Cisco DNA is Marchitecture, But Also a Shift Away From CLI

Jan 26, 2017 2:02:35 PM

The industry has seen plenty of marchitectures from Cisco and its peers over the years. Its newest one, Digital Network Architecture (DNA), feels different, especially after I spent a week at Cisco Live 2016. DNA is different because underneath all the slideware and demos is an apparent commitment to changing the way enterprises do networking. In other words, Cisco wants network engineers to rely less on their skills with its command line interface (CLI).

A diminution of CLI skills is no small matter. Thousands of engineers have made a living with their mastery of Cisco CLI, which allows them to directly program individual Cisco network devices that run IOS and NX-OS. The more knowledge that engineers have of CLI, the more advanced features they are able to use in Cisco switches and routers, which translates to more value to their employers. In fact, Cisco has made a business of certifying CLI skills. Enterprises consider graduates of the Cisco Certified Internetwork Expert (CCIE) certification program to be the world’s elite, high-priced network engineers. A CCIE certificate signifies an understanding of network design, implementation and management, but it also guarantees that the engineer is a master of CLI.

The problem is that CLI is not an efficient way of engineering and managing a network anymore, because businesses are demanding more agility from network infrastructure. Networks must respond to change quickly to support highly dynamic IT architectures that leverage things like the cloud, the Internet of Things and DevOps. Even if an engineer has written a catalog of scripts for manipulating the CLI on hundreds of switches at once, those scripts themselves need maintenance and debugging, especially when Cisco rolls out new software releases. They can’t keep up with the pace of change when relying on CLI as their best point of management.

When Cisco announced DNA some months ago, the core message was a set of design principles that would guide how Cisco develops products and engages with customers. One of those design principles was “designed for automation.” In other words, Cisco wants to make its products easier to deploy and manage. At the heart of that message is a move away from CLI.

At Cisco Live, Cisco executives told me that an essential goal with its focus on automation is the enablement of network engineers to move beyond “CLI magic.” Over the next 18 months they want to to “re-skill” network engineers. They said they are exploring what the Cisco certification syllabus will look like in a post-CLI world. During his Cisco Live keynote, Cisco CEO Chuck Robbins announced a forthcoming CCIE DNA certification, which no doubt will usher in period of re-training for network engineers that deemphasizes CLI.

Of course, many veteran engineers will be extremely dubious of any transition that reduces the centrality of CLI. Not only because it erodes the value of their skills. But also because they will doubt whether Cisco can truly foster an era where CLI isn’t so critical to everyday networking.

But look at the products that Cisco has heralded at Cisco Live this year. APIC-EM, is a network controller that allows engineers to provision, configure, and manage LAN and WAN devices without touching CLI. The Application Centric Infrastructure (ACI) enables much of the same in the data center.

Some Cisco customers are already experiencing the benefits and pain points of this transition. One customer told me that ACI has changed the role of his network engineers. They used to spend all day doing “task work,”  manually responding to change requests from the server and virtualization team. Now they are working at a higher level, thinking about capacity, policies, and overall network health. Another ACI customer said that this transition has forced his organization to re-train engineers who are used to doing everything in CLI.

So what will this training look like? The technologies that Cisco has developed to enable automation, such as APIC-EM and ACI, have open APIs that allow developers to write software that can program the network. Cisco is creating its own applications on APIC-EM that enable plug-and-play provisioning, policy-based configuration and GUI-based quality-of-service (QoS) management, among others. But network engineers have the opportunity to write their own programs on these APIs.

In fact, EMA research shows that many networking professionals are acquiring new programming and software development skills. We surveyed 150 early enterprise adopters of software-defined networking (SDN) for our research project Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization on Network Management. We asked them to identify which skills they are acquiring to support SDN. Thirty-seven percent (37%) are learning new programming skills and 36% are learning software development skills.

Cisco executives told me they want a significant portion of networking professionals to start coding. And by coding, they don’t mean writing CLI scripts. They want network engineers to work with their APIs, which they consider a better abstraction layer than CLI. Cisco is also pouring resources into DevNet, a community it established for software developers who want to write applications for the APIs on APIC-EM, ACI and even on individual hardware components. Cisco doesn’t want DevNet to be populated solely by software and hardware vendors. They CCIEs in there.

Cisco is creating the products, the tools, the training, and the community to make this happen. The only question that remains is, will tens of thousands of CLI jockeys make the leap?

Topics: Featured

Shamus McGillicuddy

Written by Shamus McGillicuddy

Shamus is the research director for EMA's network management practice. He has more than twelve years of experience in the IT industry as an analyst and journalist. Prior to joining EMA, Shamus was the news director for TechTarget's networking publications. He led the news team's coverage of all networking topics, from the infrastructure layer to the management layer. He has published hundreds of articles about network technology, and he was a founding editor of TechTarget's website, a leading resource for technical information and news on the software-defined networking industry.

  • There are no suggestions because the search field is empty.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts