At WhiteSpider, we’re fortunate to work closely with Cisco’s Data Centre Networking leadership and stay ahead of major architectural developments. One recent session led by Max Ardica, a senior Technical Marketing Engineer in the DC Networking Business Unit, introduced an important step forward in multi-domain fabric integration: Cisco Nexus One Architecture.
Let’s be clear, this is not just another feature. Nexus One is a strategic architecture, built to help network operators and engineers securely and seamlessly interconnect different fabric types, starting with Cisco ACI and VXLAN EVPN. And it’s exactly the sort of capability our clients have been asking for.
What is Cisco Nexus One Architecture?
Nexus One isn’t a single product or SKU, it’s a design model with three core components:
- Group Policy Object (GPO): Think of this like ACI ESG, but extended to non-ACI fabrics. It enables consistent security policies across domains.
- Border Gateway: A new function within ACI that allows proper, standards-based interconnection with VXLAN EVPN fabrics.
- Nexus Dashboard: The (optional) centralised management and orchestration layer that gives visibility and control across both fabric types.
For clients already using ACI or planning hybrid fabrics, this is a big deal. It provides a way to extend security and policy enforcement beyond the ACI bubble, without giving up on automation or openness.
GPO: Security across fabrics
One of the most exciting elements of Nexus One is how GPO introduces security policy enforcement into VXLAN EVPN fabrics. It uses the control plane (MP-BGP EVPN) and data plane tagging to create security zones, apply service chains, and enforce contracts, even at the ingress leaf.
In upcoming NXOS 10.6.x releases, GPO becomes even more powerful:
- Intra-group isolation
- Port-VLAN-based classification
- Intra-subnet enforcement (critical for L2 or hypervisor-based topologies)
- Multi-fabric policy awareness, allowing east-west and north-south segmentation across diverse environments
We’ve heard repeatedly from clients struggling to maintain consistent security policies between ACI and traditional networks. GPO is the first truly scalable solution we’ve seen that bridges that gap.
Border gateway: Standard interconnect with VXLAN EVPN
Previously, connecting ACI to other VXLAN fabrics involved compromises or proprietary mechanisms. Now, with Border Gateway, you get:
- Standards-based interconnect between ACI (6.1.4+) and VXLAN EVPN
- Support for both multi-pod and single pod ACI fabrics
- Traffic redirection to local or remote service nodes
- Namespace normalization between ACI and non-ACI domains
Coming in ACI 6.2, Cisco plans to roll out combined border leaf/gateway roles and improve L3 capabilities for east-west and north-south routing.
Nexus Dashboard: Optional but powerful
Nexus Dashboard (ND) is not required to deploy Nexus One, but it brings huge operational benefits:
- Visualisation of security zones, policies, and traffic flows
- Simplified provisioning and troubleshooting
- Unified dashboard across fabrics
For those already automating heavily via Terraform, Ansible or custom scripts, ND is a “nice to have.” For everyone else, it’s an excellent tool to manage the complexity that comes with a hybrid infrastructure.
Multi-site and Multi-pod roadmap
Max also touched on future directions that hint at more centralised and flexible models for multi-site ACI deployments:
- Potential to run border gateways in a subset of pods
- Improved service redirection logic with failover between local and remote service devices
- Better support for mixed environments with consistent namespaces
This evolution will be especially useful for organisations who want tighter integration between multiple data centers or hybrid cloud regions without duplicating infrastructure.
Why it matters
From our point of view at WhiteSpider, Nexus One directly addresses some of the biggest pain points our clients have with hybrid infrastructure:
- How do you keep policies consistent?
- How do you avoid clunky NAT or IP hacks to bridge fabrics?
- How do you scale security and visibility across a fragmented network?
Nexus One is the start of a real answer. It brings structure, consistency, and standardisation to multi-fabric design, and does it with enough flexibility that you’re not locked into a single operational model.
Let’s talk about your fabric
If you’re planning a new ACI deployment, integrating with VXLAN EVPN, or just trying to simplify and secure your data centre network, we should talk.
This is the kind of innovation that doesn’t come around often. Nexus One is real, it’s roadmap-backed, and it’s what’s next.