Transcript Slides

Many of the products and features described herein
remain in varying stages of development and will be
offered on a when-and-if-available basis. This
roadmap is subject to change at the sole discretion of
Cisco, and Cisco will have no liability for delay in the
delivery or failure to deliver any of the products or
features set forth in this document.
Operational
Complexity
 Managing
networks across
physical & virtual
environments
Consistent
Operational
Model
Maturing
Hypervisor market
 Economics
 Use-cases
requiring different
hypervisors
Multi-hypervisor
Support
Virtual Services
 Secure virtual
environment
 Rich network
services
Multi-services
support with
vPath
Public Cloud
 Security
concerns for
public cloud
 Mobility
concerns
Multi-cloud
support
Resource
Utilization
 VM Mobility
across DC
 Mobility across
DCs and across
clouds
Overlay
Technology
Support
Diverse Virtualization Requirements for DataCenter Customers
PHYSICAL
WORKLOAD
VIRTUAL
WORKLOAD
• One app per Server
• Static
• Manual provisioning
• Many apps per Server
• Mobile
• Dynamic provisioning
HYPERVISOR
CLOUD
WORKLOAD
• Multi-tenant per Server
• Elastic
• Automated Scaling
VDC-1
CONSISTENCY: Policy, Features, Security, Management
Switching
Nexus 7K/5K/3K/2K
Nexus 1000V, VM-FEX
Routing
ASR
Cloud Services Router (CSR 1000V)
Services
WAAS, ASA, NAM
Virtual WAAS, VSG, ASA 1000V, vNAM*
Compute
UCS for Bare Metal
UCS for Virtualized Workloads
VDC-2
Nexus 1000V
Multi-Cloud
Multi-Services
Multi-Hypervisor
Compute
 Cisco Unified Computing
(UCS)
Networking
Manageability
 Cisco Nexus 1000V
 Cisco UCS Manager
 Cisco UCS VM-FEX
 Cisco UCS PowerTool
Certified for various Microsoft applications
Bring network to the hypervisor
(Cisco Nexus 1000V Switch)
VM
VM
VM
VM
Bring VM awareness to physical network
(Cisco UCS VM-FEX)
VM
VM
VM
Cisco Nexus 1000V
Server
Adapter
IEEE 802.1Q Network
UCS
Server
VM-FEX
UCS VIC
UCS
Fabric Inter-connect
VM
Essential ($0)
Advanced ($695/cpu)
VLANs, ACL, QoS


vPath


LACP


Multicast


Netflow, SPAN, ERSPAN


Management (SNMP etc.)


SCVMM Integration


DHCP Snooping

IP Source Guard

Dynamic ARP Inspection

Virtual Security Gateway**

** Only supports network-attributes
VM
VM
VM
VM
VNICs
Nexus 1000V VEM
Advanced NX-OS feature-set
Nexus 1000V
VSM
Innovative Services architecture
(vPath)
Extensible vSwitch
Consistent operational model
PNICs
SCVMM Integration
Virtual Appliance
VSM-1 (active)
Network
Admin
VSM-2 (standby)
NX-OS
Control Plane
Back Plane
Supervisor-1 (Active)
Supervisor-2 (StandBy)
Linecard-1
Linecard-2
…
NX-OS
Data Plane
Linecard-N
Modular Switch
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
Server
Admin
VEM-1
VEM-2
WS 2012 Hyper-V
WS 2012 Hyper-V
VEM-N
WS 2012 Hyper-V
VM
VM
VM
VM
Cisco
Nexus
1000V
VEM
VM
VM
VM
Cisco
Nexus
1000V
VEM
WS 2012 Hyper-V
Server
WS 2012 Hyper-V
Server
VM
VM
VM
VM
VM
Cisco
Nexus
1000V
VEM
WS 2012 Hyper-V
Server
Virtual Supervisor Module (VSM)
Virtual Ethernet Module (VEM)
• Virtual or Physical appliance running Cisco
NXOS (supports Hi-availability)
• Enables advanced networking capability on
the hypervisor
• Performs management, monitoring, and
configuration
• Provides each virtual machine with
dedicated “switch port”
• Tight integration with management platforms
• Collection of VEMs :1 virt. Distributed Switch
Cisco Nexus 1000V VSM
System Center Virtual Machine Manager
Switching
Security
Network Services
Provisioning
Visibility
Management

