No VMware NSX Hardware Gateway Support for Cisco

I find it interesting, as I’m taking my first real steps into the world of VMware NSX, that there is no Cisco equipment supported as a VMware NSX hardware gateway (VTEP). According to the HCL on March 13th, 2018 there is a complete lack of “Cisco” in the “Partner” category:

Cisco Missing from VMware NSX hardware gateway support

I wonder how that works out for Cisco UCS customers.

As I continue to remind vendors, virtualization environments cannot virtualize everything. There are still dependencies on things like DNS, DHCP, NTP, and AD that need a few physical servers. There will also always be a few hosts that can’t be virtualized because of vendor requirements, politics, and/or fear. Any solution for a virtual environment needs to help take care of those systems or it’s not a solution people can use. Beyond that, most people are unwilling to spend precious time and funds on two solutions. The most amazing solution for VM backup, monitoring, or security is useless if you don’t solve my entire problem, which includes the core dependencies I have running as physical hosts.

Folks like Rubrik and Veeam caught on and solved the problem with backup agents. Now we can back up the physical hosts we still have. Extending NSX services, especially security, to the physical systems would help immensely, too. This functionality is “table stakes” now, base functionality customers expect as we design new systems and refresh old ones, but lots of others are missing the boat, too. HPE only has two models of switches listed. Dell only has three. None of them are 25 Gbps. Most of them aren’t certified for recent NSX releases, either.

This seems like a fly in VMware’s NSX ointment. Is it weak demand for NSX that is leading to networking vendors not supporting VXLAN? Or is it terrible networking products that are causing a lack of NSX sales because of their inability to support these features? Whatever it is, this stands as a big opportunity for players like Arista to stand out and eat Cisco, Dell, and HPE’s lunches by being a big and reliable part of the solution, not just another perpetuation of the problem.

Comments on this entry are closed.

  • Hi Bob,

    Long time reader, first time commenting. There’s a pretty good breakdown here:
    https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-740091.html

    Suffice it to say that it does work with newer Cisco 9300s, but never seems to have made it to the HCL. It’s been a long frustration of mine and my colleagues. UCS is another conundrum – how do fabric interconnects fit into all of this, particularly if you think about leaf-spine, overlays etc. What about hardware VTEPs on the VICs themselves etc.

    • A VMware SE has told me it’ll work but has issues with subinterfaces and such. Regardless, if you’re having an issue you won’t get help from VMware until it’s certified…

      UCS might be fine because Cisco will support it, probably, until it’s confusing and they point the finger at VMware and then you’re stuck.

      Also, love the first line. Thanks for the comment!

    • Fabric Interconnects are built on very old silicon that is unable to support modern packet forwarding. Really, they should be obsolete but customers are still buying them so why invest in new product ?

      • Sadly, they’re still a necessary evil for UCS as a compute platform.

        We like to describe UCS as the ultimate pet hotel – you likely wouldn’t use it to build a next-gen cattle-ready private cloud DC , but as a place to keep your legacy enterprise pets, it’s pretty darn good.

  • I would bet strongly on vendor politics here. Cisco very much wants its customer to use its ACI product. At this time, it would appear they have decided not to offer their products to VMware for certification because that improves their chances of flogging ACI to customers. AKA the “we don’t support it so you shouldn’t buy it” as a sales pitch.

    Customers using NSX will not find ACI useful or valuable because its function are far more capable and useful from a virtualization perspective. Conversely, networking folks sometimes find ACI more useful because of its focus on automating legacy network operations.

    Its up to customers to tell Cisco that they will make more money by supporting NSX. I highly recommend that you do this by not buying ACI which makes server and switch revenue more attractive. In general, I consider ACI is less valuable than an NSX solution (your mileage may vary).

  • Ciscwho?