Have to choose between VMware NSX and Cisco ACI? You’re Not Alone

I keep getting questions along the lines of “should I go with VMware NSX or should I deploy Cisco ACI” every single week, and as you know it’s hard to answer anything but it depends without spending hours on the topic.

That’s exactly what we plan to do in Zurich next Tuesday (May 16th) in a DIGS workshop that will run in parallel with the Data Center & Cloud Day (part of the SIGS Technology Conference).

You’ll be able to attend all the DC Day keynotes (including the one I’ll run with Christer Swartz), exchange ideas with other attendees, and hopefully get more visibility into why or when it would make sense to use NSX or ACI.

To make the discussion as relevant as possible, I invited Mitja Robas to be the co-presenter in the workshop. He deployed NSX, EVPN on Cisco Nexus 9000, and Cisco ACI in production, and gathered plenty of don’t-do-that lessons in the process.

Unfortunately, some companies won’t allow their engineers to discuss their challenges in public. If that’s the case, and you're based in Central Europe, we could set up an onsite workshop… or you could attend the public workshop in Zurich to get a wider perspective, and then we’d do a follow-up one with your team.


  1. Why shouldn´t we simply use private vlans with VMware´s distributed vSwitch and the corresponding top of rack switch? Add a firewall and you have "micro segmentation". DCI can be done with simple VXLAN on your TOR switch aswell.

    I really cannot see a reason for using VMware´s NSX. So why should I use it?
    1. Sounds like a perfect plan ;))

      - Use private VLANs
      - ...
      - Profit

      See also http://blog.ipspace.net/2015/05/replacing-central-router-with-next.html
    2. That sounds easy! Just missing one (big) part... automation. I can go out there and buy a car piece by piece it's just going to cost me x10 and I still have to put it together.
    3. Use an automation tool ;), profit again :) + knowledge to your team
  2. Seems like there is a large variance in what people consider "micro-segmentation" and maybe there should be a category like "meso-segmentation".
    1. Apart from that, there's the problem of "how much traffic goes through that firewall and where do you put it"
  3. dvSwitch <=> physical switch <=> physical firewall?