L2 Switching, 802.1Q Tagging, Rate Limiting (TX)

IGMP Snooping, QoS Marking (COS & DSCP)

Policy Mobility, Private VLANs w/ local PVLAN Enforcement

Access Control Lists (L2–4 w/ Redirect), Port Security

Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping*

Virtual Services Datapath (vPath) support for traffic steering & fast-path off-load
[leveraged by Virtual Security Gateway (VSG) and other services]

Full integration with System Center – VM Manager (SCVMM)

Faster network policy provisioning through port profiles

Live Migration Tracking, NetFlow v.9 w/ NDE, CDP v.2

VM-Level Interface Statistics

SPAN & ERSPAN (policy-based)

VM Network Provisioning (port-profiles), CiscoWorks, Cisco DCNM

Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)

Hitless upgrade, SW Installer
* Only with Advanced Edition
Cisco Virtual Networking
Policy-Based
VM Connectivity
Port Profiles
Defined Policies
Mobility of Network and Security
Properties
VM
VM
VM
WEB Apps
VM
VM
VM
Nexus
1000V
VEM
HR
DB
VM
Non-Disruptive
Operational Model
Hypervisor
VM
Nexus
1000V
VEM
Hypervisor
DMZ
VM Connection Policy
• Defined in the network
Server
Server
• Applied in SCVMM
VM Mgmt Station
Nexus 1000V VSM
Cisco Virtual Networking
Policy-Based
VM Connectivity
Mobility of Network and Security
Properties
VM
VM
VM
VM
Non-Disruptive
Operational Model
VM
VM
VM
VM
VM
VM
VM
VM
VMs Need to Move
•
•
•
•
VM Migration
Resource Scheduling
SW upgrade/patch
Hardware failure
VM Networking
Mobility
Nexus
1000V
VEM
Hypervisor
Server
Nexus
1000V
VEM
Hypervisor
Server
• Live Migration
• Ensures VM security
• Maintains connection state
VM Mgmt Station
Nexus 1000V VSM
Logical Networks and Network Sites
San Jose
Host1
VM
VM
Host2
VM
VM
Network Site
VM
Seattle
Host3
VM
VM
VM
Host4
VM
VM
Network Site
Logical Network
VM
Host5
VM
VM
VM
Host6
VM
VM
VM
VM
Network Site
20
Virtual Machine Networks
2
Port-Classifications
VM
VM
VM
VM
VNICs
Bundling of profiles
from each extension is
the port-classification
Extensible vSwitch
PNICs
Associating VM VNICs to VM Networks & Port-classifications
Putting everything together
VM
VM
Servers
Guests
Clients
VM
VM
VM
VM
VM
IP-Pool1
VM Netwrk:DMZ_Pod1_Subn1
DMZ_Pod2_Subnet1
IP-Pool4
IP-Pool2
VM Netwrk:DMZ_Pod1_Subn2
DMZ_Pod2_Subnet2
IP-Pool5
IP-Pool3
VM Netwrk:DMZ_Pod1_Subn3
DMZ_Pod2_Subnet3
IP-Pool6
Network Site ‘DMZ_POD1’
Network Site ‘DMZ_POD2’
Logical Network ‘DMZ’
2
SCVMM Terminology
Cisco Nexus 1000V Terminology
Logical Networks
Logical Networks
Network Sites
Network Segment Pools
VM Networks
Network Segments
IP-Pools
IP-Pools & IP-Pool Templates
Port-Classifications
Port-profiles
# logical-network DMZ
…..
# network-segment-pool DMZ_POD1
…..
# network-segment DMZ_POD1_SUBNET1
switchport mode access
switchport access vlan 20
ip-pool DMZ_POD1_Pool1
network-segment-pool DMZ_POD1
# network-segment DMZ_POD1_SUBNET2
switchport mode access
switchport access vlan 21
ip-pool DMZ_POD1_Pool2
network-segment-pool DMZ_POD1
# network-segment DMZ_POD1_SUBNET3
switchport mode access
switchport access vlan 22
ip-pool DMZ_POD1_Pool2
network-segment-pool DMZ_POD1
Logical network “DMZ”
Network Site “DMZ_POD1”
VM Network DMZ_POD1_SUBNET1
VM Network DMZ_POD1_SUBNET2
VM Network DMZ_POD1_SUBNET3
Clients
VM
VM
Guests
VM
VM
VM
Intranet
Servers
VM
VM
Network Segment
One network, multiple profiles for access
2
Clients
VM
VM
Guests
VM
VM
Clients
Servers
VM
VM
VM
VM
VM
VM
VM
VM
Servers
VM
VM
Tenant B Intranet
Tenant A Intranet
Clients
VM
Guests
VM
Guests
VM
VM
VM
Tenant C Intranet
Servers
VM
VM
Multiple networks use the same profiles
2
Application Clients
VM
VM
Application Servers
VM
VM
Application Network (VLAN 10)
Cisco Nexus 1000V for VMware vSphere
# port-profile application-client
switchport mode access
switchport access vlan 10
ip port access-group applicatoin-client in
no shut
state enabled
