ACI from an other angle

“Several of these protocols are standards”

My understanding is that even if the protocols look standard, Cisco made some modifications on them : VXLAN (fiels to transport ACI Policies), ISIS (added the multidestination tree) and hence are note standard anymore.

“Does it require proprietary server ?”

Not prorietary servers but proprietary switches…So you are locked in regarding the software and the hardware. Both can’t be decoupled. If you choose to move to another switch vendor, you need to change the hardware and sart learning new software and protocols skills. Previously while you probably still need to change the software and the hardware, you didn’t need to learn everything from scratch regarding the protocols.
In the past with Fabric Path, I have already had issues by beeing locked-in with both. When Cisco will end up the support, you then need to change the hardware and learn new software/protocols skills.

Security lock-in

The security policies in ACI are another lock-in. If you use the Cisco Application Centric mode, it’s even worse. When Cisco decides it’s not bankable anymore and starts moving away from it, you will need to migrate the hardware, learn new software, new protocols and migrate the security to something completely different.
For some organisations, this scenario will be a nightmare and probably cost more money than investing regulary in people.

If you don’t want to use the Application Centric mode and just use the Network Centric mode, you still have an expensive solution with lots of options you will pay for but never use. Moreover you will inherit all the software complexity and associated bugs for features that are useless for you.

Summ up

Standard Protocols not so standard:
ISIS (Multidestination tree ftag)
BGP for multi site
VXLAN (Field to transport ACI policies)

Proprietary Protocols
COOP

Very little public documentation

Lock in : Hardware, software, security
Previously : some features or knobs were proprietary or tied to hardware but not the all system
=> EIGRP, software lock in but you can ignore it if you want
=> FP at the time of the launch no other option were standard

Software complexity due to all the features you don’t want + software has been thought to be application aware and even if you don’t want to use it, you will anyway inherit the code complexity of it.

Everything centralized in a box right in the middle of the data path (Spine COOP devices).

Stopped product:

  • Loadbalancing : ACE/CSS
  • Fabric Path
  • Ironport ?
  • iWAN
  • VPn Concentrator

You need EVPN anyway for multisite.

You need automation anyway because it’s too complex to manage via the GUI and you want to standardise all the conf.