Cisco TechAdvantage Webinars
Closer Look into Dynamic Fabric
Automation (DFA)
Patrick Warichet
We’ll get started a few min...
•  Submit questions in Q&A panel and send to “All Panelists”
Avoid CHAT window for better access to panelists
•  For WebEx...
Speaker

Panelists

John Ng
Product Manager

jng@cisco.com

Sudhir Modali
Product Manager

nmodali@cisco.com

Patrick Wari...
Cisco Dynamic Fabric Automation applies to any customer
looking for solution to:
•  DC Networks from the very small to the...
spine
leaf
border leaf
service leaf
N1KV/OVS

Virtual Machines
Physical Machines
FEXs
3rd Party Switches
UCS FIs
Blade Swi...
DFA is a set of Functions that Simplify Optimize and Automate the Unified Fabric!
Fabric
Management

© 2013 Cisco and/or i...
© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

7
Advantages
•  Device Auto-Configuration
•  Cabling Plan Consistency Check
•  Automated Network Provisioning

XMPP
Server

...
•  DFA Centralized Point of Management

(CPoM)

DCNM 7.0 Release
DHCP-Server
TFTP
XMPP
LDAP
Message Broker
•  Virtual Appl...
Menu structure with access to CPOM
Functions, Configuration and Administration

Welcome Screen provides easy
access to
•  ...
Summary Dashboard showing all Health, Inventory,
Topology and Performance Collection Information

Health Status and
Event ...
Search for Switch and
discovered Server
(virtual and physical)

DFA Dashboard showing Leaf/Spine
Topology incl. Status and...
Search for Switch and
discovered Server
(virtual and physical)

DFA Dashboard showing Leaf/Spine
Topology incl. Status and...
•  Full CPOM integrated POAP Engine
•  DHCP Scope-Definition
Own DHCP-Daemon
•  Image & Configuration Repository
Embedded ...
Pre-Defined Configuration
Template Repository

Templates covering
Switch Name,
Management, VPC, FEX,
DFA, everything …..

...
Pre-Defined Configuration
Template Repository

Templates covering
Switch Name,
Management, VPC, FEX,
DFA, everything …..

...
Pre-Defined Configuration
Template Repository

Templates covering
Switch Name,
Management, VPC, FEX,
DFA, everything …..

...
Pre-Defined Configuration
Template Repository

Templates covering
Switch Name,
Management, VPC, FEX,
DFA, everything …..

...
Pre-Defined Configuration
Template Repository

Templates covering
Switch Name,
Management, VPC, FEX,
DFA, everything …..

...
Workflow to for POAP-Definitions
Select previous created or pre-defined Template
Complete Form – form was created thru scr...
•  Detects Cabling anomalies
Incorrect Connectivity (ErrC)
Link Not present (Unkn)
Unexpected Connections (Enp)

•  Flexib...
Consistency Check OK based on
Cable Plan/Tier Definition

2

Consistency Check FAILED based
on Cable Plan/Tier Definition
...
Individual Cable-Plan-File generated and
uploaded thru CPOM (DCNM)
nexus# dir bootflash:/// | include cableplan.xml
906
Ma...
Log Message on Cable Plan Consistency Check failure
Error detected on peer tier check
2011 May 31 02:37:40 n6k-leaf-2018 %...
Log Message on Cable Plan Consistency Check failure
Error detected on peer tier check
2011 May 31 02:37:40 n6k-leaf-2018 %...
© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

26
Advantages
•  Any workload, anywhere, anytime

Cloud Stacks
Compute & Storage
Policies

•  Open Integration: orchestration...
•  Network Administrator Configures Manually the physical Network
VLAN, SVI, Forwarding-Mode and the VLAN to Segment-ID ma...
•  Network Administrator prepares Auto-Config Profiles in CPOM & Virtual-Switch Port-Profiles/Port-Groups
Virtual Switch c...
•  Name-Space (VLAN) managed by a

