340 likes | 782 Views
Cisco Nexus 1000V. Ralf Eberhardt reberhar@cisco.com. Legal Disclaimer.
E N D
Cisco Nexus 1000V Ralf Eberhardt reberhar@cisco.com
Legal Disclaimer Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
Agenda • Networking Challenges of Server Virtualization • Cisco VN-Link Introduction • Cisco Nexus 1000V • Overview & Architecture • Deployment Scenarios • Advanced Features • Additional Information
Transparency in the Eye of the Beholder With virtualization, VMs have a transparent view of their resources…
Transparency in the Eye of the Beholder …but its difficult to correlate network and storage back to virtual machines
Transparency in the Eye of the Beholder Scaling globally depends on maintaining transparency while also providing operational consistency
Networking Challenges to Scaling Server Virtualization Security and Policy Enforcement Operations andManagement OrganizationalStructure Applied at physical server—not the individual VM Impossible to enforce policy for VMs in motion Muddled ownership as server admin must configure virtual network Organizational redundancy creates compliance challenges Lack of VM visibility, accountability, and consistency Inefficient management model and inability to effectively troubleshoot
Cisco Virtual Network Link – VN-LinkVirtualizing the Network Domain Virtual machine aware network and storage services Abstract physical and logical infrastructure Virtual machines are the new data center building block
VN-Link Brings VM Level Granularity Problems: VMotion • VMotion may move VMs across physical ports—policy must follow vSwitch • Impossible to view or apply policy to locally switched traffic vSwitch vSwitch • Cannot correlate traffic on physical links—from multiple VMs VLAN101 • VN-Link: • Extends network to the VM • Consistent services • Coordinated, coherent management
Nexus 1000V Nexus 1000V Cisco Nexus 1000VIndustry First 3rd Party Virtual Distributed Switch • Nexus 1000V provides enhanced VM switching for VMW ESX environments • Features VN-Link capabilities: • Policy-based VM connectivity • Mobility of network and security properties • Non-disruptive operational model • Ensures visibility and continued connectivity during VMotion Server 1 Server 2 VM #1 VM #1 VM #1 VM #2 VM #2 VM #3 VM #3 VM #4 VM #4 VM #5 VM #5 VM #6 VM #5 VM #7 VM #7 VM #8 VM #8 Nexus 1000V VMware vSwitch VMware vSwitch VMW ESX VMW ESX Enabling Acceleration of Server Virtualization Benefits
What is a Virtual Distributed Switch? • A Virtual Distributed Switch, is a concept developed by VMware and Cisco to allow a single vSwitch to span multiple hosts. • VMW calls this a vNetwork Distributed Switch. • The Cisco Nexus 1000V, a 3rd party virtual distributed switch, will be supported in VMware ESX and Virtual Infrastructure in the 1st half of 2009
Cisco Nexus 1000V Architecture Server 1 Server 2 Server 3 VM #1 VM #2 VM #3 VM #4 VM #5 VM #6 VM #7 VM #8 VM #9 VM #10 VM #11 VM #12 VMW ESX VMW ESX VMW ESX VMware vSwitch VMware vSwitch VMware vSwitch Nexus 1000V VEM VEM VEM Nexus 1000V VSM Virtual Supervisor Module (VSM) • Virtual or Physical appliance running Cisco OS (supports HA) • Performs management, monitoring, & configuration • Tight integration with VMware Virtual Center Virtual Ethernet Module (VEM) • Enables advanced networking capability on the hypervisor • Provides each VM with dedicated “switch port” • Collection of VEMs = 1 Distributed Switch Virtual Center Cisco Nexus 1000V Enables: • Policy Based VM Connectivity • Mobility of Network & Security Properties • Non-Disruptive Operational Model
Cisco Nexus 1000VFaster VM Deployment Cisco VN-Link—Virtual Network Link Policy-Based VM Connectivity Mobility of Network & Security Properties Non-DisruptiveOperational Model VM #1 VM #5 VM #2 VM #6 VM #7 VM #3 VM #4 VM #8 Server Server VMW ESX VMW ESX Cisco Nexus 1000V Defined Policies VM Connection Policy • Defined in the network • Applied in Virtual Center • Linked to VM UUID WEB Apps HR DB Compliance Virtual Center
