• Like
Unified Data Center- CLLE
 

Unified Data Center- CLLE

on

  • 671 views

The Unified Data Center allows data center virtualization. Cisco Live SLED East, Cisco Live Local Edition (CLLE).

The Unified Data Center allows data center virtualization. Cisco Live SLED East, Cisco Live Local Edition (CLLE).

Statistics

Views

Total Views
671
Views on SlideShare
671
Embed Views
0

Actions

Likes
1
Downloads
45
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Unified Data Center- CLLE Unified Data Center- CLLE Presentation Transcript

    • Local Edition
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicLocal EditionThe Unified Data CenterLoy EvansDC Consulting Systems Engineer
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public•  Data Center Virtualization Overview•  Data Centre Virtualization•  Virtual Networking & Cloud Network Services•  Virtual Compute & IO Virtualization•  Virtualized Storage & SAN•  Software Defined Network & Orchestration•  Implementation Examples•  Q&AAgenda
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public•  The Application Servicesprovided by the Networkneed to respond and bealigned to meet the newgeometry of the VMs•  Close interaction requiredbetween the assetsprovisioning Virtualizedinfrastructure and theApplication Servicessupporting the VirtualMachines.The “Virtual Data Centre” Approach
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicMoving to a fully virtualized Data Centre, with Any to Any ConnectivityMoving to a Unified Data Center•  Fully unified I/O deliversthe followingcharacteristics:‒  Ultra High Capacity 10Gbps+‒  Low latency‒  Loss Free (FCoE)•  True “Any to Any”Connectivity is possibleas all devices areconnected to all otherdevices.
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicTypical Virtualized Data Centre Infrastructure (3 Layers)Nexus 700010 GE AggrNetworkServicesLayer 3Layer 2 - 1GELayer 2 - 10GE10 GE DCB10 GE FCoE/DCB4/8 Gb FCFCSAN AFCSAN BvPC+    FabricPath  Nexus 700010 GE CoreCatalyst 6500End-of-RowNexus 5500 10GENexus 2248End-of-RowCBS 31xxBlade switchNexus 7000End-of-RowNexus 5500 FCoENexus 2232Top-of-RackUCS FCoE Nexus 3000Top-of-RackNexus4000FIP-Snoop.IBM BladeCenter1 GbE Server Access & 4/8Gb FC via dual HBA (SAN A // SAN B) 10Gb  DCB  /  FCoE  Server  Access    or    10  GbE Server Access & 4/8Gb FC via dual HBA (SAN A // SAN B)L3L2MDS 9500SANDirectorB22FEXHP BladeC-classFCSAN AFCSAN BAggrega1on    &  Services  Layer  DC  Edge  Layer  (LAN  &  SAN)  Access    Layer  SAN  Edge  WAN  Edge  Layer  MDS 9200 /9100Nexus5500FCoE
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicData Centre Row 1The Evolving Data Centre ArchitectureChallenges for the Classical Network DesignData Centre Row 2§  Hypervisor based server virtualization capabilities(vMotion, Live Migration, etc.) are changing DataCentre design§  Where is the server now?§  Where is the access port?§  Where does the VLAN exist?§  Any VLAN Anywhere?§  How large do we need to scale Layer 2?§  What are the capacity planning requirements forflexible workloads?§  Where are the policy boundaries with flexibleworkload (Security, QoS, WAN acceleration, …)?§  What about programmability and automation ?
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicData Centre Infrastructure Strategy & TrendsVirtualization & CloudSoftware Defined Network (SDN)Virtual Networking / OverlayData Centre FabricArchitecture vs Technology
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCommon Cloud DiscussionsWide Span of Industry Efforts9The Unified Data Center is all about Efficiency, andshould help to:•  Consolidate Assets•  Standardize Operations•  Virtualize the Environment•  Automate Service Delivery
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public•  Data Center Virtualization Overview•  Data Centre Virtualization•  Virtual Networking & Cloud Network Services•  Virtual Compute & IO Virtualization•  Virtualized Storage & SAN•  Software Defined Network & Orchestration•  Implementation Examples•  Q&AAgenda
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicPolicy PlaneThe business glue of the network. Rules execution, decision making, ServiceManager and all the other components to make a productize service.Services PlaneOverlay “Layer 7” application flow built on the foundation of the other layers.Dependent on the other layers.ManagementPlaneThe management plane is the logical path of all traffic related to the systemmanagement of the platform.Control PlaneIt’s the brain of any networking platform and the technical glue of the network. Thecontrol plane is where all routing, switching, other protocols and control informationare exchangedData PlaneThe data plane receives, processes, and transmits network data between networkelements, and represents the bulk of network traffic that passes to and through thegear.Network Planes of Operation
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Publicq  vPC  is  a  Port-­‐channeling  concept  extending  link  aggregaAon  to  two  separate  physical  switches  q  Allows  the  creaAon  of  resilient  L2  topologies  based  on  Link  AggregaAon.  q  Eliminates  the  need  for  STP  in  the  access-­‐distribuAon  Layer  ü  Enable  seamless  VM  Mobility,  Server  HA  Clusters  ü  Scale  Available  Layer  2  Bandwidth      ü  Dual-­‐homed  server  operate  in  acAve-­‐acAve  mode  (via  MulA-­‐chassis  Etherchannel  –  MCEC)  ü  Simplify  Network  Design  ü  Available  on  Nexus  7000,  Nexus  5000  /  5500  and  Nexus  3000  Bi-­‐sec1onal  bandwidth  with  vPC  L2  SiSiNon-­‐vPC   vPC  SiSiVirtual  Port  Channel  Physical  Topology   Logical  Topology  Virtual Port Channel (VPC)Active — Active Layer 2 Links
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicDistributed HighDensity EdgeSwitching System+Cisco Nexus® 2200 FEXCisco Nexus® 5500Cisco Nexus® 2200 FEXCisco Nexus® 7000+Cisco FEXlink: Virtualized Access Switch  Nexus 2200 Fabric Extender (FEX)Cisco Nexus® 6000+Cisco Nexus® 2200 FEX