DFA external entity (eg. vCenter,
Openstack etc.)
•  Port-Profile, Port-Group or Networ...
Orchestration Stack
UCS Director (Cloupia),
OpenStack, vCloud Director

Compute & Storage
Orchestration
Network & Services...
•  Orchestration Administrator defines logical Organization Network
Compute & Storage

Orchestrationthe Auto-Config Profil...
•  What are the Auto-Config trigger for the Leaf-Switch?
•  Control-Plane based – VDP Signalization
Nexus 1000v on vSphere...
© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

34
Advantages
•  Any subnet, anywhere, rapidly
•  Reduced Failure Domains
•  Extensible Scale & Resiliency

"  Network Config...
Licensing Requirements:
N6k & N7k
- LAN Base
- LAN Enterprise
- Enhanced Layer-2

N5k

- Enhanced Layer-2

N1kv

- Essenti...
•  Provides distributed default gateway on each

Leaf

vlan 123
mode fabricpath
vn-segment 30000

•  Leverages proxy-ARP

...
•  Provides distributed default gateway on each

Leaf

vlan 123
mode fabricpath
vn-segment 30000

•  Intra-Subnet forwardi...
•  No default gateway presence on N5k-Leaf

vlan 123
mode fabricpath

•  No Segment-ID support
All Nexus 5500 involved VLA...
vlan 123
mode fabricpath

N7k-S1

N7k-S2

N6k-S1

N6k-S2

As long as Nexus 5500 are present;
Gateways for Nexus 5500 serve...
vlan 421
mode fabricpath
vn-segment 30531
vlan 123
mode fabricpath

Segment-IDs can ALWAYS be used for
VLANs with no Nexus...
vlan 123
mode fabricpath
vn-segment 30000

N7k-S1

N7k-S2

N6k-S1

N6k-S2

Segment-ID based forwarding available
when last...
Proxy-Gateway

Anycast-Gateway

Non DFA Mode*

VLAN/Subnets stretched
between leaves

✓

✓

✓


Common Anycast GW IP
acros...
•  Forwarding mode is configurable at a subnet (SVI) level
•  In both cases host routes are advertised between DFA leaf no...
© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

45
Advantages

HR

Finance

Manufacturing

Sales

•  Any workload, any vFabric, rapidly
•  Scalable Secure vFabrics
•  vFabri...
Network

CPOM
Organization

…

VRF
Org:Part
VRF

Segment/
VLAN

Segment/
VLAN

VRF

Segment/
VLAN

Partition

Segment/
VLA...
Orchestrator

CPOM
Tenant

Virtual
DataCenter

Network

…

Network

…

Organization

Virtual
DataCenter

Network

…

Netwo...
FabricPath Frame Format

•  Traditionally VLAN space is expressed over 12 bits

(802.1Q tag)

•  Limits the maximum number...
•  Segment-IDs are utilized for providing isolation at

Layer-2 and Layer-3 across the DFA Fabric

VLAN 10 <-> Segment-ID ...
•  Each IP Subnet defined at the Leaf of the DFA

Fabric is associated to a Layer-2 Domain, which
is represented by a Segm...
•  Each VLAN can be mapped to a Segment-ID
A VLAN becomes significant only at the Leaf level
This increases the overall Na...
Fabric
Management

Workload
Automation

Optimized
Networking

Virtual Fabrics

Bundled functions are Modular, Flexible and...
DFA will FCS in Q1 CY’14
N5k/N6k 7.0(0)N1(1)
N7k 6.2(2)/6.2(6)
DCNM 7.0 Release
Nexus 7000 (F2/F2e) and Nexus 6000 as Full DFA-Spine
– Full Co-Existence Support!
N7k-S1

N7k-S2

N6k-S3

Nexus 5500 as L2...
Platform

Fabric
Management

Workload
Automation

Optimized
Networking

Virtualized
Fabrics

Nexus 6000

✓

✓

✓

✓

Nexus...
Licensing:
CPOM with all it’s
functionality is FREE!
Including DCNM Essential Edition
•  Thank you!
•  Please complete the post-event survey
•  Join us for upcoming webinars:
Register: www.cisco.com/go/techad...
Upcoming SlideShare
Loading in...5
×

TechAdvantage Webinar - Closer Look into Dynamic Fabric Automation (DFA)

2,922

Published on

Cisco TechAdvantage Webinar that provides for a closer look into the architecture and benefits of Cisco Dynamic Fabric Automation (DFA) which is a single, simplified data center network fabric that can natively support both virtual and physical software deployments.