Cisco Nexus 1000VRicher Network Services VM #1 VM #1 VM #2 VM #2 VM #3 VM #3 VM #4 VM #4 VM #5 VM #6 VM #7 VM #8 VN-Link: Virtualizing the Network Domain Server Policy-Based VM Connectivity Mobility of Network & Security Properties Non-DisruptiveOperational Model Server VMW ESX Cisco Nexus 1000V VMW ESX VMs Need to Move • VMotion • DRS • SW Upgrade/Patch • Hardware Failure VN-Link Property Mobility • VMotion for the network • Ensures VM security • Maintains connection state Virtual Center
Cisco Nexus 1000VIncrease Operational Efficiency VM #1 VM #2 VM #3 VM #4 VM #5 VM #6 VM #7 VM #8 VN-Link: Virtualizing the Network Domain Server Policy-Based VM Connectivity Mobility of Network & Security Properties Non-DisruptiveOperational Model Server VMW ESX Cisco Nexus 1000V VMW ESX Network Benefits • Unifies network mgmt and ops • Improves operational security • Enhances VM network features • Ensures policy persistence • Enables VM-level visibility Server Benefits • Maintains existing VM mgmt • Reduces deployment time • Improves scalability • Reduces operational workload • Enables VM-level visibility Virtual Center
How Does It Work? Deploying the Nexus 1000V
Nexus 1000V VSM Deploying the Cisco Nexus 1000VCollaborative Deployment Model • VMW Virtual Center & Cisco Nexus 1000V relationship established • Network Admin configures Nexus 1000V to support new ESX hosts • Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center Server 1 VMW ESX Nexus 1000V—VEM 3. 2. 1. Virtual Center
Nexus 1000V VSM Deploying the Cisco Nexus 1000VCollaborative Deployment Model • VMW Virtual Center & Cisco Nexus 1000V relationship established • Network Admin configures Nexus 1000V to support new ESX hosts • Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center • Repeat step three to add another host and extend switch configuration Server 1 Server N VMW ESX VMW ESX Nexus 1000V Nexus 1000V—VEM Nexus 1000V—VEM 4. Virtual Center
VM #1 VM #2 VM #3 VM #4 Nexus 1000V VSM Available Port Groups WEB Apps HR DB Compliance Policy Based VM ConnectivityEnabling Policy • Nexus 1000V automatically enables port groups in Virtual Center • Server Admin uses Virtual Center to assign vnic policy from available port groups • Nexus 1000V automatically enables VM connectivity at VM power-on Server 1 3. 2. VMW ESX Nexus 1000V - VEM 1. Virtual Center WEB Apps: • PVLAN 108, Isolated • Security Policy = Port 80 and 443 • Rate Limit = 100 Mbps • QoS Priority = Medium • Remote Port Mirror = Yes
Policy Based VM ConnectivityWhat Can a Policy Do? VM #1 VM #2 VM #3 VM #4 Nexus 1000V VSM Server VMW ESX Nexus 1000V - VEM Virtual Center • Policy definition supports: • VLAN, PVLAN settings • ACL, Port Security, ACL Redirect • Cisco TrustSec (SGT) • NetFlow Collection • Rate Limiting • QoS Marking (COS/DSCP) • Remote Port Mirror (ERSPAN)
Mobility of Security and Network PropertiesFollowing Your VMs Around VM #1 Nexus 1000V VSM Virtual Center kicks off a Vmotion (manual/DRS) and notifies Nexus 1000V During VM replication, Nexus 1000V copies VM port state to new host Server 2 Server 1 VM #1 VM #2 VM #3 VM #4 VM #5 VM #6 VM #7 VM #8 VMW ESX VMW ESX Nexus 1000V Nexus 1000 -—VEM Nexus 1000V—VEM 2. Mobile Properties Include: • Port policy • Interface state and counters • Flow statistics • Remote port mirror session 1. • VMotion Notification • Current: VM1 on Server 1 • New: VM1 on Server 2 • Network Persistence • VM port config, state • VM monitoring statistics Virtual Center
Mobility of Security and Network PropertiesFollowing Your VMs Around VM #1 VM #1 VM #1 Nexus 1000V VSM Virtual Center kicks off a Vmotion (manual/DRS) & notifies Nexus 1000V During VM replication, Nexus 1000V copies VM port state to new host Once VMotion completes, port on new ESX host is brought up & VM’s MAC address is announced to the network Server 2 Server 1 VM #2 VM #3 VM #4 VM #5 VM #6 VM #7 VM #8 VMW ESX VMW ESX Nexus 1000V Nexus 1000 -—VEM Nexus 1000V—VEM 3. Network Update • ARP for VM1 sent to network • Flows to VM1 MAC redirected to Server 2 Virtual Center
Increase Operational Efficiency What stays the same? What gets better?