# port-profile intranet-server
switchport mode access
switchport access vlan 10
ip port access-group application-server in
no shut
state enabled
Cisco Nexus 1000V for Microsoft Hyper-V
# network-segment application-network
switchport mode access
switchport access vlan 10
# port-profile applicatoin-client
ip port access-group application-client in
no shut
state enabled
# port-profile application-server
ip port access-group application-server in
no shut
state enabled
VM
VM
VM
VM
4
SCVMM manages the placement and livemigration of the VMs based on the
constraints between VM networks and the
network sites.
Nexus
1000V
VEM
Adds hosts to N1KV
3 Connects VMs (VNICs)
SCVMM
WS 2012 Hyper-V
Server
Server
Admin
to VM Networks
5
2
Networks & policies
synced to SCVMM
Nexus 1000V
VSM
1
Network
Create networks and
Admin
policies (logical networks,
network sites,
VMnetworks)
URI: http://<VSM-IP-address>/api/<object-locator>
CRUD Operations through VSM RESTful APIs
Create an object*
HTTP POST
Read an object
HTTP GET
Update an object
HTTP POST
Delete an object
HTTP DELETE
*Objects can be VM networks, Port-profiles, IP-Pools etc.
Write/Update Operations are only supported on limited set of objects
Construct the URL using
the above template
Arguments are
passed to APIs in
JSON format
Use a webbrowser or
Powershell to
query VSM
Parse XML
response to get
the required
information
•
#Set up the basic Parameters Required for API Calls
•
#Create IP-Pool Information - HTTP POST
•
#Update IP-Pool Information - HTTP POST
•
#Read VSEM Information - HTTP GET
•
#Delete VM Network – HTTP DELETE
3
Consistent
Networking Features
Consistent
Operational Model
• NX-OS feature across multiple hypervisors & across physical
• Advanced NX-OS switching features, including security, visibility,
QoS, segmentation, port channelling etc.
• NX-OS CLI across multiple hypervisors & across physical
• Separation of duties between network & server admins
• Dynamic provisioning and VM mobility awareness
• Leverage existing monitoring and management tools
Consistent
Network Services
• Leverage existing virtual services
Virtual Security Gateway, virtual NAM, NAM on Nexus 1010
• Services can be hosted on Nexus 1010
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Virtual Security
Gateway (VSG)*
4
Nexus 1000V
Distributed Virtual Switch
vPath
Decision
Caching
1
Initial Packet
Flow
3
2 Flow Access Control
(policy evaluation)
Log/Audit
* First version only supports network attributes
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
Distributed Virtual Switch
Virtual Security
Gateway (VSG)*
vPath
ACL offloaded to
Nexus 1000V
(policy enforcement)
Remaining packets
from flow
Log/Audit
* First version only supports network attributes
Provide SCVMM Credentials
Provide Host info for Primary & Secondary VSM
Cisco Nexus 1000V Demo Topology
Employee
Contractor
Web
Server
Nexus
1000V
VEM
Win 2012 Hyper-V
Nexus
1000V
VEM
Win 2012 Hyper-V
Configure the port-profiles so that
web-server access is restricted:
• Employee can access
• Contractor is restricted
NAM (or any other monitoring
tool) can be configured to analyze
the VM-to-VM traffic using
ERSPAN on N1KV.
Nexus 1000V VSM
NAM
Cisco Nexus 1000V and UCS VM-FEX
Bring network to the hypervisor
(Cisco Nexus 1000V Switch)
VM
VM
VM
VM
Bring VM awareness to physical network
(Cisco UCS VM-FEX)
VM
VM
VM
Cisco Nexus 1000V
Server
Adapter
IEEE 802.1Q Network
UCS
Server
VM-FEX
UCS VIC
UCS
Fabric Inter-connect
VM
Simplifying the Access Infrastructure
Hypervisor
VETH
Hypervisor
Physical Network
VNIC
VM
VM
VM
VM
VM
VM
VM
VM
Virtual Network
47
Traffic Forwarding
Hypervisor
VETH
Hypervisor
Physical Network
VNIC
VM
VM
VM
VM
VM
VM
VM
VM
48
Enumeration vs. Hypervisor Bypass
Emulated Mode
Standard (Emulated) Mode
Hypervisor Bypass
High Performance Mode
 Each VM gets a dedicated PCIe
device