Cisco DFA is the industry's first to be optimized for both Layer 2 and Layer 3 at all points, simplifying application deployment (physical and virtual) and providing consistency (quality of service [QoS], availability of network services, user experience, etc.) at all points of the network for all kinds of deployments. It focuses on simplifying, optimizing and automating the data center (DC) fabric environment by offering an architecture-based on 4 major pillars (fabric management, workload automation, optimized networking, and virtual fabrics). Each pillar provides a set functions which are modular enough to be used independently so that the adoption of new technology is eased as the DC fabric architecture evolves.

Agenda
- Introduction and benefits
- Technical deep-dive into each pillar
- Details of each pillar
- Deployment scenarios and use cases

Download the WebEx Replay: https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=EC&rID=74120492&rKey=cedb4f9825b75c78

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,922
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
95
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

TechAdvantage Webinar - Closer Look into Dynamic Fabric Automation (DFA)

  1. 1. Cisco TechAdvantage Webinars Closer Look into Dynamic Fabric Automation (DFA) Patrick Warichet We’ll get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started. © 2013 Cisco and/or its affiliates. All rights reserved. Follow us @GetYourBuildOn 1
  2. 2. •  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists •  For WebEx audio, select COMMUNICATE > Join Audio Broadcast •  For WebEx call back, click ALLOW phone button at the bottom of participants side panel •  Where can I get the presentation? Or send email to: ask_techadvantage@cisco.com •  Please complete the post-event survey •  Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage © 2013 Cisco and/or its affiliates. All rights reserved. 2
  3. 3. Speaker Panelists John Ng Product Manager jng@cisco.com Sudhir Modali Product Manager nmodali@cisco.com Patrick Warichet Technical Marketing Engineer pwariche@cisco.com © 2013 Cisco and/or its affiliates. All rights reserved. Vipul Shah Product Manager vipshah@cisco.com 3
  4. 4. Cisco Dynamic Fabric Automation applies to any customer looking for solution to: •  DC Networks from the very small to the very large •  Environments with Virtual and Non-Virtual workloads •  Looking to integrate with 3rd party Orchestration Tools •  Seeking Flexibility on Workload Placement Any Application - Anywhere •  Looking for the Stability of Small Failure Domains © 2013 Cisco and/or its affiliates. All rights reserved. 4
  5. 5. spine leaf border leaf service leaf N1KV/OVS Virtual Machines Physical Machines FEXs 3rd Party Switches UCS FIs Blade Switches Storage © 2013 Cisco and/or its affiliates. All rights reserved. N1KV/OVS   Services Firewalls Load Balancers 3rd Party Appliance WAN/Core virtual leaf N1KV/OVS Routers Switches 3rd Party Devices Note: the different leaf roles are logical and not physical. The same leaf can perform all three functions (regular, services and border leaf) 5
  6. 6. DFA is a set of Functions that Simplify Optimize and Automate the Unified Fabric! Fabric Management © 2013 Cisco and/or its affiliates. All rights reserved. Workload Automation Optimized Network Multi-Cloud Fabric 6
