Fabric Management in VM environment Marina Lipshteyn, Voltaire

1. Fabric Management in VM environment Marina Lipshteyn, Voltaire

2. Existing approach is to have port profile manager ExternalSwitch Port ProfileManager OS/Hypervisor Manager

3. Active Fabric Manager role • Discovery • Discovery of virtual/physical switches, VEPA elements and their capabilities • Discovery of physical and/or logical topology • Policy/Configuration repository (eg. maintain port profile and states, endpoint authentication) • Resource Management: • Distribute policy across resources to meet the requirements specified in high level and drive security, QoS configurations in individual elements. For example: if there is a rate limiter both in the NIC and on the switches, determine the appropriate place for configuration. • Resource allocation and validation • Resource management: eg. total number of ACLs supported by each device. • Verification that the CIR traffic can be committed. • Monitoring • Distributed monitoring of physical/virtual elements • Notifications and reporting of various fabric events (eg. migration )

4. Example: VM migration • VM migrates to a different physical machine. • VM has a port profile which now is used to register at the new machine. • ACLs should be configured at the new ingress point and should be removed from the old ingress point. • However, the number of supported ACLs on the new ingress point now exceeds the limit (ACL compiler implementation dependent). • The migration can not be done - invalid status must be propagated. • Validation should be done by fabric manager.

5. Actors and Interactions Storage, license, .. managers Service Automation & Orchestration, Admins Set server/app policy Set vep/fabric policy ,placement validation Reporting & monitoring Push/get policy Server/VM Manager Port/Fabric Manager Set/get (vm-nic) group policy, associations Discovery* (LLDP/SNMP) push (switch) policy Change requests Monitoring* (SNMP,..) Deploy, migrate, .. Get policy, Notifications Discovery* (LLDP), State change requests State notifications, associations switches Hypervisors * Current MIBs and mechanisms are associated with physical interfaces, may need to be extended

6. VM is registered at the new location – current passive Fabric Manager Service Automation & Orchestration, Admins NO validation of Fabric resources is done. 1 Get vm-nic side policy by profile id 2 Register VM Server/VM Manager Port/Fabric Manager Configuration policy 3 4 6 7 Get switch configuration Register VM with the policy 5 associate switches 8 Ack/ nack Hypervisors

7. VM is registered at the new location – active Fabric Manager with validation Service Automation & Orchestration, Admins Validate/ placement filter of VM connectivity requirements 1 INVALID! 2 Server/VM Manager Port/Fabric Manager switches Hypervisors

8. VM is registered at the new location – active Fabric Manager 1 Service Automation & Orchestration, Admins 3 Validate VM connectivity requirements 2 VALID Register VM Get vm-nic policy by profile id 5 Server/VM Manager Port/Fabric Manager Configuration policy Push switch policy 6 7 4 Register VM with the policy 8 associate switches 9 Ack/nack Hypervisors

9. Vport admin status down – can be Fabric Manager action Service Automation & Orchestration, Admins 1 Find the relevant elements Vport down Server/VM Manager Port/Fabric Manager 3 Vport down 2 Vport down switches Hypervisors

10. Mirroring of a Vport – active Fabric Manager role Service Automation & Orchestration, Admins 1 Mirror Vport Find the relevant elements Server/VM Manager Port/Fabric Manager Configure mirrorring 2 switches Hypervisors

11. Conclusion • Previous examples show why Fabric Manager can not be static repository but requires dynamic behavior. • Define API to Fabric Manager that enables set/get/validate of the policy, topology and capability discovery, state/configuration propagation.