Co-exists with Standard mode

Bypasses Hypervisor layer
 ~12%-15% CPU performance
improvement

 Appears as distributed virtual
switch to hypervisor
~30% improvement in I/O
performance

Appears as distributed virtual
switch to hypervisor

Currently supported through SRIOV with Hyper-V 2012

Live Migration supported
 LiveMigration supported
49
Live Migration with Hypervisor Bypass
Temporary transition
from SR- IOVto standard
I/O
10000
Mbps
7500
LiveMigration to
secondary host
5000
2500
Time (secs)
19:06:52
19:06:47
19:06:43
19:06:39
19:06:35
19:06:31
19:06:27
19:06:23
19:06:19
0
1 sec silent period
• VM Sending TCP stream (1500MTU)
• UCS B200 M2 blades with UCS VIC card
50
Network
Admin
Server
Admin
SCVMM
UCS
Provider
Plugin
Pull Fabric, VM
Network and Port
Profile Definitions
Fabric
Interconnect
UCS Manager
Hyper-V Host
UCS VM-FEX Forwarding
Extension
NX-OS
Dynamic VM-FEX Veth
link provisioning
VM Live Migration Boundary
HOST GROUP: ENGG-SJC
VM1
VM2
SAVBU-NET,
SAVBU-NET,
NMTG-NET,
Gold-VPP
Silver-VPP
Silver-VPP
vSwitch
HOST GROUP: SALES-SJC
VM3
VM4
NMTG,
Gold-VPP
SAVBU-NET,
Silver-VPP
vSwitch
Host 1
VM5
WEB,
Bronze-VPP
vSwitch
VM6
NMTG-NET,
Silver-VPP
VM1
VM2
SAVBU-NET,
SAVBU-NET,
NMTG-NET,
Gold-VPP
Silver-VPP
Silver-VPP
vSwitch
vSwitch
Host 4
Host 3
Host 2
HOST GROUP: ENGG-NYC
Gold-VPP
Silver-VPP
Bronze-VPP
Host 1
Uplink PPSales
Uplink PPEngg
FND: PUBLIC-SJC
NMTG,
Gold-VPP
VM5
SAVBU-NET,
Silver-VPP
WEB,
Bronze-VPP
vSwitch
Gold-VPP
Silver-VPP
Bronze-VPP
PUBLIC
Uplink PPSales
VMND: WEB, VLAN: 155
FND: PRIVATE-NYC
VMND: SAVBU-NET, VLAN: 10
VMND: SAVBU-NET, VLAN: 110
PUBLIC
VMND: NMTG-NET, VLAN: 120
UCS-NYC
VM6
NMTG-NET,
Silver-VPP
vSwitch
Host 4
Host 3
Host 2
FND: PUBLIC-NYC
FND: PRIVATE-SJC
UCS-SJC
VM4
Logical Switch (DVS)
VMND: WEB, VLAN: 55
VMND: NMTG-NET, VLAN: 20
VM3
vSwitch
Logical Switch (DVS)
Uplink PPEngg
HOST GROUP: SALES-NYC
Step by Step
• Define Networks in UCSM
1
•Define Fabric & VM networks, port-profiles (port-classification)
•Create SCVMM and associated logical switch instance
2
• Install UCS Plugin & Forwarding Extension, Create VSEM instance as provider
• Provider will fetch all the network definitions from UCS and periodically poll for updates
3
• Setup SCVMM to use UCS networks
• Assign VM networks
• Associate SCVMM Native VM network to externally (UCS) provided VM networks
4
• Assign Hyper-V hosts to above logical switch instance
• VM-FEX Forwarding Extension driver is automatically installed on Hyper-V host by SCVMM
5
• Create VM Instance
• Assign VM NIC to a VM Network & port classification
6
• Upon power on of VM, VMFEX driver establishes network link with UCS Fabric Interconnect
• FI enforces port classification as per assigned port profile properties
• Provision Hyper-V hosts
• Provision VM
• Use VM
VM-FEX Forwarding Extension View in SCVMM
54
