Cisco ACI Reviews

In the last nine months, I have done two projects with Cisco ACI. Both of them were banking systems. I'm capable of selling, installing, and deploying Cisco ACI, so I know all the licenses and prices as well as how to compare the prices and establish a pre-sales team and also doing the deployment and supporting the ACA solutions. 

The most important aspect of Cisco ACI in my opinion is the ease of management. Other solutions, like traditional solutions and pricier solutions—or even fabric and PAT—you have to do many configurations on a box-to-box basis, With Cisco ACI, you go on the AP and do some "next, next finish" installer. Everything is done without having to know about the VXLAN, AVPN, MP-BGP, or ISI. In previous solutions, you had to know all these things and deploy all of them yourself, so you needed a deep knowledge of VRF and all the other BGP things. You would have to remember everything about the detail configuration, but now we just do some clicks and everything is there.

The other benefit to me is the white-listing solution that the ACI can handle. It's important to have a good knowledge of IPS and DDoS things. I always prefer to stop traffic mid-way instead of putting everything on the firewall and blocking it on the firewall. In my opinion, a firewall has very limited resources and it is possible to run out of resources easily with a simple attack, like HPing. But when you do white-listing, you just greenlight your needed traffic, not all the traffic. So this is a very big difference. And also of course, nowadays everyone is talking about the ACR tool Heat that allows customized configuration to style. These are the major things and some other things like very low latency and few hops. 

Before version 5, you could manage your firewall or load balancer from the AP. It was very basic and now they removed the whole features in the new version, so you cannot manage your load balance or firewall from your AP on L2, L4, and L7 services. They can improve this because it's a little bit hard to send traffic with PBR or EPB to the box. They're returning back. That's one area where they could improve.

I've mostly worked with Cisco solutions in the last 15 or 17 years. I do everything from deploying enterprise solutions and developing data centers to building cloud applications with Cisco ACI or data solutions at the center, like MPP, GPU, AVPN, and VXLANs. Security-wise, I started with ASA and IPS then upgraded to Five Power and Snort. I also have a lot of experience with Ice and Identity solutions as well as ESA and WSA.

I believe that Cisco ACI is highly scalable. Anytime that you want to add bandwidth, you just need to add a spine and anytime you need more ports, you just need to add that. And the very cool feature is the different typology that ACI can support now. Before that, it was a stretch, especially the typology. Nowadays, everyone is talking about the IPN and the multi-part.

For bigger operations with different data centers in different locations, you can deploy multi-site and it also offers some support remotely. I've never deployed it, but you can use a virtual peak that gives this and also enables a multi-tier. That's also very helpful with customers that don't want to spend a lot of money for the cable or transceivers. And the hardware is massive. I really love the hardware. The MTBF is huge. Everything is stable.

I was also in Malaysia for many years as a CTO at a company before COVID and was a Cisco partner. So I know how to create tickets. I've experienced how they respond and escalate tickets. I was the business owner and promised stability and availability to my customers. I asked and they opened a ticket for me, and I'd give it to my friend. I only needed to interact with Cisco techs very few times. But for licensing things and hosting, I use support all the time.

In most cases, you just plug in the cables and it even has the cable cave, a guard system, attached spine to spine. In my opinion, the initial part that involves creating the overlay is very easy compared to an MP-BGP or VPN solution. So in that case, it definitely takes hours, especially if the site that you are working with ACI is multi-tenant. If it's multi-tenant and you are not using ACI or an MPG EVP solution, then it's hard for you to take care of the road fillers. And a BGP road target must be very accurate, but here you don't deal with anything. This is also very great about ACI, which takes less networking. There's no port. Everything is tied to the object. So that's very easy. I believe that it is exactly the same environment and same thing that we face with the Cisco Blade system. You can create a foreign device and attach it to any server on the Blade and everything works fine. 

I would rate Cisco ACI nine out of 10. I'm always trying to push customers to use Cisco solutions. When I'm talking to my clients or anyone else who is thinking about using Cisco solutions, I always say 10 out of 10, but I believe that there is some space for improvement. 

Cisco ACI is the next-generation SDN-based solution that Cisco uses for almost every style of data center or server farm. It's similar to what we used when we wanted to build a facility containing our computing storage and everything we already have in our data center. However, this one is different because it uses innovative technology that combines VXLAN, MP-BGP, and SDN.

