Best Practice forDeploying VXLAN withCisco Nexus 1000V andVMware vCloud DirectorHan YangProduct Manager, Data Center Group...
Virtual Appliance                                                                         Nexus 1010            ASA 1000V ...
Tenant A            Virtualized/Cloud                                                                                     ...
Why VXLAN?© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   4
New Workload Exceeding                            Elastic Virtual                                                         ...
Virtual Overlay Nework Crossing Layer 3                   VM                                      VM     VM               ...
Overlay                                                                                 Physical                          ...
• Ethernet in IP overlay network                                                                          • Tunnel between...
• Forwarding mechanisms similar to Layer       2 bridge: Flood & Learn             VEM learns VM’s Source (MAC, Host VXLAN...
Web                                                        DB   DB                                    Web                 ...
Web                                 DB   DB                                        Web                        VM          ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
Nexus 1000V VXLANIntegration with VMwarevCloud Director© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Co...
vCloud Director 1.5 or 5.1•   Cisco Nexus 1000V Series 1.5 Release 4.2(1)SV1(5.2)    is fully integrated into VMware vClou...
VMware Cloud Orchestration                                                                                  vCloud Directo...
© 2011 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   19
vCloud Director Network                                                                                             Name  ...
OpenStack                                                                      Nexus 1000V Quantum Plug-in                ...
VXLAN 5500                                                                                               VLAN 100         ...
• IP Multicast forwarding is required (based on IETF draft)           More multicast groups are better           Multiple ...
• VXLAN is virtual overlay network for                     Top 5 for deploying VXLAN      multitenant cloud               ...
Thank you.
Upcoming SlideShare
Loading in …5
×

Best Practices for Deploying VXLAN with Nexus 1000V and vCloud Director

3,608
-1

Published on

Published in: Technology
2 Comments
7 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,608
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
201
Comments
2
Likes
7
Embeds 0
No embeds

