Best Practice for Deploying VXLAN with CIsco Nexus 1000V and VMware vCloud Director

2,828 views
2,568 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,828
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
167
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • Our customers continue to look for points of differentiation in their markets, the network continues to play a vital role in enabling businesses to adopt new technologies and applications to help them grow. The creation of an infrastructure that is scalable, intelligent, and ready to support the demands and applications of today and tomorrow, while protecting customer investments, is essential.  Organizations and Service providers are experiencing a data deluge brought on by a number of growing trends including faster residential connectivity, cloud computing, virtualization, and workload mobility. We also see an exponential increase of video traffic and rich media applications and users bringing their own devices such as tablets and smart phones into the work environment which in return increases security challenges of IT. All of these are driving significant change in information technology and Enterprises and Service Providers are now asking, “Is my network really ready to meet these new challenges?”  They understand that the impact of some of these mega trends is not going to be silo’d but have a ripple effect across their entire organization. They have to deal with this proactively, as it can adversely impact their business. So they are looking at CAPACITY PLANNING (on their ability to maximize capacity, performance, scale, bandwidth considerations), REDUCING COMPLEXITY (i.e. not just throwing bandwidth at the problem, but being focused on driving infrastructure efficiency, making deployments more simpler , and thirdly COST REDUCTION, i.e. not just look at CAPEX, which has some benefits, but looking at lowering their TCO strongly considering cost reduction with operational efficiency. So each IT will have to understand if their network is ready for these mega trends.
  • Best Practice for Deploying VXLAN with CIsco Nexus 1000V and VMware vCloud Director