It has an amazing graphical user interface, and it integrates well with other brands like VMware. You can even integrate ACI with NSX in the latest versions. ACI integrates with NSX in version 5 and above. You can also use it with Kubernetes, OpenShift, and Cloud Foundry. It also has agents for cloud platforms like AWS and Azure.

ACI's most valuable feature is its SDN capabilities. Everything is on your software design controller. Everything is blocked by default until you allow it. 

The integration has room for improvement. There should be a drag-and-drop interface for configuring the integration where you connect some arrows to boxes, and the system takes care of the configuration. 

Right now, they have something similar, but it's limited. You have to take care of some things yourself. That is one area that the solution can work on. It's easy now, but it's much easier in other solutions.

Cisco ACI is highly stable. I've deployed it at six or seven data centers, and we've never had any issues with stability. It's a hundred percent reliable, but you have to consider some things. You can't deploy any version of your box and expect it to be stable because Cisco has some rules. For example, Cisco has a recommended version. It means that other versions may contain bugs.

Starting in 2000, if you open a switch, you will see a small motherboard, and the switch will work forever. There was no configuration. You just ran a few commands, and everything was done. Today, when you open a switch, you see a whole computer. For example, you can deploy the Cisco Catalyst 9000 with Python script. So there have been a lot of improvements and a lot of things.

Also, when they update ACI, you will face some bugs because this isn't a limited motherboard. Now, the motherboard is like a computer. You can expect some bugs, but you won't have that many issues compared to other solutions if you use the recommended version.

The initial setup is effortless. You can deploy ACI even if you have limited routing knowledge because everything is done automatically. The underlay network is IS-IS, while the overlay network is BGP. You don't need to know anything about IS-IS or BGP. 

You need at least two people to deploy ACI. More than two engineers might be required. Your VM engineer should join you if you're working with a virtualized environment,  and your storage network engineer should take part if the project involves storage. In total, it should be maybe two to three people.

I rate Cisco ACI nine out of 10.

Primarily, what we like is the ability to do micro-segmentation. We have many different application endpoints, and one of the key use cases for us was to be able to classify the application endpoints into arbitrary buckets of different silos. We need to be able to ensure that different endpoints will go into, let's say, a production silo, versus a development silo, versus a test silo. That was one of the use cases.

The function above and beyond that is that you get things like automation as part of the SDN framework. Therefore, you get the data center overlay that is built automatically and provisioned automatically from the automation capability that's built-in.

The solution has all of the baseline functionalities for any sort of SDN capability. 

The stability is quite good.

The initial setup is straightforward.

One of the areas that need work is feature flexibility. If you want to do things like routing policies it's not cookie-cutter, however, you want to customize routing policies. It becomes a little bit more constrained due to the feature set, the routing policy feature set within ACI, doesn't allow for you to get very customized when it comes to, let's say, failover type scenarios. However, that's just an artifact of the product maturity. It's going to take some time before the product becomes mature and they have the ability to have more customized features enabled. At version 4.0, these features were not yet available. We ended up having to basically export the routing functionality, the more advanced routing functions, outside of ACI and just put it into the routing infrastructure around it.

The initial setup is not intuitive.

Technical support needs to be more helpful. It's rare that you get a knowledgeable person.

It would be nice for them to provide visibility at a cheaper price point. Visibility is something that everybody wants to achieve with their workload. One of the benefits of SDN is supposedly the ability to collect all that telemetry and correlate it to something that is actionable and meaningful. That's a key requirement, however, the bar is so high in terms of costs. In our environment, we opted out of it as it's so expensive, however, it would be nice, as, if you don't have visibility, then how do you properly segment your workload? The minute you start segmenting, you kind of cut off workload communication. If your goal is micro-segmentation and putting your workload into arbitrary silos, and if you don't have the visibility, then it will be very difficult to achieve. Therefore, if you don't have visibility and you want micro-segmentation and you don't want to pay, then ACI is not your solution.

I've been using the solution for two years at this point.

The solution is stable. We don't have issues with it crashing or freezing.

While supposedly it's scalable, the program is not. I don't have any data point that I can provide for scalability within ACI, as our environment is fairly small.

Technical support is hit or miss. Sometimes you can open a ticket and you will not have to escalate it three or four different times before you get somebody that is competent. I would say that's 85% of the time, however, the other 15% of the time you get lucky and you get somebody that knows what they're talking about.

I have some experience with VMware. I'd describe it as more intuitive and easier to configure, however, it's a different solution as it's software-based as opposed to ACI which is hardware-based. 

