VMware NSX Vs. Cisco ACI: The Software-Defined Networking Face-Off

Face-Off: VMware NSX Vs. Cisco ACI

There's a ferocious battle going on in the software-defined networking market between onetime allies VMware and Cisco Systems. To shed light on their respective SDN strategies, CRN spoke with Steve Mullaney (right), former CEO of Nicira who is stepping aside as general manager of VMware's Network and Security Business effective Sept. 30, and Ishmael Limkakeng, vice president of product management for Cisco's Application Centric Infrastructure. The separate interviews with the two executives offer a rare glimpse into a sharply divergent technology path the two companies are taking.

Is Cisco taking a hardware-defined approach vs. a software approach from VMware?

We say, 'Fix it in a software-defined way.' Cisco says, 'Fix it with ASICs and a hardware-defined way.' What is great about that is what if Cisco came out with almost exactly the same way that we said? We would be screwed because -- you know what? --customers would listen to their pitch and then listen to our pitch and then the customer would go, 'I can't tell the difference. It sounds the same.'

--Steve Mullaney, VMware

What is your response to Mullaney's claims that ACI is a "hardware-defined" solution?

The hardware-defined or software-defined [argument] is sort of beside the point. Customers at the end of the day, they have a problem they are trying to solve. And the problem that is resonating with our customers is how do we help them deploy their applications more effectively, more efficiently, turn them up, spin them down, in the best operational manner that they can. I think we are seeing that our customers like the comprehensive solution.

The specific[s of] hardware-defined or software-defined -- I mean, I don't know that that is something customers necessarily spend a lot of time worrying about.

--Ishmael Limkakeng, Cisco

What is the key difference between Cisco and VMware SDN?

[For Cisco], ASICs are the key. That is the key [difference].

What is great about that is [we] are very different. What ends up happening is it becomes a profession of faith. What do you believe? Within 10 minutes, a customer knows: 'I am going the VMware way' or 'Nope, I trust Cisco. I trust my ASICs. I have been doing it that way for 20 years. I am going to go that way.'

Then we go OK, that is fine. That is not the way the world is going. But that is OK, you can go that way.

The worst thing is if Cisco [approached] software-defined exactly [as we do], we would be screwed because the customer would go, 'I can't tell the difference.' And when they can't tell the difference, they pick the incumbent.

--Steve Mullaney, VMware

So what is the key difference between Cisco and VMware SDN?

NSX is fundamentally a software-based overlay and is completely separated from the underlying hardware, which is really interesting if you have a purely virtual environment and relatively small scale. Then you're fine. But in real customer production environments, there are always both physical and virtual workloads, there are very frequently multi-hypervisor environments, and you have to be able to fit into those real-world situations.

--Ishmael Limkakeng, Cisco

What is the danger for customers of the ACI approach to software-defined networking?

Cisco is actually aggressively pricing the hardware, which I think is fantastic. That shows the trend which says the money is going out of the hardware and it is going into software. That is happening. So guess what? Cisco is not really a software company. And I am not talking routing protocols. They are not a distributed systems computing software company. VMware is. Nicira was. Cisco is hardware, and you program the hardware. You might write some management platforms. And you might write some firmware and routing protocols. But that stuff has been done for 25 years.

--Steve Mullaney, VMware

What are the application benefits of ACI vs. NSX?

I think that what you have with ACI, if you think about a customer and a customer environment, they have physical and virtual environments, physical and virtual workloads, they have probably a variety of different security devices, load balancers, management and operations systems -- I think ACI excels at bringing all those pieces together, whether it's physical or virtual, and bringing it together to solve in a comprehensive way.

--Ishmael Limkakeng, Cisco

Is there a difference between VMware as a software company and Cisco as a hardware company?

As things move more toward software, who do you think is going to come out with better software -- a software company or a hardware company? I know where I would bet.

We don't have to roll around in the mud because we know the outcome. Why do I want to roll around in the mud? It is just going to make me get all dirty and distracted. So we just elevate it. We just stay out of it. As [VMware CEO] Pat Gelsinger says: 'Cisco needs us to lose. We don't need Cisco to lose.' We don't hate Cisco. They hate us because of what we could end up doing to their franchise. But we just shrug our shoulders and say, 'That is the way the world is going. So get over it.'

