Data center networks are undergoing rapid evolution to meet three primary goals:
● Quickly deploy applications through a highly automated architecture that enables self-service and automation.
● Get insights into application performance, network health, and the end-user experience in real time so that problems can be detected and resolved as soon as they rise, or earlier.
● Define and help guarantee application service-level agreements (SLAs) for availability, end-user experience, and security in an increasingly dynamic environment.
Next-generation technologies from Avi Networks and Cisco work together transparently to meet these needs:
● Cisco® Application Centric Infrastructure (Cisco ACI™) architecture simplifies, optimizes, and accelerates the entire application lifecycle through a common policy management framework. Cisco Application Policy Infrastructure Controller (APIC) serves as the single point of automation and fabric element management that operators can use to build fully automated and scalable multitenant networks.
● The Avi Networks application delivery controller (ADC) is a next-generation application delivery solution that implements a controller-based architecture to offer self-service load balancing, application security (SSL), and real-time visibility into application performance and the end-user experience.
The highly complementary nature of the Avi and Cisco solutions comes from a common architectural approach using a single point of management and automation for data center network elements and a focus on a policy-based framework.
At the center of the Avi Networks ADC is a revolutionary analytics-based distributed services architecture: Avi Networks Hyperscale Distributed Resources Architecture (HYDRA). Based on SDN principles, HYDRA separates the data plane from the control plane: an industry first for ADCs and load balancers (Figure 1).
Figure 1. Cisco ACI and APIC and Avi HYDRA Architectures
Table 1 compares the features of the Cisco and Avi solutions.
Table 1. Cisco ACI and APIC and Avi Networks ADC Comparison
Cisco ACI and APIC
Single point of configuration, management and automation, with the controller serving as the central policy repository for network configuration, service insertion, and service configuration
Scale-out data plane
Scale-out data plane, running on x86 servers as virtual machines or containers
Rapid scaling of network and application delivery capacity, without any increase in complexity or number of management points
Representational state transfer (REST) API
Open REST-based APIs in both systems that provide 100% access to all functions (both GUI and command-line interface [CLI] for platforms built on top of the REST API)
Centralized monitoring and analytics
Centralized monitoring and analytics
Centralized, application-level visibility with real-time network and application health monitoring, combined with end-user experience tracking without agents and without changes to the network
Ecosystem partner integration through an open REST API
Ecosystem partner integration through an open REST API
Out-of-the-box integration between Avi Networks ADC and Cisco APIC so that operators can implement fully automated self-service workflows for application deployment, delivery, and monitoring (Avi’s integration is over the REST API and requires no custom device packages)
Traditional ADCs by nature are appliance-centric self-contained products, each with an independent operating system and control and management elements. The integration of these appliances into a software-defined networking (SDN) architecture such as Cisco ACI can be challenging.
The limitation of the traditional approach becomes evident as enterprises attempt to integrate these appliances into SDN architectures such as Cisco ACI and with SDN products such as Cisco APIC. Because of their discrete nature, self-contained hardware and even virtual appliances tend to require highly complex, manual provisioning and management, which is both time-consuming and prone to error. The outcomes of traditional provisioning include:
● Manual lifecycle management of virtual appliances
● Static and inflexible capacity scaling
● Multiple points of management spread across appliances
● Lack of full-featured REST APIs, severely hampering deployment of a 100 percent programmable infrastructure
● Static device-package-based integration that requires custom packages for every new application or even for features
● Absence of application-level visibility, with significantly limited understanding of the end-user experience
These limitations undermine the fundamental reason for adopting Cisco ACI and APIC, which promise to make networks more policy based, programmable, and automated.
Successful integration therefore requires an ADC that’s built on the principles of SDN: centralized management and control with a scale-out data plane.
The Avi Networks ADC is a software solution that runs on x86 servers. It provides centralized multitenancy with self-service, and implements elastic network services such as load balancing, application security, and application acceleration. What makes the ADC exceptionally powerful is an inline analytics engine that delivers application and end-user visibility and actionable insights, complementing the visibility and analytics capabilities in Cisco ACI and APIC.
