• Like

Enhanced vxlan in nexus 1000v

  • 607 views
Uploaded on

Enhanced vxlan in nexus 1000v presentation from VMworld 2013.

Enhanced vxlan in nexus 1000v presentation from VMworld 2013.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
607
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
59
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • A key step in delivering IT as a Service is AutomationIf I am a marketing manager and am running a campaign for a quarter that requires a new application, my request could potentially take up to 8 weeks to process before it is readyAutomation solutions, through a service portal could enable IT to make a virtual server ready in 15 minutesThis will be based on policies and governance defined by the customer The key end result with Automation is capacity on demandImagine – as marketing manager, I could launch a product or campaign a whole 2 months earlier, potentially beating my competition to market!!Source: Gartner Doc ID:G00214912: "Marketing Essentials: What You Need to Know About Today's Data Center Buyers", published: 2 August 2011
  • Our customers continue to look for points of differentiation in their markets, the network continues to play a vital role in enabling businesses to adopt new technologies and applications to help them grow. The creation of an infrastructure that is scalable, intelligent, and ready to support the demands and applications of today and tomorrow, while protecting customer investments, is essential.  Organizations and Service providers are experiencing a data deluge brought on by a number of growing trends including faster residential connectivity, cloud computing, virtualization, and workload mobility. We also see an exponential increase of video traffic and rich media applications and users bringing their own devices such as tablets and smart phones into the work environment which in return increases security challenges of IT. All of these are driving significant change in information technology and Enterprises and Service Providers are now asking, “Is my network really ready to meet these new challenges?”  They understand that the impact of some of these mega trends is not going to be silo’d but have a ripple effect across their entire organization. They have to deal with this proactively, as it can adversely impact their business. So they are looking at CAPACITY PLANNING (on their ability to maximize capacity, performance, scale, bandwidth considerations), REDUCING COMPLEXITY (i.e. not just throwing bandwidth at the problem, but being focused on driving infrastructure efficiency, making deployments more simpler , and thirdly COST REDUCTION, i.e. not just look at CAPEX, which has some benefits, but looking at lowering their TCO strongly considering cost reduction with operational efficiency. So each IT will have to understand if their network is ready for these mega trends.
  • Slide is done