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicIEEE 802.1BR: Bridge Port Extension§  Fully specifies a Port Extender (FEX Equivalent)§  Extends ports of a switch to lower entities in a network§  Port Extenders are not individually managed§  Their ports become ports of the controlling switch§  Cascading Port Extenders§  Allows one to choose the appropriate controlling switch§  Frame replication supported for efficient multicast / flooding§  Traffic from each “Extended Port” is reliably segregated to an E-channel and identified by a tag containing an E-channel identifier(ECID)§  Does not require prior knowledge of MAC addresses; switch performs standard learningfunctions§  Works with all devices including VEBs, VEPAs, individual VMs, physical services, anddevices providing transparent services§  Controlling Bridge + PE = Extended Bridge§  Single Point of ManagementPE  Bridge  PE  PE  PE   Port  Extender  PE  vFW  Server    VM1  PE  Controlling  Bridge  Extended  Bridge  ECID  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicRepresentation of Port Extender & Fabric ExtenderSwitchEthPort Extension802.1BRPortExtenderPE Tag802.1BRServerHypervisorVM   VM  VM   VM   VM  VM  AdapterPE Tag802.1BR1   2   3   4   5  Port nvNIC3vNIC2vNIC1vNIC5vNIC4Port 0Nexus 2200 (FEX)2   3  1  NIV Capable AdapterIEEE Bridge Port Extender = Cisco FEX (Fabric Extender)1  5  1   2   3   4   5   6   7   8  Nexus 5500Port 1 …Eth
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicTo2R: Nexus 2200 Deployment ExampleRack 1 Rack 2Access LayerRack 1 Rack 2Rack 1 Rack 2Aggregation LayerNexus 7000 Nexus 7000Nexus 5500 Nexus 5500Nexus 2200 Nexus 2200x4 x4x4x4x4 x4x4x4Rack 1 Rack 2Rack 1 Rack 2 Rack 12 Rack 1 Rack 2 Rack 12vPCvPCRack 13 Rack 14 Rack 24
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicvPC Between Nexus 7000 and Nexus 5500/6000and Nexus 2200 — Active/ActiveNexus  7000  Nexus  5x00  Nexus  6000  Nexus  2200  VPC   eVPC  Enhanced  VPC    (eVPC)  supported  with  Nexus  5500  only  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco FabricPathScaling and Simplifying Layer 2 Ethernet Networks-­‐All    Links  AcAve  TradiAonal  Spanning  Tree  Based  Network  Up  to  16  Agg/  Spine  switches    -­‐Blocked  Links    Cisco  FabricPath  Network  160+  Tbps    switching  capacity  §  Eliminate  Spanning  tree  limitaAons  §  MulA-­‐pathing  across  all  links,  high  cross-­‐secAonal  bandwidth  §  High  resiliency,  faster  network  re-­‐convergence  §  Any  VLAN,  any  where  in  the  fabric  eliminate  VLAN  Scoping  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicExample: Handling Application GrowthScenario: Application grows beyond currently compute capacity andallocated rack space causing network disruptions and physical changesVLAN  1,  2,  3  VLAN  1  Rack  1  VLAN    2  Rack  2  VLAN  3  Rack  3  §  VLAN  Extensibility  –  any  VLAN  any  where!  §   LocaAon  independence  for    workloads    §   Consistent,  predictable  bandwidth  and  latency  with  Cisco  FabricPath.  §  Adding  addiAonal  server  capacity  while  maintaining  layer  2  adjacencies  in  same  VLAN  §  disrupAve  -­‐  Requires  physical  move  to  free  adjacent  rack  space  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Publicinterface  e3/1-­‐2                  switchport  mode  fabricpath  interface  e2/1-­‐3                  switchport  mode  fabricpath  interface  e1/1-­‐3                  switchport  mode  fabricpath  FabricPathequivalentFabricPathe1/1-­‐2  e3/1-­‐2  e2/1-­‐2  e1/3   e2/3  Why Migrate from vPC to FabricPath?•  Much Simple and straight configuration•  Any mesh possible, non-disruptive cabling changese1/1-­‐2  e3/1-­‐2  e2/1-­‐2  e1/3  e2/3  VPC  e2/5  e1/5  interface  e2/5                  ip  address  192.168.1.2/24                  vrf  membership  vpc-­‐keepalive  vpc    domain  1                  peer-­‐keepalive  desAnaAon  192.168.1.1                                                source  192.168.1.2  vrf  vpc-­‐keepalive  interface  port-­‐channel  1000                  switchport  mode  trunk                  vpc  peer-­‐link  interface  e2/1-­‐2                  switchport  mode  trunk                  channel-­‐group  1000  mode  acAve  interface  e2/3                  switchport  mode  trunk                  channel-­‐group  1  mode  acAve  interface  port-­‐channel1                  vpc  1  interface  e1/5                  ip  address  192.168.1.1/24                  vrf  membership  vpc-­‐keepalive  vpc    domain  1                  peer-­‐keepalive  desAnaAon  192.168.1.2                                              source  192.168.1.1  vrf  vpc-­‐keepalive  interface  port-­‐channel  1000                  switchport  mode  trunk                  vpc  peer-­‐link  interface  e1/1-­‐2                  switchport  mode  trunk                  channel-­‐group  1000  mode  acAve  interface  e1/3                  switchport  mode  trunk                  channel-­‐group  1  mode  acAve  interface  port-­‐channel1                  vpc  1  interface  e3/1-­‐2                  switchport  mode  trunk                  channel-­‐group  1  mode  passive  VPCconfigurationSTP   FabricPath•  Absolutely no Spanning Tree, forwarding based on routing
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicRouting Table Topology 1FabricPath ForwardingFabricPathMac Address TableVLAN MAC IF/SWID1 A s41 X e12 Y e22 B S4s1 s4s2s3Based on routing tables. VLAN pruning automaticABXYVlan  2  Vlan  2  Vlan  1   Vlan  1  SWID IFs3 L2s4 L2L1  L2  e1  e2  Topology  0  Topology  1  Routing Table Topology 0SWID IFs2 L1s3 L2s4 L1,L2
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicS10   S20   S30   S40  S100   S101   S201  FabricPath  Rack-­‐Mount  Server  L1   L2   L4  L3  L5   L6   L7   L8  L9   L10   L11   L12  FP  IS-­‐IS  Logical View with FabricPath:Distributed Topology without L2 loopsUnified  CompuAng  System  (Cisco  UCS)  Virtual  Access    Switch  POD  (Nexus  7000  /  6000  /  5x00  +  Nexus  2200)  Virtual  Blade  Switching  (VBS)  vPC+  allows  dual-­‐homed  connec@ons  from  edge  ports  into  FabricPath  domain  with  ac@ve/ac@ve  forwarding.    E.g.:  Classical  Ethernet  switch,  Layer  3  router,  dual-­‐homed  server,  etc.  vPC+   vPC+  S200  Leaf  Layer  Spine  Layer  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicAgenda§  Data Center Virtualization Overview§  Data Centre Virtualization§  Virtual Networking & Cloud Network Services§  Virtual Compute & IO Virtualization§  Virtualized Storage & SAN§  Software Defined Network & Orchestration§  Implementation Examples§  Q&A