    1. 1. Best Practice forDeploying VXLAN withCisco Nexus 1000V andVMware vCloud DirectorHan YangProduct Manager, Data Center Group© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
    2. 2. Virtual Appliance Nexus 1010 ASA 1000V vWAAS VSG VSM VSM NAM VSG Primary VSM NAM VSG Secondary VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module L3 Connectivity vPath: Virtual Service Data-path Virtual Service Blades Virtual Supervisor Module (VSM) VXLAN: Scalable Segmentation Network Analysis Module (NAM) VSG: Virtual Security Gateway Virtual Security Gateway (VSG) vWAAS: Virtual WAAS Data Center Network Manager (DCNM) ASA 1000V: Tenant-edge security vPath VXLAN VEM-1 VEM-2 VEM-3• Service Binding (Traffic Steering) • 16M address space for LAN vPath VXLAN vPath VXLAN vPath VXLAN segments• Fast-Path Offload VMware ESX Win Server 2012 Open Source Hyp • Network Virtualization (Mac-over- UDP) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 2
    3. 3. Tenant A Virtualized/Cloud Zone A Zone B ASA Data Center 1000V VSG Servers vWAAS WAN SwitchesRouter vPath VXLAN Nexus 1000V Physical Infrastructure Multi-Hypervisor Nexus 1000V VSG ASA 1000V vWAAS CSR 1000V (Cloud Router) • Distributed switch • VM-level controls • Edge firewall, VPN • WAN optimization • WAN L3 gateway • NX-OS consistency • Zone-based FW • Protocol Inspection • Application traffic • Routing and VPN 6000+ Customers Shipping Shipping Shipping Beta© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
    4. 4. No-Cost Version $695 per CPU MSRP Nexus 1000V Essential Edition Nexus 1000V Advanced Edition The world’s most advanced virtual switch Adds Cisco value-add features for DC and Cloud • Full Layer-2 Feature Set • All Feature of Essential Edition • Security, QoS Policies • VSG firewall bundled (previously sold • VXLAN virtual overlays separately) • Full monitoring and management • Support for Cisco TrustSec SGA policies capabilities • Platform for other Cisco DC Extensions in • vPath enabled Virtual Services the Future Freemium Pricing Model Offers Flexibility for Customers to Deploy Cisco Virtual Data Center© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
    5. 5. N1KV Release 1.X N1KV Release 2.1 N1KV – Advanced Edition: N1KV licenses bought and No Cost deployed Free Upgrade to use existing licenses Release 2.1 Advanced Existing Cisco TAC Support Contract Will Include Cisco VSG Support VSG License*: No Cost * Contact Cisco Representative for Free VSG licenses© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
    6. 6. Why VXLAN?© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
    7. 7. New Workload Exceeding Elastic Virtual VM VM Capacity Workload VM VM VM VM VM VM VM VM VM VM VM Layer 2 Mobility Across Layer 3? Layer 2 On Physical Server & Network How to Optimally Leverage Infrastructure Physical Infrastructure? Layer 3© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
    8. 8. Virtual Overlay Nework Crossing Layer 3 VM VM VM VM VM VM VM Utilize All Links in Port Channel w/ UDP Add More Pods to Scale© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
    9. 9. Overlay Physical Firewall Gateway Gateway WAN VM Router Data Center Network • Overlay: Instant provisioning • Overlay needs gateway to access Gateway physical network • Physical network to support overlay Bare Metal Servers traffic pattern© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
    10. 10. • Ethernet in IP overlay network • Tunnel between VEMs Entire L2 frame encapsulated in UDP VMs do NOT see VXLAN ID 50 bytes of overhead • IP multicast used for L2• Include 24 bit VXLAN Identifier broadcast/multicast, unknown unicast 16 M logical networks • Technology submitted to IETF for Mapped into local bridge domains standardization With VMware, Citrix, Red Hat, and Others• VXLAN can cross Layer 3 Ethernet Frame Outer Outer Inner InnerMA Optional Original Outer Outer IP Outer IP Outer VXLAN ID (24 MAC MAC MAC DA C Inner 802.1Q Ethernet CRC 802.1Q DA SA UDP bits) DA SA SA Payload VXLAN Encapsulation© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
    11. 11. • Forwarding mechanisms similar to Layer 2 bridge: Flood & Learn VEM learns VM’s Source (MAC, Host VXLAN IP) tuple• Broadcast, Multicast, and Unknown Unicast Traffic VM broadcast & unknown unicast traffic are sent as multicast VM VM VM VM• Unicast Traffic Unicast packets are encapsulated and sent directly (not via multicast) to destination host VXLAN IP (Destination VEM) VEM 1 VEM 2© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
    12. 12. Web DB DB Web VM VM VM VM Join Multicast Group Join Multicast Group 239.1.1.1 239.2.2.2 Join Multicast Group Join Multicast Group 239.2.2.2 239.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
    13. 13. Web DB DB Web VM VM VM VM• Encapsulate with Blue VXLAN ID • Encapsulate with Red VXLAN ID• Multicast to Servers Registered for 239.1.1.1 • Multicast to Servers Registered for 239.2.2.2 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
    14. 14. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 VEM 1 VEM 2 VEM 3 Multicast Multicast Multicast© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
    15. 15. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 Unicast MAC Table: VEM 2 VM Source MAC Remote Host VXLAN IP Layer 3 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
    16. 16. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 VEM 1 VEM 2 VEM 3 MAC Table: VEM 1 MAC Table: VEM 2 VM Source MAC Remote Host VM Source MAC Remote Host VXLAN IP VXLAN IP VM2:xyz 2.2.2.2 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
    17. 17. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 Unicast MAC Table: VEM 1 MAC Table: VEM 2 VM Source MAC Remote Host VM Source MAC Remote Host VXLAN IP VXLAN IP VM2:xyz 2.2.2.2 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
    18. 18. Nexus 1000V VXLANIntegration with VMwarevCloud Director© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
    19. 19. vCloud Director 1.5 or 5.1• Cisco Nexus 1000V Series 1.5 Release 4.2(1)SV1(5.2) is fully integrated into VMware vCloud Director vShield Manager 5.0.1 or vCenter 5.1• Support dynamic network provisioning Port-group backed pools VLAN-backed pools vShield Edge 5.0.1 or 5.1 Network isolation backed pools (via VXLAN) Nexus 1000V v1.5.2• vSphere 4.1, 5.0, or 5.1 vSphere 4.1, 5.0, or 5.1 Host © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
    20. 20. VMware Cloud Orchestration vCloud Director vShield Manager VMware VMware/Cisco Network Stack Cisco Network Stack Network Stack (future) Network Services Mgr (Cisco Network Mgmt) vShield Edge vShield Edge (Security) (Security) ASA 1000V (Security) vSwitch Nexus 1000V Nexus 1000V vSphere Cisco Unified Computing System© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
    21. 21. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
    22. 22. vCloud Director Network Name vSphere Port Group Name© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
    23. 23. OpenStack Nexus 1000V Quantum Plug-in REST API Physical Nexus 1000V VXLAN – VLAN (VLAN) Gateway Network ASA 1KV VSG ASA 55xx Hypervisor vWAAS Virtual Services Tenant 1 Tenant 2 Tenant 3 Virtual Workloads Physical Workloads© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
    24. 24. VXLAN 5500 VLAN 100 VLAN 200 L2 Domain A L2 Domain B L2 Domain C VXLAN VXLAN Web VXLAN Gateway VXLAN Gateway ASA VM Gateway Gateway 5500 Bare Metal DB Server Layer 3© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
    25. 25. • IP Multicast forwarding is required (based on IETF draft) More multicast groups are better Multiple segments can be mapped to a single multicast group If VXLAN transport is contained to a single VLAN, IGMP Querier must be enabled on that VLAN If VXLAN transport is traversing routers, multicast routing must be enabled.• Increased MTU needed to accommodate VXLAN encapsulation overhead Physical infrastructure must carry 50 bytes more than the VM VNIC MTU size. e.g. 1500 MTU on VNIC -> 1550 MTU on switches and routers.• Leverage 5-tuple hash distribution for uplink and interswitch LACP• If VXLAN traffic is traversing a router, proxy ARP must be enabled on first hop router• Prepare for more traffic between L2 domains© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
    26. 26. Unprecedented Infrastructure Flexibility Rack-Wide VM Mobility DC-Wide VM Mobility DC DC POD POD POD POD VLAN VLAN VLAN VLAN VXLAN© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
    27. 27. • VXLAN is virtual overlay network for Top 5 for deploying VXLAN multitenant cloud 1. IP Multicast: Required 2. MTU Size: Increase 50 bytes• Nexus 1000V is first to support VXLAN and integrated with VMware 3. 5 Tuple Hashing: Turn on vCloud Director 4. Proxy ARP: For crossing L3 boundaries 5. More traffic between L2 domains• VXLAN to VLAN Gateway provides virtual to physical connectivity For More Information• Nexus 1000V Essentials & Advanced Editions http://tinyurl.com/N1k-Resources© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
    28. 28. Thank you.

    ×