Cisco Enhances SDN Strategy and Offerings Across the Entire Nexus Portfolio with new VTS Automation Solution

Interest in Software Defined Networking (SDN) continues to grow through the ability to make networks more programmable, flexible and agile. This is accomplished by accelerating application deployment and management, simplifying automating network operations and creating a more responsive IT model.

Cisco is extending its leadership in SDN and Data Center Automation solutions with the announcement today of Cisco Virtual Topology System (VTS), which improves IT automation and optimizes cloud networks across the entire Nexus switching portfolio. Cisco VTS focuses on the management and automation ofVXLAN-based overlay networks, a critical foundation for both enterprise private clouds and service providers. The announcement of the VTS overlay management system follows on Cisco’s announcement earlier this year supporting the EVPN VXLAN standard, which underlies the VTS solution.

Cisco VTS extends the Cisco SDN strategy and portfolio, which includes Cisco Application Centric Infrastructure (ACI), as well Cisco’s programmable NX-OS platforms, to a broader market and for additional use cases, which includes our massive installed base of Nexus 2000-7000 products, and to customers whose primary SDN challenge is in the automation, management and ongoing optimization of their virtual overlay infrastructure. With support for the EVPN VXLAN standard, VTS furthers Cisco’s commitment to open SDN standards, and increases interoperability in heterogeneous switching environments, with third-party controllers, and with cloud automation tools that sit on top of the open northbound API’s of the VTS controller.

Cisco is committed to delivering this degree of interoperability and integration with multi-vendor ecosystems for all of its SDN architectures, as we have previously exhibited with ACI, with the contributions we have made on Group Based Policies (GBP) to open source communities, and with our own Open SDN Controllerbased on Open Daylight. With VTS, we now offer the broadest range of SDN approaches across the broadest range of platforms and the broadest ecosystem of partners in the industry.

Programmability | Automation | Policy

Programmable Networks: With Nexus and NX-OS Programmability across the entire portfolio, we deliver value to customers deploying a DevOps model for automating network configuration and management.  These customers are able to leverage the same toolsets (such as existing Linux utilities) to manage their compute and networks in a consistent operational model.   We continue to modernize the Nexus operating system and enhance the existing NX-APIs by adding secure SDK with native Linux packaging support, additional OpenFlow support and delivering an object driven programming model.  This enables speed and efficiency when programming the network while also securely deploying 3rd party applications for enhanced monitoring and visibility such as Splunk, Nagios and tcollector natively on the network.

Programmable Fabrics: Overlay networks provide the foundation for scalable multi-tenant cloud networks. VXLAN, developed by Cisco along with other virtualization platform vendors, has emerged as the most widely-adopted multi-vendor overlay technology. In order to advance this technology further, a scalable and standards-based control plane mechanism such as BGP EVPN is required. Using BGP EVPN as a control-plane protocol for VXLAN optimizes forwarding and eliminates the need for inefficient flood-and-learn approaches while improving scale. It also facilitates large scale deployments of overlay networks by removing complexity, fosters higher interoperability through open standard control plane solutions, and access to a wider range of cloud management platforms.

Application Centric Policy: Cisco will be able to offer the most complete solution on the Nexus 9000 series whether it is ACI policy-based automation or BGP EVPN-based overlay management.  Customers will now have a choice for running an EVPN VXLAN controller in a traditional Nexus 9000 “standalone” mode, or to leverage ACI and the APIC controller with the full ACI application policy model, and integrated overlay and physical network visibility, telemetry and health scores. VTS will support EVPN VXLAN technology across a range of topologies (spine-leaf, three-tier aggregation, full mesh) with the full Nexus portfolio, as well as interoperate with a wide range of Top of Rack (ToR) switches and WAN equipment.

VTS Design and Architecture

The Cisco Virtual Topology System (VTS) is an cloud/overlay SDN solution that provides Layer 2 and Layer 3 connectivity to tenant, router and service VMs. Cisco VTS is designed to address the multi-tenant connectivity requirements of virtualized hosts, as well as bare metal servers. VTS is comprised of the Virtual Topology Controller (VTC), the centralized management and control system, and the Virtual Topology Forwarder (VTF), the host-side virtual networking component and VXLAN tunnel endpoint. Together they implement the controller and forwarding functionality in an SDN context.