--Steve Mullaney, VMware

What is your response to Mullaney's claims that Cisco is not a software company?

At the end of the day, we are trying to solve the problems for customers, whether it's hardware, software or whatever the technology.

I will tell you that, from an overall business standpoint, we have always had a tremendous software component in our engineering. I don't have this [number] at my fingertips, but if you look at the headcount from an engineering standpoint, we have always had more software engineering than hardware engineering. And from a business standpoint, you heard [Cisco President, Development and Sales,] Rob Lloyd speak about this and [Cisco CEO] John [Chambers] speak about this: The direction for the company, as a whole, not just this area in particular, is to increase the amount of business that is purely related to software business and software business models.

--Ishmael Limkakeng, Cisco

What is the difference when you add new functionality with Cisco ASICs vs. VMware software?

Cisco is going to say, 'Well, it is not in that ASIC.' Well, when is it going to be in that ASIC? 'Two years.' OK. Well, then, what happens after two years? 'Well, then, after two years you rip that line card out.' Now you are probably going to need a new backplane, probably some new power supplies.

It is pretty good for me because I get to just replace it with all kinds of stuff, and that is how I make my money with infrastructure. If that is how you are making your money in infrastructure, you can't do anything other than a hardware-defined world. What is Cisco going to say, 'Yeah, they're right? We are going to promote software-defined and the hardware is generalized?'

--Steve Mullaney, VMware

Does Cisco's focus on the ASIC make it tougher to add new functionality to ACI?

ACI delivers value at the software layer, the system layer, all the way down to the ASIC. The way I would look at it is we use the best of both merchant silicon and custom ASICs, and the combination of that allows us to deliver anything that competitive solutions can offer because we do make use of the merchant silicon and we can innovate on top of that. So, our capability in ASICs and our breadth with our customer base, I think, gives us an advantage of being able to bring innovation to market faster because we get to leverage what exists in the industry and go beyond that. That is our strategy from that standpoint.

--Ishmael Limkakeng, Cisco

What are the cost considerations customers face in the VMware vs. Cisco SDN battle?

I won't give you names, but many, many people actually will use the capex avoidance of buying more Cisco gear to pay for our stuff. So they say, 'Cisco tells us we have to upgrade; I have got to get rid of the Nexus I just bought two years ago. Now I have to go get the 9000 and the ACI chip and as long as I do all of that, everything will be fine.' And even though it is cheap, the pain of retrofitting and ripping out gear, I haven't met an IT person yet who wants to do that. It is painful.

--Steve Mullaney, VMware

What are the cost considerations customers face in the VMware vs. Cisco SDN battle?

I think you are going to find that NSX is much, much more expensive … whether it's their price-per-socket pricing model or their VM-per-month pricing model. If you take that and compare it to ACI, ACI is significantly more cost-effective and more functional. And you will see analogies of this where people compare NSX but leave out the cost of the compute that the NSX controller and gateways, etc. are running on, and it leaves out the cost of the underlying networking -- whether it's Cisco's or somebody else's, there is a network there.

So, when you do that comparison, you are going to find that NSX is prohibitively expensive.

--Ishmael Limkakeng, Cisco

What are the security benefits of using NSX vs. the competition?

Any other alternative has performance problems because they are not in the kernel or you have to buy hunking, big physical gear because now there is so much traffic that you have to steer toward it, which means you need big pipes going into monster boxes that are hundreds of thousands of dollars and you need a lot of them. And then there is the complexity of the operations. Then when you want to roll out a new application or you want to move a VM or you want to do something, you then have to get physical security people to go in and actually touch the boxes. That just makes it a nonstarter.

--Steve Mullaney, VMware

What are the security benefits of using ACI vs. the competition?

From a security standpoint, it's part of the overall ecosystem. We have many security partners and many management and monitoring partners in the ecosystem. The other aspect is that internally to ACI, because we have very strong policy capabilities for the infrastructure, we define how devices and endpoints and components of applications connect to each other.

That makes it inherently more secure than just the traditional open connectivity. So I think from a segmentation and security standpoint, ACI really is a superior solution because we get to leverage and work with a broad array of partners, as well as what we have done within the system itself.

