At the latest Cisco Live 2014, F5 officially announced the long awaited integration of its Synthesis architecture with the Cisco Application Centric Infrastructure (ACI) and its Application Policy Infrastructure Controller (APIC).
F5 and Cisco have embraced SDN to facilitate application velocity and enable IT need for an automated and policy based approach through open APIs and open source policies. The APIC enables the orchestration and automated insertion of L4-L7 and security services within the ACI network fabric using the F5 Big-IP physical and virtual devices.
ACI effectively simplified the network with a new Layer 3 Spine/leaf one hop away architecture which provided location independence for the F5 Big-IP devices and removed the “network chaining” of the L4-L7 service appliances to the network.
It is important to note that with ACI, Cisco chose its own SDN approach sometimes termed as HDN (Hardware Defined Network) by programming the Application Network Profile and its service policy in ASICs and by integrating the network underlay and overlays (stay tuned for more details in upcoming blogs).
Cisco recognized the need to start speaking the ADC language well understood by F5 such as Application Tiers, Security Requirements, Application performance, compliance instead of VLANs, subnets, trunks etc... ACI adopted a policy model with the traditional 3-Tier Application Architecture ie. Web, Application and DB where each tier is a logical grouping of analogous end points (End Point Groups) such as NICs, VMs or F5 Big-IP physical and virtual devices. The Application Network Profile binds those application tiers together by defining how they connect and consume each other with the integration of the L4-L7 and security services provided by the F5 Synthesis fabric.
We need to remember that Cisco ACI takes its heritage from the Cisco Unified Computing System with its stateless server architecture. It is no longer the sys admin who programs the servers but the UCS manager controller via the service policy. Likewise with ACI, the network hardware is stateless and is programmed by the APIC with the application network profile and its service policy rather than the network admin. This is accomplished via a zip file called a device package which enables F5 to stack its stateful L4-L7 Synthesis fabric with ACI stateless fabric.
This underlines an important point that the richness of the L4-L7 and security features and services programmed by the APIC into the ACI fabric will be limited by the device package provided by Application Delivery Controller vendors.
The F5 Device Package is a zip file composed of a device model in an xml file and a device script using python. The F5 Device Package will preserve the device model of the Synthesis architecture with its highly programmable features such as iApps, iRules and iControl and initially deliver features such as L4-L7 Load Balancing, SSL offload and SharePoint with the APIC first shipped release.
iApps enables customers to leverage profile templates in order to optimally deploy applications such as Exchange or SharePoint across all the F5 Big-IPs without requiring the manual configuration and tuning of the application on each device.
iRules enables customers to quickly program the Big-IPs devices dataplane through a script in order to address a certain condition affecting their application without requiring the need to take their Big-IP offline and upgrade their software.
This will make ACI a powerful extension of the F5 Synthesis fabric and its Software Defined Application Services. The combination of ACI and Synthesis will enable customers to confidently deploy a full stack SDN architecture in the cloud or data center.
To quote a couple of F5 and Cisco Execs…
“In the Cisco ACI framework, F5 customers can preserve the advantages and capabilities of the F5 Synthesis model for L4–7 services while enhancing application deployments, delivery, and automation through Cisco ACI and APIC. At the heart of the integration is the ACI open policy model that offers investment protection with emphasis on programmability, automation, scale, and security. In addition, the combination of ACI-embedded multi-tenancy with the BIG-IP platform’s equivalent functions makes the integration of Cisco and F5 technologies more attractive for service providers, enterprises, and large financial institutions on their journey to the cloud.”
Soni Jiandani, SVP, Marketing, Cisco
“Like Cisco, F5 is focused on the intelligent delivery of applications and services in all types of environments. This announcement—and our partnership at large—centers on making it easy for customers to combine F5’s L4–7 application fabric with L2–3 network fabric. Cisco’s APIC provides organizations with a powerful tool to enhance ACI deployments, and we look forward to introducing complementary technologies that extend the value of these systems even further.”
Manny Rivelo, EVP of Strategic Solutions, F5