At one time, network upgrades were defined by the purchase of new equipment, in search of higher port speeds and new features to accelerate throughput. Today, that set of requirements has been replaced by the drive for greater agility and security as enterprises embrace challenges such as the new multi-cloud reality and the need to respond dynamically to changing business needs.
Mainstream enterprises now have complex environments that include applications and workloads executing across bare metal, virtual machines, containers, and public clouds. Organizations must manage and secure network traffic across these diverse infrastructures, many of which may be owned by third parties. Particularly in the case of any model that includes public cloud resources, managing workloads in software is the only option.
In addition to the data being able to pass freely on any underlying hardware, control of the traffic must also be centralized and hardware agnostic. Automation and management must be independent of where workloads execute. Likewise, security must be baked into all workloads, whether they are running on a physical on-premise network, a public cloud, or a combination of both.
Unifying these heterogeneous environments to abstract away their complexity has become a strategic imperative. Virtual machines and cloud-native workloads have uncoupled applications from the underlying hardware. In similar fashion, networking and security must be uncoupled from the network hardware to allow cohesive deployment and operational models to be used across the entire on-premise and public infrastructure.
VMware NSX helps companies that have invested (or are considering investment) in Cisco Application Centric Infrastructure (ACI) to successfully adopt a long view toward capabilities they will need in the future, in addition to those they need today. VMware NSX and Cisco ACI complement each other, with each company playing to its leadership strengths.
Software-Enabling the Network with the NSX Overlay
VMware NSX virtualizes and abstracts the network, breaking down silos so data and workloads can move across different topologies. This software-defined approach extends across multiple networks and topologies in company-owned data centers, partner networks, and hybrid clouds, enabling disparate network segments to act together as one.
By defining the network in software, NSX can provision any topology on demand, in just seconds, regardless of the underlying hardware. Multiple virtual networks can be created to match whatever requirements the business presents, using both capabilities built into NSX and those of third-parties. Those networks can isolate traffic as needed and still be managed together as a coherent single unit, building operational efficiencies as well as taking flexible advantage of all physical resources available.
Workloads are fully portable across disparate physical environments, with operational efficiency that’s enhanced by automation to create and provision networks, optimize their operation, and then decommission them, all dynamically in response to changing business needs. By automating tedious, repetitive tasks, NSX increases efficiency, reduces human error, and frees IT staff to focus on higher-value work.
NSX provides a full range of logical elements to enhance these networks, including logical switching, routing, distributed firewalling, and load balancing. From a security standpoint, NSX provides segmentation down to the workload level, with security policies that move with migrating workloads wherever they reside and preventing the lateral east-west movement of threats within the data center.
These services are defined in software, making them independent not only of the underlying physical infrastructure but also of the logical network underlay. At the same time, interoperation with ACI enables customers to enhance fabric management. The physical IP fabric is provisioned and managed using ACI, including fabric connectivity to vSphere and NSX. ACI running in network-centric mode provides server connectivity, while NSX connects applications. This approach allows both ACI and NSX to each do what they do best while minimizing complexity.
Interoperation of the Cisco ACI Underlay and NSX Overlay
Cisco ACI is an integrated hardware and software policy-driven framework based on the Cisco Nexus 9000 family of switches. It delivers performance leadership and operational simplicity, for a rock-solid fabric that provides a robust foundation for network virtualization based on NSX. The combination offers both a programmable, software-defined network using the NSX overlay and robust ability to build and control ACI’s underlay fabric.
Traffic is encapsulated using virtual extensible LANs (VXLANs) for tunneling that enables VMs to operate seamlessly on any physical infrastructure. Connectivity between NSX, vSphere, and the ACI fabric is simplified with ACI endpoint groups that use VLANs to segregate traffic for operational functions such as transport, management, workload migration, and storage. This approach means that one-time configuration supports stable switch-fabric operations on an ongoing basis.
Capacity can be scaled out simply by adding additional physical ports, with a minimum of modification, helping maintain future-readiness for the network. New NSX logical networks can likewise be created without defining new VLANs, which simplifies the underlay to increase uptime by minimizing change, while adding the agility and flexibility of software-defined virtual networking.
In sum, using NSX as the virtual network overlay for ACI provides an agile environment that spans the data center and public cloud. The underlay is abstracted from deployed workloads to simplify service provisioning, while enabling the flexibility, security, and performance provided by NSX.
Together, VMware NSX and Cisco ACI enable an elegant strategy for network virtualization and fabric management, across the enterprise from the data center to the public cloud. This software-first approach enables customers to rapidly deploy a high-performance switching fabric that offers simple scalability with only minor changes to the network. Because NSX abstracts away those modifications from the workloads, services are not disrupted.
NSX provides full-featured network virtualization that complements but goes far beyond what a fabric-focused solution such as ACI can provide alone. At the same time, NSX is fabric-agnostic, meaning that it not only works with any fabric but is designed explicitly to work with multiple fabrics at the same time. Virtualizing the network with NSX eliminates physical dependencies and positions network operators for robust operation as business needs and network technologies continue to evolve.
To learn more about software-first networking, visit
Contributor: Matt Gillespie is a technology writer based in Chicago. He can be found at www.linkedin.com/in/mgillespie1.