End-to-End Data Center Virtualization - Cisco€¦ · Data Center Virtualization Overview •...
Transcript of End-to-End Data Center Virtualization - Cisco€¦ · Data Center Virtualization Overview •...
Cisco Public 1© 2010 Cisco and/or its affiliates. All rights reserved.
End-to-EndData Center VirtualizationTomáš Ondovčík
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Virtual SANs / Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
Virtual Machines & IO virtualization
Front-End Virtualization
Virtual Firewall Context
Virtual Firewall Context
Virtual SLBContext
VSSVLAN VRF VPCVDC
vHBAVSANs FCoECNA
Access Layer – Physical and Virtual
• Data Center Virtualization Overview
• Front-End Data Center VirtualizationCore LayerAggregation LayerNetworking ServicesAccess Layer
• Server VirtualizationHypervisorsVirtual Access Layer Server IO Virtualization
• Back-End VirtualizationVirtual HBA & NPVUnified IO & FCoESAN & Storage
• Q&A
Cisco Public 3© 2010 Cisco and/or its affiliates. All rights reserved.
CBS 31xx Blade
Nexus 7000End-of-Row
Access Layer
Catalyst 6500End-of-Row
CBS 31xxMDS 9124eNexus 4000
10GbE and 4/8Gb FC Server Access10Gb DCE / FCoE Server Access
1GbE Server Access
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
10 Gigabit FCoE/DCE
MDS 9500Storage
SAN BSAN A
Aggregation Layer
Nexus 700010GbE AggCatalyst 6500 or appliances
DC Services
vPC
Nexus 700010GbE Core
vPCCore Layer
Nexus 5000 & Nexus 2000Top-of-Rack
Cisco UCSNexus 5000 &FCoETop-of-Rack
FIP
FIP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
• Data Center Virtualization Overview
• Front-End Data Center VirtualizationCore LayerAggregation LayerNetworking ServicesAccess Layer
• Server VirtualizationHypervisorsVirtual Access Layer Server IO Virtualization
• Back-End VirtualizationVirtual HBA & NPVUnified IO & FCoESAN & Storage
• Implementation ExamplesvBlockSecure Cloud
• Q&A
Virtual SANs / Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
Virtual Machines & IO virtualization
Front-End Virtualization
Virtual Firewall Context
Virtual Firewall Context
Virtual SLBContext
VSSVLAN VRF VPCVDC
vHBAVSANs FCoECNA
Access Layer – Physical and Virtual
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
10 Gigabit FCoE/DCE
Nexus 700010GbE Core
vPCCore Layer
Aggregation Layer
Nexus 700010GbE Agg
vPC
Cisco Public 6© 2010 Cisco and/or its affiliates. All rights reserved.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Kernel
Infrastructure
Protocol StackVDCA
Nexus 7000 Physical Switch
VDC A
Pro
cess
AB
C
Pro
cess
DE
F
Pro
cess
XY
Z…
Protocol StackVDCB
VDC B
Pro
cess
AB
C
Pro
cess
DE
F
Pro
cess
XY
Z
…
Process “DEF” in VDC B Crashes
Process DEF in VDC A Is Not Affected and Will Continue to Run Unimpeded
ABCD
AB
C D
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
FIB TCAMSize 128K
ACL TCAMSize 64K
FIB TCAMSize 128K
FIB TCAMSize 128K
FIB TCAMSize 128K
VDC-1IP routes: 20K
ACL entries: 10K
VDC-2IP routes: 100KACL entries: 50K
ACL TCAMSize 64K
VDC-3IP routes: 100KACL entries: 50K
ACL TCAMSize 64K
ACL TCAMSize 64K
Linecard 1 Linecard 2
Linecard 3Linecard 4
Separate Resource Allocation Domains (Layer 3)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Vertical and Horizontal Consolidation• Lead with separate physical boxes as they provide the most scalable solution.
• Combined vertical & horizontal consolidation in small to medium designs
• Power, cooling and real estate optimization for multiple layers
• Simplified growth migration path
• Intra-Nexus7000 cabling needed for connectivity between Core and Aggregation layers.
core1
core2
agg2agg1
acc2acc1
agg4agg3
accYaccNacc2acc1 accYaccN
corecore
aggagg
Core VDCs
Aggregation VDCs
Core Devices
Aggregation Devices
Cisco Public 10© 2010 Cisco and/or its affiliates. All rights reserved.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Feature Overview
• Allow a single device to use a port channel across two upstream and/or downstream switches
• Aka MCEC (Multi-Chassis Etherchannel)
• Loosely Coupled
• Separate physical switches independent control and data plane. Both actives
• Eliminate STP blocked ports. Uses all available uplink bandwidth
• Dual-homed server operate in active-active mode
• Available on Nexus 7000 and Nexus 5000
Logical Topology without vPC
Logical Topology with vPC
Cisco Public 12© 2010 Cisco and/or its affiliates. All rights reserved.