No notes for slide

Best Practices for Deploying VXLAN with Nexus 1000V and vCloud Director

  1. 1. Best Practice forDeploying VXLAN withCisco Nexus 1000V andVMware vCloud DirectorHan YangProduct Manager, Data Center Group© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. Virtual Appliance Nexus 1010 ASA 1000V vWAAS VSG VSM VSM NAM VSG Primary VSM NAM VSG Secondary VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module L3 Connectivity vPath: Virtual Service Data-path Virtual Service Blades Virtual Supervisor Module (VSM) VXLAN: Scalable Segmentation Network Analysis Module (NAM) VSG: Virtual Security Gateway Virtual Security Gateway (VSG) vWAAS: Virtual WAAS Data Center Network Manager (DCNM) ASA 1000V: Tenant-edge security vPath VXLAN VEM-1 VEM-2 VEM-3• Service Binding (Traffic Steering) • 16M address space for LAN vPath VXLAN vPath VXLAN vPath VXLAN segments• Fast-Path Offload VMware ESX Win Server 2012 Open Source Hyp • Network Virtualization (Mac-over- UDP) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 2
  3. 3. Tenant A Virtualized/Cloud Zone A Zone B ASA Data Center 1000V VSG Servers vWAAS WAN SwitchesRouter vPath VXLAN Nexus 1000V Physical Infrastructure Multi-Hypervisor Nexus 1000V VSG ASA 1000V vWAAS CSR 1000V (Cloud Router) • Distributed switch • VM-level controls • Edge firewall, VPN • WAN optimization • WAN L3 gateway • NX-OS consistency • Zone-based FW • Protocol Inspection • Application traffic • Routing and VPN© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  4. 4. Why VXLAN?© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  5. 5. New Workload Exceeding Elastic Virtual VM VM Capacity Workload VM VM VM VM VM VM VM VM VM VM VM Layer 2 Mobility Across Layer 3? Layer 2 On Physical Server & Network How to Optimally Leverage Infrastructure Physical Infrastructure? Layer 3© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. Virtual Overlay Nework Crossing Layer 3 VM VM VM VM VM VM VM Utilize All Links in Port Channel w/ UDP Add More Pods to Scale© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Overlay Physical Firewall Gateway Gateway WAN VM Router Data Center Network • Overlay: Instant provisioning • Overlay needs gateway to access Gateway physical network • Physical network to support overlay Bare Metal Servers traffic pattern© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. • Ethernet in IP overlay network • Tunnel between VEMs Entire L2 frame encapsulated in UDP VMs do NOT see VXLAN ID 50 bytes of overhead • IP multicast used for L2• Include 24 bit VXLAN Identifier broadcast/multicast, unknown unicast 16 M logical networks • Technology submitted to IETF for Mapped into local bridge domains standardization With VMware, Citrix, Red Hat, Broadcom, Arista, and• VXLAN can cross Layer 3 Others Outer Outer Inner InnerMA Optional Original Outer Outer IP Outer IP Outer VXLAN ID (24 MAC MAC MAC DA C Inner 802.1Q Ethernet CRC 802.1Q DA SA UDP bits) DA SA SA Payload VXLAN Encapsulation Original Ethernet Frame© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  9. 9. • Forwarding mechanisms similar to Layer 2 bridge: Flood & Learn VEM learns VM’s Source (MAC, Host VXLAN IP) tuple• Broadcast, Multicast, and Unknown Unicast Traffic VM broadcast & unknown unicast traffic are sent as multicast VM VM VM VM• Unicast Traffic Unicast packets are encapsulated and sent directly (not via multicast) to destination host VXLAN IP (Destination VEM) VEM 1 VEM 2© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  10. 10. Web DB DB Web VM VM VM VM Join Multicast Group Join Multicast Group 239.1.1.1 239.2.2.2 Join Multicast Group Join Multicast Group 239.2.2.2 239.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. Web DB DB Web VM VM VM VM• Encapsulate with Blue VXLAN ID • Encapsulate with Red VXLAN ID• Multicast to Servers Registered for 239.1.1.1 • Multicast to Servers Registered for 239.2.2.2 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 VEM 1 VEM 2 VEM 3 Multicast Multicast Multicast© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  13. 13. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 Unicast MAC Table: VEM 2 VM Source MAC Remote Host VXLAN IP Layer 3 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 VEM 1 VEM 2 VEM 3 MAC Table: VEM 1 MAC Table: VEM 2 VM Source MAC Remote Host VM Source MAC Remote Host VXLAN IP VXLAN IP VM2:xyz 2.2.2.2 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  15. 15. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 Unicast MAC Table: VEM 1 MAC Table: VEM 2 VM Source MAC Remote Host VM Source MAC Remote Host VXLAN IP VXLAN IP VM2:xyz 2.2.2.2 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. Nexus 1000V VXLANIntegration with VMwarevCloud Director© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. vCloud Director 1.5 or 5.1• Cisco Nexus 1000V Series 1.5 Release 4.2(1)SV1(5.2) is fully integrated into VMware vCloud Director vShield Manager 5.0.1 or vCenter 5.1• Support dynamic network provisioning Port-group backed pools VLAN-backed pools vShield Edge 5.0.1 or 5.1 Network isolation backed pools (via VXLAN) Nexus 1000V v1.5.2• vSphere 4.1, 5.0, or 5.1 vSphere 4.1, 5.0, or 5.1 Host © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  18. 18. VMware Cloud Orchestration vCloud Director vShield Manager VMware VMware/Cisco Network Stack Cisco Network Stack Network Stack (future) Network Services Mgr (Cisco Network Mgmt) vShield Edge vShield Edge (Security) (Security) ASA 1000V (Security) vSwitch Nexus 1000V Nexus 1000V vSphere Cisco Unified Computing System© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  19. 19. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  20. 20. vCloud Director Network Name vSphere Port Group Name© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  21. 21. OpenStack Nexus 1000V Quantum Plug-in REST API Physical Nexus 1000V VXLAN – VLAN (VLAN) Gateway Network ASA 1KV VSG ASA 55xx Hypervisor vWAAS Virtual Services Tenant 1 Tenant 2 Tenant 3 Virtual Workloads Physical Workloads© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  22. 22. VXLAN 5500 VLAN 100 VLAN 200 L2 Domain A L2 Domain B L2 Domain C VXLAN VXLAN Web VXLAN Gateway VXLAN Gateway ASA VM Gateway Gateway 5500 Bare Metal DB Server Layer 3© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
  23. 23. • IP Multicast forwarding is required (based on IETF draft) More multicast groups are better Multiple segments can be mapped to a single multicast group If VXLAN transport is contained to a single VLAN, IGMP Querier must be enabled on that VLAN If VXLAN transport is traversing routers, multicast routing must be enabled.• Increased MTU needed to accommodate VXLAN encapsulation overhead Physical infrastructure must carry 50 bytes more than the VM VNIC MTU size. e.g. 1500 MTU on VNIC -> 1550 MTU on switches and routers.• Leverage 5-tuple hash distribution for uplink and interswitch LACP• If VXLAN traffic is traversing a router, proxy ARP must be enabled on first hop router• Prepare for more traffic between L2 domains© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  24. 24. • VXLAN is virtual overlay network for Top 5 for deploying VXLAN multitenant cloud 1. IP Multicast: Required 2. MTU Size: Increase 50 bytes• Nexus 1000V is first to support VXLAN and integrated with VMware 3. 5 Tuple Hashing: Turn on vCloud Director 4. Proxy ARP: For crossing L3 boundaries 5. More traffic between L2 domains• VXLAN to VLAN Gateway provides virtual to physical connectivity For More Information http://tinyurl.com/N1k-Resources© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  25. 25. Thank you.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×