cherezoff -

IT favors open source networking over Cisco ACI, VMware NSX

Companies are turning to open source network automation tools as less expensive, good-enough alternatives to Cisco ACI and VMware NSX.

Companies trying to avoid or lessen the use of expensive network automation software from Cisco and VMware are turning to open source tools that are often good enough for many tasks associated with managing complex modern networks.

Cisco's application-centric infrastructure (ACI) and VMware's NSX are powerful technologies for operating networks built on the vendors' respective products. But many large enterprises have data centers filled with perfectly good multivendor hardware and software that very few organizations are willing to swap for an all Cisco or VMware alternative.

Therefore, companies are turning to open source networking products, such as Ansible, Chef, Puppet and SaltStack, for automating many network-related chores across as much of the data center as possible, while relegating ACI and NSX to Cisco- or VMware-only portions of the network.

"I'm seeing a lot more appetite -- quite honestly -- for more of a roll-your-own solution," said Teren Bryson, a network consultant for Fortune 500 companies. "Neither one of those solutions [ACI, NSX] is by any means necessary, and a lot of companies are actually finding them fairly onerous, expensive, complicated and not able to do some of the things they can do using other tools."

In July, Gartner reported in its Data Center Networking Magic Quadrant that companies have difficulty justifying the cost of NSX. "We believe this is a primary reason that the adoption of NSX data center remains less than 10% of the VMware ESX installed base," the research firm said. ESX is VMware's platform for server virtualization.

Gartner found similar resistance to Cisco ACI.

"Based on client feedback, Cisco ACI is complex for a combination of financial, technical and cultural reasons," the report said. "We believe this has limited ACI's usage and adoption."

Using open source network automation

Companies striving for vendor independence are building network orchestration systems comprised of Ansible, Jenkins and GitLab, which is a repository for code version control, Bryson said. In place of Ansible, companies might use Chef, SaltStack or Puppet.

Neither one of those solutions [ACI, NSX] is by any means necessary, and a lot of companies are actually finding them fairly onerous, expensive, complicated and not able to do some of the things they can do using other tools.
Teren BrysonNetwork consultant

The list of network tasks engineers can automate using the open source tools is long. "It's a big tapestry of automation that people are looking at," said Shamus McGillicuddy, an analyst at Enterprise Management Associates (EMA), based in Boulder, Colo.

Engineers who once used open source networking tools primarily to configure network devices find they can do much more. Other routine tasks the software can handle include ensuring a switch booted up for the first time has the correct version of the operating system and the latest security patches. Automated chores could also include verifying the network is operating as intended after engineers use a tool like Ansible to make configuration changes to switches, load balancers and firewalls.

Engineers write reusable scripts -- typically in Python -- that execute the automation. Programmers store the scripts in a repository, such as GitLab, while using other data storage software, such as NetBox, for critical network data. Examples include the locations, and IP or network addresses of all hardware, and the default settings of devices and the versions of programs installed on them.

An EMA survey of 250 IT pros -- scheduled for release in a few weeks -- found that they had automated roughly a third of the tasks performed on network devices, McGillicuddy said. More than 90% of the survey respondents used more than one network automation tool, and almost 30% of those engineers had homegrown software often built with open source components.

"Almost nobody is hiring network engineers anymore that don't have some ability to program at least at a rudimentary level," Bryson said. "It's a big change from when I first got into the industry. It's a big change even from five or six years ago. It's definitely where the industry is moving."

Advanced features in ACI, NSX

Configuration management tools are not comparable to ACI or NSX in functionality. Both can do much more when managing networks built with Cisco and VMware, respectively.

NSX is a hardware-agnostic software layer that delivers switching, routing and distributed firewall features to applications running on VMware's virtualization platform. Cisco has designed ACI as a software alternative to the manual task of managing the company's switches through their command-line interfaces.

Nevertheless, companies are finding that the best strategy is to tap the technologies only when needed.

"The cost of ICT [information and communications technology] needs to come down," said Chris Antlitz, an analyst at Technology Business Research Inc. "There [are] CIOs out there saying, 'we can't keep spending this kind of money. It's just not sustainable.'"

Dig Deeper on Open source networking