Peer Link carries both vPC data and control traffic between peer switches Carries any flooded and/or orphan
port traffic Carries STP BPDUs IGMP updates,
etc. Carries Cisco Fabric Services
messages (vPC control traffic) to perform, among other things, the synchronization of the MAC address table
Recommended 2 x 10GbE ports Losing the peer link is undesirable vPC FT (fault-tolerant) link is an
additional mechanism to detect liveness of the peer. Can use any L3 port.
vPC Peer Link
Nexus 7000
Nexus 7000
Nexus 5000
Nexus 5000
Primary Goal: vPC peer link almost unutilized
vPC FT Link
Cisco Public 13© 2010 Cisco and/or its affiliates. All rights reserved.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
• MAC addresses encode no location or network hierarchy
• Default forwarding behavior in bridged network is flood
• MAC filtering database limits scope of flooding
• Ultimately, does not scale – every switch learns every MAC
MAC Table
A
MAC Table
A
MAC Table
A
MAC Table
A
MAC Table
A
MAC Table
A
Layer 2 Domain
Cisco Public 15© 2010 Cisco and/or its affiliates. All rights reserved.
Branches of trees never interconnect (no loop)
Spanning Tree Protocol (STP) typically used to build this tree Tree topology implies:
Wasted bandwidth → increased oversubscription Sub-optimal paths Conservative convergence (timer-based) → failure
catastrophic (fails open)
11 Physical Links 5 Logical Links
S1
S2
S3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
• IS-IS assigns addresses to all FabricPath switches automatically• Compute shortest, pair-wise paths• Support equal-cost paths between any FabricPath switch pairs
Plug-n-Play L2 IS-IS manages forwarding topology
L1L2
S1 S2 S3 S4
S11 S12 S42L2 Fabric
L3
L4
FabricPathRouting Table
Switch IF
S1 L1
S2 L2
S3 L3
S4 L4
S12 L1, L2, L3, L4
… …
S42 L1, L2, L3, L4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Classical Ethernet Mac Address Table
FabricPathRouting Table
Forwarding decision based on ‘FabricPath Routing Table’
A
S1 S2 S3 S4
S11 S12 S42FabricPath
B
Switch IF
… …
S42 L1, L2, L3, L4
MAC IFA 1/1… …B S42
1/1
• FabricPath header is imposed by ingress switch• Only switch addresses are used to make “routing” decisions• No MAC learning required inside the L2 Fabric
S11 S42A B
Classical Ethernet
Single mac address lookup at the edge
Cisco Public 18© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco FabricPathFrame
Classical Ethernet Frame
• Switch ID – Unique number identifying each FabricPath switch• Sub-Switch ID – Identifies devices/hosts connected via VPC+• Port ID – Identifies the destination or source interface• Ftag (Forwarding tag) – Unique number identifying topology and/or
multidestination distribution tree• TTL – Decremented at each switch hop to prevent frames looping infinitely
DMAC SMAC 802.1Q Etype CRCPayload
DMAC SMAC 802.1Q Etype Payload CRC(new)
FPTag(32)
OuterSA(48)
OuterDA(48)
Endnode ID(5:0)
Endnode ID(7:6)
U/L
I/G
RSVD
OO
O/D
L
Etype
6 bits 1 1 2 bits 1 1 12 bits 8 bits 16 bits 10 bits 6 bits16 bits
Switch ID SubSwitch ID Ftag TTLPort ID
Original CE Frame
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
• IETF standard for Layer 2 multipathing
• Driven by multiple vendors, including Cisco
• Base protocol RFC ready for standardization but waiting on dependent standards
• Control-plane protocol RFCs still in process
• Target for standard completion is early CY2011
http://datatracker.ietf.org/wg/trill/
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Enhancements which make the standard deployable…
FabricPath
Native mode TRILL mode
L2 ISIS
TTL and RPF checks
Conversational Learning
VPC+
Multi-TopologyL2 ISIS
TTL and RPF checks Resource Management
Cisco Public 21© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public 22© 2010 Cisco and/or its affiliates. All rights reserved.
