Cisco has announced a new release of ACI (Application Centric Infrastructure)Changes in the new version of SDN-framework from Cisco include support for container Docker, integrate with OpenStack and expansion microsegmentation on Microsoft Hyper-V, VMware vDS and applications on bare-metal platforms.
MicrosegmentationCisco Application Centric Infrastructure is an example of Cisco sensitivity to the needs of its customers can be increased support microsegmentation on VMware virtual switches (vDS or vSphere Distributed Switch) and Microsoft Hyper-V, as well as applications running on the hardware-metal a bare .
Story of OpenNFV : OpenNFV Technology and HP EnterpriseCisco Application Centric Infrastructure - Microsegmentation allows you to set granular network security policy on the L2 level by software "crushing" the network into a large number of segments. This makes it possible to limit the horizontal spread of threats (by implementing the so-called east-west Firewal) and quarantine compromised endpoints. This achieves isolation attacker compromised one node to other nodes in the same VLAN. The purpose of ACI policies possible for several attributes of the virtual machine - the name of the guest OS, the VM ID, FQDN, IP-address, and others.
To date, Cisco provides microsegmentation only on the basis of Cisco AVS (Application Virtual Switch). Now functional extended to other virtual and physical devices. Microsegmentation for Hyper-V is available now, while the rest of the expansion will be in the first quarter of 2016.
Docker ContainersCisco Application Centric Infrastructure - Cisco supports both virtual and hardware endpoints (Endpoints). The new release will support endpoints running in containers Docker. Functional integration is implemented using Cisco APIC (Application Policy Infrastructure Controller) controller that is a component of the ACI, and Project Contiv - open source project, launched by Cisco recently. The aim is to describe the container Contiv application deployment policies. These policies cover the areas of security, infrastructure requirements (disk subsystem isolation IP-addresses, limit the bandwidth requirements for performance, SLA), analytics and others. Thanks to Project Contiv, they can now be extended to applications running on Linux-containers.
Contiv includes AC plug to Docker, which allows for the configuration and connection of the container to the ACI factory. Also realized the level of direct interaction with the API APIC controller.
Now we are focused on containers Docker, but take a closer look to other solutions appearing on the market, including Kubernetes and Mesos
Michael Cohen, Director of Product Management of Cisco
ACI and OpenStackCisco Application Centric Infrastructure - Analysts predict that the "support OpenStack in ACI should be more than just to satisfy users. This fact can even eliminate the reasons that companies consider competitors' products. "
Functionality is implemented by OpFlex-agent connected to the Open vSwitch, thereby extending the action ACI policies to the level of the hypervisor. OpFlex - Cisco designed an alternative protocol OpenFlow , which in this case allows the integration of OpenStack and APIC-controller. As a result, users of OpenStack and ACI obtain fully distributed network stack by Neutron, including the distributed-switches (analogue VMware vDS), routing and NAT. Updates will be available in Q4 2015. The latest release also uses ACI OpFlex to support VMware vRealize, is used to control a virtualized infrastructure, built on the basis of VMware.
"At the moment, ACI supports releases and Kilo-Juno, but the support Liberty version will be included in the near future [the last release of the OpenStack, released in mid-October 2015] ", said Michael Cohen. Among commercial suppliers OpenStack, which now works as the Cisco, have been named RedHat, Canonical and Mirantis.
Other updates of Cisco Application Centric InfrastructureIn addition to the above, the following improvements (not a complete list) included in the new release:
- The app ACI Toolkit to automate the policy management across multiple data centers. Software allows you to synchronize policy between data centers for redundancy and mobility applications;
- Support SNMP and CLI for the new APIC, similar to the NX-OS command line (support is planned for the 4th quarter of 2015).