Avi Networks ADC was built from the foundation on a true SDN architecture with a centralized control plane and distributed data plane called service engines.
● The Avi controller is a centralized control, policy, and analytics engine for Layer 4 through Layer 7 (L4-L7) services. It is the single point of integration with SDN controllers such as the APIC, offering a single logical ADC to manage all applications and all features, at any scale.
● Avi service engines are distributed micro-ADCs that provide critical network services and act as distributed data collectors. Avi service engines reside on the same host cluster as the application and server virtual machines. The Avi controller dynamically creates and manages the service engines with policy-based controls, providing elastic scaling not possible in traditional ADCs.
The Avi controller exposes all functions, both for configuration and monitoring, through its REST API. The browser-based user interface uses the REST API to provide central configuration and monitoring for all applications. The Avi controller is the centralized REST API endpoint and uses whichever virtual services are programmatically created for applications.
Avi Integration with Cisco APIC
Both Cisco ACI with APIC and Avi ADC have controller-based architecture. The Avi controller integrates directly with the APIC to provide application delivery (load balancing) and monitoring as a service. The single point of integration helps ensure quick initial deployment of the Avi Networks ADC in an APIC environment, as well as a smooth day-to-day provisioning experience.
Cisco and Avi Networks have collaborated to deliver a highly integrated, Layer 2 through Layer 7 (L2-L7) solution that automates and simplifies the insertion, provisioning, and scaling of critical network services into a Cisco ACI fabric. The solution also delivers end-to-end visibility and analytics that provide actionable insights into application performance and the end-user experience, which are critical in modern data centers (Figure 2).
Figure 2. Cisco ACI and Avi Networks Joint Solution
Benefits of the joint solution include:
● Quick deployment with a high degree of automation
● Accelerated application provisioning with zero-touch L4-L7 service lifecycle management
● Full-stack L2-L7 visibility and closed-loop analytics
Quick Deployment with a High Degree of Automation
Avi Networks solution is a 100 percent software solution that can be deployed in minutes on existing x86 servers in a data center or cloud environment. Avi Networks ADC architecture enables quick and transparent integration with the following main advantages:
● The Avi controller automates the initial setup and the provisioning of L4-L7 network services in a Cisco ACI fabric, thus eliminating error-prone manual operations and reducing operational complexity in a large-scale environment.
● The integration between the Avi controller and the APIC is REST API based and does not use the device package to exchange configuration parameters. (The Avi controller installs a stub device package to enable this REST-API-based integration). This approach helps ensure that multiple provisioning steps are compressed into just a few, leading to quicker integration with the APIC. This approach also helps ensure that all the application delivery features are available without the need for multiple custom device packages.
● With the Avi controller, you have a single ADC to manage, regardless of the number of applications or tenants or the amount of bandwidth.
Accelerated Application Provisioning with Zero-Touch L4-L7 Service Lifecycle Management
The Avi controller is a policy-based engine that completely automates the virtual service provisioning. Using the familiar and comprehensive Avi user interface, the L4-L7 administrator can insert a new service instance in seconds, including configuration of custom features and advanced capabilities, without the need to create multiple device packages (Figure 3).
Figure 3. Avi Controller Automates L4-L7 Lifecycle Management
The Avi controller automatically manages the entire lifecycle of micro-load balancers (service engines) through its integration with the APIC and with hypervisor orchestration platforms (such as VMware vSphere):
● Dynamically creates service engine virtual machines and adds them to the APIC’s logical device cluster by mapping its concrete interfaces to logical interfaces in the cluster
● Automatically scales capacity by creating new service engines as more applications are added and as the amount of traffic increases
● Maintains service engines in active-active or N+1 configurations based on high-availability policies
Avi controller’s dynamic integration, with automatic synchronization with the APIC, offers several additional advantages:
● The Avi controller keeps load balancing pools synchronized with the endpoint groups (EPGs) within the APIC. When servers are added to or removed from EPGs, these changes are automatically reflected in the Avi controller.
