560 likes | 855 Views
Cisco Virtual Networking Portfolio Update. Balaji Sivasubramanian , Gunnar Anderson, Appaji Malla . Cisco Cloud Networking & Services Group. 12/04/2013. Agenda. Cisco’s Virtual Networking Vision Cisco Networking Portfolio Update Citrix NetScaler 1000V (NS1000V)
E N D
Cisco Virtual NetworkingPortfolio Update Balaji Sivasubramanian, Gunnar Anderson, Appaji Malla Cisco Cloud Networking & Services Group 12/04/2013
Agenda • Cisco’s Virtual Networking Vision • Cisco Networking Portfolio Update • Citrix NetScaler 1000V (NS1000V) • Cisco Nexus 1000V for Hyper-V • Recent Promotions • Resources
It’s All About the ApplicationShifts that are re-defining IT—at all levels TODAY FUTURE Web Economy App Economy Any application any where Velocity and Visibility Business Models Cloud Based services On Premise IT Services Virtual, Physical, Cloud Common Policy Consumption Models Infrastructure As a service Application as a Service Scale with Security Service Models Dev ops Integration Development vs. Operations Operational Models Open, Automation Box-centric Application-Centric Systems Approach Management Models
Data Center Transformation - Requirements Virtualized Data Center Hybrid Cloud Private Cloud • Seamless Secure extension of private cloud to public cloud • Single pane of management of local/remote resources • Consistent servers and policies regardless of location of workloads • Choice in Cloud Providers and Multi-Cloud Models • Automation through Cloud Management Platforms • Flexibility with Application placement on any hypervisor • Automated service insertion, policy management and chaining • Increased Resource Utilization • Consistent operational model of physical and virtual resources • Flexibility to select any hypervisor for Applications • Consistency across physical and virtual service nodes • Consistent Application Policy Enforcement
Nexus 1000V for Traditional FabricsSeamless Interaction Across Physical and Virtual Workloads & Services Orchestrationand FabricAutomation Physical Service Nodes • Physical Fabric Infrastructure • VXLAN HW Gateway Traditional PhysicalFabric ASA 55xx Physical Workloads Nexus 1000V vPath VXLAN • Virtual Fabric Infrastructure • Multi-Hypervisor • vPath L4-L7 Services • VXLAN FW Zone FW NVGRE VXLAN 802.1Q WAN Op L3
Cisco Portfolio UpdateCisco Nexus 100V for Hyper-VCitrix NetScaler 1000VRecent Promotions
Citrix NetScaler 1000V on Cloud Services Portfolio • Citrix Best-in-Class virtual application delivery controller (vADC) • Sold and supported exclusively Cisco • Tightly integrated via vPath (policy based traffic steering) • Integrated with Nexus 1100 Series Cloud Services Platform (CSP) • Part of Cisco Validated Design – VMDC 4.0 VSA CitrixNetScaler1000V vPath Nexus 1000V Cisco Cloud Services Platform (CSP) Any Hypervisor CitrixNetScaler1000V VirtualSecurityGateway Prime virtualNAM Data Center Mgt. Center VM VM VM DCNM* Nexus 1100 Series Cloud Services Platform
NetScaler 1000V Editions Enterprise Edition Platinum Edition Standard Edition Comprehensive L4-7 load balancing and optimizes expensive server and network resources to reduce cost Web application delivery solution providing advanced traffic management and powerful application acceleration Web application delivery solution designed to deliver mission-critical applications with web application firewall security, fastest performance, and lowest cost
Citrix NetScaler 1000V SKUs Licenses applicable for Nexus 1110/1010 or ESXi
vPath Service Chaining Benefits • You define which L4-7 Virtual Services through policy, NOT network topology • Transparent Services Insertion • Dynamic Service chains enabled per VM/Application/Tenant NetScaler 1000V vPath Integrated Virtual Service B Virtual Service C Virtual Service A VOD VM Container #2 (Policy 1) Web VM Container #1 (Policy 2) Client N1KV Virtual Distributed Architecture (Admin User Policy 1 & Policy 2 defined for each tenant) Expanded vPath Ecosystem: VSG, ASA 1000V, vWAAS, & NetScaler 1000V