• Ethernet traffic between sites is encapsulated in IP: “MAC in IP”
• Dynamic encapsulation based on MAC routing table
• No Pseudo-Wire or Tunnel state maintained
OTV at a Glance
Communication between MAC1 (site 1) and MAC2 (site 2)Server 1
MAC 1Server 2MAC 2
OTV OTVMAC IF
MAC1 Eth1
MAC2 IP B
MAC3 IP B
IP A IP B
Encap DecapMAC1 MAC2 IP A IP B MAC1 MAC2 MAC1 MAC2
Cisco Public 23© 2010 Cisco and/or its affiliates. All rights reserved.
Eth 4
Eth 3
MAC TABLE
VLAN MAC IF100 MAC 1 Eth 2
100 MAC 2 Eth 1
100 MAC 3 IP B
100 MAC 4 IP B
MAC 2
MAC 1
Core
MAC 4
MAC 3
OTV
External IP A
External IP B
West East
L2 L3 L3 L2
OTV Inter-Site Traffic
MAC Table contains MAC addresses reachable through
IP addresses
OTV
Encap2
Layer 2Lookup
1
No Pseudo-Wire state is maintained.
The encapsulation is done based on a Layer 2 destination lookup.
3 Decap4 MAC 1 MAC 3
6
MAC TABLE
VLAN MAC IF100 MAC 1 IP A
100 MAC 2 IP A
100 MAC 3 Eth 3
100 MAC 4 Eth 4
Eth 1
Eth 2
Layer 2Lookup
5
MAC 1 MAC 3
IP A IP BMAC 1 MAC 3 MAC 1 MAC 3IP A IP BMAC 1 MAC 3
Cisco Public 24© 2010 Cisco and/or its affiliates. All rights reserved.
Networking Services
Catalyst 6500 or appliancesDC Services
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
10 Gigabit FCoE/DCE
Front-End: Networking Services
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
One Physical DeviceMultiple Virtual Systems
(Dedicated Control and Data Path)
• Distinct context configuration files
• Separate routing tables
• RBAC with contexts, roles, domains
• Independent application rule sets
• Resource allocation manager (resource classes)
25% 25% 20%15%15%100%
Cisco Application Infrastructure Control
System Separation for Server Load Balancing and SSL
• ACL memory• Buffers for syslog messages and TCP out-of-order (OOO) segments• Concurrent connections (through-the-ACE traffic)• Management connections (to-the-ACE traffic)• Proxy connections• Set resource limit as a rate (number per second)• Regular expression (regexp) memory• SSL connections• Sticky entries• Static or dynamic network address translations (Xlates)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Virtual Firewalls
• VLANs can be shared if needed (right-hand side example)• Each context has its own policies
(NAT, ACLs, inspection engines, etc.)• FWSM concurrently supports
routed or transparent virtual firewalls• Resource management for contexts
Core/Internet
FW SMVFW VFW VFW
MSFC
Core/Internet
FW SMVFW VFW VFW
MSFC
A B C A B C
Vlan 10 Vlan 20 Vlan 30
Vlan 11 Vlan 21 Vlan 31 Vlan 11 Vlan 21 Vlan 31
Vlan 10
• number of MAC addresses• number of concurrent/per seconds TCP/UDP connections• fixups (applications inspections) per second • number of concurrent hosts connected throguh FWSM• number of concurrent IPSec connections• number of concurrent ASDM/SSH/Telnet sessions• Syslog messages per second• number of concurrent address translations
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Combination Example
v5
v105
v6 v7
v107
v2081v2082v2083...
v206 v207
v206
BU-4BU-2 BU-3
v105
v108
BU-1
1
2
3
4
* vX = VLAN X**BU = Business Unit
VRF
VRF
VRFVRFVRF
v208
“Front-End” VRFs (MSFC)
Firewall Module Contexts
ACE Module Contexts
“Back-End” VRFs (MSFC)
Server Side VLANs
v207
3
4
v8
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Client-Server Flow
Server to Server Flow
• Logical Topology to support multi-tier application traffic flow
Same physical VDC serviceschassis sandwich modelAddition of multiple virtual contexts to the transparent services modulesAddition of VRF routing instances within the sub-aggregation VDCService module contexts and VRFs are linked together by VLANs toform logical traffic pathsExample Web/App server farmand Database server cluster homedto separate VRFs to direct traffic through the services
FT VLANs
Enterprise Network
VLAN 161
VLAN 163
FT VLAN
Web/AppServer Farm
Transparent FWSM Contexts
TransparentACE Contexts
VRF VRF
VRF Instances
Aggregation VDC
Services
Sub-Agg VDC
Access
VLAN 180
Data Center Core
VLAN 153
VLAN 152
VRF VRF
VLAN 181
FT VLANs
FT VLAN
DB ServerCluster
VLAN 151
VLAN 162
Using Virtualization and Service Insertion
Core
Aggregation VDC
Access
Sub-AggregationVDC
6500Services Chassis
Enterprise Network
Cisco Public 29© 2010 Cisco and/or its affiliates. All rights reserved.