--Ishmael Limkakeng, Cisco

Talk about the competition with Cisco with NSX.

There is FUD [fear, uncertainty and doubt]. When you are the incumbent and you don't have anything, what do you do? You throw smoke bombs in the middle of the room. You just want total confusion. I almost couldn't have scripted it any better myself. [Cisco] gave us instant credibility.

Calling us public enemy No. 1, you know what that did? Guess what, anyone who had never heard of NSX before that was calling us up.

--Steve Mullaney, VMware

Talk about the competition with VMware.

I think what you see with VMware, and there are other players in this market and in markets Cisco is in, but we have a very strong partnership with VMware and a formal one with EMC and VMware in VCE. We have a lot of places where we go to market together and a lot of common customers. At the same time, clearly, in this particular space, we are going to be competitors and I don't think either company is shy about saying that or has any illusions that we are going to be competitive in certain places and we are going to be very cooperative in other places because that's what customers expect out of both companies.

--Ishmael Limkakeng, Cisco

What do you think about Cisco Intercloud?

So who is going to do Intercloud? None of the good cloud providers. Right. You want to buy ACI? Look, maybe 20 years ago. They called it Cisco Powered Networks. That is what they did. They said, 'Look, we have got Cisco in our service provider networks. Mr. Enterprise, you should run Cisco because it will work better.' Come on. That's '80s talk.

The world has changed. It doesn't matter.

That is a playbook from 20 years ago. It worked 20 years ago. It is going to fail miserably this year. Who is going to do that?

--Steve Mullaney, VMware

What's your response to Mullaney's claims that no 'good' cloud providers are going to deploy Intercloud?

That's an interesting comment. We launched Intercloud with Telstra, which is a pretty good customer and provider to begin with, but we can provide you with the list of people who have signed on. If Steve [Mullaney] or anybody else thinks they are 'bad' providers, I'm sure they would be very interested to know. I don't have the list at my fingertips, but it's a pretty extensive list, and it's growing rapidly.

--Ishmael Limkakeng, Cisco

So how does the software-defined NSX model change the data center game vs. Cisco?

The spike into the heart for hardware-defined is there are going to be things like vMotion that you can't do in a hardware-defined way. Because it is software-defined, the rate of innovation of software vs. ASICs is an order of magnitude. So you start coming out with all kinds of new features. Then you go, 'How do you do that in ACI?' And they say, 'We can't.' But you know what? 'It is on our road map.' Great! When? 'Years.' And then you have to rip and replace vs. software you just upload.

At some point, they are just going to fall. It will get no better for them than it is right now.

--Steve Mullaney, VMware

What's your response to competitors who say ACI isn't an 'open' system?

One of the key focuses that we had with ACI is to make sure it is as open a system as possible.

We are doing a tremendous amount of work with our partners, with the open community, whether it's OpenStack or OpenDaylight, to bring the policy model and make it common across the industry so that everybody can participate. And I think when you really dig into it, we are really making a lot of progress and traction on that front with other players in the industry. A lot of people claim to be open, but when you dig into it in reality, there tends to be more lock-in than is advertised. So we are very pleased with the progress we are making on that front.

--Ishmael Limkakeng, Cisco

What is the message to the channel regarding NSX?

It is 'go time.' We have hundreds of partners now. It will be probably high-digit hundreds end of year worldwide and thousands in 2015. We'll add hundreds of customers per quarter this year. So we will be high-digit hundreds of customers. We don't talk about the numbers. The only reason we talked about the number at all was because Cisco was saying we only had five customers. I'd say, 'Look, when I was at Nicira we had 15 customers and that was four years ago. So I think I have a little more than five customers.'

--Steve Mullaney, VMware

Talk about progress to date with ACI.

We have been very pleased with the progress we have had with both the Nexus 9000 and ACI. We are over 580 customers for the 9000 and over 60 for the ACI solution, in a very short period of time. So we are very happy with the progress on that front. I think the message, at least from our perspective, around Application Centric Infrastructure and the need for a comprehensive solution, as opposed to a very narrow software-only solution, is actually resonating with our customers and I think we are starting to see that in the traction.

--Ishmael Limkakeng, Cisco