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicWhat Happens WhenWe Mix Network andServer Virtualization ?24
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCurrent View of the Access Layer with VMs•  Typically provisioned as trunk to theserver running ESX•  No visibility to individual traffic from eachVM•  Unable to troubleshoot, apply policy,address performance issuesBoundary  of  network  visibility  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicNetworking for Server VirtualizationProblems:  • Dynamic  MigraAon  of  VMs  may  move  them  across  physical  server  ports—policy  must  follow    • Impossible  to  view  or  apply  policy  to  locally  switched  traffic  • Need  collaboraAon  between  network  and  VirtualizaAon  admin  VLAN  101  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public•  VN-Link (or Virtual Network Link) is a termthat refers to a VM specific link that is createdbetween the VM and Cisco switch.Cisco VN-LinkWhat is that and which problems does it solve ?§  Logical  equivalent  &  combinaAon  of  a  NIC,  a  Cisco  switch  interface  and  the  RJ-­‐45  patch  cable  that  hooks  them  together.  Hypervisor  VNIC   VNIC  VETH   VETH  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicVN-Link View of the Access Layer•  Nexus 1000V and VN-Link providevisibility to the individual VMs•  Policy can be configured per-VM•  Policy is mobile within the ESX cluster
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Virtual Networking VisionMulti-HypervisorMulti-ServicesMulti-CloudNexus  1000V  VMWare  vSphere  Microsoi  Hyper-­‐V  @  Windows  Server  2012  KVM  Xen  Server    Firewall,  WAN/App  opAmizaAon,  ADC,  Cloud  Router,  WAF,  VM  SegmentaAon  Private,  Public,  Hybrid,  Community  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public                                  CiscoNexus1000VVEM                                  CiscoNexus1000VVEM                                  CiscoNexus1000VVEMVM   VM   VM   VM  VM   VM   VM   VM  VM   VM   VM   VM                                    Cisco Nexus 1000V VSM                                  Virtual  Supervisor  Module  (VSM)  •  Virtual or Physical appliance runningCisco NXOS (supports Hi-availability)•  Performs management, monitoring, andconfiguration•  Tight integration with managementplatforms                                  Virtual  Ethernet  Module  (VEM)  •  Enables advanced networking capabilityon the hypervisor•  Provides each virtual machine withdedicated “switch port”•  Collection of VEMs : 1 virtual networkDistributed SwitchHypervisor   Hypervisor    HypervisorServer Server ServerCisco Nexus 1000V Architecture                                  Virtual Machine ManagerEx.: vCenter, SCVMM, etc.
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public                                  VM   VM   VM   VM  Nexus  1000V    VEM                                                                      VM   VM   VM   VM  Nexus  1000V    VEM  Nexus  1000V  VSM  Windows  8  Hyper-­‐V  Nexus  1000V  VSM  VMware  vSphere                                    VMware  vCenter                                    SCVMM  Consistent  architecture,  feature-­‐set  &  network  services    ensures  operaAonal  transparency  across  mulAple  hypervisors.                                    Cisco Nexus 1000v multi-hypervisor support Now!                                                                    Coming!
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Nexus 1000v on Xen ServerDemo at Citrix Sinergy Europe 201232hKp://youtu.be/tS8bnbh38Is  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Nexus 1000v on KVMDemo at Cisco Live 2012 in San Diego (for Openstack integration)33
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicNexus  1000V  Essen1al  EdiAon   Nexus  1000V  Advanced  EdiAon  New Nexus 1000V Freemium Go-To-Market ModelFreemium  Pricing  Model  Offers  Flexibility  for  Customers  to  Deploy  Cisco  Virtual  Data  Centre  •  Full  Layer-­‐2  Feature  Set  •  Security,  QoS  Policies  •  VXLAN  virtual  overlays  •  Full  monitoring  and  management  capabiliAes  •  vPath  enabled  Virtual  Services  •  All  Feature  of  EssenAal  EdiAon  •  VSG  firewall  bundled  (previously  sold  separately)  •  Support  for  Cisco  TrustSec  SGA  policies  •  Planorm  for  other  Cisco  DC  Extensions  in  the  Future  The  world’s  most  advanced  virtual  switch   Adds  Cisco  value-­‐add  features  for  DC  and  Cloud  No-­‐Cost  Version   $695  per  CPU  MSRP  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicEssential and Advanced Edition - FeaturesComparisonEssential Edition ($0)•  VLAN, ACL, QoS•  VXLAN, vPath•  LACP•  Multicast•  Netflow, ERSPAN•  Management•  vTracker•  vCenter Plug-inAdvanced Edition ($695 LIST)•  Cisco TrustSec support•  CISF: DHCP snooping, IP SourceGuard, ARP Inspection•  VSG (previously $495 List)Essential Edition•  VLAN, ACL, QoS•  VXLAN, vPath•  LACP•  Multicast•  Netflow, ERSPAN•  Management•  vTracker•  vCenter Plug-inFully Available !!!
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public1. Nexus 1000V automatically enablesport groups in vCenter via API2. Server Admin uses vCenter to assignvnic policy from available port groups3. Nexus 1000V automatically enables VMconnectivity at VM power-onPort Profiles “How to”1.    VMW  ESX  Server  1  Nexus  1000V  -­‐  VEM  VM    #1  VM    #4  VM    #3  VM    #2  Available  Port  Groups  WEB  Apps   HR  DB   Compliance  2.    Nexus  1000V            VSM  Virtual  Machine  Manager  (VMM)  3.    “WEB  Apps”  Port  Profile:    §  PVLAN  108,  Isolated  §  Security  Policy  =  Port  80  and  443    §  Rate  Limit  =  100  Mbps  §  QoS  Priority  =  Medium  §  Remote  Port  Mirror  =  Yes  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicVirtual Extensible Local Area Network(VXLAN)•  Ethernet in IP overlay network‒ Entire L2 frame encapsulated in UDP‒ 50 bytes of overhead•  Include 24 bit VXLAN Identifier‒ 16 M logical networks•  VXLAN can cross Layer 3•  Tunnel between VEMs‒ VMs do NOT see VXLAN ID•  IP multicast used for L2 broadcast/multicast,unknown unicast•  Technology submitted to IETF forstandardization‒ With VMware, Citrix, Red Hat and OthersOuterMACDAOuterMACSAOuter802.1QOuterIP DAOuterIP SAOuterUDPVXLAN ID(24 bits)InnerMACDAInnerMACSAOptionalInner802.1QOriginalEthernetPayloadCRCVXLAN Encapsulation Original Ethernet Frame
