Please share with the community what you think needs improvement with Cisco ACI.
What are its weaknesses? What would you like to see changed in a future version?
Cisco ACI needs to add more analytics and automation.
There has not been a single implementation we have done where the client wants to use all the features that are in the product currently. Contemplating new features seems out of order. Every product can benefit from new features as long as they are desired and add functionality that is useful. Most of the features that are there now are good and Cisco is doing a really good job at staying ahead of the curve with their competition. They are implementing new features before companies are even ready to use them or know that there might be a need for them. Figuring out how to implement the product for clients is the area we struggle with the most every day. Perhaps an enhancement would be artificially intelligent solutions, but that would be further down the road.
The CLI needs to be improved.
I would like to see simpler contract building, engineering, and architecture. There should be an alternative "ACI Light" solution for smaller-sized enterprises.
I don't have any new features that I need in Cisco ACI yet because we're still learning and making it work in our environment today. I don't have anything new. The one big challenge with it is Cisco going from a perpetual license model to a licensing model that is renewed every year. You pay a large fee to use stuff like this. That to me is one of our challenges. Making training more available for all of our employees and not even at a cost would help. If you want this to be deployed to all the data centers everywhere it's got to be something that everyone can sit down and get training on. If you're going to try and operationalize it amongst existing staff members and even up-coming ones, it's not a simple thing to sit down and learn. I've been doing this for thirty-five years now. It's one of the most difficult things I've had to sit down and learn myself.
The additional features I would like to see included in the next releases are support for our policy-based routing. There are endpoint issues that are there now in the code. Hopefully, these will get fixed in the future code. In terms of scriptings, there are a lot of APIs available but there's a big gap with networking and the application. That's a gap that we're trying to bridge to understand how to do scripting.
I recommend to customers that they meet a knowledgeable vendor to help them with it.
Technical support needs improvement. I can get stuck with a rep who will just have me scan the logs to look for the problem. I think that technical support tickets should be escalated sooner.
The ability for us to figure out the traffic flows, to enable some of the more segmentation parts of it, is really tough with what is built into ACI. It would be nice if it were part of it.
I wish that if I had to open up an additional tab, I wouldn't have to log in every single time. That would be a feature I would like. For the licensing model of the system, I still have not gotten another update after eight months. It's telling me I'm not licensed even though I'm told I am by my reseller.
I would like to see a smoother transition from existing systems. The configuration from what we had earlier, compared to ACI, is completely different.
I would like to see a lot more integrations with the rest of the Cisco portfolio. I would like to have ACI embedded into HyperFlex, as an example.
In terms of improvement, I would like to see some sort of way to baseline the system in a network-centric fashion. The way ACI works is that it is very application-centric but I think that a lot of people who I have spoken to that use it don't need all that application-centric focus. Cisco says you can do a network-centric approach but I want to do network-centric in my design and then have the system organize and set itself that way. That would be cool. I would like to see that. If you as the customer want a network-centric design, after you build that initial configuration and you go into the GUI for the first time and you decide which direction you want it to go in and you point it in a certain direction, then it builds out the infrastructure to accommodate that, that would be beautiful. They are selling the system as application-centric. I think a lot of people, ourselves included, are not ready to approach it in that way. It's too many knobs to turn. It's great overall architecture, scalability-wise, has an easy configuration, central configuration, but there are too many knobs to turn.
I haven't been using the product long enough to really be looking for additional features as I haven't exhausted learning about the features that are available.
I think there are a lot of additional features that we haven't had a chance to look at yet, but I would like to see a simpler interface where it is easy to find endpoints and get information about them. Making it more user-friendly would be wonderful. That is my main concern.
I would like to see integration with Tetration. You should be able to use Tetration to manage your scripts and push into ACI without having to export, manually manipulate, script it, and then re-import back in ACI. It needs automation there.
They should make it easier for the network people to do automated solutions.
I would like to see more troubleshooting apps. There should be more and better SNMP monitoring.
ACI is not simple, by any stretch of the imagination. We are not following the application-centric approach, but a network-centric approach instead. It would be nice if I could specify network-centric in my design, and the system would organize and set itself up in that way. Essentially, once you go into the GUI for the first time it would prompt you, and it would build out the infrastructure to accommodate your choice.
Where there is room for improvement from ACI is for Layer 2 and Layer 7 packages. Normally, when you're updating your ACI fabric or you're introducing new Layer 4 to Layer 7 devices and there are some constraints, there are some limitations. You need to check before you do it, as well as F5 load balances. When you are doing device packages you will not have the functionality of ASM. It's like WAF, web application firewalls. So you need to configure it manually. There is some room for improvement here. The rest of it, for VMM domains, is improving. Cisco is introducing new features. I don't feel that it's unstable or it needs more improvement. But, for Layer 2 and Layer 7 packages, it still needs improvement. It needs quite a bit of work. Currently, we are using it in our test lab for Layer 4 and Layer 7 services. We are not using it in production. We are using unmanaged Layer 4 and Layer 7 devices. We are not using complete device packages. I'm looking forward to something called Cisco Tetration. I have never worked on it but it's there now. It will map everything: What type of ports are communicated through between users and applications and between applications. It will map that on ACI automatically, at the ACI contracts level and the application level. It's like a big-data platform. It will understand the application. It will understand the port requirements, the security requirements, and it will perform some types of automation. Right now, ACI is lacking this. There's some intelligence within it but not much.
