Nexus 1000v Tdm
-
Upload
muhammad-yasir-afariz -
Category
Documents
-
view
226 -
download
0
Transcript of Nexus 1000v Tdm
-
8/22/2019 Nexus 1000v Tdm
1/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Cisco Nexus 1000V
Technical Decision Maker NDA Only
-
8/22/2019 Nexus 1000v Tdm
2/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Legal Disclaimer
Many of the products and features describedherein remain in varying stages of developmentand will be offered on a when-and-if-available
basis. This roadmap is subject to change at thesole discretion of Cisco, and Cisco will have noliability for delay in the delivery or failure todeliver any of the products or features set forth
in this document.
-
8/22/2019 Nexus 1000v Tdm
3/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Agenda
Networking Challenges of Server Virtualization
Cisco VN-Link Introduction
Cisco Nexus 1000VOverview & Architecture
Deployment Scenarios
Advanced Features
Additional Information
-
8/22/2019 Nexus 1000v Tdm
4/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
With virtualization,
VMs have atransparent view of
their resources
Transparency in the Eye of the Beholder
-
8/22/2019 Nexus 1000v Tdm
5/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
but its difficult to
correlate network andstorage back to virtual
machines
Transparency in the Eye of the Beholder
-
8/22/2019 Nexus 1000v Tdm
6/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Scaling globally
depends on maintainingtransparency while also
providing operational
consistency
Transparency in the Eye of the Beholder
-
8/22/2019 Nexus 1000v Tdm
7/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
Networking Challenges toScaling Server Virtualization
Applied at physical
servernot the
individual VM
Impossible to
enforce policy for
VMs in motion
Security and PolicyEnforcement
Lack of VM visibility,accountability, andconsistency
Inefficientmanagement modeland inability toeffectivelytroubleshoot
Operations andManagement
Muddled ownership
as server admin
must configure
virtual network
Organizational
redundancy creates
compliance
challenges
OrganizationalStructure
-
8/22/2019 Nexus 1000v Tdm
8/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Virtual machine aware
network and storage services
Abstract physical and logical
infrastructure
Virtual machines are the newdata center building block
Cisco Virtual Network Link VN-LinkVirtualizing the Network Domain
-
8/22/2019 Nexus 1000v Tdm
9/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
VN-Link Brings VM Level Granularity
Problems:
VN-Link:Extends network to the VM
Consistent services
Coordinated, coherent
management
VMotion VMotion may move VMs
across physical portspolicy
must follow
Impossible to view or apply
policy to locally switchedtraffic
Cannot correlate traffic on
physical linksfrom multiple
VMsVLAN101
-
8/22/2019 Nexus 1000v Tdm
10/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
Cisco Nexus 1000VIndustry First 3rd Party Virtual Distributed Switch
Nexus 1000V providesenhanced VM switching forVMW ESX environments
Features VN-Link
capabilities:Policy-based VM connectivity
Mobility of network and securityproperties
Non-disruptive operational model
Ensures visibility and
continued connectivityduring VMotion
Enabling Acceleration of Server Virtualization Benefits
VMW ESX
Server 1
VMware vSwitchNexus 1000V
VMW ESX
VMware vSwitchNexus 1000V
Server 2
Nexus 1000V
VM
#4
VM
#3
VM
#2
VM
#1
VM
#8
VM
#7
VM
#5
VM
#5
VM
#2
VM
#3
VM
#4
VM
#5
VM
#6
VM
#7
VM
#8
VM
#1
VM
#1
-
8/22/2019 Nexus 1000v Tdm
11/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
What is a Virtual Distributed Switch?
A Virtual Distributed Switch, is a concept developed byVMware and Cisco to allow a single vSwitch to spanmultiple hosts.
VMW calls this a vNetwork Distributed Switch.