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicVM  1   VM  3  VM  2  Layer  2  (Pod  1)   Layer  2  (Pod  2)    Layer 3VLAN 10VLAN 10 VLAN 10Existing Solution: Reachability of VMs Within VLANLimited  Scalability  with  4k  VLANs  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicVM  1   VM  3  VM  2  Layer  2  (Pod  1)   Layer  2  (Pod  2)  Layer 3VXLAN 5500VXLAN 5500VXLAN: Crossing L3 Subnets within the DC
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public•  N1KV to fully integrate since vCD 1.5•  Support dynamic network provisioningPort-group backed poolsVLAN-backed poolsNetwork isolation backed pools (via VXLAN)•  Choice of vSphere 4.1 or 5 or 5.1vCloud  Director  1.5  or  5.1  vCenter   vShield  Manager  vSphere  4.1  or  5  or  5.1  Nexus  1000V  1.5.2  or  2.1  vShield  Edge  Host  Nexus 1000V &  vCDNexus 1000V @ ESX: vCloud Director Integration
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicHypervisor  TradiAonal  Service  Nodes  Virtual  Contexts  Deployment Options for Virtual Network ServicesVLANs  Hypervisor  Redirect  VM  traffic  via  VLANs  to  external  (physical)  appliances  1  App  Server  Database  Server  Web  Server  Apply  hypervisor-­‐based  network  services  2  App  Server  Database  Server  Web  Server  VSNVirtual  Service  Nodes  VSN
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicData Centre Virtualized Services via ContextsPhysical Appliances/Modules Context Combination Examplev5  v105  v6   v7  v107  v2081  v2082  v2083  ...  v206   v207  v206  BU-­‐4  BU-­‐2   BU-­‐3  v105  v108  BU-­‐1  1  2  3  4  *  vX  =  VLAN  X  **BU  =  Business  Unit  VRF  VRF  VRF  VRF  VRF  v208  “Front-­‐End”  VRFs  (MSFC)  Firewall  /  ASA  Service  Module  Contexts  ACE  Module  Contexts  “Back-­‐End”  VRFs  (MSFC)  Server  Side  VLANs  v207  3  4  v8  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Nexus 1000V Architecture: vPathVirtual  Appliance  VSM  Cisco  vWAAS   Cisco  VSG  Cisco® ASA  1000  V  Layer2ModeLayer3ModeVirtual  Service  Data  Path  (vPath)  •  Service  chaining  (traffic  steering)  •  Fast-­‐path  offload  •  VXLAN  aware  Embedding  intelligence  for  virtual  services    VEM-­‐1  vPath VXLANHypervisor  VEM-­‐2  vPath VXLANHypervisor  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicvPATH Interception in Nexus 1000v§  vPATH  IntercepAon  is  configured  on  Server  VM’s  Port  Profile  in  both  direcAons  to  redirect  to  a  VSN  §  Server  traffic  is  intercepted  by  vPATH  intercepAon  in  VEM  and  redirected  to  a  Virtual  Service  Node  -­‐  VSN  (or  mulAple  via  service  chaining  on  vPATH  2.0)  §  VSN  egress  traffic  forwarded  without  further  vPATH  intercepAon.  Upstream  Switch  VSM  VSN   Server  VM  VEM  vPATH  Intercep1on  In/Out  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicvPATH – Application based interceptionNexus 1000v VSMNetwork Admin viewvPATH interceptionvSphere clientServer Admin viewAttach Opt-port-profileto server VMsPort-Profile Port-group
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicNexus 1000VDistributed Virtual SwitchvPathNexus 1000V vPath2.0: VSNs on VXLANsVM VM VM VM•  Deployment- VMs and Virtual Service Nodes, ASA 1000V, VSG, vWAAS, etc. on VXLANs•  Same VSG can protect VMs on multiple VXLANs with overlapping IP addressesVXLAN  8052  VXLAN  5001  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Virtual Networking and Cloud Network ServicesNexus  1000V  •  Distributed switch•  NX-OS consistencyVSG  •  VM-level controls•  Zone-based FWASA  1000V  •  Edge firewall, VPN•  Protocol InspectionvWAAS  •  WAN optimization•  Application trafficMul1-­‐Hypervisor  WAN  Router  Servers  Physical  Infrastructure  Virtualized/Cloud  Data  Centre  6000+  Customers   Shipping   Shipping   Shipping  CSR  1000V  (Cloud  Router)  •  WAN L3 gateway•  Routing and VPNBeta  Switches  Ecosystem    Services  (*)  •  Virtual ADC•  Web App. FirewallCloud  Network  Services  Tenant  A  ASA  1000V  Cloud  Firewall  Nexus  1000V  vWAAS  Cisco  Virtual  Security  Gateway  vADC  (*)  vWAF  (*)  Cloud  Services  Router  1000V  Zone  A  Zone  B  vPath VXLANFUTURE  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Nexus 1110 Virtual Services ApplianceEnabling Physical-Virtual Consistency across Cisco and Ecosystem Partners ProductsNexus  1110  Series  Cloud  Network  Services  plamorm  3rd  party  vADC  Cisco  Virtual  Security  Gateway  Cisco  Prime  Network  Analysis  Module  3rd  party  WAF  Mul1-­‐Hypervisor  Nexus  1000V  UCS  /  Nexus  VM VMvWAAS  ASA  1000V  Virtual  Services  Deployed  on  Cisco  Virtual    Service  Appliance  Virtual  Services  as  VM’s  on  Mul1ple  Hypervisors  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public1.  Automatic application of vWAAS service whena new ‘Web Server’ VM gets provisioned2.  vWAAS services associated with ‘Web server’VMs using Nexus 1000V policies.Feature1.  Elastic vWAAS deployment2.  Scale-out Virtual Web Server farm byprovisioning additional VMs while applyingWAN optimizationBenefitvWAAS with vPATH – Elastic vWAAS DeploymentWebServer 1AppServerVMware ESXi ServerNexus 1000V vPATH  vWAASWebServer 1VMware ESXi ServerNexus 1000V vPATH  vWAASAppServerAdd New Web-Server VirtualMachine (VM)WebServer 2NEW