The solution's initial setup is straightforward. It is not difficult. One other area that I would say is a negative is the way that they have their setup. It's not intuitive. It's very complicated and if you want to provision an interface or something like that and get that interface, it requires a bunch of steps that are very counter-intuitive. It's not user-friendly.

The pricing could be a bit cheaper.

If I compare ACI to a VMware NSX-T type solution, I don't know if there's a differentiator there compared to NSX. I will say that NSX has much higher numbers of differentiation, as they have visibility into the workload at the hypervisor. Having used ACI, we were looking at solution sets that will give us specific capabilities beyond that. The value of NSX is it will give you the visibility component.

The version that I was working on is a 40 version, however, the company is at a 50 version at this point.

If you are looking for a solution that will give you the ability to have really good visibility into your workload, how your workload performs and functions, ACI doesn't give you that level of granularity as compared to, for instance, a solution like VMware NSX. For them to provide visibility, you're going to have to spend a lot of money on Tetration, which is another solution that they try to force on you. If visibility is one of your key requirements, then you might want to rethink your data center SDN solution for ACI.

I'd rate the solution at a six out of ten.

The primary use case is in an environment where the customer has a very large virtual compute and a lot of physical compute as well - in terms of the number of servers - and a big heterogeneous firewall. They want to converge their racks where they have a physical firewall and a virtual firewall. They have their metal servers and VMware or Hyper-V VMs. This is the best use case. This is where ACI fits best because it can integrate the physical and virtual environments together within a single fabric. It can give a very good overview, an "aerial view" of your whole data center within your fabric. That's the best use case.

The improvement I have seen after ACI has been implemented is that companies that wanted to implement a service lifecycle of any services, or that wanted to do automation, really improved their deployment times. Once the fabric is up, then they can start doing so. Customers usually get confused and think that if they implement ACI then everything gets automated. No. That's a mistake. With ACI, you have to buy software, an automation orchestration tool like Ansible, UCSD, or vRealize - tools to automate.

The improvement is that when companies buy an automation tool with Cisco ACI, the deployment time, their designs, are really fast. 

Another improvement is that customers say that the performance is really good with their new network.

The best part of ACI is that it can integrate with a lot of virtual environments like VMware, Hyper-V, and KVM. That's the best feature that sticks out in my mind because I have worked with customers who were looking into different solutions. The biggest selling point for them, which finalized their choice of ACI, was because it supported both Microsoft and VMware.

Better troubleshooting features would be helpful. In ACI, it can be a big mess, a real headache to troubleshoot a single issue. Cisco should work on the troubleshooting part of ACI. The troubleshooting part, and the information that ACI gives you, sometimes don't give you a proper, inside picture of what's going on within the fabric.

We had an issue where the customer was not able to sync with the NTP server and we were not able to identify the problem. The NTP was just not talking to ACI. The troubleshooting part is a bit difficult in ACI, and I feel that it should have been improved a long ago, but I don't know if they're working on it or not.

Also, they have the new designs for Multipod and Multi-Site. There are a lot of good features, like static storage connections. But I have seen some customers that faced issues with connecting the storage to the fabric.

The stability is good. Initially, it was not that good, but now it's really good with the new code.

I would give the solution's scalability an eight out of ten. The scalability options are really good. You just connect the leaves to the spine and it comes up. The scalability is not an issue.

The biggest environment I've worked with has two spines, spines with 16 leaves.

In terms of the number of users on it, initially it was really difficult for customers to adopt the new technology because it was a wholly new concept. Now, with time, and as ACI comes out with the new features, and the stability is really strong, the adoption is really good. According to Cisco engineers, they have customers who have gone up to 6,000 users.

Regarding the possibility of our customers' increasing their usage of ACI, we don't see that much indication of it, because what the customers are looking is more along the lines of having their fabric be more redundant. One of the features engineers are looking for is the Endpoint Tracker, which has had some issues. It is not that user-friendly.

I love their tech support. I would rate it at eight out of ten. It's really good with ACI. Even non-ACI support is really good. If you open a P1 case, an engineer comes online within ten to 15 minutes and starts doing the debugging and troubleshooting with you. 

I had an issue with their HyperFlex solution where the issue was more an interior design issue, and not a Cisco issue, but the tech came onto the call in 10 minutes and worked with me for six hours, non-stop, to fix the issue. They do it really slowly because they don't want to impact production. Otherwise, they could probably have done it in 15 to 20 minutes.