The Cisco Nexus 1000V, a 3rd party virtual distributedswitch, will be supported in VMware ESX and VirtualInfrastructure in the 1st half of 2009
-
8/22/2019 Nexus 1000v Tdm
12/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Cisco Nexus 1000V Architecture
Virtual Supervisor Module (VSM)
Virtual or Physical appliancerunning Cisco OS (supports HA)
Performs management, monitoring,& configuration
Tight integration with VMwareVirtual Center
Virtual Ethernet Module (VEM)
Enables advanced networkingcapability on the hypervisor
Provides each VM with dedicatedswitch port
Collection of VEMs = 1 DistributedSwitch
Cisco Nexus 1000V Enables:
Policy Based VM Connectivity
Mobility of Network & SecurityProperties
Non-Disruptive Operational Model
Virtual Center
VMW ESX
Server 1
VMware vSwitch
VMW ESX
Server 2
VMware vSwitch
VMW ESX
Server 3
VMware vSwitch
VM
#1
VM
#4
VM
#3
VM
#2
VM
#5
VM
#8
VM
#7
VM
#6
VM
#9
VM
#12
VM
#11
VM
#10
VEM VEM VEMNexus 1000V
Nexus 1000V
VSM
-
8/22/2019 Nexus 1000v Tdm
13/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
Cisco Nexus 1000VFaster VM Deployment
VMW ESX
Server
VMW ESX
Server
Cisco Nexus 1000V
VM
#1
VM
#4
VM
#3
VM
#2
VM
#5
VM
#8
VM
#7
VM
#6
VM Connection Policy
Defined in the network
Applied in Virtual Center
Linked to VM UUID
Defined Policies
WEB Apps
HR
DB
Compliance
Cisco VN-LinkVirtual Network Link
Policy-Based
VM Connectivity
Non-Disruptive
Operational Model
Mobility of Network
& Security Properties
Virtual
Center
-
8/22/2019 Nexus 1000v Tdm
14/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Cisco Nexus 1000VRicher Network Services
VMW ESX
Server
VMW ESX
Server
Cisco Nexus 1000V
VM
#5
VM
#8
VM
#7
VM
#6VM
#4
VM
#3
VM
#2
VM
#1
VM
#4
VM
#3
VM
#2
VM
#1
VN-Link Property Mobility
VMotion for the network
Ensures VM security
Maintains connection stateVirtual
Center
VMs Need to Move
VMotion
DRS
SW Upgrade/Patch
Hardware Failure
Policy-Based
VM Connectivity
Non-Disruptive
Operational Model
Mobility of Network
& Security Properties
VN-Link: Virtualizing the Network Domain
-
8/22/2019 Nexus 1000v Tdm
15/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
Cisco Nexus 1000VIncrease Operational Efficiency
VMW ESX
Server
VMW ESX
Server
Cisco Nexus 1000V
VM
#5
VM
#8
VM
#7
VM
#6VM
#4
VM
#3
VM
#2
VM
#1
Network Benefits
Unifies network mgmt and ops
Improves operational security
Enhances VM network features
Ensures policy persistence
Enables VM-level visibility
Policy-Based
VM Connectivity
Non-Disruptive
Operational Model
Mobility of Network
& Security Properties
VN-Link: Virtualizing the Network Domain
Virtual
Center
Server Benefits
Maintains existing VM mgmt
Reduces deployment time
Improves scalability
Reduces operational workload
Enables VM-level visibility
-
8/22/2019 Nexus 1000v Tdm
16/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
How Does It Work?
Deploying the Nexus 1000V
-
8/22/2019 Nexus 1000v Tdm
17/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Deploying the Cisco Nexus 1000VCollaborative Deployment Model
1. VMW Virtual Center& Cisco Nexus1000V relationshipestablished
2. Network Admin
configures Nexus1000V to supportnew ESX hosts
3. Server Admin plugsnew ESX host intonetwork & adds host
to Cisco switch inVirtual Center
1.
2.
VMW ESX
Server 1
Nexus 1000VVEM
3.
Nexus 1000V
VSMVirtual
Center
-
8/22/2019 Nexus 1000v Tdm
18/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Deploying the Cisco Nexus 1000VCollaborative Deployment Model
1. VMW Virtual Center& Cisco Nexus1000V relationshipestablished
2. Network Admin
configures Nexus1000V to supportnew ESX hosts
3. Server Admin plugsnew ESX host intonetwork & adds host
to Cisco switch inVirtual Center
4. Repeat step three toadd another host andextend switchconfiguration
VMW ESX
Server 1
Nexus 1000VVEM
VMW ESX
Server N
Nexus 1000VVEM
4.
Nexus 1000V
Nexus 1000V
VSMVirtual
Center
-
8/22/2019 Nexus 1000v Tdm
19/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Policy Based VM ConnectivityEnabling Policy
1. Nexus 1000V automatically enablesport groups in Virtual Center
2. Server Admin uses Virtual Center toassign vnic policy from available portgroups
3. Nexus 1000V automatically enablesVM connectivity at VM power-on
1.
VMW ESX
Server 1
Nexus 1000V - VEM
VM
#1
VM
#4
VM
#3
VM
#2
Available Port Groups
WEB Apps HR
DB Compliance
2.
Nexus 1000V
VSMVirtual Center
3.
WEB Apps:
PVLAN 108, Isolated
Security Policy = Port 80 and 443
Rate Limit = 100 Mbps
QoS Priority = Medium
Remote Port Mirror = Yes
-
8/22/2019 Nexus 1000v Tdm
20/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
Virtual Center
VMW ESX
Server
Nexus 1000V - VEM
VM
#1
VM
#4
VM
#3
VM
#2
Policy Based VM ConnectivityWhat Can a Policy Do?