Cloud Network Services (CNS) vPATHPolicy Based Service Enablement vPath is Nexus 1000V dataplane component: Distributed Service insertion architecture, with Intelligent traffic intercept and redirection mechanism Intelligent Service insertion at hypervisor level Topology agnostic service insertion model Service Chaining across multiple virtual services Performance acceleration with vPath e.g. VSG flow offload Efficient and Scalable Architecture VM Policy mobility with VM mobility Any Hypervisor Nexus 1000V VEM vPath
vPath Benefits Without vPath With vPath • Distributed policy-driven Service Insertion & chaining • Non-disruptive operations • Fast-Path acceleration • Decouple services from network topology • Complex deployment- per host service nodes • Service chaining is static • No Fast path acceleration • Services tightly coupled with network topology Evolve the Network for the next wave of application requirements
Nexus 1000V Architecturewith vPath Virtual Appliance Network Admin VSM1 VEM-1 VEM-N VEM-2 VSM2 Modular Switch Supervisor-1 Supervisor-2 L2 Connectivity L3 Connectivity Linecard-1 Back Plane Linecard-2 … Linecard-N vPath vPath vPath Hypervisor Hypervisor Hypervisor VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module
Server VM vPATH Interception : In/Out VEM vPathServices enabled per VNIC • vPath enables service insertion based on policies created for Application VM’s • vPATH Interception is configured on Server VM’s Port Profile in both directions to redirect packets to a Service Node • Server traffic is intercepted by vPATH interception in VEM and redirected to a Virtual Service Node • Both ingress and egress traffic for a VM is intercepted by vPath Upstream Switch VSM
Application Requirements for Network Services • Current generation network capabilities are driven by physical network topology. Example, If the firewall is plugged into the Internet connection and then the load balancer into firewall, the path of traffic must always flow in that order. • Application driven requirements that change the relationship (load balancing, then firewall) cannot be supported without physically changing the layout of the network. Application Core Router/Switch Proxy Server Load Balancer Firewall
SLB : Challenges today • Source NAT (SNAT) is primarily for its simplicity, however client source is obscured often preventing SNAT deployment • Policy Based Routing (PBR) is a partial solution to preserve the client source, but increases deployment complexity and operation cost • Inline ADC’s become performance bottleneck high-performance and scalable datacenters • Despite this performance limitation, the most deployments (> 70%) are inline due to their relative simplicity in configuration • Only necessary traffic needs to be sent to ADC for optimal capacity usage
SLB : with vPath vPath is the solution : • No SNAT needs to be configured on NetScaler 1000V; vPath redirects return traffic to SLB • Application workload and East-West services (eg. Firewall) have full visibility into source and destination VM • ADC is not required to be deployed as a gateway or inline mode for application VM’s. vPath redirection will handle traffic flows to SLB • Enables policy-based service chaining for applications; decouple services from underlying network • Enables new use-cases for SLB in east-west flows
vPath Service Chaining Benefits Intelligent policy-based traffic steering through multiple network services • Decouples network services from underlying network topology with vPath Overlays • Dynamic Service chains enabled per VM port • Programmability • Transparent Services Insertion • Multi-Tenancy • VxLAN Expanded vPath Ecosystem: VSG, ASA 1000V, vWAAS, & NetScaler1000V
Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services APP VM OS APP APP VM VM OS OS Cisco vPath Cisco vPath 1 DB Tier Web Tier Client Initiates Flow to Web Server (VIP as Server IP) Client ›LB-VIP 1 1
Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services APP VM OS APP APP VM VM OS OS Cisco vPath Cisco vPath 2 DB Tier Web Tier NS1000V load balance web request, selects Web Server 1 (Client › S1) 2
Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services APP VM OS APP APP VM VM OS OS Cisco vPath Cisco vPath 3 DB Tier Web Tier Based on policy, vPath redirect traffic to service chain, starting with zone-based firewall, VSG 3
Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services APP VM OS APP APP VM VM OS OS Cisco vPath Cisco vPath 4 DB Tier Web Tier Traffic returns to Virtual Ethernet Module ready for next network service 4
Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services APP VM OS APP APP VM VM OS OS 5 Cisco vPath Cisco vPath DB Tier Web Tier Web to DB Tier Connection 5
Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services APP VM OS APP APP VM VM OS OS Cisco vPath Cisco vPath 6 DB Tier Web Tier Web to DB Tier Connection : Database tier security policy 6
Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services APP VM OS APP APP VM VM OS OS Cisco vPath Cisco vPath 7 DB Tier Web Tier Apply VSG policy and forward packet to database 7
Key take awaysfor NetScaler 1000V with vPath • Preserve Client IP; No Source NAT or PBR required to send server return traffic to NetScaler1000V • Dynamic SLB (NS1000V) deployments in Multi-Tenant environment • NetScaler1000V gets rich benefits of intelligent service chaining with no worrying about VLAN stitching in dynamic virtual environments • No disruption to east-west / distributed services, that would normally happen with source NAT Web vPath
Cisco Nexus 1000VAward Winning Networking Platform for Hyper-V Forwarding Capture Filtering VNICs Extensible vSwitch Nexus 1000V VSM Nexus 1000V VEM VM VM VM VM PNICs
Cisco Nexus 1000V Architecture A simple Deployment Scenario VM VM VM VM VM VM VM VM VM VM VM VM Cisco Nexus 1000V VEM Cisco Nexus 1000V VEM Cisco Nexus 1000V VEM WS 2012 Hyper-V WS 2012 Hyper-V WS 2012 Hyper-V • Virtual Ethernet Module (VEM) • Enables advanced networking capability on the hypervisor • Provides each virtual machine with dedicated “switch port” • Collection of VEMs : 1 virtual network Distributed Switch Server Server Server • Virtual Supervisor Module (VSM) • Virtual or Physical appliance running Cisco NXOS (supports Hi-availability) • Performs management, monitoring, and configuration • Tight integration with management platforms Cisco Nexus 1000V VSM System Center Virtual Machine Manager
Nexus 1000V VSM Nexus 1000V VSM VMware vCenter SCVMM Cisco Nexus 1000V for Hyper-VConsistent Architecture across hypervisors VM VM VM VM VM VM VM VM Nexus 1000V VEM Nexus 1000V VEM WS 2012 Hyper-V VMware vSphere
vPath and Cloud Network ServicesConsistent Services Infrastructure across Hypervisors VMware vCenter SCVMM Cisco PNSC Cisco PNSC Virtual Machine Attributes Virtual Machine Attributes Port Profiles Port Profiles Service Profiles Service Profiles VSNs VSNs Cisco Nexus 1000V Cisco Nexus 1000V vPath vPath
Cloud Services Appliance – Nexus 1110Consistent Hosting Platform across Hypervisors Nexus 1110 NAM VSG* VSG VSM VSM VMware ESX VMware ESX VEM-2 VEM-1 VEM-1 VEM-2 WS 2012 Hyper-V WS 2012 Hyper-V Overlay Overlay Overlay Overlay vPath vPath vPath vPath Existing Nexus 1010 virtual blades support EITHER hypervisor environment
Cisco Nexus 1000V Tiered PricingConsistent Pricing across Hypervisors ** Only supports network-attributes
Cisco Nexus 1000V for Hyper-VDefining “Network sites” and “VM Networks” nsm logical network DMZ # nsm network segment poolDMZ_POD1 # member-of logical network DMZ # nsm network segment DMZ_POD1_SUBNET1 member-of network segment pool DMZ_POD1 switchport mode access switchport access vlan20 ip-pool import template DMZ_POD1_Pool1 # nsm network segment DMZ_POD1_SUBNET2 member-of network segment pool DMZ_POD1 switchport mode access switchport access vlan21 ip-pool import template DMZ_POD1_Pool2 # nsm network segment DMZ_POD1_SUBNET3 member-of network segment pool DMZ_POD1 switchport mode access switchport access vlan22 ip-pool import template DMZ_POD1_Pool2 Logical network “DMZ” Network Site “DMZ_POD1” VM Network DMZ_POD1_SUBNET1 VM Network DMZ_POD1_SUBNET2 VM Network DMZ_POD1_SUBNET3
