Competitors are harping about the potential for lock-in with Cisco‘s Application-Centric Infrastructure (ACI), even if pieces such as the OpFlex protocol become open standards. They’ve got a point, but analysts do see some value in the policy-driven approach Cisco has taken.
“I’m very pleased that Cisco did it, because ACI is very practical,” says Peter Christy, an analyst with 451 Research. “The way ACI does policy distribution, especially since it’s done at an abstract level, is a really good idea.”
ACI and its main engine, the Application Policy Infrastructure Controller (APIC), got detailed at Interop early in April. It’s a departure from most software-defined networking (SDN) plans to date, especially those based on OpenFlow. They’re about centralizing the control plane, whereas Cisco chose to focus on centralizing policy.
“The way Cisco is doing it is that Cisco is not having a decoupling of the control and data planes. The switch retains the intelligence [to decide how to execute policy], and that’s the big difference,” Casemore says. “If they get the APIC piece right, a certain percentage of Cisco customers, regardless of whether you think they should put everything on one network, will go with it.”
Competitors’ reactions were along the lines of this prepared statement from Kelly Herrell, vice president of Brocade‘s software business unit: “The industry is clear in its demand for truly open standards and wary of ‘Trojan horse’ lock-in strategies. History has shown that proprietary protocols almost never win, especially when disguised as open, as is the case with Cisco’s proposal.”
“There was all this feigned outrage,” says Brad Casemore, an analyst with IDC, about the overall reaction to Cisco’s announcement. “And I’m like, ‘Well, what did you expect?’”
Cisco certainly acted in character by presenting a different and Cisco-devised framework and then suggesting it for broader industry use. It features pieces such as the OpFlex interface, which is a Cisco creation now being documented within the IETF (although actual code isn’t in partners’ hands yet, as SearchSDN noted).
Setting an SDN Policy Model
Christy thinks the main task behind ACI will be to solidify the policy model, the way in which packets will be flagged to indicate certain attributes.
“When you say this is the quality-of-service or this is security [for a particular packet], what is that definition? And is this definition rich enough to serve the needs of the app provider, and can it be rendered on the devices you need?” he says.
“The right answer, if I could be queen for a day, is to get Cisco to talk to Microsoft, because Microsoft understands declarative policy,” Christy says. That understanding goes back a long time; Christy notes that Microsoft used declarative metadata in Windows and in System Center.
Cisco intends to make the policy model open, by developing it as part of a group-based policy project within OpenDaylight. (Separately, an OpenStack project called Congress is taking a wider view of policy; representatives on both sides say the projects have different goals and aren’t directly competitive.)
To run this policy-based framework, Cisco is going to need a stronger understanding of application requirements. “Their northbound strategy will play out in APIs, and that’s where they’re starting to talk to developers,” Casemore says.