Академический Документы
Профессиональный Документы
Культура Документы
Yann Bouillon
DC Technical Marketing Engineer
1. vMotion moves VMs across physical portsthe network policy must follow vMotion
Security Admin
Cisco Confidential
Nexus 1000V
VM
VM
VM
Nexus 1000V
Cisco Confidential
Modular Switch
B L2 A C K
VSMB1
Supervisor-1 VSM-1 L3 Supervisor-2 VSM-2 Linecard-1 VEM-1 M O Linecard-2 VEM-2 D E Linecard-N VEM-N
200+ vEth ports per VEM 64 VEMs per 1000V 2K vEths per 1000V Multiple 1000Vs can be created per vCenter
VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module
2009 Cisco. Confidential.
M PO L AD NE
E
ESX
ESX
ESX
Nexus 1010
VSM-1
VSM-4
VSM-1
VSM-4
L2 M O D E
L3 M O D E
VEM-1
vPath
VEM-2
vPath
ESX
2009 Cisco. Confidential.
ESX
vPath: Virtual Service Datapath VSG: Virtual Security Gateway for 1000V vWAAS: Virtual WAAS 6
Nexus 1010
VSM-1
VSM-4
NAM VSG
VSM-1
VSM-4
NAM VSG
L2 M O D E
L3 M O D E
VEM-1
vPath
VEM-2
vPath
ESX
2009 Cisco. Confidential.
ESX
vPath: Virtual Service Datapath VSG: Virtual Security Gateway for 1000V vWAAS: Virtual WAAS 7
Why 1000V?
Nexus 1000V Differentiators
Feature & operational consistency
NX-OS across physical and virtual networks (Nexus 7K/5K/2K/1KV) Cisco CLI experience Standards based, IEEE 802.1Q
VM
VM
VM
VM
Non-disruptive administration
Network team manages virtual network, creates port profiles Server team assigns port profiles to VMs
Nexus 1000V VEM vSphere
88
VM
VM
VM
VM Connection Policy
Defined by network Admin
VM
VM
VM
Property Mobility
VMotion for the network
Ensures VM security
Maintains connection state vCenter
2009 Cisco. Confidential.
VM
VM
VM
vCenter
L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX) IGMP Snooping, QoS Marking (COS & DSCP), Class-based WFQ Policy Mobility, Private VLANs w/ local PVLAN Enforcement Access Control Lists (L24 w/ Redirect), Port Security Dynamic ARP inspection, IP Source Guard, DHCP Snooping Virtual Services Datapath (vPath) support for traffic steering & fast-path off-load [leveraged by Virtual Security Gateway (VSG) and vWAAS] Automated vSwitch Config, Port Profiles, Virtual Center Integration Optimized NIC Teaming with Virtual Port Channel Host Mode VMotion Tracking, NetFlow v.9 w/ NDE, CDP v.2 VM-Level Interface Statistics
Security
Network Services Provisioning Visibility Management
2009 Cisco. Confidential.
Vblocks
Imagine:
1000V
Secure R Multi-tenancy
Imagine:
Securely sharing servers between multiple users/groups without having to add another server
1000V
Flexpod
Imagine:
1000V
Predesigned, validated, Flexible infrastructure that can grow and scale to meet cloud computing requirements
13
15
3. Server Admin plugs new ESX host into network & adds host to Cisco switch in vCenter
3.
vSphere
2.
vCenter
1.
2009 Cisco. Confidential.
16
3. Server Admin plugs new ESX host into network & adds host to Cisco switch in vCenter
4. Repeat step three to add another host and extend the switch configuration
4.
vCenter
17
VM
VM
VM
VM
2.
3.
3.
2.
1.
Defined Policies
WEB Apps
vCenter
WEB Apps:
PVLAN 108, Isolated Security Policy = Port 80 and 443 Rate Limit = 100 Mbps QoS Priority = Medium Remote Port Mirror = Yes
2009 Cisco. Confidential.
HR
DB
DMZ
18
Support Commands Include: Port management VLAN PVLAN Port-channel ACL Netflow Port Security QoS
19
20
21
1000V VSM x 1
VM
VM
VM
VM
VM
VM
VM
1000V VEM
vSphere
1000V VEM
vSphere
Server
1000V VSM x 4
Server
22
Feature Comparison
Network Team manages the switch hardware Installation like a standard Cisco switch NX-OS high availability of VSM VEM running on vSphere 4 Enterprise Plus Nexus 1000V features and scalability NX-OS high availability of VSM VEM running on vSphere 4 Enterprise Plus Nexus 1000V features and scalability
View VM-level Interface Statistics Packet Capture and Decodes Historical Reporting and Trending
ERSPAN
NAM Virtual Blade on Nexus 1010
vCenter
NetFlow
24
25
26 26
Cisco vPath
For Virtual Network Services Integrated into Virtual Ethernet Module with
Intelligent Traffic Steering Decision Caching Performance Acceleration
vPath
27 27
Provide bandwidth guarantee for up to 64 total queues on uplinks User defined Queues
vMotion VM_Platinum
15% 20%
VM_Gold
Default ESX_Mgmt
15% 5% 15%
30%
N1K_Control, N1K_Packet
28 28
LACP is traditionally a control plane protocol run on the supervisor of a switch (VSM on N1KV)
When VSM is down or disconnected, VEM operates in headless mode, without ability of LACP control plane operations LACP can not be run on a single link between a VEM and the upstream network
LACP PDU
Control Plane
Data Plane
Nexus 1000V VEM
LACP Offload solves this problem by offloading all LACP operations to the VEM
Makes data plane more robust and helps in FCoE deployments where VSM is behind VEM
2009 Cisco. Confidential.
30
Automatically fail over to surviving connections for vPC Host Mode port channel
Makes use of Network Tracking packet to probe interfaces on other SubGroups
MAC A Sub-Group 0
MAC B Sub-Group 1
31
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
Distributed Virtual Switch
Intrusion Detection
ERSPAN all interfaces with same policy Troubleshoot applications in the cloud
2009 Cisco. Confidential.
33 33
34
Increased Scalability
64 VEMs per VSM 2048 Active VLANs per VSM 2048 vEths per VSM 2048 Port-Profiles per VSM
35 35
Other Features
Updated Installer
Installs L2 or L3 communications between VSM and VEM
Access Control List on the VSM management interface Ephemeral Port Binding
Port ID is set and released upon VM power on/off Support virtual desktop deployments
36 36
37
38 38
Identical tools for physical and virtual machine network: Minimize miscommunication Less time for accurate configuration where mistakes are costly
39 39
vSphere
dcvsm(config)# ip access-list deny-vm-traffic-to-ftp-server dcvsm(config-acl)# deny tcp host 10.10.10.10 eq ftp any dcvsm(config-acl)# permit ip any any
40 40
VM
VM
VM
VM
vSphere
Network planning
Assist with growth and scaling of data center
Network Analysis
42 42
43 43
Summary
Version 4.2(1)SV1(4) provides updated Nexus 1000V capabilities Virtualized network services with Cisco vPath Numerous features preparing cloud deployment
44
45 45