● The Avi controller automatically synchronizes tenancy configuration from the APIC. When a new tenant is created in the APIC, the Avi controller automatically creates the corresponding tenant; when a service graph is instantiated in a specific APIC tenant, the Avi controller automatically places the virtual service in the corresponding tenant.
● The Avi controller can automatically generate a whitelist or blacklist based on EPG membership to control access to L4-L7 services. The continuous synchronization of EPG membership between the APIC and the Avi controller helps ensure consistency of data-plane security policies.
Full-Stack L2-L7 Visibility and Closed-Loop Analytics
The combined APIC and Avi solution delivers real-time visibility and actionable insights into full-stack (Layer 2 all the way to Layer 7) application performance, and it enables rapid troubleshooting (Figure 4).
Figure 4. Full-Stack L2-L7 Visibility and Analytics
Avi Inline Analytics provides actionable insights about the end-user experience, application performance, infrastructure utilization, and anomalous behavior. This level of real-time and highly specific monitoring is provided without the need to deploy any agents or monitoring fabrics, which is a major benefit.
Avi’s analytics and visibility capabilities complement the deep network visibility offered by the APIC, with four main advantages:
● The solution enables latency tracking from the end user to the data center network and on the data center network itself. It also tracks the application response time. Operators thus can quickly determine whether performance degradation is the result on problems on the external network (Internet and WAN), the data center network, or application (Figure 5).
Figure 5. User-to-Application Visibility
● The solution enables a “Google for network traffic” experience, enabling operators to easily search through end-user sessions to identify problems and implement rapid troubleshooting (Figure 6).
Figure 6. Google-Like Search for Network Traffic
● The solution provides insights into end users and the end-user experience without having to use external services or additional agent-based software (Figure 7).
Figure 7. Real-Time Client Insights
● The solution provides a snapshot of security transactions and distributed denial-of-service (DDoS) attacks and allows operators to block or rate-limit offending sources with a single click (Figure 8).
Figure 8. Comprehensive Security Insights
In addition, the closed-loop nature of the analytics-based application delivery solution automatically tunes the L4-L7 service policies to maintain application SLAs.
Solutions That Build on Each Other
The Cisco and Avi solution have a synergistic architectures and together deliver and end-to-end L2-L7 SDN solution (Table 2).
Table 2. Synergistic SDN Solutions
● Central policy database
● Centralized management and control
● Policy-based automatic lifecycle management
● Native REST APIs
Avi Service Engines
● Distributed data plane
● Elastic scalability
● Built-in high availability
● Complexity hidden by Avi controller
● Full-stack visibility
● Real-time application telemetry
● Actionable insights
The rapid adoption of SDN among many enterprises today is propelled by an increasingly demanding set of end‑user expectations for application performance. Meeting this new enterprise mandate requires the deployment of innovative end-to-end networking solutions truly built on the principles of SDN. Cisco and Avi Networks have met this challenge through their integration of the Avi ADC into Cisco ACI with APIC. The combined solution offers unified management and control planes and elastic, on-demand scaling as real-time application requirements dictate.
Financing to Help You Achieve Your Objectives
Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
For More Information
● Cisco ACI: http://www.cisco.com/go/aci
● Avi Networks: http://www.avinetworks.com/company/partners/cisco
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.
About Avi Networks
Avi Networks is the next-gen ADC company, enabling automation, self-service and elastic scale. The Avi Networks solution combines the benefits of enterprise-grade ADC features with the ease and flexibility of elastic load balancing (ELB) for enterprises and cloud service providers. With a unique analytics-driven and distributed load-balancing architecture, the Avi Networks solution markedly improves the end-user application experience for on-premises and cloud-based applications, while reducing operational costs and complexity by 90%. Please visit us at avinetworks.com or follow us on Twitter @avinetworks.