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Virtual Security Solution•  Proven  Cisco®  security:  virtualized  physical  and  virtual  consistency  •  CollaboraAve  security  model  ̶  Cisco  Virtual  Secure  Gateway  (VSG)  for  intra-­‐tenant  secure  zones  ̶  Cisco  ASA  1000V  for  tenant  edge  controls  •  Transparent  integraAon  ̶  With  Cisco  Nexus®  1000V  Switch  and  Cisco  vPath  •  Scale  flexibility  to  meet  cloud  demand  ̶  MulA-­‐instance  deployment  for  scale-­‐out  deployment  across  the  data  center  Tenant BTenant AVDCvAppvAppHypervisorCisco Nexus® 1000VCisco vPathVDCCisco® Virtual Network Management Center (VNMC)VMware vCenter / Microsoft SCVMM 2012*CiscoVSG CiscoVSGCiscoVSGCisco ASA1000VCisco ASA1000VCiscoVSG*  Planned  for  future  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicTraining ServersVM VMVM VMVM VMVM VMVM VMVSG Deployment with Logical zoning, vMotion support &scalable solutionSource Destination Protocol ActionZone=TRNG Zone=TRNG Any PermitAny Zone=TRNG Any PermitZone=TRNG Any Any DropIf vm-name contains “TRNG”, that VM belongs to TRNG zoneDatabase ServersVM VMVM VMVM VMVM VMVM VMDMZ ServersVM VMVM VMVM VMVM VMVM VMExchange ServersVM VMVM VMVM VMVM VMVM VMR&D ServersVM VMVM VMVM VMVM VMVM VMApplication ServersVM VMVM VMVM VMVM VMVM VM
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicSecuring VDI with Cisco VSG and ASA1000v•  Persistent virtualworkspace for the doctor•  Flexible workspace forDoctor’s assistant•  Maintain compliance whilesupporting IT“consumerization”Records  Healthcare  Portal   Database  Server  Zones  Assistant  IT  Admin   Doctor   Guest  Applica1on  HVD  Zones  Doctor  iT  Admin   Network  Virtual  Security  Gateway  (VSG)  Guest  Cisco    AnyConnect  ASA    1000v  Reference  Architecture:  •   1000V  and  VSG  in  VXI  Reference  Architecture  Leverage VM context (eg VM-name)to create VSG security policies
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicDC  ASR  Branch  ISR  Enterprise  B  Enterprise  A  Branch  ISR  Tenant  A  WAN  Router  Switches  Servers  Tenant  B  CSR1000VPhysical  Infrastructure  Virtual  Infrastructure  Cloud  Provider’s  Data  Centre  CSR1000VEnterprise  Use  Cases  •  Secure VPN Gateway•  L3 Extension•  Tenant FirewallCloud  Provider  Use  Cases  •  Secure VPN Gateway•  MPLS Extension•  Tenant FirewallMPLS  Internet  Single-Tenant WAN Gateway in Shared Multi-tenant CloudsCan be deployed by Enterprises or Cloud ProvidersASA1000VASA1000V
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicOverlay Transport Virtualization (OTV)•  Ethernet traffic between sites is encapsulated in IP: “MAC in IP”•  Dynamic encapsulation based on MAC routing table•  No Pseudo-Wire or Tunnel state maintainedOTV at a GlanceCommunication betweenMAC1 (site 1) and MAC2 (site 2)Server 1MAC 1Server 2MAC 2OTV   OTV  MAC IFMAC1 Eth1MAC2 IP BMAC3 IP BIP  A   IP  B  Encap   Decap  MAC1  à  MAC2   IP  A  à  IP  B   MAC1  à  MAC2   MAC1  à  MAC2  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicEth  4  Eth  3  MAC TABLEVLAN MAC IF100 MAC 1 Eth 2100 MAC 2 Eth 1100 MAC 3 IP B100 MAC 4 IP BMAC 2MAC 1OTV Data Plane: UnicastCore  MAC 4MAC 3OTV  External    IP  A  External    IP  B  West   East  L2   L3   L3   L2  OTV  Inter-­‐Site  Traffic  MAC  Table  contains    MAC  addresses  reachable  through    IP  addresses  OTV  Encap      2  Layer  2  Lookup      1  § No Pseudo-Wire state is maintained.§  The encapsulation is done based on a Layer 2 destination lookup.    3   Decap      4   MAC 1 è MAC 3    6  MAC TABLEVLAN MAC IF100 MAC 1 IP A100 MAC 2 IP A100 MAC 3 Eth 3100 MAC 4 Eth 4Eth  1  Eth  2  Layer  2  Lookup      5  MAC 1 è MAC 3IP A è IP BMAC 1 è MAC 3 MAC 1 è MAC 3IP A è IP BMAC 1 è MAC 3
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicIP  core  Device  IPv4  or  IPv6  Address  Represents  Iden1ty  and  Loca1on  Today’s  IP  Behavior  Loc/ID  “Overloaded”  Seman1c  10.1.0.1   When  the  Device  Moves,  It  Gets  a  New  IPv4  or  IPv6  Address  for  Its  New  Iden1ty  and  Loca1on  20.2.0.9  Device  IPv4  or  IPv6  Address  Represents  Iden1ty  Only.    When  the  Device  Moves,  Keeps  Its  IPv4  or  IPv6  Address.    It  Has  the  Same  Iden1ty  LISP  Behavior  Loc/ID  “Split”  IP  core  1.1.1.1  2.2.2.2  Only  the  Loca1on  Changes  10.1.0.1  10.1.0.1  Location Identity Separation Protocol (LISP)What Do We Mean by “Location” and “Identity”?Its  Loca1on  Is  Here!  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicA LISP Packet WalkHow Does LISP Operate?Non-­‐LISP  site  East-­‐DC  LISP  Site  IP  Network  ETR  EID-­‐to-­‐RLOC  mapping  5.1.1.1  5.3.3.3  1.1.1.1  5.2.2.2  10.3.0.0/24  10.2.0.0/24  West-­‐DC  PITR  5.4.4.4  10.1.0.0/24  Non-­‐LISP  site  ITR  S  D  DNS  Entry:  D.abc.com        A        10.2.0.1  1  10.1.0.1  -­‐>  10.2.0.1  2  EID-­‐prefix:    10.2.0.0/24  Locator-­‐set:        2.1.1.1,  priority:  1,  weight:  50  (D1)      2.1.2.1,  priority:  1,  weight:  50  (D2)  Mapping  Entry  3  This  Policy  Controlled  by  DesAnaAon  Site  10.1.0.1  -­‐>  10.2.0.1  1.1.1.1  -­‐>  2.1.1.1  4  10.1.0.1  -­‐>  10.2.0.1  5  2.1.1.1   2.1.2.1   3.1.1.1   3.1.2.1  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicLISP  Roles  •  Tunnel  Routers  -­‐  xTRs  •  Edge  devices  in  charge  of  encap/decap  •  Ingress/Egress  Tunnel  Routers  (ITR/ETR)  •  EID  to  RLOC  Mapping  DB  •  Contains  RLOC  to  EID  mappings  •  Distributed  across  mulAple  Map  Servers  (MS)  •  MS  may  connect  over  an  ALT  network  •  Proxy  Tunnel  Routers  -­‐  PxTR  •  Coexistence  between  LISP  and  non-­‐LISP  sites  •  Ingress/Egress:  PITR,  PETR  Address  Spaces  •  EID  =  End-­‐point  Iden1fier  •  Host  IP  or  prefix  •  RLOC  =  Rou1ng  Locator  •  IP  address  of  routers  in  the  backbone  Prefix    Next-­‐hop  w.x.y.1  e.f.g.h  x.y.w.2  e.f.g.h  z.q.r.5  e.f.g.h  z.q.r.5  e.f.g.h  Mapping  DB  ITR  ETR  Non-­‐LISP  EID SpaceEID SpaceRLOC SpaceEID                  RLOC  a.a.a.0/24  w.x.y.1  b.b.b.0/24    x.y.w.2  c.c.c.0/24  z.q.r.5  d.d.0.0/16  z.q.r.5  EID                  RLOC  a.a.a.0/24  w.x.y.1  b.b.b.0/24    x.y.w.2  c.c.c.0/24  z.q.r.5  d.d.0.0/16  z.q.r.5  EID                  RLOC  a.a.a.0/24  w.x.y.1  b.b.b.0/24    x.y.w.2  c.c.c.0/24  z.q.r.5  d.d.0.0/16  z.q.r.5  ALTPxTR  LISP Roles and Address SpacesWhat Are the Different Components Involved?