The Cisco VTS solution is designed to be hypervisor agnostic. Cisco VTS supports both VMware ESXihypervisor and KVM on RedHat Linux. VTS will support integration with OpenStack and VMware vCenter for integration with other data center and cloud infrastructure automation. VTS also integrates with Cisco Prime Data Center Networking Manager (DCNM) for underlay management. The Cisco VTC, the VTS controller component, will provide a REST-based Northbound API for integration into other systems.

Cisco VTS will be available in August. 2015

Source of Blog post was from Gary Kinghorn @ http://blogs.cisco.com/datacenter/vts

Benefits of Cisco ACI (SDN) architecture

Cisco ACI, Cisco’s software-defined networking (SDN) architecture, enhances business agility, reduces TCO, automates IT tasks, and accelerates data center application deployments.

Why Today’s Solutions Are Insufficient:

Today’s solutions lack an application-centric approach. The use of virtual overlays on top of physical layers has increased complexity by adding policies, services, and devices.

Traditional SDN solutions are network centric and based on constructs that replicate networking functions that already exist.

ACI Key Benefits:

Centralized Policy-Defined Automation Management

• Holistic application-based solution that delivers flexibility and automation for agile IT
• Automatic fabric deployment and configuration with single point of management
• Automation of repetitive tasks, reducing configuration errors

Real-Time Visibility and Application Health Score

• Centralized real-time health monitoring of physical and virtual networks
• Instant visibility into application performance combined with intelligent placement decisions
• Faster troubleshooting for day-2 operation

Open and Comprehensive End-to-End Security

• Open APIs, open standards, and open source elements that enable software flexibility for DevOps teams, and firewall and application delivery controller (ADC) ecosystem partner integration
• Automatic capture of all configuration changes integrated with existing audit and compliance tracking solutions
• Detailed role-based access control (RBAC) with fine-grained fabric segmentation

Application Agility

•  Management of application lifecycle from development, to deployment, to decommissioning—in minutes
• Automatic application deployment and faster provisioning based on predefined profiles
• Continuous and rapid delivery of virtualized and distributed applications

ACI Technology Benefits

The main purpose of a datacenter fabric is to move traffic from physical and virtualized servers, bring it in the best possible way to its destination and while doing so apply meaningful services such as:

• Traffic optimization that improves application performance
• Telemetry services that go beyond classic port counters
• Overall health monitoring for what constitutes an application
• Applying security rules embedded with forwarding

The main benefits of using a Cisco ACI fabric are the following:

•  Single point of provisioning either via GUI or via REST API
• Connectivity for physical and virtual workloads with complete visibility on virtual machine traffic
• Hypervisors compatibility and integration without the need to add software to the hypervisor
• Ease (and speed) of deployment
• Simplicity of automation
• Multitenancy (network slicing)
• Capability to create portable configuration templates
• Hardware-based security
• Elimination of flooding from the fabric
• Ease of mapping application architectures into the networking configuration
• Capability to insert and automate firewall, load balancers and other L4-7 services
• Intuitive and easy configuration process

More information can be found at www.cisco.com/go/aci

IWAN: ­ What can IWAN do for your Business?

Traditionally businesses take on huge investments in their WAN and at many times the cost of upgrading to keep up with the network demands or moving to a new provider is painful and typically becomes a long drown out project that ties up business time, money and resources.  This is where IWAN helps; this solution is transparent to the underlying network that is runs on.  Thus, making the corporate network an overlay to the underlying ISP’s network(s).  At the same time simplifying the overall WAN architecture and providing a flexible, consistent management domain that allows businesses to be provider agnostic and bring branch offices online in days rather than weeks.

Today private backbone networks in general are high-cost networks that get sold due to them providing a consistent end-to-end reliable network. They also fall short in many aspects that are critical to businesses. Businesses are almost always constrained with provider’s time and WAN provisioning, effectively making the business move slower. Now with improvements in the reliability, performance, and relative cost of Internet connections lead many organizations to leverage the Internet to address these challenges by connecting branches directly to the Internet, to supplement the WAN; and by using the Internet as the WAN. This is an example of how IWAN(Intelligent WAN) has great potential to solve many business issues and creating a more flexible architecture to meet business needs.