Cisco Nexus 1000V for Hyper-VOperational Model with SCVMM Server Admin Network Mgmt SCVMM manages the placement and live-migration of the VMs based on the constraints between VM networks and the network sites. 4 VM VM VM VM Adds hosts to N1KV Connects VMs(VNICs) to VM Networks 3 Nexus 1000V VEM WS 2012 Hyper-V 5 2 Networks & policies synced to SCVMM Configuration data and policies sent to N1KV VEM Server Nexus 1000V VSM 1 Create networks and policies (logical networks, network sites, VMnetworks) SCVMM
Cisco Nexus 1000V PowerShell CmdletsAvailable from http://developer.cisco.com/web/n1k/hyperv PowerShell CmdLet: <Action>-N1k<Object> *Objects can be Logical Networks, VM networks, Port-profiles, IP-Pools, Port-profiles etc. Write/Update Operations are only supported on limited set of objects
What is new with v1.5.2?R2 support, VSG with VM-attributes • Support for Windows Server 2012 R2 • Additional PowerShell Commands • Universal Licensing • VSG/PNSC support for VM and Custom attributes
What is new with v1.5.2?New REST-APIs & PowerShell Commands • CRUD Operations for User-creation • To Create/Read/Update/Delete VSM user account information • Get-User, New-User, Set-User, Remove-User • Managing SPAN & ERSPAN sessions • To Create/Read/Update/Delete SPAN/ERSPAN session information • Get-Session, New-Session, Set-Session, Remove-Session • CRUD operations for port-profiles • To Create/Update/Delete port-profiles • New-PortProfile, Set-PortProfile, Remove-PortProfile
Cisco Virtual Security Gateway (VSG)Virtual Firewall for Nexus 1000V VM context aware rules XML API, security profiles Establish zones of trust Policies follow Live Migration Central mgmt, scalable deployment, multi-tenancy • Efficient, fast, scale-out SW • (with vPath intelligence) Security team manages security Context Aware Security Zone-BasedControl Dynamic, Agile Policy Based Administration Best-in-ClassArchitecture Non-Disruptive Operations Designed for Automation Virtual Security Gateway (VSG) Prime Network Services Controller (PNSC)
Hyper-V Servers Cisco Virtual Security Gateway (VSG)System Architecture VM/Network Attributes Cisco Prime Network Services Controller (PNSC) Microsoft SCVMM Security Profiles Device Profiles VM attributes VM-to-IP Binding VSM VSG VSM VSN Port Profiles Interactions Packets (Slow-Path) Nexus 1000V VEM vPath Packets (Fast-Path) Packets (Fast-Path)
Cisco Virtual Security Gateway (VSG)Defining Security Rules Rule Destination Condition Source Condition Action Condition
Cisco Nexus 1000V Promotion Virtual Network Nexus 1000V Promotion @ 40% price reduction Universal License – Flexibility for Any Hypervisor Server ANY HYPERVISOR Virtual Switch Access Switch Any of the Nexus 5K/2K or Nexus 6K/2K Bundles Physical Network • Consistency across Physical, Virtual & Hypervisors • Investment Protection (people, process & tools) • Future-proofing network fabric architectures
Nexus 1000V Promo – What’s Included?N1110-X with 64-licenses @ 40% price-reduction • Base Package: • Nexus 1110-X Hosting Appliance • For hosting Virtual Supervisor Module, Virtual Security Gateway, VXLAN VLAN gateway and other virtual services (e.g. NetScaler 1000V, vNAMetc.) • 64 Universal Licenses • Nexus 1000V License for ANY hypervisor. Migration allowed. • VSG licenses included • Optional Package: • Additional 64 Universal Licenses • Nexus 1000V License for ANY hypervisor. Migration allowed. • VSG licenses included
Nexus 1000V Promo Overview2 PIDs: N5K-FEX-N1K-PROMO & N6K-FEX-N1K-PROMO N6K-FEX-N1K-PROMO N5K-FEX-N1K-PROMO N6001P-6FEX-1G Base Package: N1110-X+64 licenses N5548UP-4N2248TF Optional Package: Add. 64-licenses Base Package: N1110-X+64 licenses N5548UPL3-2N2248TF Optional Package: Add. 64-licenses N6001P-8FEX-1G N5596UP-4N2232PF N5548UPM-4FEX N6001P-4FEX-10G N6001P-6FEX-10G N6004EF-6FEX-1G N5596UP-4FEX N5596UPM-6FEX N6004EF-8FEX-1G N5596UPMM-8FEX N6001P-4FEX-10GT N5596UP-6N2248TF N6004EF-4FEX-10G N6001P-6FEX-10GT N5596UPMM-12N2248T N5596UPM-8N2248TF N6004EF-12FEX-1G N6001P-4FEX-1G N6004EF-6FEX-10G N5596UP-6N2248TR N5548UPM-6N2248TP N5548UP-4N2248TP N6004EF-4FEX-10GT N5596UPM-8N2248TP N6004EF-8FEX-10G N5596UP-6N2248TP N6001P-2FEX-10G N5548UP-4N2248TR N5548UPM-6N2248TR N6004EF-4FEX-1G N6004EF-8FEX-10GT N6004EF-6FEX-10GT
Nexus 1000V Promo OverviewOrdering example for N6K-FEX-N1K-PROMO