F5 and Cisco: Supercharging IT Operations with Full-Stack SDN

Updated March 01, 2017
  • Share via AddThis


Many IT operations teams struggle to keep pace with application developers and changing business needs. And who can blame them? They must accommodate an explosion of applications across an array of environments. They must protect users and data everywhere and at all times. They must support a continuous flood of infrastructure "move, add, and change" requests, configuring systems and components to meet exacting and ever-changing requirements.

And most of them are still doing it manually.

Software-defined networking (SDN) can provide relief for IT operations teams, automating the configuration and deployment of infrastructure based on the needs of applications. But a robust SDN solution must encompass the full network stack and be flexible enough to deliver higher-level application services.

This paper illustrates how the integration of the F5® BIG-IP® platform, Cisco® Application Centric Infrastructure (Cisco ACI™), and the F5® iWorkflow™ virtual appliance) delivers a market-leading SDN solution. By providing policy-driven automation that accelerates infrastructure and application deployment, the solution also elevates the role of IT operations teams, helping them transition from builders to architects, and from technology bottlenecks to business enablers.

Confronting the bottleneck

Application development teams can no longer wait for their networking, computing, storage, and security counterparts to manually configure and deploy infrastructure systems on their behalf. They need on-demand IT resources to deliver new applications and software updates that address evolving business needs.

If they can't get those resources from their internal infrastructure team—and get them quickly—they will acquire them elsewhere. After all, cloud-based infrastructure is just a credit card number away from being deployed immediately.

Enter SDN, which flips traditional IT paradigms on their heads and decouples applications from infrastructure. Instead of forcing applications to conform to static underlying systems, SDN automates the configuration and deployment of infrastructure based on the needs of applications. That means compute, storage, and network resources that used to be manually configured—taking days, weeks, or even months—can be spun up in minutes. It's a major shift for IT teams and the businesses they support, fostering unprecedented efficiency, elasticity, and agility.

Applications can be deployed faster, with better service levels. Infrastructure can be expanded or contracted at a moment's notice, whether for peak seasons, batch processing, marketing promotions, or fluctuating bandwidth demands. And the entire business can operate more efficiently, using only the IT resources that are needed, when needed.

SDN promises to ease the IT bottleneck that is present in many organizations. One where application developers are waiting for infrastructure, IT operations teams are struggling to maintain existing systems and accommodate "move, add, and change" requests, and the business is slow to respond to customer, market, and competitive pressures.

Figure 1: Organizations can realize the most benefits from operationalizing both stateless and stateful network services

Evolving SDN technologies

In its nascent stages, SDN was designed to separate the control plane from the data plane, removing routing and switching from the application development equation. But that only solved half the problem.

While first-generation SDN technologies successfully automated the base layers of the network (L2–3) in support of applications, IT operations teams still had to manually configure service levels for those applications. Load balancing, firewall, security, access, and compliance services&mash;all delivered in the application layers of the network (L4–7)—had to be meticulously assembled for every new workload, and for every software change.

In these early stages, the benefits of SDN were clear, but the bottleneck persisted. To realize the full promise and potential of SDN, automation and orchestration were needed across the entire stack—from layer 2 through layer 7.

An integrated solution

F5 and Cisco have partnered to fulfill the promise of full-stack, end-to-end SDN by integrating the BIG-IP platform, Cisco ACI, and the iWorkflow™ virtual appliance.

Here's how it works in simplified terms. L4–7 services are defined in F5 iWorkflow using easy-to-understand templates called F5® iApps®. iWorkflow then creates a Dynamic Device Package for each application. These Dynamic Device Packages are loaded into the Cisco Application Policy Infrastructure Controller (APIC), where L2–3 services—including servers, firewalls, and load balancers—are defined. A policy is then created for each application, and used by iWorkflow and the APIC to automatically configure the network, application delivery controllers (ADCs), and service levels.

IT operations teams can manage all application policies from the Cisco APIC, which functions as a centralized controller for L2–7 infrastructure automation and orchestration.

Figure 2: Deliver automation and orchestration with the integrated F5 and Cisco full-stack SDN solution

Compared to other SDN technologies, the F5 and Cisco solution is more integrated, flexible, and controllable. It exposes more granular service levels and choices, which can be tailored for each application. Different policies can be established for diverse application types, or even for different groups in a multitenant framework. And these policies can be easily updated at any time through the Dynamic Device Package.

Application policies, not plumbing

Two hallmarks of the integrated F5 and Cisco SDN solution are simplicity and focus on application policies.

A policy–covering L2–3 switching and routing and L4–7 services—is created for each application. These policies are described in plain terms, allowing anyone to outline application requirements without knowing the specifics of network and service configuration, which can include tens of thousands of lines of code. Teams need only define high-level application services and basic connections like IP addresses and ports.

It's a simplified approach focused on application characteristics and connections, not the underlying plumbing. Policies can be easily changed or updated throughout an application's lifecycle, and they can be used repeatedly for new applications. The approach dramatically speeds up infrastructure provisioning, application deployment, and ongoing software and hardware maintenance.

Furthermore, these capabilities can be handed over to application developers through a self-service catalog. With iWorkflow, application templates can be prebuilt and reused, with as much choice and flexibility as desired, allowing application developers to spin up their own infrastructure resources. And that changes the very nature—and relevance—of IT operations.

Empowering IT operations

IT operations teams are builders of the highest degree, carefully constructing and configuring each infrastructure component and service level to meet the needs of developers and the applications they create. But the reality is that too often most teams are buried in repetitive, manual tasks. Moves, adds, changes. All day, every day.

With full-stack, self-service SDN, IT operations teams have the opportunity to elevate their role and relevance within the IT organization and within their business, transforming themselves from order takers to orchestrators.

Instead of wielding tools on others' behalf, IT operations teams can create a powerful toolbox and place it in the hands of application developers. This frees the IT operations team from repetitive, manual tasks, and allows them to focus on foundational, repeatable capabilities that help push the business forward. And it enables application developers to move at their own pace and deploy infrastructure as needed, when needed. Most importantly, the entire IT organization becomes a faster, more coordinated, more efficient driver of business success.


F5 and Cisco have worked together for years to engineer, integrate, and optimize one of the industry's best SDN solutions. One that fundamentally changes the way an infrastructure is managed in support of applications and business needs.

The integration of the BIG-IP platform, Cisco ACI, and iWorkflow fulfills the promise and potential of SDN, delivering policy-based automation and orchestration up and down the network stack. It brings speed, simplicity, and flexibility to IT processes that have been too slow and cumbersome to keep up with the explosion of enterprise applications and the dynamic nature of modern business.

But full-stack SDN does more than speed up infrastructure provisioning and application deployment. It elevates the strategic importance of the IT operations team within an organization, enabling them to transition from builders to architects, creating foundational capabilities that supercharge IT processes and drive business forward.

For more information about the F5 and Cisco partnership, visit F5.com/cisco and Cisco.com/F5.
Discover how the BIG-IP platform can help you optimize SDN at https://www.f5.com/products/get-f5.