They are still working on Multi-Site and Multipod but there are many customers that are looking for these in their Features page. We are having challenges with these features. For Multipod we need Layer 3 devices that support multicast. Customers ask: "Why can't ACI do that? Why do we need a dedicated Layer 3 device for this?" If they go for Multi-Site there is no need for that, ACI can do it. So Cisco needs to increase the Multipod features in ACI. For one customer we found CloudCenter doesn't support Cisco Multi-Site scenarios.
Better troubleshooting features would be helpful. In ACI, it can be a big mess, a real headache to troubleshoot a single issue. Cisco should work on the troubleshooting part of ACI. The troubleshooting part, and the information that ACI gives you, sometimes don't give you a proper, inside picture of what's going on within the fabric. We had an issue where the customer was not able to sync with the NTP server and we were not able to identify the problem. The NTP was just not talking to ACI. The troubleshooting part is a bit difficult in ACI, and I feel that it should have been improved a long ago, but I don't know if they're working on it or not. Also, they have the new designs for Multipod and Multi-Site. There are a lot of good features, like static storage connections. But I have seen some customers that faced issues with connecting the storage to the fabric.
One of the things that makes it a lot more complicated is the way contracts are handled in ACI. Contracts are like their own access lists. They can improve the setting up of contracts between devices a lot. It can be simplified. Because ACI re-invented something that's been working for so long - you can now have overlapping subnet - it gets really confusing when they say that you can use the same subnet for different VLANs. They should make a standard list of best practices and that makes it easy for the people who are going to use it. That part alone, when they tried to remove subnet and VLANs, that's an integral part of networking which people have been used to for so long. They tried to remove it. I don't know why, but when they did that, it muddled up the concepts of networking, and people need time to adjust. That's why they have to put out a best-practice's guide, to make it easier for traditional-method people to adapt to ACI. Another area for improvement is establishing a Layer 3 Out policy. Accessing the internet is a bit complicated where, before, using Cisco devices, it was just one line of code. With ACI, it took us a few days, almost a week, to just figure it out using the GUI.
They should improve the GUI, make it simpler. They also need to improve its integration with other automation tools. In terms of additional features, I would recommend of PTP support, which they have yet to come out with.
I don't like the idea that Cisco is bringing in different machines or dashboards. This does not allow us to have one solution. We are viewing the DNA Center, ACI, and Meraki. A link from another system may have you end up in the Meraki dashboard, that's not what I expect. I want to have one single pane of glass where I can see and do the changes on every thing. I would like to be able to test the upgrades in a simulation before implementing them in production because not everyone has a lab.
The error messages should be improved. Sometimes we want to remove an error message so we acknowledge an error and we would then like to remove it but there's no real way of doing that. If we need to do it, we need to open a tech case. That could use improvement.
I am still not quite happy with the APIC GUI, since I am more of a CLI guy. I don't really use the GUI a lot. It would be better to introduce some wizards to guide you through the whole configuration process instead of clicking through a bunch of menus with no concrete path. It is too easy to forget one or another if you configure it this way. A wizard would be a great help. We are still struggling with some design issues, but most of these issues will be fixed in the next release.
Cisco should provide more examples of code in their website. Something that other people can use. There is a great place in the development area.
I would like for ACI to manage all of the devices.
The interface is sometimes slow. I receive a lot of weird errors when I try to install apps, such as contract apps, which should give me a nice visualization of all the contracts. However, it just doesn't load, etc. I would like more thought put into the way the graphic part of the monitoring is rendered. When you have a lot of contracts, you can't understand the graphics because they are so loaded.
In the new version of 4.0, the management groups for updating the software is not the best way to do it. It was better in 3.2. There was a better overview of all the management groups with integrated switches.
We designed it from scratch which contributed to the complexity. They should have better information about the deployment requirements.
The virtualization area needs improvement but I expect that to happen with the 4.0 version. I would like for them to develop integration with AWS.
The product needs to be simpler. There is too much complexity in ACI. 80 percent of its features are of no use to us. We could do with a simplified version. I would like to see some of the roadmap products remotely working to satisfaction where we could actually deploy them for our customers.
Previously, the product was a little tricky to use. However, it's now a well developed platform. I would like to see the data center unification of Cisco ACI with Cisco DNA into a single platform to deliver the data center and campus sides.
Because this is new technology, which requires a different way of thinking, it can be hard to understand. Therefore, I would like more documentation or education.
It is more about resolving bugs early on in the code. Otherwise, as the product gets more mature and those bugs get discovered sometimes by the customer, then Cisco will resolve them.
It needs more features for integrating with third-party vendors.