  7. 7. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. Advantages •  Device Auto-Configuration •  Cabling Plan Consistency Check •  Automated Network Provisioning XMPP Server •  Common point of fabric access •  Network, vFabric & Host Visibility © 2013 Cisco and/or its affiliates. All rights reserved. TFTP Services DHCP Services LDAP DCNM (CPoM) Message Broker 8
  9. 9. •  DFA Centralized Point of Management (CPoM) DCNM 7.0 Release DHCP-Server TFTP XMPP LDAP Message Broker •  Virtual Appliance for vSphere •  All Functions packaged and pre- installed in ONE single OVA! © 2013 Cisco and/or its affiliates. All rights reserved. 9
  10. 10. Menu structure with access to CPOM Functions, Configuration and Administration Welcome Screen provides easy access to •  Licensing •  POAP •  Performance Collection •  Documentation © 2013 Cisco and/or its affiliates. All rights reserved. 10
  11. 11. Summary Dashboard showing all Health, Inventory, Topology and Performance Collection Information Health Status and Event Overview Automatic Discovered Topology with Load and Health information Detailed Performance Collection for Top Access-Port, ISL/Trunk-Port & CPU © 2013 Cisco and/or its affiliates. All rights reserved. 11
  12. 12. Search for Switch and discovered Server (virtual and physical) DFA Dashboard showing Leaf/Spine Topology incl. Status and active Links Pull-down to change view to selected virtual Fabric Selected Node with all active Links and Status © 2013 Cisco and/or its affiliates. All rights reserved. Detailed Port Information available on Mouse-Over 12
  13. 13. Search for Switch and discovered Server (virtual and physical) DFA Dashboard showing Leaf/Spine Topology incl. Status and active Links Pull-down to change view to selected virtual Fabric Selected Node with all active Links and Status © 2013 Cisco and/or its affiliates. All rights reserved. Detailed Port Information available on Mouse-Over 13
  14. 14. •  Full CPOM integrated POAP Engine •  DHCP Scope-Definition Own DHCP-Daemon •  Image & Configuration Repository Embedded TFTP- & SCP-Server •  Pre-Defined as well as fully scriptable Configuration Templates •  Easy POAP Switch Definition Workflow © 2013 Cisco and/or its affiliates. All rights reserved. 14
  15. 15. Pre-Defined Configuration Template Repository Templates covering Switch Name, Management, VPC, FEX, DFA, everything ….. Template Creator supporting scripting Language and FormCreation © 2013 Cisco and/or its affiliates. All rights reserved. 15
  16. 16. Pre-Defined Configuration Template Repository Templates covering Switch Name, Management, VPC, FEX, DFA, everything ….. Template Creator supporting scripting Language and FormCreation © 2013 Cisco and/or its affiliates. All rights reserved. 16
  17. 17. Pre-Defined Configuration Template Repository Templates covering Switch Name, Management, VPC, FEX, DFA, everything ….. Template Creator supporting scripting Language and FormCreation © 2013 Cisco and/or its affiliates. All rights reserved. 17
  18. 18. Pre-Defined Configuration Template Repository Templates covering Switch Name, Management, VPC, FEX, DFA, everything ….. Template Creator supporting scripting Language and FormCreation © 2013 Cisco and/or its affiliates. All rights reserved. 18
  19. 19. Pre-Defined Configuration Template Repository Templates covering Switch Name, Management, VPC, FEX, DFA, everything ….. Template Creator supporting scripting Language and FormCreation © 2013 Cisco and/or its affiliates. All rights reserved. 19
