I attended the Cisco Live Local Edition event here in Nashville,TN last month. It was an all day event that gave a variety of presentations in different focus areas. While I spent the bulk of my time in the routing/switching/wireless/security presentations, I made a point to sit in on one in the data center track. It was entitled Data Center Fabric Futures. This session spent a lot of time talking about Cisco’s Application Centric Infrastructure(ACI) technology, so I was curious to learn a bit more about it since the company I work for sells a fair amount of Cisco Nexus switching.
If you want a little more information about Cisco’s ACI technology, here’s some really good writing on that subject:
While the presentation was moving along, one particular aspect of ACI caught my attention. It was a specific function within the Application Policy Infrastructure Controller(APIC). Before I dive into that, let me give you a brief overview of the purpose of the APIC.
APIC is the brains of ACI. Think of it as the controller for the network. Control plane operations can be orchestrated from here in the same manner that a wireless LAN controller would do for wireless access points. Anyone who has followed the industry buzz around SDN is familiar with this concept of a network controller. Instead of doing a lot of manual configuration on each and every switch and router, the controller(APIC) would handle optimized routing, QoS, and other configuration tasks automatically. Policies can be deployed and removed on the fly without a human having to intervene at every step along the way of a given data flow.
Getting My Attention
When the discussion moved to the monitoring aspects of APIC, I was suddenly even more interested. The ability to monitor traffic flowing across the network is something that every decent sized network requires. Well, it may be required, but the price tag associated with platforms that can provide this sort of monitoring tend to scare off all but the most committed organizations. They have a reputation for costing an arm and a leg. I have seen customers get excited about what a particular network monitoring product can do, and then lose interest once they see the price tag. I’m not arguing that companies with decent technology should sell it for next to nothing. It takes a lot of skill and hard work to develop any decent product and companies should be able to charge what they think is a fair price for their hardware or software. The price will be dictated by what customers are willing to pay, and if enough of them agree to that price, the vendor doesn’t necessarily have to come down on pricing to satisfy what a customer “thinks” they should pay for said product.
Here’s the slide that caught my eye:
Forget the basic flow based monitoring tools or up/down state monitoring tools using SNMP. Those are old news. Granted, they are still quite useful, but in today’s larger networks, they don’t go deep enough. Consider all of the multi-tier applications that companies are employing today. What may be looked at as a simple web based application to an end user could in reality be a multitude of servers, load balancers, and other devices on the back end to allow that web page to be displayed. The complexity is hidden from the end user, and rightfully so. They just want it to work. You and I get paid to figure out how to make that work.
Enter Application Performance Monitoring(APM)
Over the past several years, I have had the pleasure of working with a few different APM vendors. In addition to logging how much traffic has traversed the network, they can drill down even deeper and show you precisely what that traffic was made up of. Instead of just telling me that a flow was comprised of Microsoft SQL traffic, APM can tell me which specific operations to a given database were made. Let’s say that you have a web application that is running slow. With APM, I have the ability to look at each transaction within that SQL flow and see if a particular “select” statement was taking too long to process. Instead of just telling the DBA’s that their database was running slow, I can point them to the precise operation that is causing that slowness.
Of equal importance is the fact that I can map out all of the applications and see exactly which systems are talking to each other. I can’t tell you how many times I have had to help a client troubleshoot a slowness issue and there was little to no information about how all of their systems interacted with each other. There is always some box in the corner of a datacenter that has been running for years and nobody knows what it does, except that when it goes offline, everything breaks. APM can tell you precisely what the box does, as it knows all the other systems it talks to, and what type of traffic is being sent and received by that unknown box.. The value of mapping out all of an organization’s applications and who talks to who should not be overlooked. When it breaks and nobody knows how it works because the original system architects have moved on to other jobs, much pain will ensue. Been there. Done that. Got plenty of scars to show for it. THAT reason alone is enough to justify the cost of an APM solution, unless you don’t really know how much your downtime costs you. If that is the case, remind me not to buy any of your stock. 😉
Allow Me To Speculate……
APIC is not available for purchase yet. I just checked for SKU’s on the Cisco pricing list and couldn’t find any for APIC. As best I can tell based on what I have heard, it should be coming within the next year or so. This shouldn’t be too much of a surprise though. Juniper did the same thing with QFabric. The whole solution came in phases.
Based on the fact that APIC is not available today, I have to speculate on what it MIGHT be from an APM perspective due to lack of the ever popular Cisco design guides and extensive documentation. There’s also the understanding that over time, more and more capabilities will be added. This is NOT unusual within the industry, or even Cisco for that matter. The Nexus 7000 series product line didn’t come to market with everything it has today. It took time, and so will ACI.
I am also aware that Cisco’s ACI solution was probably not even intended for use as an APM-like platform. I’m just trying to think outside of the box here.
Still with me? Good.
Imagine the possibility of being able to see the health of an application from the same vendor that sold you all of your data center switches. No more span sessions or expensive network taps. No more high dollar appliances which are commodity Dell, HP, IBM, or Cisco servers with a different vendor name slapped on them. None of that. Granted, APIC won’t be free, and I wouldn’t be surprised if licensing wields its ugly head and the APIC functions are carved up under various licensing SKU’s. That’s just the way the game is played by the majority of vendors out there.
How deep will APIC be able to see into each application? I am unsure of this, but I am pretty sure it will be a bit more than just flow data or standard ICMP/SNMP health checks. I find myself wondering whether or not an “application” from an ACI perspective is the same as an “application” from a traditional APM vendor. An ACI “application” might just be a grouping of hardware and virtual resources as opposed to the lower level functions within an “application” such as database operations, etc.
The two terms that I am VERY interested in from that slide are “health scores” and “resource consumption”. They might have different meanings than what I would expect to see from an APM vendor. If they are, then you just wasted time reading this, and I wasted even more time writing it.
I don’t know what Cisco ACI will do in terms of application monitoring. My guess is it will not be anywhere near as comprehensive as the mainline APM tools out there. However, it may be good enough, and quite a few networks out there are monitored with systems that are good enough, because the cost of APM solutions was too much for them to stomach. If it costs a little more to get even more insight into the applications running over the network, I would say that will be an easier sell than trying to bolt on a very expensive APM solution from a third party vendor. I say that as someone who LIKES the APM solutions from other vendors. I just happen to dwell in reality where lower cost often overrides the best technology choice.