CBS 31xx Blade
Nexus 7000End-of-Row
Access Layer
Catalyst 6500End-of-Row
CBS 31xxMDS 9124eNexus 4000
10GbE and 4/8Gb FC Server Access10Gb DCE / FCoE Server Access1GbE Server Access
Nexus 5000 & Nexus 2000Top-of-Rack
Nexus 5000 &FCoETop-of-Rack
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
10 Gigabit FCoE/DCE
Front-End: Access Layer
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
ONE platform for all Server-Access switching needs
Device Consolidation thru common platform for LAN / SAN / HPC needs
Unified Ports1GE, Lossless 10GE,
FCoE, 1/2/4/8G FC
40GE Ready
FEX support:100M/1000M BaseT,
1/10G SFP, 1/10G BaseT
Low power / Cooling< 7W/port
Industry-leading density in 1RU/2RU form-factor:96 10GE ports in 2RU
Back-to-Front & Front-to-Back Airflow
Pay As You Grow!Flexible port configurations of
32 to 96 ports
50% Reduction in Management Points &
Cabling Costs
Build Highly Scalable PODs Beyond 640 10GE ports or
960 GE ports
Cisco Nexus 5000 Series SwitchesCisco Nexus 5548 Switch
Cisco Nexus 5520 SwitchCisco Nexus 5510 Switch
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Dynamic Ports Allocation: Lossless Ethernet or Fibre Channel
Flexible LAN & storage convergence based on business needs
Service can be adjusted based on the demand for specific traffic
Convert protocol support on the same port dynamically
All ports on 5596 16 port Expansion Module
on 5548 and 5596
Simplify switch purchase -remove ports ratio guess work
Increase design flexibility Remove specific protocol
bandwidth bottlenecks
Unified Port
Native Fiber Channel
Lossless Ethernet:1/10GbE, FCoE, iSCSI, NAS
Benefits Use-cases
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
In Layer 2 Mode, with NX-OS release 5.0(3)N1(1), each Nexus 5500 is capable of supporting up to 24 Nexus 2000 Series Fabric Extenders, corresponding to
In Layer 3 Mode (with L3 License enabled), each Nexus 5500 is limited to supporting up to 8 Nexus 2000 Series Fabric Extenders, corresponding to
8 x FEX
24 x FEX
Layer 3 Scaling
1152 1 Gigabit Ethernet Ports
768 10 Gigabit Ethernet Ports
384 1 Gigabit Ethernet Ports
256 10 Gigabit Ethernet Ports
Layer 2 Scaling
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Extends Network Fabric into a Remote Rack
• FEX is a Remote Linecard to Nexus 5K
• FEX host interfaces configured and managed via N5K
• Forwarding, Queuing, and Policy enforcement for host interface traffic by N5K
1 2 3 4 5
Parent SwitchNexus 5500 Series
5
1 2 3
1 2 3
Server
Slot 100
1 2 3
1 2 3
Slot 112
Server
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Pods of 512 10GbE or 768 GbE Servers
1 12
Nexus 5500 with Layer 3
LAN
N7000/C6500
1GbE Servers100Mb iLO
10 GbE Servers
1 12
Mid
-Mar
ket
Agg
rega
tion
Sca
labl
e E
ther
net H
igh-Perform
ance C
ompute
Convergence &Virtualization
LAN
N7000/C6500
1/10 GbE Rack Servers 10GbE
Blade Servers
MDS
SAN
VSM
VEM
VM 1 VM 2
Over 1000s of compute nodes
MDS
SAN
MDS
SANLAN
N7000/C6500
Cisco Public 35© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco UCS
Servers Layer
Servers Layer
Cisco Public 36© 2010 Cisco and/or its affiliates. All rights reserved.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Extend Network Fabric into a Server
• Adapter-FEX presents standard PCIevirtual NICs (vNICs) to servers
• Adapter-FEX virtual NICs are configured and managed via Nexus 5500
• Forwarding, Queuing, and Policy enforcement for vNIC traffic by Nexus 5500
1 2 3 4 5
Parent SwitchNexus 5500 Series
5
1 2 3
1 2 3
Server
Slot 100 1 2 3
1 2 3
Server
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Further Reducing Management Points
• Adapter-FEX connected to Nexus 2000 Fabric Extender - Cascaded FEX-Link deployment
• Forwarding, Queuing, and Policy enforcement for vNIC traffic still done by Nexus 5500
1 2 3 4 5
Parent SwitchNexus 5500 Series
5
1 2 3
1 2 3
Server
Slot 100 1 2 3
1 2 3
Server