  20. 20. Workflow to for POAP-Definitions Select previous created or pre-defined Template Complete Form – form was created thru scripting language within Template Creator (very easy and intuitive) First Step to create POAP-Definitions: Switch S/N for clear identification during POAP Process! Choose from Switch Type, Image Server, System Image, Kickstart Image and Config Server. © 2013 Cisco and/or its affiliates. All rights reserved. Form can support list values like IP Address Ranges (192.168.32.10-100) Easy to create definition for multiple Switches in one Step! 20
  21. 21. •  Detects Cabling anomalies Incorrect Connectivity (ErrC) Link Not present (Unkn) Unexpected Connections (Enp) •  Flexible supports DFA and Non-DFA platforms Cable plan can be deployed global or device-specific Enforcement on one side •  Auto Generation, Import, Export •  Granular – Per port Validation © 2013 Cisco and/or its affiliates. All rights reserved. 21
  22. 22. Consistency Check OK based on Cable Plan/Tier Definition 2 Consistency Check FAILED based on Cable Plan/Tier Definition 2 2 2 ✓ 1 1 = Spine (Tier Level 2) Spine-Tier2 © 2013 Cisco and/or its affiliates. All rights reserved. 1 1 = Leaf (Tier Level 1) Leaf-Tier1 1 1 ✗ =Spine-Tier2 Level 2) Spine (Tier 1 1 ✗ = Leaf (Tier Level 1) Leaf-Tier1 22
  23. 23. Individual Cable-Plan-File generated and uploaded thru CPOM (DCNM) nexus# dir bootflash:/// | include cableplan.xml 906 May 28 06:43:52 2011 cableplan.xml nexus# feature cable-management feature lldp ! fabric connectivity tier 2 fabric connectivity cable-plan enforce 2 Error Disable detect ON by default Error Disable recovery OFF by default 2 errdisable recovery interval 300 errdisable detect cause miscabling no errdisable recovery cause miscabling feature cable-management feature lldp ! fabric connectivity tier 1 fabric connectivity cable-plan enforce 1 1 = Spine-Tier2Level 2) Spine (Tier 1 1 = Leaf (Tier Level 1) Leaf-Tier1 Everything configured by the pre-defined Base-Leaf/Spine Templates of CPOM © 2013 Cisco and/or its affiliates. All rights reserved. 23
  24. 24. Log Message on Cable Plan Consistency Check failure Error detected on peer tier check 2011 May 31 02:37:40 n6k-leaf-2018 %$ VDC-1 %$ %CMM-2-MISCBL_TIERERR: Miscabling: Port Ethernet1/47 Error detected on peer tier check. Local: Tier 1 System n6k-leaf-2018 Chassis 002a.6a27.27d6 Port Eth1/47 Neighbor: Tier 1 System n6k-leaf-2017 Chassis 002a. 6a22.a416 Port Eth1/47 n6k-leaf-2018# show fabric connectivity neighbors ------------------------------------------------------------------------------Local System: Device Tier Config: Enabled Device Tier Level: 1 Mismatch Delay Config: Disabled Mismatch Delay Timeout: 0 Cable-Plan Enforce: Enabled 2 2 DeviceID: n6k-leaf-2018 ChassisID: 002a.6a27.27d6 ------------------------------------------------------------------------------Codes: (Ok) Normal, (ErrT) Tier error , (ErrC) Cable-Plan error, (V) VPC Peer connection, (S) Stale entry, (Unkn) Unknown, (Enp) Entry not present in Cable-Plan, (Tl) Tier level Neighbor Table: ------------------------------------------------------------------------------Local DeviceID PortID Tl Cable-Plan Status Intf Entry 1 1 =n6k-leaf-2018# show Spine (Tier Level 2) 1 interface = Leaf 1 (Tier Level 1) eth1/47 Ethernet1/47 is down (Miscabled) © 2013 Cisco and/or its affiliates. All rights reserved. Eth1/37 Eth1/38 Eth1/47 n6k-spine-2016 n6k-spine-2015 n6k-leaf-2017 Eth1/37 Eth1/38 Eth1/47 2 2 1 n6k-spine-201,Eth1/37 Ok n6k-spine-201,Eth1/38 Ok Enp ErrT,S Total entries displayed: 3 24