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicWest-­‐DC   East-­‐DC  Non-­‐LISP  Sites  PxTR  LISP  Site  IP  Network  EID  RLOC   LISP  Encap/Decap  xTR  Needs:  • Global  IP-­‐Mobility  across  subnets  • OpAmized  rouAng  across  extended  subnet  sites  LISP  Solu1on:  • Automated  move  detec1on  on  xTRs  • Dynamically  update  EID-­‐to-­‐RLOC  mappings  • Traffic  Redirec1on  on  ITRs  or  PITRs  Benefits:  • Direct  Path  (no  triangulaAon)  • ConnecAons  maintained  across  move  • No  rouAng  re-­‐convergence  • No  DNS  updates  required  • Transparent  to  the  hosts  • Global  Scalability  (cloud  bursAng)  • IPv4/IPv6  Support  LAN  Extensions  Mapping  DB  LISP Host-MobilityLISP-­‐VM  (xTR)  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicRouting for Extended SubnetsActive-Active Data CentresDistributed ClustersMoves  With  LAN  Extension  Host-Mobility ScenariosWest-­‐DC   East-­‐DC  Non-­‐LISP  Site  IP  Network  Mapping  DB  LISP-­‐VM  (xTR)  LAN  Extension  LISP  Site  xTR  Applica1on  Members  Distributed  (Broadcasts  across  sites)    IP Mobility Across SubnetsDisaster RecoveryCloud BurstingMoves  Without  LAN  Extension  West-­‐DC   East-­‐DC  LISP  Site  Internet  or  Shared  WAN  xTR  Mapping  DB  DR  Loca1on  or  Cloud  Provider  DC  LISP-­‐VM  (xTR)  Applica1on  Members  in  One  Loca1on  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicAgenda•  Data Center Virtualization Overview•  Data Centre Virtualization•  Virtual Networking & Cloud Network Services•  Virtual Compute & IO Virtualization•  Virtualized Storage & SAN•  Software Defined Network & Orchestration•  Implementation Examples•  Q&A
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicLANAny IEEE Compliant LAN SAN BAny ANSI T11 Compliant SANMgmtSAN AAny ANSI T11 Compliant SANCisco Unified Computing System (UCS)Form Factor IndependenceOne Logical Chassis to Manage*LAN ConnectivitySAN NetworkingBlade Chassis’Server BladesRack ServersServer Identity ManagementMonitoring, Troubleshootingetc.*160 servers supported as of UCS release 2.1
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicStateless Computing: Service ProfilesLAN  SAN  SERVER  IDENTITY  Adds:  •  Portability  •  More  flexibility  •  Improved  up1me  UCS  Service  Profile  NIC  MACs  HBA  WWNs  Server  UUID  VLAN  Assignments  VLAN  Tagging  FC  Fabrics  Assignments  FC  Boot  Parameters  QuanAty  of  NICs  Boot  Order  PXE  Seyngs  IPMI  Seyngs  QuanAty  of  HBAs  QoS  Seyngs  Call  Home  StaAsAc  Thresholds  System  Firmware  Adapter  Firmware  CIMC  Firmware  RAID  Seyngs  NIC  Teaming  in  HW  BIOS  Seyngs  etc.,  etc.,  etc.  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicUnified & Stateless via UCS Service ProfilesAligns People, Policy, and Configuration With WorkloadServer Policy…Storage Policy…Network Policy…Virtualization Policy…Application Profiles…Subject Matter ExpertsDefine PoliciesStorageSMEServerSMENetworkSMEPolicies Usedto CreateService Profile TemplatesService ProfileTemplatesCreate Service Profiles3Associating ServiceProfiles with HardwareConfigures ServersAutomatically4UnifiedManagementApp 4UUID, MAC, WWNBoot InformationLAN, SAN ConfigFirmware PolicyApp 3UUID, MAC, WWNBoot InformationLAN, SAN ConfigFirmware PolicyApp 2UUID, MAC, WWNBoot InformationLAN, SAN ConfigFirmware PolicyApp 1UUID, MAC, WWNBoot InformationLAN, SAN ConfigFirmware PolicyServer NameUUID, MAC, WWNBoot InformationLAN, SAN ConfigFirmware Policy
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public*IEEE  802.1BR  Pre-­‐Standard      Fabric Extender EvolutionDistributed Modular System to the ToR, Server, and Virtual MachineFEX Architecture§  Consolidates network management§  FEX  managed  as  line  card  of  parent  switch  §  Uses Pre-standard IEEE 802.1BRIEEE    802.1BR*    Many  applicaAons  require    mulAple  interfaces  One  Network  Parent  Switch  to  Top  of  Rack  Legacy  FEX  Network    Administrator  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicLegacy  Adapter FEX§  Consolidates multiple 1Gb interfaceinto a single 10Gb interface§  Extends network into server§  Uses Pre-standard IEEE 802.1BROne  Network  Parent  Switch  to  Adapter  IEEE      802.1BR  *  Adapter  FEX  Many  applicaAons  require    mulAple  interfaces  FEX  Network    Administrator  *IEEE  802.1BR  Pre-­‐Standard      IEEE      802.1BR  *    Fabric Extender EvolutionDistributed Modular System to the ToR, Server, and Virtual Machine
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicLegacy  IEEE      802.1BR  *  Adapter  FEX    Hypervisor  One  Network  Virtual  Same  As  Physical  VM-FEX§  Consolidates virtual and physicalnetwork§  Each  VM  gets  a  dedicated  port  on  switch    §  Uses  Pre-­‐standard  IEEE  802.1BR  IEEE  802.1BR  *  IEEE  802.1BR  *  VM  network  managed  by  Server  administrator  VM-­‐FEX  FEX  Network    Administrator  *IEEE  802.1BR  Pre-­‐Standard      Fabric Extender EvolutionDistributed Modular System to the ToR, Server, and Virtual Machine
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public  Hypervisor  IEEE      802.1BR*          One  Network  Parent  Switch  to  Applica1on  Single  Point  of  Management    FEX  Architecture  §  Consolidates  network  management    §  FEX  managed  as  line  card  of  parent  switch  Adapter  FEX      §  Consolidates  mulAple  1Gb  interface  into  a  single  10Gb  interface    §  Extends  network  into  server  VM-FEX§  Consolidates virtual and physicalnetwork§  Each  VM  gets  a  dedicated  port  on  switch    IEEE      802.1BR*  IEEE      802.1BR*  Adapter  FEX  Legacy  Manage  network  all  the  way  to                            the  OS  interface  –              Physical  and  Virtual  FEX  VM  FEX  Network    Administrator  *  IEEE  802.1BR  Pre-­‐Standard      Fabric Extender EvolutionDistributed Modular System to the ToR, Server, and Virtual Machine