1 2 3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
UCS P81E Virtual Interface Card for UCS C-Series
• Supports upto 16 vNICs when working with Nexus 5548
• Capable of supporting both Ethernet vNICs and FCoE capable vNICs (Future)
• Each vNIC accessible to server with Standard PCIe as regular NICs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Port 0 Port 1
1 2 3 4 5 6Nexus 5K
vNICs presented to host OS as standard PCIe NICs
Step 1: Port Profiles defined on Nexus 5KAttributes: VLAN, BW, QoSStep 2: Enable VNTag mode on server interfaceHost BootsStep 3: Adapter management tool used to define
“Adapter Profile”Step 4: Host rebootedStep 5: Port Profile name list provided to Adapter
management tool – associate vNICs with profilesStep 6: Adapter “creates interfaces” using VIC protocol Step 7: Adapter-FEX bringup complete
5 6
Port Profile 5Port Profile 4
Port Profile 3Port Profile 2
Port Profile 1
Port Profile 5Port Profile 4Port Profile 3Port Profile 2Port Profile 1
vNIC 3
vNIC 2
vNIC 1
vNIC 5
vNIC 4
1 2 3 4 5
vNICs show up as standard PCIe NICs to
Host OS
Adapter-FEXCapable Adapter
PP
PP
PP
PP
PP
UCS C-Series Chassis
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Port 0 Port 1
Designate active-standby uplinks per vNIC
• UCS P81E VIC support Uplink Failover capability
• Designate an failover uplink per vNIC – will be used only if active vNIC fails
• Optional configuration per vNIC
Port Profile 5Port Profile 4Port Profile 3Port Profile 2Port Profile 1
vNIC 3
vNIC 2
vNIC 1
vNIC 5
vNIC 4
UCS Chassis
Adapter-FEXCapable Adapter
Port 0 standby for vNIC 2 and vNIC 4
Port 1 standby for vNIC 5
vNICs 1 and 3 have no standby
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Per-vNIC View of the Topology
Nexus 5500vPC Primary
Server with FEX-enabled Adapter
Nexus 5500Secondary
FEX 101
Nexus 5500 Nexus 5500
Server with FEX-enabled Adapter
interface vethernet 105bind interface ethernet 101/1/1 channel 5bind interface ethernet 102/1/30 channel 1005inherit port-profile user_mgmt
FEX 102
interface vethernet 105bind interface ethernet 101/1/1 channel 1005bind interface ethernet 102/1/30 channel 5inherit port-profile user_mgmt
interface vethernet 105bind interface ethernet 1/1 channel 5inherit port-profile user_mgmt
interface vethernet 105bind interface ethernet 1/5 channel 1005
inherit port-profile user_mgmt
Cisco Public 43© 2010 Cisco and/or its affiliates. All rights reserved.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Comparison to a Physical Switch
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
Server 1 Server 2 Server 3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
ESX ESX ESX
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
Moving to a Virtual Environment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
ESX ESX ESX
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
Supervisors Virtual Supervisor Modules (VSMs)
VSM1
VSM2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
ESX ESX ESX
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
VSMs are Virtual Appliances
VSM1
VSM2
Virtual Appliance
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
ESX ESX ESX
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
VSM1
VSM2
Virtual Appliance
Linecards Virtual Ethernet Modules (VEMs)
VEM-NVEM-1 VEM-2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
ESX ESX ESX
VSM1
VSM2
Virtual Appliance
VSM + VEMs = Nexus 1000V Virtual Chassis
VEM-NVEM-1 VEM-2
VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module
• 64 VEMs per 1000V (connected by L2 or L3)
• 200+ vEth ports per VEM
• 2K vEths per 1000V
• Multiple 1000Vs can be created per vCenter
L2 M
ode
L3 M
ode
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
ESX ESX ESX
VSM1
VSM2
Virtual Appliance
Customer Request: Host VSMs on a Physical Appliance
VEM-NVEM-1 VEM-2
VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module