Transcript

  • 1. Co-Sponsored by Intel® Enhanced VXLAN in Nexus 1000V Han Yang Senior Product Manager October, 2013 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  • 2. Architect Design Where Can We Put It? Procure Install Configure Secure Is It Ready? Manual • Faster application deployment is being demanded • Deploying applications requires acquiring and configuring physical and virtual infrastructures • Need Network Agility with best in class network service and SLA © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • 3. Consistency, Reduce Risk, Rapid Deployment Consistent Nexus Experience PHYSICAL Intra-tenant Security Inter-tenant Security CLOUD Application Acceleration Routing and Gateways Load Balancer Web-app Firewall VIRTUAL © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • 4. CLOUD NETWORK SERVICES PHYSICAL INFRASTRUCTURE Servers WAN Router Cloud Services Router 1000V Imperva SecureSphere WAF Citrix NetScaler 1000V vWAAS Network Analysis Module (vNAM) ASA 1000V Cloud Firewall Cisco Virtual Security Gateway Switches Full Portfolio of Best in Class Virtualized Network Service vPath Nexus 1000V Enhanced VXLAN Multi-Hypervisor (VMware, Microsoft, KVM* Xen*) *KVM in beta, Xen prototype Nexus 1000V • Distributed switch • NX-OS consistency VSG • VM-level controls • Zone- based FW © 2013 Cisco and/or its affiliates. All rights reserved. ASA 1000V • Edge firewall, VPN • Protocol Inspection vWAAS • WAN optimization • Application traffic CSR 1000V (Cloud Router) • WAN L3 gateway • Routing and VPN Ecosystem Services • Citrix NetScaler VPX virtual ADC • Imperva Web App. Firewall Cisco Confidential 4
  • 5. Virtual Appliance Nexus 1010/1110 vWAAS VSG VSM VSM VSG NAM VSG Primary Secondary L3 Connectivity VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module vPath: Virtual Service Data-path VXLAN: Scalable Segmentation VSG: Virtual Security Gateway vWAAS: Virtual WAAS ASA 1000V: Tenant-edge security VEM-1 vPath VXLAN VMware ESX © 2013 Cisco and/or its affiliates. All rights reserved. NAM VSM ASA 1000V Virtual Service Blades Virtual Supervisor Module (VSM) Network Analysis Module (NAM) Virtual Security Gateway (VSG) Data Center Network Manager (DCNM) VEM-2 vPath VXLAN Win Server 2012 VEM-3 vPath VXLAN Open Source Hyp Cisco Confidential 5
  • 6. Nexus 1000V Essential Edition The world’s most advanced virtual switch • Full Layer-2 Feature Set • Security, QoS Policies • VXLAN virtual overlays • Full monitoring and management capabilities • vPath enabled Virtual Services No-Cost Version © 2013 Cisco and/or its affiliates. All rights reserved. Nexus 1000V Advanced Edition Adds Cisco value-add features for DC and Cloud • All Feature of Essential Edition • VSG firewall bundled (previously sold separately) • Support for Cisco TrustSec SGA policies • Platform for other Cisco DC Extensions in the Future $695 per CPU MSRP Freemium Pricing Model Offers Flexibility for Customers to Deploy Cisco Virtual Data Center Cisco Confidential 6
  • 7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  • 8. Logical Network Spanning Across Layer 3 VM VM Utilize All Links in Port Channel with UDP © 2013 Cisco and/or its affiliates. All rights reserved. VM VM VM VM VM Add More Pods to Scale Cisco Confidential 8
  • 9. • Ethernet in IP overlay network • IP multicast used for L2 broadcast/multicast, unknown unicast Entire L2 frame encapsulated in UDP 50 bytes of overhead • Technology submitted to IETF for • Include 24 bit VXLAN Identifier standardization 16 M logical networks Mapped into local bridge domains With VMware, Citrix, Red Hat, and others UDP Port 4789 assigned to VXLAN • VXLAN can cross Layer 3 • Tunnel between VEMs VMs do NOT see VXLAN ID Outer MAC DA Outer MAC SA Outer 802.1Q Ethernet Frame Outer IP DA Outer IP SA Outer UDP VXLAN ID (24 bits) Inner MAC DA Inner MAC SA Optional Inner 802.1Q Original Ethernet Payload CRC VXLAN Encapsulation © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  • 10. Forwarding mechanisms similar to Layer 2 bridge: Flood and Learn VEM learns VM’s Source (MAC, Host VXLAN IP) tuple Broadcast, Multicast, and Unknown Unicast Traffic VM VM VM VM VM broadcast and unknown unicast traffic are sent as multicast Unicast Traffic Unicast packets are encapsulated and sent directly (not via multicast) to destination host VXLAN IP (Destination VEM) © 2013 Cisco and/or its affiliates. All rights reserved. VEM 1 VEM 2 Cisco Confidential 10