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public4 Deployments of Cisco’s Virtual Networking TechnologyNexus  5000/5500/7000    +  Nexus  2200  UCS  6100/6200  +  IOM  2k  B22H  with  Nexus  5500  (HP)  Server  Rack  Rack ServerRack ServerRack ServerRack ServerRack ServerRack ServerRack ServerRack ServerRack ServerRack ServerRack ServerRack ServerRack  FEX  FEX  Switch  FEX      Chassis  FEX  Switch  /  FI  Blade ServerBlade ServerBlade ServerBlade ServerBlade ServerBlade  Server  Chassis  Blade ServerBlade ServerBlade Server1 2UCS  6100/6200  +  VIC  1  or  2  Nexus  5500  +  VIC  P81E  Blade/Rack  Server    Adapter  OSFEX      Adapter  FEX  Switch  /  FI  31   2   3   4   n  1  Port 0UCS  6100/6200  +  VIC  1  or  2  +  VM  Mgmt  Link  Nexus  5500  +  VIC  P81E  vCenter/VMM  Management  Plane  Integra1on  UCS  Manager  VM  Host  HypervisorVM VM                    FEX      VM-­‐FEX  VMSwitch  /  FI  RedHat  KVM  41   2   n  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco UCS C-Series Adapter-FEX and VM-FEXUCS Virtual Interface Card•  It supports NIC partitioning to the OS and 802.1BR to the switch‒  In Adapter-FEX mode: support for up to 16 Eth vNIC and 2 FC vHBA‒  In VM-FEX mode: support for up to 96 vNics•  Adapter Failover feature: in case of failure on the primary path, the vNIC is mapped to thestandby port transparently to the OS•  Security and scalability improvements: no need of trunking all VLANs to the server interface
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicAdapter-FEX on UCS C-Series ServersNetwork admin can control the veth configuration and, as a result, the server network adapterNexus-­‐5548(config)#  int  veth6  Nexus-­‐5548(config-­‐if)#  shut  Nexus-­‐5548(config-­‐if)#  no  shut  Support  matrix  at  Nexus  5500  (NX-­‐OS  5.1(3)N1(1))  and  UCS  C-­‐Series  Servers  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public•  Dual  4x  10  GE  port-­‐channels  to  a  single  server  slot  •  Host  connecAvity  PCIe  Gen2  x16  •  PCIe  Gen  2  x16  bandwidth  limit  is  32  Gbps  •  HW  Capable  of  256  PCIe  devices  •  OS  restricAon  apply  •  PCIe  virtualizaAon  OS  independent  (same  as  M81KR)  •  Single  OS  driver  image  for  both  M81KR  and  1280  VIC  •  FabricFailover  supported    •  Eth  hash  inputs  :  Source  MAC  Address,  DesAnaAon  MAC  Address,  Source  Port,  DesAnaAon  Port,  Source  IP  address,  DesAnaAon  IP  address,  and  VLAN  •  FC  Hash    inputs:  Source  MAC  Address,  DesAnaAon  MAC  Address,  FC  SID  and  FC  DID      §  Dual  4x  10  GE  (80  Gb  per  host)    §  VM-­‐FEX  scale,  up  to  112  VM  interfaces  /w  ESX  5.0  Customer  benefits  Feature  details  UCS B-Series: Virtual Interface Card (VIC) 1280UCS  1280  VIC  UCS  2208  IOM  Side  A   Side  B  256  PCIe  devices  UCS  2208  IOM  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public                                                                    Bring network to the hypervisor(Cisco Nexus 1000V Switch)UCS VICUCSServerBring VM awareness to physical network(Cisco UCS VM-FEX)    Hypervisor  Hypervisor    Cisco  Nexus  1000V  AdapterServerVM-FEX*IEEE  802.1Q  Network  Cisco Nexus 1000V and UCS VM-FEXUCS  FI  or  Nexus  5500  *Pre-­‐standard,  IEEE  802.1BR  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCriteria Nexus 1000VNexus 5500VM-FEXUCSVM-FEXServer + Network management YHeterogeneous Servers YY(future)Heterogeneous 1st Hop Network YPhysical/Virtual Network Consolidation Y YFeature Richness/Velocity YHardware Performance Y YVM Density per Server 216 VMs VIC P81E: 96 VMsVIC M81KR: 56 VMsVIC 1280: 116* VMs*  Limita@on  of  OS  (VIC  1280  hardware  is  capable  of  up  to  256)  Cisco Virtual Machine Networking Options
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicAgenda•  Data Center Virtualization Overview•  Data Centre Virtualization•  Virtual Networking & Cloud Network Services•  Virtual Compute & IO Virtualization•  Virtualized Storage & SAN•  Software Defined Network & Orchestration•  Q&A
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PubliciSCSI    Appliance  File  System  Applica1on  SCSI  Device  Driver  iSCSI  Driver  TCP/IP  Stack  NIC  Volume  Manager  NIC  TCP/IP  Stack  iSCSI  Layer  Bus  Adapter  iSCSI    Gateway  FC  File  System  Applica1on  SCSI  Device  Driver  iSCSI  Driver  TCP/IP  Stack  NIC  Volume  Manager  NIC  TCP/IP  Stack  iSCSI  Layer  FC  HBA  NAS  Appliance  NIC  TCP/IP  Stack  I/O  Redirector  File  System  Applica1on  NFS/CIFS  NIC  TCP/IP  Stack  File  System  Device  Driver  Block  I/O  NAS  Gateway  NIC  TCP/IP  Stack  I/O  Redirector  File  System  Applica1on  NFS/CIFS  FC  NIC  TCP/IP  Stack  File  System  FC  HBA  FCoE  SAN  FCoE    SCSI  Device  Driver  File  System  Applica1on  Computer  System   Computer  System   Computer  System   Computer  System   Computer  System  Block  I/O   File  I/O  Ethernet   Ethernet  Block  I/O  NIC  Volume  Manager  Volume  Manager  FCoE  Driver  Unified FabricStorage I/O—Flexibility and Serialized Re-UseEthernet  Ethernet  Ethernet  §  Ability  to  re-­‐provision  any  compute  unit  to  leverage  any  access  method  to  the  data  stored  on  the  ‘spindle’  §  Serialized  Re-­‐Use  –  Boot  from  SAN  and  Run  from  NAS    §  VirtualizaAon  requires  that  the  Storage  Fabric  needs  to  exist  everywhere  the  IP  fabric  does  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public•  Ethernet is non-deterministic.‒  Flow control is destination-based‒  Relies on TCP drop-retransmission / sliding window•  Fibre-Channel is deterministic.‒  Flow control is source-based (B2B credits)‒  Services are fabric integrated (no loop concept)Network Behavior and Characteristics