Cisco Nexus 1000VThree New Features that Make a Difference Encapsulated Remote SPAN (ERSPAN) NetFlow v.9 with Data Export Private VLANs (PVLANs) • Mirror VM interface traffic to a remote sniffer • Identify root cause for connectivity issues • No host-based sniffer virtual appliance to maintain • Follows your VM with VMotion or DRS • View flow-based stats for individual VMs • Captures multi-tiered app traffic inside a single ESX host • Export aggregate stats to dedicated collector for DC-wide VM view • Follows your VM with VMotion or DRS • Great for mixed use ESX clusters • Segment VMs w/o burning IP addresses • Supports isolated, community and promiscuous trunk ports • Follows your VM with VMotion or DRS
Cisco Nexus 1000V – VM Security VM #1 VM #1 VM #2 VM #2 VM #3 VM #3 VM #4 VM #4 VM #1 VM #2 VM #3 VM #4 Server Server Server I P I I C I C Cisco Nexus 1000V VMW ESX VMW ESX VMW ESX • Cisco TrustSec • Admission control: 802.1X • Hop-by-hop crypto: 802.1AE • Security Group Tag • Security Features • Access Control List • Port Security • DHCP Snooping • IP Source Guard • Dynamic ARP Inspection • Private VLAN • Promiscuous port • Isolated port • Community port
Key Features of the Nexus 1000V • L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX) • IGMP Snooping, QoS Marking/Queuing • Policy Mobility, PVLAN, ACL (L2–4 w/ Redirect), Port Security • Cisco TrustSec—Authentication, Admission, Access Control • Automated vSwitch Config, Port Profiles, Virtual Center Integration • Optimized NIC Teaming • Historical VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2 • VM-Level Interface Statistics, Wireshark • Virtual Center VM Provisioning, Cisco Network Provisioning • Cisco CLI, XML API, SNMP (v.1, 2, 3) Management Provisioning Switching Security Visibility
Nexus 1000V Deployment ScenariosPick Your Flavor Nexus 1000V VSM Rack Optimized Servers Works with all types of servers (rack optimized, blade servers, etc.) Works with any type of upstream switch (Blade, Top or Rack, Modular) Works at any speed (1G or 10G) Nexus 1000V VSM can be deployed as a VM or a physical appliance Blade Servers Virtual Center
Security and Policy Enforcement Operation & Management Organizational Structure Accelerate Server VirtualizationEnable, Simplify, Scale Simplify management and troubleshooting with VM-level visibility Scalewith automated server & network provisioning Enable flexible collaboration with individual team autonomy Simplify and maintain existing VM mgmt model EnableVM-level security and policy Scalethe use of VMotion and DRS
Cisco Nexus 1000: More Information… • http://www.cisco.com/go/datacenter
Server Server VM #1 VM #2 VM #3 VM #4 VM #1 VM #2 VM #3 VM #4 VMW ESX VMW ESX Nexus 1000V Initiator NIC NIC Nexus 1000V Nexus 5000 Cisco Virtual Network Link – VN-Link Virtualizing the Network Domain Policy-BasedVM Connectivity Mobility of Network & Security Properties Non-Disruptive Operational Model LAN Cisco Nexus 1000V (Software Based) Nexus 5000 with VN-Link (Hardware Based) • Cisco switch for VMW ESX • Compatible with any switching platform • Leverages Virtual Center for server admin; Cisco CLI for network admin • Scalable, hardware based, high performance solution • Standards driven approach to delivering hardware based VM networking • Combines VM & physical network operations into 1 managed node Two Complementary Models to Address Evolving Customer Requirements
Cisco Nexus 1000VSoftware Based VN-Link With the Cisco Nexus 1000V Server VM #1 VM #2 VM #3 VM #4 • Industry’s first third-party ESX switch • Built on Cisco NX-OS • Compatible with switching platforms • Maintain Virtual Center provisioning model unmodified for server administration; allow network administration of Nexus 1000V via familiar Cisco NX-OS CLI VMW ESX Nexus 1000V NIC NIC Nexus 1000V LAN Policy-Based VM Connectivity Mobility of Network and Security Properties Non-Disruptive Operational Model
Nexus Switch with VN-LinkHardware Based VN-Link with Network Interface Virtualization Server • Allows scalable hardware-based implementations through hardware switches • Standards-based initiative: Cisco & VMware proposal in IEEE 802 to specify “Network Interface Virtualization” • Combines VM and physical network operations into one managed node VM #1 VM #2 VM #3 VM #4 VMW ESX VN-Link Nexus Policy-Based VM Connectivity Mobility of Network and Security Properties Non-Disruptive Operational Model