Policy definition supports:
VLAN, PVLAN settings
ACL, Port Security, ACL
Redirect
Cisco TrustSec (SGT)
NetFlow Collection
Rate Limiting
QoS Marking (COS/DSCP)
Remote Port Mirror (ERSPAN)Nexus 1000V
VSM
-
8/22/2019 Nexus 1000v Tdm
21/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Mobility of Security and Network PropertiesFollowing Your VMs Around
1. Virtual Center kicks off aVmotion (manual/DRS)and notifies Nexus 1000V
2. During VM replication,
Nexus 1000V copies VMport state to new host
VMW ESX
Server 2
Nexus 1000 -VEM
VMW ESX
Server 1
Nexus 1000VVEMNexus 1000V
VM
#5
VM
#8
VM
#7
VM
#6
VM
#1
VM
#4
VM
#3
VM
#2
Mobile Properties Include:
Port policy
Interface state andcounters
Flow statistics
Remote port mirrorsession
Nexus 1000V
VSM
Virtual
Center
VM
#1
Network Persistence
VM port config, state
VM monitoring statistics
2.
VMotion Notification
Current: VM1 on Server 1
New: VM1 on Server 2
1.
-
8/22/2019 Nexus 1000v Tdm
22/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Mobility of Security and Network PropertiesFollowing Your VMs Around
1. Virtual Center kicks off aVmotion (manual/DRS) ¬ifies Nexus 1000V
2. During VM replication,
Nexus 1000V copies VMport state to new host
3. Once VMotion completes,port on new ESX host isbrought up & VMs MACaddress is announced to
the network
VMW ESX
Server 2
Nexus 1000 -VEM
VMW ESX
Server 1
Nexus 1000VVEMNexus 1000V
VM
#5
VM
#8
VM
#7
VM
#6
VM
#1
VM
#4
VM
#3
VM
#2
Virtual
Center
VM
#1
Nexus 1000V
VSM
Network Update ARP for VM1 sent
to network
Flows to VM1 MAC
redirected to Server 2
3.
VM
#1
-
8/22/2019 Nexus 1000v Tdm
23/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
Increase Operational Efficiency
Task Virtualization or
Server Admin
Network Admin
vSwitch Config Automated Same as physical network
Port Group Config Automated Policy Based
Port GroupAssignment
Unchanged(Virtual Center based)
-
Add new ESX host Automated
(assign NIC & go)
Unchanged
NIC Teaming Config Automated EtherChannel Optimized
VM Creation Unchanged Policy BasedSecurity Policy Based ACL, PVLAN, IP Redirect,
Port Security, TrustSec
Visibility VM Specific VM Specific
Management Tools Unchanged
(Virtual Center)
Cisco CLI, XML API,
SNMP, DCNM
What stays the same? What gets better?
-
8/22/2019 Nexus 1000v Tdm
24/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
Cisco Nexus 1000VThree New Features that Make a Difference
Encapsulated RemoteSPAN (ERSPAN)
Mirror VM interfacetraffic to a remote sniffer
Identify root cause forconnectivity issues
No host-based sniffervirtual appliance tomaintain
Follows your VM withVMotion or DRS
NetFlow v.9with Data Export
View flow-based statsfor individual VMs
Captures multi-tieredapp traffic inside a
single ESX host
Export aggregate statsto dedicated collectorfor DC-wide VM view
Follows your VM withVMotion or DRS
Private VLANs(PVLANs)
Great for mixed useESX clusters
Segment VMs w/oburning IP addresses
Supports isolated,community andpromiscuous trunk ports
Follows your VM withVMotion or DRS
-
8/22/2019 Nexus 1000v Tdm
25/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
Cisco Nexus 1000V VM Security
Server
Private VLAN Promiscuous port
Isolated port
Community port
Server
I
Server
ICisco Nexus 1000V
VM
#1
VM
#4
VM
#3
VM
#2
VM
#4
VM
#3
VM
#2
VM
#1
VM
#4
VM
#3
VM
#2
VM
#1
VMW ESX VMW ESX VMW ESX
I I
Security FeaturesAccess Control List
Port Security
DHCP Snooping
IP Source Guard
Dynamic ARP Inspection
P CC
Cisco TrustSecAdmission control: 802.1X
Hop-by-hop crypto:
802.1AE
Security Group Tag
SGACL
Matrix
Destination Group
S
ource
Group - +
+ -
-
8/22/2019 Nexus 1000v Tdm
26/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
Key Features of the Nexus 1000V
Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)
IGMP Snooping, QoS Marking/Queuing
Security Policy Mobility, PVLAN, ACL (L24 w/ Redirect), Port Security
Cisco TrustSecAuthentication, Admission, Access Control
Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration
Optimized NIC Teaming
Visibility
Historical VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2 VM-Level Interface Statistics, Wireshark
Management Virtual Center VM Provisioning, Cisco Network Provisioning
Cisco CLI, XML API, SNMP (v.1, 2, 3)