The initial setup is really straightforward. Very easy.

In terms of implementation strategy, Cisco has a concept called the Zero Touch installation, where you just connect the fabric and it actually starts discovering its own fabric. The implementation strategy is to install ACI in a silo'ed environment first, set all the policies there, and then connect your existing network parallel to ACI so that the network has a redundant connection to ACI. Then you gradually move your network connections from the legacy to ACI. This is how Cisco recommends an implementation be done.

It usually doesn't take more than a week for all that, max. We usually do it with two people, and we do it very smoothly. Usually, when you bring the fabric up, you have to make a lot of policies, including software profiles and the like. That is time-consuming work, but once it's done you can just recall them again and again in the customer's environment. That's the only thing that we need two people for. After that, when you're done, a single engineer can get migrate the network to ACI.

Maintenance of ACI is really easy, to decommission a leaf switch or a spine switch. When you decommission a switch from your existing ACI fabric, it's straightforward. In general one engineer is required for maintenance with a second engineer as a backup. Maintenance is really easy with ACI. Even if you're upgrading your fabric to new software, it's straightforward because they have built-in connections within the fabric. There is zero downtime. We have done it many times with zero downtime in a production environment.

One of our customers is a petroleum development company in the Middle East. They have seen very good ROI by implementing ACI. Their compute was relatively very new and their network was relatively very old. They saw very good ROI by having a very good, stable fabric that gives them very good response time on the network side.

The second part is that they wanted to implement a cloud solution which would support their existing Hyper-V and Microsoft. That was where the customer saw a good ROI on the investment. They were very happy with Cisco ACI.

I'm not involved in the pricing part, but Cisco has come up with Smart Licensing, which is a bit higher. But now they're giving the customers very good discount rates to bring customers in.

We are using VMware NSX in our environment as well. We had a customer that was using both NSX and ACI in their environment.

The good thing about NSX is that it has really strong support for the virtualized environment. And now the security is an integral part of their network solution, with the Distributed Firewall and the Edge Firewall. But it has some of its own issues because in a virtual environment, when you have big data centers where there is a lot of traffic coming in from the routing site, it's usually not up to that mark. Cisco has better visibility into that. If I compare it with ACI, ACI has a very strong routing component, but it has its own shortcomings.

In terms of rating NSX, I'm going to be biased because I work in ACI. I like NSX as well, it is a great product. It has a lot of flexibility because you can use existing servers and install NSX on them and It works pretty well. I rate NSX at six out of ten. The reason I rate it a little bit less than ACI is because its only native, strong support is for VMware. ACI has native support for Hyper-V and VMware.

Plan. Don't jump to a conclusion, plan it. You should first know your infrastructure and what your targets are, what you are trying to implement because, when you are more security focused, Cisco ACI can give you a tough in implementation. If you are more into converging your fabric, you want to your data center to be very converged into a single fabric with fast convergence times, go for ACI. There are different use cases based on what the customer's priorities are. So plan well, know your target, what you're trying to achieve. If you want to deploy more VMs faster, go for NSX. Don't go for ACI for that.

As a Cisco partner, our company does training and implementations on Cisco's behalf for different customers. Sometimes Cisco needs some advanced services to help the customer to do the implementation. Sometimes the customer has a problem with the ACI service. It's a new technology so some customers are really confused with the new terms and the new deployment style of ACI. They cannot compare it with their legacy solution, and when they start comparing it they get confused. We help with how the migration should be done from the legacy to ACI.

I would rate Cisco ACI at seven out of ten. The good thing about ACI is its integration with the different hypervisors. It supports VMware, Hyper-V, and KVM. When a customer is looking into a heterogeneous environment where ACI is involved and the other part is VMware for their NSX SDN, VMware has now come up with its own heterogeneous system, NSX-V. They realized very late that they had a problem, that they could only integrate with the VMware environment. Where Cisco ACI had an edge over them was that they could integrate with the virtual environment of Hyper-V, VMware, and KVM very well. And ACI automation also helps deploy and do the integration very easily in the virtual compute part of the network.

Also with ACI, the performance of switches is really good - it's actually a hardware-based SDN - and the delays are very small. The performance is really good with ACI.

But ACI has its own shortcomings such as not having very strong native support for security. Customers always have to look into third-party security solutions to implement good security within their software-defined data centers. If you compare it with NSX, NSX comes with the Distributed Firewall and the Edge Firewall. It has its own native security. This is where ACI lacks a lot because you have to implement contracts and filters. It's a very tricky part. You have to be very careful when implementing the contracts. If you make a little mistake, it can cause a good amount troubleshooting time to debug the issue. That's the missing part.

