtualization stacks, we can also automate our networks, which is something organizations are still beginning to explore. By using a tool like OpenStack Heat you can deploy an application which will also trigger a push to your Application Centric Infrastructure to add all of the policies and ACLs for the application. This further integration between our infrastructure components, and abstraction with the rise of everything software defined is the next evolution of our datacenters.
Song of the Day – Taylor Swift – Blank Space
Melissa is an Independent Technology Analyst & Content Creator, focused on IT infrastructure and information security. She is a VMware Certified Design Expert (VCDX-236) and has spent her career focused on the full IT infrastructure stack.