Part 2: Cisco Live 2015 Recap – AWS Direct Connect, VIRL Facelift & More!

It was another great Cisco Live event this year! My colleague Dan Allen wrote a post summarizing the key takeaways he got out of the event. I wanted to add in some of my own to supplement his. As you probably know, it was John Chambers last Cisco Live event as CEO – which makes it especially cool that I got this picture taken with him!

cisco live

Expanded DevNet Zone

Last year Cisco introduced the DevNet zone which was focused on giving people hands on access to Cisco’s most ground breaking technology that could be construed as science fiction unless they opened their toy box and let people see and touch what they’ve been hiding in it. This year we got to play with Internet of Things development environments, API driven SDN solutions, virtual network simulation toolkits and drone technologies hosted by the co-founder of iRobot. Last year, it was 4 little booths in between two restrooms with giveaways to get people to come in. This year, it consumed a whole section of the convention center with over 20 booths, 6 interactive labs and different exhibits and guest speakers delivering presentations on the future of technology.

Programmability and automation were a part of every session no matter what the topic was

It didn’t matter if you were attending entry-level or advanced breakout sessions, IT management track courses or developer workshops; everything you attended at Cisco Live this year had something to do with automation, programmability, cloud connectivity or application awareness. This was very different from any of the 8 Cisco Live events I’ve attended throughout my career. If you’re a technologist and have any doubt in your mind that this is where the industry is headed, you’d better start learning new skills because, like it or not, our customers and the customers of our customers are, or will soon be, believers and consumers of these technologies and consumption models.

Cisco and Amazon TEAM up to BEEF up AWS Direct Connect

AWS Direct Connect is a part of Amazon’s APN Partner program that consists of ISP’s that provide WAN circuits directly connected to AWS datacenters. That means if you’re a Level3 or AT&T MPLS customer and you have 10 offices and 2 datacenters on that MPLS network, Amazon AWS can now become another site on that private WAN. That’s HUGE! Just look at a small portion of their ISP partner list:

  • AT&T
  • Cinenet
  • Datapipe
  • Equinix, Inc.
  • FiberLight
  • Fiber Internet Center
  • First Communications
  • Global Capacity
  • Global Switch
  • Global Telecom & Technology, Inc. (GTT)
  • Interxion
  • InterCloud
  • Level 3 Communications, Inc.
  • Lightower
  • Masergy
  • Maxis
  • Megaport
  • MTN Business
  • NTT Communications Corporation
  • Sinnet
  • Sohonet
  • Switch SUPERNAP
  • Tata Communications
  • tw telecom
  • Verizon
  • Vocus
  • XO Communications


Combine that with a CSR1000v and an ASAv and you have a public cloud that can be managed and utilized exactly like a physical colo that is completely transparent to both your network teams and users.


This little announcement slipped under the radar when it was made a week before Cisco Live but was definitely front and center in the Cisco Solutions Theater in the world of solutions. The ASA1000v has been Cisco’s only answer to a full featured virtual security appliance for the past two years or so. The only problem is that it required the Nexus1000v with which the industry as a whole has been reluctant to embrace (particularly in the public cloud space). Well good news, the ASAv doesn’t require the Nexus 1000v and, therefore, has opened the doors for the likes of Amazon AWS and Microsoft Azure to let us make use of an all Cisco Internet and WAN edge within an AWS Virtual Private Cloud (VPC). This means you can manage the edge of your AWS VPC the same way you manage the edge of your datacenters and offices. The ASAv supports everything an ASA supports which will soon include the full FirePower feature set. Have you ever tried building a VPN tunnel to an ASA at a customer’s datacenter from the AWS VPC Customer Gateway? I have – not the best experience. Well, not any more – it’s pretty cool!

ACI was big this year, but not as big as last year

I was expecting more of the same from last year on this one. Just about everywhere you looked last year, you saw something about ACI. This year was a more targeted effort both with the breakout session and in the Cisco Solutions Theater. I’m not saying it didn’t get a lot of attention, just not as much as last year and certainly not more. This shouldn’t come as too big of a surprise for anyone used to Cisco’s marketing and positioning tactics, however. Last year was geared toward awareness of the new technology and this year was more geared toward the application of the technology across very specific use cases and advances in it’s capabilities. The honeymoon is clearly over and everyone was focused on how to live every-day life with ACI being a part of it.

APIC can interact with ASA and other non-Cisco devices

The ACI APIC is slowly getting more and more abilities related to northbound programmatic interaction with other Cisco and non-Cisco appliances. For example, it can now instantiate policies and other configuration elements of ASA, Fortigate, F5 and Radware appliances as part of its policy driven infrastructures.

iWAN almost officially tested and supported on CSR1000v

As of next month, the iWAN suite of technologies will be officially tested and supported on the CSR1000v platform which means all of that functionality will now be available in public cloud environments. More to come on iWAN in another post.


The CSR1000v (Cloud Services Router) is Cisco’s answer to a virtual router. Until now, it’s been sort of an “Oh ya? We can do that too” sort of project. Now it’s a full-fledged product with a dedicated product team. It’s supported across just about every public cloud provider and in every Cisco Powered Cloud partner (Cirrity, Peak 10, etc.).

Additionally, I managed to get the product team to pull back the covers on the roadmap a bit and reveal what Dynamic Multipoint VPN (DMVPN) will be supported on the CSR1000v soon along with a number of other ISR/ASR features which will make a truly seamless WAN that includes your public cloud resources.

Non-Cisco Cloud News – Azure Virtual Network now supports custom gateways

A big challenge in real adoption of non-Microsoft application workloads in Azure has been the inability to use anything but Azure’s gateway services at the edge of your Azure Virtual Network. Well, Cisco let the cat out of the bag on this one as Cisco CSR’s and ASR’s will soon be supported as gateway devices in Azure VN. For me, this really brings Azure into focus when selecting a public cloud partner.

APIC-EM has more uses than ever

Cisco Application Policy Infrastructure Controller Enterprise Module (rolls right off the tongue right?), or APIC-EM, is Cisco’s answer to an SDN controller. It’s part of Cisco’s ONE software portfolio and has more uses than ever. Don’t confuse the APIC-EM with the ACI APIC, however. The ACI APIC is the controller and central point of interaction for Cisco’s ACI solution and runs on Cisco C-Series servers. The APIC-EM, however, is truly an open source SDN controller that is free and can run as a VM and interact with just about anything that has an API. That’s right.

VIRL got a facelift

Cisco’s Virtual Internet Routing Lab (VIRL) is getting some real attention. It’s an application that was unveiled to Cisco DevNet partners last year that lets you virtually build Cisco networks with VM’s running real IOS and NX-OS code to simulate a design and test it’s functionality. As a partner, this is huge as we can virtually replicate customer environments as a proof of concept or troubleshooting tool. It’s getting more development support within Cisco.


A lot of crucial information and updates came out of this event. If you would like to discuss any in more detail, feel free to reach out!


By Nick Phelps, Principal Architect