I would like to see better training. I don't have good training with this product. If I did, I probably would be able to solve all of the problems during the installations.
If I was a customer who is using the ACI to run my network, I would like for there to be more information about it available. While using the ACI in the graphical interface, I would like if there was something that explained every step that you can click and it will tell you what you are doing in more detail. For me, I understand what's happening because I did a course, but the problem will be when our customers, who are not so versatile in this, start using it and won't know what's going on. If it works it's fine, but when they run into problems, then it's gonna be an issue. If everything works, it should be fine but if any issues come up, a lot of Cisco services will be needed.
I would like Cisco to simplify the interaction of the controller. I would also like them to simplify the way you configure the Fabric. The process is quite complex. This can be a barrier to entry. For anything, where it should take two or three steps, you have ten steps. It took quite a bit of time to learn how to use it. The learning curve is very steep.
The challenging thing about Cisco ACI was we had to put a lot of effort into providing the customer the full picture, new standards, and new technology that they had to use. This was more challenging than deploying the product. There should be more focus on training and support. I would like to see is more integration with services and service graphs.
It is still not mature and has room to grow. As with any product out there, it requires time to develop. We run into bugs from time to time. It is more from the perspective that we're not running the default configuration, so when we try to tweak it that is where we hit issues. The transition period when you go from standard networking to the application centric tool can be difficult because you need to understand the new terminology, but you will get through it.
I know Cisco is trying to move away from CLI, but I would still like to see improvements to the CLI. Troubleshooting is quite difficult using other tools, and there are still quite a lot of people with the network engineer mindset who rely on CLIs. Therefore, it would be nice to have a unified CLI. They made big improvements on this last time, but it could use additional improvements. Here are some of the issues that we encountered: * We had lift switches which failed to forward traffic correctly. * We had issues in the first deployment when we tried to finish the migration from traditional networking to Cisco ACI. * We had issues with the propagation of the routes internally. Therefore, we had destinations which were reachable, but other destinations were unreachable in the same subnet. It took quite a lot of tries to finish the migration, because our issues were always the same. These issues were related to silent hosts.
Sometimes, it has been a bit hard to configure it. Since it is a new technology, Cisco moved all the menus. This made it tricky to use.
Interoperability with third-party products always seems so straightforward, but every time you need to invest a lot to add an external element to the ACI Fabric technology. A good improvement would be to have an easier integration with external building blocks in the customer's environment. Biannually, there is a new design delivered by Cisco. Thus, you are always running behind the new design, and it never stops. With Cisco ACI, this has been a nightmare. I recommend that they provide more customer focused blueprints to fix this. They should try to learn and understand what are the real needs of each customer. Now, we are running behind releases. However, with each new release of a new design, you have to test it and validate it. So, we aren't going operational, which is not good. This support was not offered to us with the product. I would not want to see any additional features at this point. We have had enough additional features. We still have a lot to learn and don't want anything extra.
The product needs to be more visible on the Internet and have the ability to be integrated into more software developments. For example, with Amazon, you can click and deploy SDN with firmware, but not with SDI. It needs simpler process to be deployed everywhere. The Multi-site is not easy to use. While Cisco has plans to change this going forward, for now, it is complex.
* The way the objects are oriented on it are not as straightforward as they should be. * The learning curve of this product is very steep. It is not what I'm used to. * I miss having the CLI. I am old-fashioned.
I would like to see more integration with other Cisco products.
The ACI user interface is complex and Cisco should improve it. We had to take time to learn the product, as it is quite complicated to understand.
They need more documentation. Because when we hit an issue and searched on Google, we didn't find a lot of documents about the issue. Possibly because it's a new product. We are deploying ACI, and at same time, we are testing migration from our old network. Our old next is Nexus, latest version, and we have a less load balancing and it's hard to migrate. We are hitting some issues, so maybe there is room for improvement.
We would like to have faster services and problem monitoring for our customers.
The areas for improvement are automation and user-friendliness. If I lose the connection from one side to the core, I can't use the other side to go to the core. I hope in the future, this will be fixed.
The user interface (UI) should be made easier. I would like to have a multi-cloud environment, but I just read that Cisco ACI Anywhere is about to be released.
It needs to be able to function on the cloud.
It needs more integration with public clouds, like Azure and AWS. There are some setup issues that need fixing.
With the first setup, it was complex because of the terminology. We were clicking around because we did understand the API console. The hardest part was to make something scalable and easy to use in the future without having any prior knowledge. It was hard, which is why we used consultants with the setup to provide us advice. We did have problem with APIC, but we didn't even notice it. We changed it with no impact. We are waiting to see what happens with the cloud. We want to see if it will scale better. Also, we want to see how they will be moving to the cloud. At this time, we don't know.
The only drawback that we are seeing is the user interface is still a little complex and difficult to use. It needs a more user-friendly interface. I do not use it daily. Every time that I have to go back and configure something, it is very difficult and confusing to remember how to do it and where the menu are located.
There is quite a learning curve at the beginning.
* Security and isolation based on the type of traffic * High level of resiliency.