  25. 25. Log Message on Cable Plan Consistency Check failure Error detected on peer tier check 2011 May 31 02:37:40 n6k-leaf-2018 %$ VDC-1 %$ %CMM-2-MISCBL_TIERERR: Miscabling: Port Ethernet1/47 Error detected on peer tier check. Local: Tier 1 System n6k-leaf-2018 Chassis 002a. 6a27.27d6 Port Eth1/47 Neighbor: Tier 1 System n6k-leaf-2017 Chassis 002a.6a22.a416 Port Eth1/47 n6k-leaf-2018# show fabric connectivity neighbors -----------------------------------------------------------------------------Local System: Device Tier Config: Enabled Device Tier Level: 1 Mismatch Delay Config: Disabled Mismatch Delay Timeout: 0 2 2 Cable-Plan Enforce: Enabled DeviceID: n6k-leaf-2018 ChassisID: 002a.6a27.27d6 -----------------------------------------------------------------------------Codes: (Ok) Normal, (ErrT) Tier error , (ErrC) Cable-Plan error, (V) VPC Peer connection, (S) Stale entry, (Unkn) Unknown, (Enp) Entry not present in Cable-Plan, (Tl) Tier level Neighbor Table: -----------------------------------------------------------------------------Local DeviceID PortID Tl Cable-Plan Status 1 1 1 1 Intf Entry CPOM Shows same information: -  Failure on Node and how many -  Interface Miscabling -  Interface Status = Spine n6k-leaf-2018# show interfaceLevel 1) = Leaf (Tier eth1/47 (Tier Level 2) Ethernet1/47 is down (Miscabled) © 2013 Cisco and/or its affiliates. All rights reserved. Eth1/37 Eth1/38 Eth1/47 n6k-spine-2016 n6k-spine-2015 n6k-leaf-2017 Total entries displayed: 3 Eth1/37 Eth1/38 Eth1/47 2 2 1 n6k-spine-201,Eth1/37 Ok n6k-spine-201,Eth1/38 Ok Enp ErrT,S 25
  26. 26. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  27. 27. Advantages •  Any workload, anywhere, anytime Cloud Stacks Compute & Storage Policies •  Open Integration: orchestration •  Automated scalable provisioning Open APIs Network & Network Services Policies •  Workload aware fabric Fabric Mgmt Provisioning Services Controller Published Schemas © 2013 Cisco and/or its affiliates. All rights reserved. 27
  28. 28. •  Network Administrator Configures Manually the physical Network VLAN, SVI, Forwarding-Mode and the VLAN to Segment-ID mapping •  No Automatic trigger to enable the configuration pre-defined as per a traditional Operating Model or pulled from CPOM repository •  CPOM provides Switch bring-up and Monitoring functionality N1kv/OVS   Virtual Machines © 2013 Cisco and/or its affiliates. All rights reserved. Physical Machines DCNM (CPoM) 28 28
  29. 29. •  Network Administrator prepares Auto-Config Profiles in CPOM & Virtual-Switch Port-Profiles/Port-Groups Virtual Switch configuration is manual Non VDP-capable Devices need to belong to a Mobility-Domain (for example: all VMs belonging to a vCenter) •  On Workload start, VDP or MAC learn will trigger auto-config installation Switch (DFA Leaf) downloads pre-defined Auto-Config Profile from CPOM •  CPOM provides Switch bring-up, Leaf Auto-Configuration and Monitoring functionality Auto-Config Profiles stored in LDAP VDP as Bottom-Up signalization for Auto-Config trigger MAC learn as alternative trigger for non-VDP capable Devices Auto-config Triggers VDP DHCP/ARP-ND N1kv/OVS   Virtual Machines Data Packet Driven Programmatic Physical Machines *VDP (VSI Discovery and Configuration Protocol) is IEEE 802.1Qbg Clause 41 © 2013 Cisco and/or its affiliates. All rights reserved. DCNM (CPoM) 29 29
  30. 30. •  Name-Space (VLAN) managed by a DFA external entity (eg. vCenter, Openstack etc.) •  Port-Profile, Port-Group or Network definition is completely independent from CPOM •  Auto-Config Profiles of CPOM will use this Name-Space for serving Network Instantiation Segment-ID for Fabric Forwarding is automatically assigned based on a CPOM owned range (configurable) © 2013 Cisco and/or its affiliates. All rights reserved. 30