-
8/22/2019 Nexus 1000v Tdm
27/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
Virtual Center
Nexus 1000V Deployment ScenariosPick Your Flavor
1. Works with all types ofservers (rack optimized,blade servers, etc.)
2. Works with any type ofupstream switch (Blade,Top or Rack, Modular)
3. Works at any speed(1G or 10G)
4. Nexus 1000V VSM can
be deployed as a VM or aphysical appliance
Blade Servers
Rack Optimized
Servers
Nexus 1000V
VSM
-
8/22/2019 Nexus 1000v Tdm
28/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
Roadmap Summary
Q3
CY09
Q2
CY09
Q3
CY08
Q4
CY08
Q1
CY09
Q2
CY08
Q4
CY09
Nexus 1000V
N1KV
Beta 3
N1KV
Beta 2
N1KV
Beta 1
N1K-VA
GA - VMWN1K-PA
GA - VMW
N1KV
Appliance
Beta
Note: Nexus 1000V GA dates dependent on VMware release schedule
Target for VMware release is 1st half CY2009
-
8/22/2019 Nexus 1000v Tdm
29/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
Product Availability & Support
Nexus 1000V is a Cisco product & will be sold andsupported through Ciscos normal channels.
It will be available in conjunction with an upgraded
version of the VMW ESX product in the 1st half of 2009
Cisco Services & SmartNet support will be available
Nexus 1000V is in BETA now talk to the BU for moreinformation
Nexus 1000V will have a flexible licensing mechanism,more detail will be provided closer to generalavailability.
-
8/22/2019 Nexus 1000v Tdm
30/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
Accelerate Server VirtualizationEnable, Simplify, Scale
Security and PolicyEnforcement
EnableVM-levelsecurity and policy
Scalethe use ofVMotion and DRS
Operation &Management
Simplifymanagement andtroubleshooting withVM-level visibility
Scalewithautomated server &networkprovisioning
OrganizationalStructure
Enable flexiblecollaboration withindividual team
autonomy
Simplify andmaintain existingVM mgmt model
-
8/22/2019 Nexus 1000v Tdm
31/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
Cisco Nexus 1000: More Information
http://www.cisco.com/go/datacenter
-
8/22/2019 Nexus 1000v Tdm
32/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
-
8/22/2019 Nexus 1000v Tdm
33/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 34
Policy-Based
VM Connectivity
Virtualizing the Network Domain
Two Complementary Models to Address Evolving Customer Requirements
Cisco switch for VMW ESX
Compatible with any switching
platform
Leverages Virtual Center for server
admin; Cisco CLI for network admin
Scalable, hardware based, high
performance solution
Standards driven approach to
delivering hardware based VM
networking
Combines VM & physical network
operations into 1 managed node
VMW ESX
VM
#4
VM
#3
ServerVM
#2
VM
#1
Initiator
Nexus 5000
Nexus 5000 with VN-Link
(Hardware Based)
VMW ESX
VM
#1
VM
#4
VM
#3
Server
VM
#2
NIC NIC
LAN
Nexus
1000V
Nexus 1000V
Cisco Nexus 1000V
(Software Based)
Cisco Virtual Network Link VN-Link
Mobility of Network
& Security Properties
Non-Disruptive
Operational Model
-
8/22/2019 Nexus 1000v Tdm
34/35
2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 35
VN-Link With the Cisco Nexus 1000V
Cisco Nexus 1000V
Software Based
VMW ESX
VM
#1
VM
#4
VM
#3
ServerVM
#2
Nexus 1000V
NIC NIC
LAN
Nexus
1000V
Industrys first third-party ESX
switch
Built on Cisco NX-OS
Compatible with switching platforms
Maintain Virtual Center provisioning
model unmodified for server
administration; allow network
administration of Nexus 1000V via
familiar Cisco NX-OS CLI
Policy-Based
VM Connectivity
Non-Disruptive
Operational Model
Mobility of Network
and Security Properties
-
8/22/2019 Nexus 1000v Tdm
35/35
Policy-Based
VM Connectivity
Non-Disruptive
Operational Model
Mobility of Network
and Security Properties
VMW ESX
VM
#4
VM
#3
Server
VM
#2
VM
#1
VN-Link
Nexus
Nexus Switch with VN-Link
Hardware Based
Allows scalable hardware-based
implementations through hardware
switches Standards-based initiative: Cisco &
VMware proposal in IEEE 802 to
specify Network Interface
Virtualization
Combines VM and physical network
operations into one managed node
VN-Link with Network Interface Virtualization