  • 11. SHIPPING Broadcast / unknown unicast VM VM VM VM VM VM VEM performs replication and encapsulation No Multicast Needed © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  • 12. SHIPPING [a.a.a] [b.b.b] VEM IP / MAC Table VM 1 [c.c.c] [d.d.d] VM 2 VM 3 VM 4 VEM IP / MAC Table Send unicast to MAC X VXLAN IP/MAC 5000 [a.a.a] [b.b.b] [c.c.c] VXLAN Malicious VM in VXLAN 5000 5000 VM (M) IP/MAC [a.a.a] [b.b.b] 10.10.10.10 20.20.20.20 [d.d.d] Data Centerfound in table. Packet MAC X not Network Dropped. [c.c.c] VSM distributes [d.d.d] VXLAN / MAC VSM IP / MAC Table Nexus® 1000V VSM VXLAN IP/MAC 5000 VSM learns VXLAN / MAC [a.a.a] [b.b.b] [c.c.c] [d.d.d] Unknown Unicast Flood Prevented © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  • 13. PREVIEW [192.1.1.1, a.a.a] VEM IP / MAC Table VXLAN 5000 VM 1 [192.1.1.1, b.b.b] [192.1.1.1, c.c.c] VM 3 ARP request for VM 192.1.1.1 2 VM 3 IP/MAC VXLAN 192.1.1.1 foundVEM ARP reply with in VXLAN 5000 VM1’s MAC a.a.a [192.1.1.1, a.a.a] [192.1.1.1, b.b.b] [192.1.1.1, c.c.c] In this mode VEM learns VXLAN / IP / MAC VEM IP / MAC Table 10.10.10.10 5000 VSM learns VXLAN / IP / MAC VSM distributes VXLAN / MAC VSM IP / MAC Table VXLAN 5000 Nexus® 1000V VSM [192.1.1.1, a.a.a] [192.1.1.1, b.b.b] [192.1.1.1, c.c.c] 20.20.20.20 Data Center Network IP/MAC IP/MAC [192.1.1.1, a.a.a] [192.1.1.1, b.b.b] [192.1.1.1, c.c.c] No ARP Broadcast © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  • 14. VXLAN Mode VXLAN (multicast mode) Enhanced VXLAN (unicast mode) Enhanced VXLAN MAC Distribution Enhanced VXLAN ARP Termination Broadcast / Multicast Multicast Encapsulation Replication plus Unicast Encap Replication plus Unicast Encap Replication plus Unicast Encap Unknown Unicast Multicast Encapsulation Replication plus Unicast Encap Drop Drop Known Unicast Unicast Encapsulation Unicast Encap Unicast Encap Unicast Encap ARP Multicast Encapsulation Replication plus Unicast Encap Replication plus Unicast Encap VEM ARP Reply Packet © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  • 15. • Shipping Nexus 1000V with Enhanced VXLAN: Simplifying and Scaling VXLAN • IP multicast is no longer required to deploy VXLAN • Cisco invented VXLAN and continues to enhance VXLAN • Cisco continues to drive VXLAN standardization at IETF, even with Enhanced VXLAN © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  • 16. Visit Cisco Booth D209 •Twitter: @ciscoDC, #vmworld •Facebook: http://www.facebook.com/CiscoDC •Youtube: http://www.youtubecisco.com/datacenter •Cisco DCC Blog: http://blogs.cisco.com/datacenter •Slideshare: http://slideshare.com/CiscoDataCenter •Community: : https://communities.cisco.com/community/technology/datacenter •Pinterest: http://pinterest.com/ciscosystems/data-center •LinkedIn: http://www.linkedin.com search “Cisco Data Center” group •Google +: http://goo.gl/irm4b •In Collaboration with Intel® •Intel, the Intel logo, Xeon and Xeon inside are trademarks of Intel Corporation in the U.S. and other countries. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  • 17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  • 18. Physical Firewall Gateway Gateway VM Data Center Network WAN Router Overlay Gateway Overlay: Instant Provisioning • Overlay needs gateway to access physical network Bare Metal Servers © 2013 Cisco and/or its affiliates. All rights reserved. • Physical network to support overlay traffic pattern Cisco Confidential 18
  • 19. Hosted on local hypervisor as virtual machine connected to Virtual Ethernet Module Managed as a module from VSM VXLAN to VLAN Gateway VXLAN to VLAN Gateway Active/Standby VXLAN Gateway Integrated with OpenStack Scale: 4 VXLAN Gateway per VSM © 2013 Cisco and/or its affiliates. All rights reserved. 2k Active VXLAN 2k Active VLAN Cisco Confidential 19
  • 20. L2 Domain A Web VM L2 Domain A VXLAN 5500 VLAN 100 VLAN 200 © 2013 Cisco and/or its affiliates. All rights reserved. L2 Domain B VXLAN VXLAN Gateway Gateway L2 Domain C Bare Metal DB Server VXLAN VXLAN Gateway Gateway ASA 5500 L2 Domain C L2 Domain B LAYER 3 Cisco Confidential 20