  31. 31. Orchestration Stack UCS Director (Cloupia), OpenStack, vCloud Director Compute & Storage Orchestration Network & Services Orchestration Auto-config Triggers VDP DHCP/ARP-ND N1kv/OVS   Virtual Machines Data Packet Driven Programmatic Physical Machines *VDP (VSI Discovery and Configuration Protocol) is IEEE 802.1Qbg Clause 41 © 2013 Cisco and/or its affiliates. All rights reserved. DCNM (CPoM) 31 31
  32. 32. •  Orchestration Administrator defines logical Organization Network Compute & Storage Orchestrationthe Auto-Config Profile “Name” to the logical Organization Network Orchestration Mapping Stack UCS Director (Cloupia), Name-Space (Segment-IDs) resources are administrated within the Orchestrator OpenStack, vCloud Director Network & Services Orchestrator (for example vCD, Openstack) directly interacts with the Virtual Switch Orchestration •  Network Administrator prepares Auto-Config Profiles in CPOM Virtual Switch are configured through Orchestrator (like in vCD) or pre-populated Port-Groups/Port-Profiles •  When new Virtual-Machine get created and Network CPOM gets polled for Auto-Config Profile Auto-config Triggers Based on MAC learn or VDP signalization Network gets instantiated VDP Dynamic VLAN gets chosen and mapped to the Segment-ID (based on Dynamic VLAN range and Segment-ID DHCP/ARP-ND Namespace, managed by Orchestrator) Data Packet Driven Auto-Config Profile gets installed (VLAN, SVI, VRF, Segment-ID) N1kv/OVS   Programmatic VLAN ID gets exchanged via VDP to the Virtual Switch (no, not VTP) Leaf receives 802.1q tagged frames and associates them to the segment-ID Virtual Machines © 2013 Cisco and/or its affiliates. All rights reserved. Physical Machines DCNM (CPoM) 32 32
  33. 33. •  What are the Auto-Config trigger for the Leaf-Switch? •  Control-Plane based – VDP Signalization Nexus 1000v on vSphere* & OVS Bare-Metal Server with VDP capable CNA (only Data VLANs) •  Packet based –MAC Learn Every Bare-Metal or virtualized Server with Mobility Domain •  CLI based – Manual Download of Auto-Config Profile to Leaf-Switch Every Bare-Metal or virtualized Server •  Static Configuration Every Bare-Metal or virtualized Server •  Note: Your Server can have Static or Dynamic IP Addressing – you choose *Other virtualized Switches tbd (Nexus 1000v on other Hypervisors) © 2013 Cisco and/or its affiliates. All rights reserved. 33
  34. 34. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
  35. 35. Advantages •  Any subnet, anywhere, rapidly •  Reduced Failure Domains •  Extensible Scale & Resiliency "  Network Config profile "  Network Services Profile n1000v# show port-profile name WebProfile port-profile WebServer-PP description: status: enabled system vlans: port-group: WebServers config attributes: switchport mode access switchport access vlan 110 no shutdown security-profile Protected-Web-Srv evaluated config attributes: switchport mode access switchport access vlan 110 no shutdown assigned interfaces: Veth10 •  Profile Controlled Configuration !  Full bisectional bandwidth (N spines) !  Any/all Leaf Distributed Default Gateways !  Any/all subnets on any leaf © 2013 Cisco and/or its affiliates. All rights reserved. 35
  36. 36. Licensing Requirements: N6k & N7k - LAN Base - LAN Enterprise - Enhanced Layer-2 N5k - Enhanced Layer-2 N1kv - Essentials Edition
