Tweet This: Tweet
Share on LinkedIn:
By Neal O’Horo, Kovarus, Sr. Network Engineer
The Cisco Live 2018 in Orlando was a whirlwind of technologies and peoples, and the two areas upon which I wanted to focus were the Cisco Software-Defined Access (SDA) and IP fabrics. Considering, I have some customers actively buying the Cisco One with the DNA Advantage and Essential products, and the IP fabrics, the campus and data center switched infrastructures, are a big part of my everyday business. Plus, the idea of one umbrella for the automation of the network services, telemetry, security, and IP fabric deployment seemed compelling, and I wanted to see how far Cisco had evolved in the past year. The reality I experienced is that it seems complicated, there’s a reliance on proprietary technology, we’re not quite there, we have some disparate technologies, and the CLI is still relevant.
Like the many attendees, I signed up for the classes in which I had an interest. For me, these included SDA, Locator ID Separation Protocol (LISP), and Ethernet VPN (EVPN). Then I braced for the gamut of classes in an anticipation of learning all the updates regarding the new Cisco IP fabrics.
You may be aware: one of Cisco’s SDA products is the DNA Center (DNA-C). The Cisco DNA-C offers a central dashboard to provision your network services. It utilizes the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), not to be confused with the Cisco Nexus 9K Application Centric Infrastructure (ACI) fabric APIC, with a dependence on the Cisco Identity Services Engine (ISE). Its IP fabric uses an adapted version of the LISP which functions very much like a DNS. Instead of the name resolutions, the LISP determines the IP routes and where hosts live. In turn, the DNA-C uses the LISP as the control plane for the VxLAN signaling — the new 24-bit identified LANs that are UDP-tunneled across an IP network.
The DNA-C sounds great and could become a big positioning tool for Cisco. Certainly, automating the deployment and management of the network services and collection of the telemetry data through a central portal, while not new or unique concepts, continue to peak people’s interest. Yet here’s the rub, it’s licensed on the appliance, relies on the ISE, only works with certain Cisco network appliances, although many, is different from the EVPN standard and the Cisco ACI, two other diverse fabrics, and it has a lot of pieces and seems complicated. Plus, I noticed a heavy reliance on the CLI in the presentation configuration examples; albeit, these could have been for the sake of the audience explanations.
Correspondingly, I signed up to see the EVPN presentations because it, too, is a way to create an IP fabric, and seems to be very prevalent in other vendor topologies. The EVPN, like the LISP, is a VxLAN signaling method that relies on the Border Gateway Protocol (BGP). The BGP peers share the EVPN information to determine the end points and track MAC and IP addresses. Yet it, too, has some drawbacks for Cisco: It seems to be on the NX-OS devices while not on others, relies on the Cisco proprietary virtual Port Channel (vPC) for the Nexus 9K Link Aggregation Group (LAG) Link Aggregation Control Protocol (LACP) signaling, and it’s not compatible with the LISP or the ACI; although in each case, a border node could overcome any incompatibility issues. Plus, once again, the presenters leveraged, in these cases, heavily on the CLI to configure and present the examples.
The Cisco Live 2018 was fun, and I learned a lot about the Cisco IP fabrics and SDA. Consequently, as you may have surmised as I have: Cisco has three disparate IP fabrics, the ACI, this could be considered an Ethernet fabric, DNA-C—i.e., LISP, and EVPN, each one requiring a border node to work together with two of the three with the CLI as the configuration method of choice. Additionally, with a legacy L2/L3 switched architecture, this means that potentially four different fabrics could exist in an architecture, not to mention any micro-segmented Software Defined Networks (SDN). Add the reliance on the licensing and proprietary technologies, some of which seem complicated, and this indicates, at least to me, we aren’t where we’d like to be one day with a central portal and the seamless deployment of one IP fabric in a given network tenant. Certainly, this may change, and I look forward to seeing the evolution at next year’s Cisco Live. I hope to see you then.