VM-FEX Virtual Machine View in SCVMM
55
SCVMM VM Instance View in UCSM
56
http://www.cisco.com/en/US/products/ps13056/index.html
http://www.cisco.com/go/nexus1000v
http://www.cisco.com/go/vmfex
http://www.cisco.com/go/microsoft
[email protected]
[email protected]
www.cisco.com/go/1000vcommunity
Date
Technical Track Topic
Webinar
Preso
2/21/13
Cisco Open Network Environment (Cisco ONE) – SDN
Play
PDF
2/28/13
3/06/13
3/13/13
3/20/13
3/27/13
4/03/13
4/10/13
4/17/13
4/24/13
5/01/13
05/08/13
5/15/13
Cisco One Platform Kit (onePK): Technical Deep Dive and key use cases
Nexus 1000V for Hyper-V with Microsoft SCVMM integration w/ live demo
Cisco ONE Controller: Technical Deep Dive and Key Use Cases
5000 Seat VDI Architecture: Cisco UCS & N1KV, Citrix XenDesktop, and EMC VNX
N1KV v2.2 for vSphere: More scale, Multicast-less VXLAN, VXLAN Gateway
Cloud Services Router (CSR 1000V): Technical deep dive and key use cases
Cloud Security with ASA 1000V and Virtual Security Gateway v2.1 (VSG)
Secure Hybrid Cloud solution with Nexus 1000V InterCloud & VNMC InterCloud
Nexus 1100 for Cloud Network Services: New Services & Ecosystem
Cloud Networking Services: vNAM and vWAAS
VMDC solution with Cloud Networking Services
Nexus 1000V for KVM (with OpenStack and VXLAN)
Play
Play
Play
Play
Play
Play
PDF
PDF
PDF
PDF
PDF
PDF
Register
Register
Register
Register
Register
Register
www.cisco.com/go/1000vcommunity
Date
Technical Track Topics
Webinar
Play
Preso
PDF
9/26/2012
Nexus 1000V on Hyper-V with Windows Server 2012 (Blog)
9/27/2012
Nexus 1000V 2.1: Latest Innovations in Virtual Machine Networking (w/ demo)
Play
PDF
10/3/2012
Best Practices for Deploying VXLAN w/ N1KV
Play
PDF
10/10/2012
Cisco's Open Network Environment (ONE) update – includes network
programmability, controller & OF, virtual overlays & open clouds
Play
PDF
10/24/2012
Securing Clouds with ASA 1000V and VSG w/ vPath 2.0
Play
PDF
10/31/2012
Cloud Services Router (CSR) 1000V: Connect to provider-hosted clouds
Play
PDF
Play
PDF
Play
PDF
Openstack @ Cisco & Quantum support for Nexus 1000V on KVM
Nexus 1000V for Hyper-V: Enable Multi-hypervisor & Multi-service
11/14/2012
Clouds (w/ demo)
11/7/2012
www.cisco.com/go/1000vcommunity
Date
Technical Track Topics
Webinar
Preso
2/14/12
Virtual Security Gateway (VSG) v1.3
Play
PDF
2/22/12
Nexus 1000V v1.5 Technical Deep Dive
Play
PDF
2/29/12
Nexus 1010-X v1.4 Technical Deep Dive
Play
PDF
3/7/12
vWAAS and Nexus 1000V Technical Deep Dive
Play
PDF
3/14/12
FlexPod & Nexus 1000V/1010
Play
PDF
3/21/12
VMDC QoS for Hybrid Cloud-based Multimedia Services with N1KV
Play
PDF
3/28/12
Vblock & Nexus 1000V / VSG / vWAAS
Play
PDF
4/4/12
vCloud Director, Nexus 1000V, and VXLAN Technical Deep Dive
Play
PDF
4/11/12
Cisco's CloudLab Deep Dive: Hands-on labs for N1KV, VSG & VXLAN
Play
PDF
4/18/12
NAM and DCNM on the Nexus 1010 and 1010-X
Play
PDF