We started working with a customer which is in the Netherlands. They are really important for us. They started migrating the building of their CRM to ACI. We started with 2.0. We just upgraded the fabric to 3.2. In the next three months, we are aiming to migrate and upgrade the fabric plan to 4.0

Our customer has around 1,000 virtual machines and before, they were all 100 physical servers which, on our side, were obviously consuming energy and resources. Now everything is on the customer and so it's up to them to manage the size of the virtual machines. 

The straightforward migration of all of the applications and loop balancing are the two most valuable features. Also, the measurement of their customer-wide sources is very straightforward. It's another dimension of the networks.

The virtualization area needs improvement but I expect that to happen with the 4.0 version.

I would like for them to develop integration with AWS. 

Scalability is pretty good. 

Their technical support is top notch. 

We had reached the capacity in the data center. We could build a new data center or buy a new solution so we migrated to a new solution to save space. 

The setup was complex because we have a complex internet architecture. It wasn't because of the product. It was complex because of internal issues on our side. 

We had Cisco support but everything was done internally. 

We only looked at Cisco because we have all of our routing and switching infrastructure with Cisco. 

I would rate it an eight out of ten. There's room for improvement in the software version. To get to a ten, they should improve the virtualization and develop integration with AWS. 

For companies starting from scratch, ACI is the best solution in terms of the space needed and time to delivery. 

We primarily use it for network-centric applications and environments. It's mostly used for migrating traditional three-tier networks to the ACI infrastructure.

Automation features have been most beneficial for managing complex networks.

It could benefit from an orchestration tool that makes deploying services easier.

I have been working with Cisco ACI for almost seven years. 

It is a very stable. I would rate the stability a ten out of ten.

ACI is highly scalable, both within a single site and across multiple data centers.

I would rate the scalability a ten out of ten. Our clients vary from mid-sized to large, including financial institutions.

We don't usually need much support unless there's a technical issue or bug. We might contact them for design reviews during deployment.

Neutral

It was easy, especially with the newer version. After preparing the initial fabric, it's mostly plug-and-play. 

However, service deployment could be simplified with a better orchestration tool for deploying endpoint groups (EPGs) and other objects.

The deployment process is an ongoing process that can take over a year, as it's part of a migration of workloads and services. You can't migrate an active data center all at once. There are project dependencies that affect the timeline.

These are not technical challenges but project dependencies. Each project has its own timeline and phases. The technical aspects aren't that complicated.

I haven't encountered any challenges in deployment. It's simple automation through a portal for deploying services and EPGs.

I highly recommend it. Compared to traditional data centers, it's more efficient, easier to deploy, and has less dependency on the infrastructure for application management.

Overall, I would rate the solution a ten out of ten.

Over the past six years, I've gained extensive experience with Cisco ACI, working on diverse solutions. This includes multi-site projects, like one involving a private bank with interconnected data centers utilizing Dark Fiber and Cisco ACI for seamless operations. I've also successfully integrated Cisco ACI with Kubernetes and Red Hat OpenShift to support container-based applications. I've played a dual role as an instructor, teaching Cisco ACI topics, and actively participating in various ACI-related projects. These projects have covered single-site, multi-site, and multi-tenant infrastructures, involving aspects like design, implementation, troubleshooting, and training, giving me a comprehensive understanding of the ACI ecosystem.

Our clients find several features of Cisco ACI particularly valuable, like the ability to create Service Graphs and employ Policy-Based Routing in an Application-Centric manner. One significant attraction for clients in Iran is the robustness of multicast solutions, which has been a major driver for them to migrate to Cisco ACI. It's worth noting that in Iran, the predominant IT infrastructure is on-premises, with limited usage of AWS or hybrid solutions.

While it is quite functional, I found it to be somewhat slow, and there was a notable issue related to the removal of the help section. In previous ACI versions, every configuration section had an accompanying help section that provided valuable information. This feature was removed in the latest version, and the reasoning behind this change is unclear. I believe there's room for improvement in terms of ACI's integration with various technologies. For instance, when it comes to integrating with Kubernetes, the compatibility is somewhat lagging.

I have approximately five to six years of experience working with Cisco ACI.