Cisco’s IWAN strategy is a new concept that many businesses are looking at to make the business more flexible and agile.  IWAN helps business improve efficiency in all aspects of the business.  From simplifying the network, streamline operations, deployment and management of their WAN while at the same time provide huge savings by right sizing the branch office WAN to provide intelligent active/active connectivity to the Internet and corporate network.  Today’s workforce and their associated applications depend more and more on the network with each application carrying key network metrics and thresholds that define the QoE (quality of experience) to users.   This is where the IWAN is able to dynamically steer applications across links when performance fallout out of threshold.  This is one of many key components that make up the IWAN strategy.  Below I outline some more benefits that encompass the overall IWAN strategy that business can leverage to overcome limitations in their current architecture.

Intelligent WAN Deployments: Balancing Cost with SLA

Here is a great article giving more information on how Cisco’s IWAN strategy could be your future WAN backbone.  http://www.provenmethod.com/iwan-cisco-betting-internet-will-future-wan-backbone/

Key Business Outcomes that IWAN can bring:

• Transport Independent Design
  • Fast to deploy.  (Faster-to-Market) Provider agnostic providing a consistent operational model.
  • IWAN allows you to get up and running fast and still maintain a single management routing domain to simply design and operational support. This design supports multiple internet delivery options including 4G, satellite, etc. so that business operations can be brought up day 1.
  • Makes network more flexible, reliable and more effective in meeting the business needs.

• Distributed Secure Internet Access
  • Local internet access without backhauling to corporate
  • Increased performance and productivity.
  • Branch workers using SaaS Apps and apps run slowly and users get frustrated because they share bandwidth with all traffic on the network and gets hair-pined through the DC to enforce security and compliance centrally.  With IWAN CWS (Cloud Web Services) can allow to enforce security and allowing Internet traffic go directly off at the Internet taking load off the internal WAN.  You are able to centralize policy and enforcement but in the cloud and now you have faster app performance witch allows for happier users and increase productivity.

• Intelligent Path Control
  • Allowing the network to adapt to Applications performance needs bringing a reliable and consistent user experience.
  • IWAN PfR able to detect brown-outs (packet drops) Meeting normally interrupted and meeting rescheduled.  With IWAN it provides alternate paths dynamical to keep Video conference working and provide consistent Video experience.   Meeting is not canceled and due to intelligent WAN detecting poor quality and moves traffic to another link.  Increases productivity.

• Optimizing Applications Performance
  • Application acceleration and bandwidth optimization to give users LAN like speeds.
  • (MediaNet) enabled  media-aware network so that the network can intelligently apply critical network services to provide a consistent media rich experience to the users.
    • Accelerating deployment of applications, minimizing complexity and ongoing operational costs, increasing visibility into the network, and helping to scale the infrastructure for the best quality of experience (QoE), by ensuring predictability, performance, quality, and security
    • Can detect and optimize different media and application types (telepresence, video surveillance, desktop collaboration, and streaming media) to deliver the best experience
    • Network-aware: Can detect and respond to changes in device, connection, and service availability
• Simplify network approach and increase operational efficiencies.

Cisco AnyConnect vs. Internet Connection Sharing in Windows 8

Having recently installed Windows 8 on my laptop to take advantage of the Client Hyper-V, I’m working through the kinks that come with a new OS on my daily driver. Hyper-V leverages the built-in Internet Connection Sharing (ICS) to provide NAT and DHCP for internet access for VM’s running on the hypervisor. This isn’t quite as intuitive as the network implementations in VMware Workstation or Oracle’s VirtualBox, but that’s a different discussion.

I recently had some trouble establishing the VPN connection, and set about re-installing Cisco AnyConnect as a result. During the install, a notification box popped up numerous times to warn me: “The VPN client agent was unable to create the interprocess communication depot.”

The VPN client agent was unable to create the interprocess communication depot.

The install completed after clicking OK on the notifications, but would not establish a VPN connection, with a not so informative message “Unable to establish VPN”.  A bit of searching later, I found that AnyConnect is not compatible with Internet Connection Sharing, which Cisco states in the AnyConnect VPN Client FAQ.

The solution is to disable the ICS service before installing AnyConnect.  Subsequently, when trying to connect, I encountered connection failures:

AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

The solution is again to disable the ICS service, establish the AnyConnect VPN connection, and then enable ICS.  Oddly, it seems that after the first failed connection attempt followed by stop / connect / restart cycle of the ICS service, AnyConnect can be reconnected without any trouble.  Tedious, but it works.  Ping me back if you know a better way!