L2 M
ode
L3 M
ode
• 200+ vEth ports per VEM• 64 VEMs per 1000V• 2K vEths per 1000V• Multiple 1000Vs can be created per vCenter
Physical Appliance?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Virtual Appliance
ESX ESX ESX
Nexus 1010
VSM-A1 VSM-A4
VSM-B1 VSM-B4
VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module
• 200+ vEth ports per VEM• 64 VEMs per 1000V• 2K vEths per 1000V• Multiple 1000Vs can be created per vCenter
VEM-NVEM-1 VEM-2
VSMs hosted on a Physical Appliance: Nexus 1010
• Up to 4 VSMs per Nexus1010
• Nexus 1010s deployed in redundant pair
L2 M
ode
L3 M
ode
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
vPath – Virtual Service Datapath
Virtual Appliance
VSM
VEM-1vPath
VEM-2vPath
L2 M
ode
L3 M
ode
ESX ESX
vPath• Virtual Service Datapath
vPath• Traffic Steering
• Fast -Path Offload
• Nexus 1000V ver 1.4 & above
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
vPath – Virtual Service Datapath
Virtual Appliance
VSM
VEM-1vPath
VEM-2vPath
L2 M
ode
L3 M
ode
ESX ESX
vPath• Virtual Service DatapathVSG• Virtual Security Gateway for 1000vvWAAS• Virtual WAAS
vWAAS VSG
VSG and vWAAS
available now
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Virtual Appliance Nexus 1010
VSM-A1 VSM-A4
VSM-B1 VSM-B4
NAM
NAM
VSG
VSG
L2 M
ode
L3 M
ode
*VSG on 1010 target: 2Q CY11
vPath• Virtual Service DatapathVSG• Virtual Security Gateway for 1000vvWAAS• Virtual WAAS
VEM-1vPath
VEM-2vPath
ESX ESX
Services available2H, CY’11
Cisco Public 55© 2010 Cisco and/or its affiliates. All rights reserved.
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
10 Gigabit FCoE/DCE
SAN & Storage
VSAN, NPIV, NPV and Storage Access
MDS 9500Storage
SAN BSAN A
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
• Consolidation of SAN islandsIncreased utilization of fabric ports with Just-In-Time provisioning
• Deployment of large fabricsDividing a large fabric in smaller VSANs
Disruptive events isolated per VSAN
RBAC for administrative tasks
Zoning is independent per VSAN
• Advanced traffic managementDefining the paths for each VSAN
VSANs may share the same EISL
Cost effective on WAN links
• Resilient SAN Extension
• Standard solution (ANSI T11 FC-FS-2 section 10)
SAN Islands
Department A
Department B Department C
Virtual SANs (VSANs)
Department A
Department B
Department C
Cisco Public 57© 2010 Cisco and/or its affiliates. All rights reserved.
• N-Port ID Virtualization (NPIV) provides a means to assign multiple FC IDs to a single N port.
• This feature was intended to allow multiple applications to share the same Fiber Channel HBA
• The use of different pWWN allows access control, zoning, and port security to be implemented at the application level.
• Usage applies to applications such as VMWare, MS Virtual Server and Citrix
Application Server FC Switch
Web
File Services
Email I/ON_Port_ID 1
Web I/ON_Port_ID 2
File Services I/ON_Port_ID 3
F_Port
Cisco Public 58© 2010 Cisco and/or its affiliates. All rights reserved.
• N-Port Virtualizer (NPV) utilizes NPIV functionality to allow a “switch” to act like a Server doing multiple logins through 1 physical link
• Real server connected (via CNAs) to Nexus 5000 do not login to Nexus 5000 but to upstream FC switch. The same applies to FC edge switches (ex.: MDS blade switches).
Physical uplink from Nexus 5000 to FC switch does actual “FLOGI”
Subsequent server logins are converted (proxy) to “FDISC” to login to upstream FC switch
• No local switching is done on an FC switch in NPV mode
• FC edge switch in NPV mode Does NOT take up a domain id
• Scalability will be dependent on FC “login” limitation (MDS is ~10K per fabric)
Nexus 5000, MDS 91xx, MDS blade switches, UCS Fabric Interconnect FC Core Switch
Eth1/1
Eth1/2
Eth1/3
Server1N_Port_ID 1
Server2N_Port_ID 2
Server3N_Port_ID 3
F_Port
Server1
Server2
Server3
Thank you.