It exhibits remarkable stability, particularly from ACI version five onwards. For instance, the stock exchange infrastructure I've worked with has been operating flawlessly on ACI for almost two years now, with no significant issues. I would rate it ten out of ten.

I rate the scalability of ACI as nine out of ten, leaving room for potential improvements or aspects that I haven't explored fully.

I have never sought support from Cisco, mainly because of the nature of the operations and issues I've encountered. With the exception of hardware problems, which are usually beyond our control, I've handled all other situations and software failures directly.

Generally, I find the initial setup and configuration of Cisco ACI to be one of the simplest processes in the context of this technology, except in rare cases involving unique configurations. I would rate it eight out of ten.

The duration and complexity of the deployment can vary significantly based on the chosen approach, whether it's application-centric or network-centric. In the service recognition phase, especially for application-centric deployments, a deeper understanding of the service infrastructure is required. This involves collaboration with the software team to comprehend the service architecture, which can extend the deployment timeline. This approach differs from a more straightforward network-centric implementation where you might only need to convert legacy VLAN and IP contracts to ACI objects. In my experience, building Cisco ACI from the ground up can take anywhere from four months to nearly a year. For instance, if you aim to migrate swiftly to ACI without relying heavily on advanced features like service graphs and PBR, and simply want to establish ACI as the default gateway for servers, the fabric can be set up in as little as three to four months. Certain operations, such as the physical installation of spine switches, can extend the timeline from three to four months up to nearly a year for a complete project.

It is not very cheap, but it is still a cost-effective solution, especially when considering the broader context of data center expenses, including servers, storage, and firewalls. The pricing, including both hardware and licenses, is reasonable.

Overall, I would rate it ten out of ten.

We have several customers who are using Cisco ACI. In my opinion, Cisco ACI is the most powerful solution from Cisco. It is a very strong solution and was recently developed by Cisco, especially because of the Cisco ACI fabric. 

Cisco ACI is a declarative model or object-based model that focuses on application-centric policies rather than traditional network validation. It uses spine-leaf topology. It eliminates the need for customers to spend time configuring their network, routing, and switching. Instead, they can simply initialize the fabric and design their application based on their policy. It's a pretty advanced solution and eliminates a lot of headaches.

The most useful feature in the ACI is a feature called Service Graph. Service Graph is a part of the ACI fabric and is used to redirect traffic through various network services, such as firewalls, without the need for complicated network configurations.

You simply create a policy and redirect the traffic to the firewall and then back to the ACI. So the Service Graph feature is the most powerful feature in the ACI and can be used to deploy the firewall as a service template for any type of traffic. You can direct the traffic to go through the firewall and then back to the ACI. I think it's the most important feature of the ACI.

I can recommend that Cisco improve its execution. But keep in mind that ACI is the most convenient solution for Cisco, and it is developing every day, adding new features.

Additionally, keep in mind that you can integrate the manager or CCI and manage your remote cluster and data center from the ACI dashboard, which is another possible feature in ACI.

I have only been using ACI for six months because I was promoted to central consultant last year. After my promotion, I started working on the ACI solution. We are using version 5.2. It's on-premises because our customer is in the banking sector and due to governmental restrictions, we cannot install any solutions over the cloud. All solutions, including SDR, ACI, and SDR, depend on the on-premises setup.

After version 5, it became a very stable product.

Scalability is another powerful feature of Cisco ACI. For example, if you need to add another endpoint, you don't need to redesign your network. You can simply add a switch or a leaf switch and you're good to go. If you need to increase the number of devices or add more bundles, you can add a spine switch or a backbone switch without any redesign because the fabric is initialized from zero. You can add or delete devices without the need for a complete redesign. So it's a very scalable solution, and scalability is the most powerful feature of Cisco ACI.

I did have one case where I needed a replacement for a switch, and they handled it perfectly.

I would tell you the pros and cons of using your legacy network versus ACI. Without ACI, you may encounter scalability issues as adding new devices and switches would require a redesign.

Additionally, there may be challenges with extending the layers between switches in the data center, such as sending traffic and addressing challenges.

Using ACI can provide benefits such as simplifying network management. Without ACI, each device and loop would need to be managed individually, but with ACI, the entire data center can be managed through a single dashboard, including VMware, firewalls, and more. ACI can also improve availability and billing.

ACI uses an object and policy model, which simplifies the configuration of routing and switching and enables application-to-application communication. Using ACI can eliminate legacy network issues and provide significant benefits, regardless of the customer size.

Overall, I would rate Cisco ACI a nine out of ten.