Item: Cisco Application Centric Infrastructure (Cisco ACI)
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

We have several data centers running a mix of FabricPath, Catalyst and ACI. We have a data center that has been around for a few years that's only ACI and are starting to roll ACI out to additional data centers now that we've solidified the design/architecture. Our engineers have struggled a bit with adopting it as a new technology since it's such a different mindset than traditional networking, but several of us have embraced the new mindset and the potential that comes along with it and we've been able to make massive changes and architectural improvements as a result.

Pros and Cons

The REST API allows your to programmatically interact with the network and make massive changes very quickly when needed.
The API allows you to tie together Server Provisioning tools, storage provisioning tools, into an orchestration platform such as Ansible to streamline new deployments and builds.
New Deployments are extremely simple once you've worked out your programatic deployment process. We can deploy new clients/tenants in seconds rather than days or weeks like it used to take.
Replacing failed switches/apics/etc is also extremely easy.
Tightly couple the underlying Network Infrastructure to VMWare Deployments to allow VMs to move anywhere in the datacenter at the drop of a hat.

Getting users up to speed can be especially challenging. I'm not sure how much of that if culture related vs technical skills related, but it's something to keep in mind.
Along those same lines, engineers who have spent years in the trenches with Catalyst or Nexus environment may struggle with troubleshooting an ACI environment.
We've had some issues with user errors causing the fabric to go into a virtually unrecoverable state and TAC not always knowing how to fix it.

Return on Investment

We've definitely spent quite a bit of time relearning how to do things in ACI, but I think the investment has been well worth while considering that we can now deploy tenants and leaves from the ground up in a matter of seconds.
We can if we choose to upgrade an entire datacenters worth of switches in a single night. (We've chosen to break it up for availability requirements, but if you didn't require 99.999% uptime like us you may be able to do it)

Alternatives Considered

Lower cost than FabricPath, maybe a little bit cheaper than Arista when we looked into it. I wasn't involved in the initial purchasing of ACI, and was kind of against it at first, but the product has evolved a lot over the last few years and I now believe that it can definitely have a positive impact.

Other Software Used

PyCharm, F5 BIG-IP, Cisco ASA, Palo Alto Networks Next-Generation Firewalls - PA Series, Cisco Catalyst, Cisco FabricPath, Cisco Nexus, Ansible

Likelihood to Recommend

ACI could be advantageous in a large homogenous network where you're needing to quickly deploy large numbers of servers/tenants/etc. But at a certain point you may start to run into some scale limitations like we have that have required us to modify our architecture a bit. It's been amazing for letting us quickly move VMs anywhere in the fabric without network engineers having to verify that VLANs are trunked to the switch the new ESX host is hanging off of. It's also been awesome for quickly deploying new leafs and new tenants especially when compared to our older methods on FabricPath and Catalyst.

Steep learning curve, but well worth the investment.

Overall Satisfaction with Cisco Application Centric Infrastructure