Cisco ACI 3.0 Embraces Kubernetes

Cisco is updating its Application Centric Infrastructure (ACI) technology to version 3.0, bringing enhanced multi-site capabilities as well as support for the open source Kubernetes container orchestration platform.

Cisco first announced its ACI technology in November 2013, as the realization of an effort that its’ spin-out division Insieme had been working on for several years. ACI was originally limited somewhat in that it didn’t support multi-site management.

Srini Kotamraju, director of product management for Cisco data center networking, explained that Multi-site is a virtual appliance customers will deploy to connect multiple sites. Each site can have  multiple ACI fabrics (APIC Cluster, Nexus 9K switches deployed in leaf-spine 2-tier topology).

“The Multi-site appliance enables customers to federate ACI policy across sites,” Kotamraju told EnterpriseNetworkingPlanet. “Users can create tenants, application profiles, security policies, etc. and push the policy to any or all of the sites.”

He added that each site is a fully isolated fault domain and a fault in one site doesn’t impact tenants and applications stretched to another sites. ACI 3.0 Multi-site also provides an admin the ability to scope the changes to a site or a set of sites. Kotamraju said that the advantage of this is that an admin can deploy a production application to one site and verify stability first and then stretch it to other sites. Or the admin can change some policies and scope them to a few selected sites.

From a protocol perspective, the multi-site capability makes use of overlay networking approaches.

“ACI multi-site automatically connects these multiple ACI fabrics across sites using MP-BGP EVPN and VXLAN overlay over an IP routed inter-site network, agnostic to any underlay technology,” Kotamraju said. “Customers don’t have to rely  on traditional technologies such as OTV or VPLS, which are complex to provision. “


Kubernetes has become a popular option for container management and orchestration. Part of Kubernetes is the Conatiner Networking Interface (CNI), which enables networking technologies. With ACI 3.0, Cisco’s Nexus 9000 series switches and the ACI fabric can now be used to enable container networking.

“We use CNI plus a set of containers that run under Kubernetes including our OpFlex agent, that connects to the ACI fabric,” Kotamraju said.


Security also gets a boost in the ACI 3.0 update with enhanced capabilities to protect against different types of attacks.

Among the new security enhancements is a feature called First Hop Security that can be used to help prevent IP/MAC spoofing by authenticating workloads and enforcing granular security policies.

Sean Michael Kerner is a senior editor at EnterpriseNetworkingPlanet and Follow him on Twitter @TechJournalist.

Latest Articles

Follow Us On Social Media

Explore More