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public78  I/O  ConsolidaAon  with  FCoE  Standards for Unified I/O with FCoE and VBE" FCoE is fully defined in FC-BB-5 standard" FCoE works alongside additional technologies to make I/O Consolidation a realityT11  IEEE  802.1  VBE  FC  on  other  network  media  FC  on  Other  Network  Media  FC-­‐BB-­‐5  PFC   ETS   DCBX  802.1Qbb  DCB  802.1Qaz     802.1Qaz  Lossless  Ethernet  Priority  Grouping  Configura1on  Verifica1on  802.1Qbg  802.1BR  PE   EVB  Port-­‐Extender  Edge  Virtual  Bridge  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicUnified I/O Architecture Consolidation Initial GoalEthernet   FC  LAN   SAN  B  SAN  A  No  Consolidated  IO   I/O  Consolida1on  with  FCoE  SAN  B  LAN   SAN  A  FCoE  Nexus  5000  Ethernet   FC  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicExample: Embedded FCoE at Cisco UCSFrom  ad  hoc  and  inconsistent…    …to  structured,  but  siloed,  complicated  and  costly…  …to  simple,  opAmized  and  automated  CiscoUCS
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicLooking forward: Full Unified Fabricü  LAN and SAN traffic share physical switches and linksü  FabricPath enabledü  All Access switches are FCoE FCF switchesü  VE_Ports to each neighbor Access switchü  Single process and database (FabricPath) for forwardingü  Improved (N + 1) redundancy for LAN & SANü  Sharing links increases fabric flexibility and scalabilityü  Distinct SAN ‘A’ & ‘B’ for zoning isolation and multipathingredundancyü  With FC-BB-6 on the future:§  Access switches for server connectivity to behave as FDF§  FDF to FCF transparent failover§  VA_Ports to each neighbor FCF switchSAN Separation at the Access Switch (and FC-BB-6, when available)L2L3Isolation ConvergenceFCoENexus 7000Nexus 5500FCFFCFCNA1CNA210,20 20,30 10 30Array1 Array210,20 20,30 10 30Fabric ‘A’ConvergedFCoE linkDedicatedFCoE linkFCEthernetFabricPathFabric ‘B’
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicAgenda•  Data Center Virtualization Overview•  Data Centre Virtualization•  Virtual Networking & Cloud Network Services•  Virtual Compute & IO Virtualization•  Virtualized Storage & SAN•  Software Defined Network & Orchestration•  Q&A
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicBefore we get started: “SDN-related” DefinitionsWhat  Is  Soiware  Defined  Network  (SDN)?  “…Soiware  Defined  Networking  (SDN)  is  a  network  design  concept  in  which  the  network  control  plane  is  centrally  accessible  through  an  API  to  applicaAons  wanAng  to  be•er  use  the  network…  Source: wikipideaWhat  is  OpenStack?  Opensource  souware  for  building  public    and  private  Clouds;  includes  Compute  (Nova),  Networking  (Quantum)  and  Storage  (Swii)  services.  Source: www.openstack.orgWhat  is  Overlay  Network?  Overlay  network  is  created  on  exisAng  network  infrastructure  (physical  and/or  virtual)  using  a  network  protocol.    Examples  of  overlay  network  protocol  are:  MPLS,  GRE,  IPSEC,  LISP,  OTV  and  VXLAN  What  Is  OpenFlow?  “…open  standard  that  enables  researchers    to  run  experimental  protocols  in  campus  networks.  Provides  standard  hook  for  researchers  to  run  experiments,  without  exposing  internal  working  of  vendor  devices…”  Source: www.opennetworking.org
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public“SDN  Approach”  Current  Model  Resilient.  Scalable.  Secure.  Rich-­‐features.  EvoluAonary  Investment  ProtecAon  Simpler.  Fewer  nodes  to  manage.  Topology  View.  Network Programmability Models: Physical or VirtualControl PlaneData PlaneControl PlaneData PlaneVendor  Specific  API  Vendor  Specific  API  OpenFlow  or  Vendor  Specific  API  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicPreserve  what’s  working   Evolve  for  emerging  requirements  Cisco Software Defined Network (SDN) Strategy: Evolution ofthe Intelligent NetworkEvolve  the  Network  for  the  next  wave  of  applica1on  requirements  •  Resiliency•  Scale•  Rich feature-set•  Operational Simplicity•  Programmability•  Application Centricity+  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicaCisco Open Network Environment (ONE)Industry’s  Most  Comprehensive  Networking  Pormolio  Hardware  +  Soiware   Physical  +  Virtual   Network  +  Compute  Network  Planorm  APIs  Controllers  and  Agents  Virtual    Overlays  ApplicaAons  www.cisco.com/go/one  onePK  SDN:  SW  Controller  OpenFlow  agents  Nexus  1000v  Enhancements  
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicNetwork Programmability Models:Cisco’s Deeper View
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicCloud technology stacksMulti-Hypervisor and Multi-Orchestration StrategyPhysical  Network  vSphere Hyper-VOpen Source(Xen, KVM)Nexus 2K-7K + ASR (Edge)UCSCompu1ng  Plamorm  Hypervisor  vSphere, Hyper-V,Xen, KVMvCloudDirector/DynamicOpsSystemCenterOpenSourceCloud  Portal  and  Orchestra1on  UCSM  Storage  Plamorm  onePK  UCSCentralCIAC/ CloupiaOpenStack/PartnersVirtual  Network  Infrastructure  NSMASA 1KVvWAAS, VSGCSR 1KVNexus 1KVNSMASA 1KVvWAAS, VSGCSR 1KVNexus 1KVNSMASA 1KVvWAAS, VSGCSR 1KVNexus 1KVNSMASA 1KVvWAAS, VSGCSR 1KVNexus 1KVvPath vPath vPath vPathSolutions: Vblock, FlexPOD, VMDC, VDI, HCS, Cross-DC MobilityONEController
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicAgenda•  Data Center Virtualization Overview•  Data Centre Virtualization•  Virtual Networking & Cloud Network Services•  Virtual Compute & IO Virtualization•  Virtualized Storage & SAN•  Software Defined Network & Orchestration•  Q&A
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicQ&A; Q&Q; A&A; etc.
    • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco PublicA Little Light Reading9191