According to Cisco, firms currently perform up to 95 percent of changes in networks manually. It doesn’t have to be that way. One remedy to this situation is Software-Defined Networking. SDN enables centralised and largely automated network administration. Cisco provides Application-Centric Infrastructure (ACI) for this task.
At Cisco, Software-Defined Networking forms the basis – or an intermediate step – on the way to Intent-Based Networking (IBN), (see blog article). SDN decouples the system software from the network hardware by separating the planes for network data analysis and control of the network configuration (control plane) and the plane for data transport in the network (data plane).
This enables complete virtualisation of the analysis and control plane, and the control plane can then be programmed directly. As a rule, the network controller is centralised and can automatically control and manage a large number of different network components such as routers or switches.
SDN at Cisco: Application Centric Infrastructure (ACI)
The key SDN product at Cisco is Application Centric Infrastructure (ACI). This solution automates the network and security for workloads within and between heterogeneous domains or multi-Cloud environments. However, Cisco switches are mandatory for Cisco ACI. Cisco ACI comprises Cisco Nexus Switches from the 9000 Series, Cisco Application Policy Infrastructure Controller (APIC) and Cisco ACI Virtual Edge (AVE).
Switches: Thanks to Cloud-scale ASIC technology, Cisco Nexus Switches from the 9000 Series provide high performance and scalability as packets are forwarded and processed in the transistors of the ASIC (Application Specific Integrated Circuit). Adapted circuits are better than normal commercially available chip sets for SDN because they feature a much higher transistor density and consume less power. This increases the bandwidth, the number of ports, the size of the routing tables and that of the buffer. The ports support a number of different speeds (1/10/25/50/100/400 Gigabit Ethernet GbE). Streaming telemetry, extended analytics and line rate encryption (MACsec) permit a high level of security and transparency.
Cloud-scale ASIC also enables a leaf-spine architecture in which, in contrast to conventional 3-tier networks, every access switch (leaf) connects to every aggregation switch (spine). The result is larger bandwidths and shorter latencies. For SDN, Cisco offers the modular Nexus Switches from the 9500 Series and the Nexus Switches from the 9300 Series with a fixed configuration.
Controller: The Cisco Application Policy Infrastructure Controller (APIC) is the key component for uniform automation and management of the ACI Fabric. Using this device, the network, security and automation of network services can be controlled centrally on the application plane. For these tasks, the APIC features a uniform framework for provisioning policies and managing the entire physical, virtual and Cloud-based infrastructure.
Layer 4-7 services, virtualisation and management providers are integrated via an open architecture. There are also functions for the monitoring and control of applications, Multi-Tenant-Security, QoS (Quality-of-Service) and high availability. As the Cisco APIC is completely separated from the data path, data traffic can still be forwarded if the connection to the APIC is interrupted.
Cisco ACI Virtual Edge (AVE): Cisco ACI Virtual Edge supports the ACI architecture and provides support for the policy models of the ACI applications as well as switching functions with a high performance and throughput rate.
Solutions for Intent-Based Networking
Cisco is opting for Intent-Based Networking (IBN) for the network of the future. IBN is based on SDN, automates most management steps and evolves continuously through machine learning. The Cisco DNA Center, Software-Defined Access and Catalyst 9000 Switches are important components for IBN.
DNA Center: The central management dashboard for Cisco’s Digital Network Architecture (DNA) controls all network functions. It integrates tools for network management, automation, virtualisation, analytics, security and Internet-of-Things connection. Administrators can use it for the simple definition and management of policies across the entire network.
Software-Defined Access (SDA): With the aid of SDA, these policies can be automatically enforced for the network and further tasks such as configuration or provisioning can be automated. With SDA, companies can easily segment their networks and thus increase security. They can also add their own scripts and programmes to the functional scope of SDA in order to optimise administration.
Catalyst 9000 Series: Cisco has developed the controllers and switches in the Catalyst 9000 Series for its Digital Network Architecture. They support both LAN and WLAN and have been designed for a high degree of scalability. Thanks to speeds from 1 to 10 Gigabit Ethernet, 25 GE, 40 GE and 100 GE, the Catalyst Switches provide a high level of flexibility. The Catalyst Controllers were developed for wireless networks, such as IoT, which multiple customers access.