The future of ACI, version 5.2, ACI 6.0 and beyond

February 11, 2021

ACI 5.1 has been released about three months ago. That means that ACI 5.2 is likely imminent. Usually I review a version when it becomes available, like I’ve done for versions 3.2, 4.0, 4.2, 5.0 and 5.1. I will do something similar when 5.2 will be released, but for now I thought it would be nice to speculate a bit.

Disclaimer: The information provided in this blog is purely speculation. I did not talk to Cisco to obtain any of this information. All Cisco information is publicly available. I might be right, I might be wrong. Only time will tell.

Previous ACI releases

The past is often a good indicator of the future. That’s why I want to look into ACI’s history for a minute.

The initial release of ACI was primarily focussed on launching the product. Most of the basic functionality has been present since release 1.0. This is the version that introduced us to the tenant model, the policy model and the overall way of working with ACI.

In ACI 2.x many improvements were made on the basic networking. Also Multi-pod was introduced. ACI 2.x saw ACI becoming more stable.

The biggest addition to ACI during the 3.x versions was the addition of multi-site. Enabling customers to connect separate fabrics together using a new tool called the Multi-Site Orchestrator. It also implemented several network features that were as of yet missing.

The primary focus of ACI 4.x was ACI anywhere. This version introduced cloud extensions and virtual fabrics. It also introduced a lot of Day2 tools like the Network Insights suite. ACI 4.2 is currently the most recent long lived version and currently the recommended version to install in a new fabric.

ACI 5.x is the newest train of ACI. It might be a bit too early to really say what the focus is for these releases. Let’s look at this in the next paragraph.

Predictions for ACI 5.2

ACI 5.0 introduced us to Endpoint Security Groups. ESGs give us the possibility to be more flexible with how we apply contracts between groups of systems. But the downside for now is that we can only use IP addresses.

Prediction 1: ACI will support new ways to assign systems to ESGs, like tags, OS type etc.

Another focus point of ACI 5.x is integration with the whole SD-* suite of products made by Cisco. As can be seen in the image provided by Cisco during Cisco Live in Barcelona.

ACI Integrations

We can see the integration between ACI and SD-A and SD-WAN in this image. It stands to reason that this set of integrations will continue to be built by Cisco. Currently we already have some way of integrating ACI with SD-A. This is actually performed by ISE programming IP addresses into external EPGs on the APIC. The biggest downside of this is that it supports just one L3out and VRF in ACI.

Prediction 2: ACI and SD-A integration will support multiple VRFs and L3outs

The second prediction is a bit of foul play, as Cisco has already publicly stated this, as can be seen in the image below.

ACI SDA phase 2

You can find more about the ACI - SD-A integration in the following presentation from Cisco Live: BRKOPS-2110

But this integration thing is something that will likely be a major part of ACI 5.2. We might also see some tools to help us configure all these integrations.

Prediction 3: A tool will be made available, maybe in MSO, to help configure all these integrations

A feature we also saw make its debut in 5.1 was ACI - NSX-T integration. This integration is fairly limited for now, supporting just a vlan connection. This will likely be expanded in the future, to make VXLAN integration or possibly Geneve available.

Prediction 4: The NSX-T integration will be expanded

Prediction 5: ACI will start supporting Geneve (This might be ACI 6 or beyond)

I’m also expecting a lot of Service Provider additions into ACI, but unfortunately I’m not versed enough in that field to be able to make any predictions.

Predictions for ACI 6

ACI 6 is far away. I’m sure Cisco already has some idea as to what will be implemented in ACI 6, but for me as a mere mortal it’s difficult to know what they’re working on. An easy prediction will be that there will be new hardware to be supported. Let’s not look at that for now. Let’s look for some more far fetched possibilities…

I already stated the Geneve support which might be added. In the same spirit, we might expect some truly novel technologies to be implemented. For example the Open/R routing protocol has been released by Facebook. For now no Cisco product supports it (as far as I know). Why not start by supporting it in ACI?

Prediction 6: ACI will start supporting Open/R

In regards to integrations. Why stop at the SD-Access and SD-Wan solutions. Let’s further the integrations with UCS platforms. We can already integrate with UCSM, but to be honest. Aren’t Fabric Interconnects just extra Nexus switches? It’s just an extra step which is not really necessary anymore. Nexus 9k switches aren’t that expensive and port density and latency is sufficient. I’m expecting the Fabric Interconnects to disappear, at least for the UCS platform and have all UCS systems connect to ACI Leaf (or extended leaf) switches.

Prediction 7: ACI will take over the role of Fabric Interconnects (directly or via extended leaf switches)

Many companies want to move their workloads into the cloud. ACI already supports extending policy into the cloud, but it does not support extending L2 into the cloud (as VMware does with VMware on AWS/Azure). This is potentially a large market, so I’m expecting Cisco to figure out some way to make this work. I’m not sure how they would make this work from a technical standpoint, but something with tunneling VXLAN to the end host would be possible (I think)

Prediction 8: ACI will support L2 extension to the public cloud

What do you think? What would you like to see in a next ACI release? Leave your thoughts in the comment section.