  37. 37. •  Provides distributed default gateway on each Leaf vlan 123 mode fabricpath vn-segment 30000 •  Leverages proxy-ARP N7k-S1 N7k-S2 N6k-S1 N6k-S2 •  Intra- and Inter-Subnet forwarding based on Routing •  Contain floods and failure domains to the Leaf interface vlan 123 vrf member Coke fabric forwarding mode proxy-gateway ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown L3 N6k-1 N6k-2 N6k-3 N6k-4 vSwitch L2 vSwitch H1: 10.1.1.10/24 H2: 10.1.1.20/24 © 2013 Cisco and/or its affiliates. All rights reserved. N6k-6 H3: 10.1.2.10/24 37
  38. 38. •  Provides distributed default gateway on each Leaf vlan 123 mode fabricpath vn-segment 30000 •  Intra-Subnet forwarding based on FabricPath N7k-S1 Layer-2 lookup is performed at the leaf N7k-S2 N6k-S1 N6k-S2 Data-plane based conversational learning for endpoints MAC addresses •  ARP is flooded across the fabric interface vlan 123 vrf member Coke fabric forwarding mode anycast-gateway ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown L3 N6k-1 N6k-2 N6k-3 N6k-4 vSwitch L2 vSwitch H1: 10.1.1.10/24 H2: 10.1.1.20/24 © 2013 Cisco and/or its affiliates. All rights reserved. N6k-6 H3: 10.1.2.10/24 38
  39. 39. •  No default gateway presence on N5k-Leaf vlan 123 mode fabricpath •  No Segment-ID support All Nexus 5500 involved VLANs are non-Segment-ID enabled across all DFA-Leafs N7k-S1 N7k-S2 N6k-S1 N6k-S2 •  Reverts back to traditional FabricPath for forwarding •  L2 lookup is performed at the Leaf Data-Plane based conversational learning for endpoints MAC addresses L3 N5k-1 N5k-2 N5k-3 N5k-4 •  ARP is flooded across the fabric interface vlan 123 vrf member Coke fabric forwarding mode anycast-gateway ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown © 2013 Cisco and/or its affiliates. All rights reserved. vSwitch N6k-6 L2 vSwitch H1: 10.1.1.10/24 H2: 10.1.1.20/24 H3: 10.1.2.10/24 39
  40. 40. vlan 123 mode fabricpath N7k-S1 N7k-S2 N6k-S1 N6k-S2 As long as Nexus 5500 are present; Gateways for Nexus 5500 served VLANs need to have “Anycast-Gateway” Mode L3 N5k-1 N5k-2 N6k-3 vSwitch H1: 10.1.1.10/24 © 2013 Cisco and/or its affiliates. All rights reserved. N6k-4 N6k-6 L2 vSwitch interface vlan 123 vrf member Coke fabric forwarding mode anycast-gateway H3: 10.1.2.10/24 H2: 10.1.1.20/24 ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown 40
  41. 41. vlan 421 mode fabricpath vn-segment 30531 vlan 123 mode fabricpath Segment-IDs can ALWAYS be used for VLANs with no Nexus 5500 participation N7k-S1 N7k-S2 N6k-S1 N6k-S2 For VLANs with full DFA-Leaf only, all ForwardingModes can be chosen as per your preference L3 N5k-1 N6k-2 interface vlan 421 vrf member Pepsi H1: 10.1.1.10/24 fabric forwarding mode proxy-gateway ip address 40.2.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown © 2013 Cisco and/or its affiliates. All rights reserved. N6k-3 vSwitch N6k-4 N6k-6 L2 vSwitch interface vlan 123 vrf member Coke fabric forwarding mode anycast-gateway H3: 10.1.2.10/24 H2: 10.1.1.20/24 ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown 41
  42. 42. vlan 123 mode fabricpath vn-segment 30000 N7k-S1 N7k-S2 N6k-S1 N6k-S2 Segment-ID based forwarding available when last Nexus 5500 is remove L3 N6k-1 N6k-2 interface vlan 123 vrf member Coke H1: 10.1.1.10/24 fabric forwarding mode proxy-gateway ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown © 2013 Cisco and/or its affiliates. All rights reserved. N6k-3 N6k-4 vSwitch N6k-6 L2 vSwitch Proxy-Gateway could be used after last Nexus 5500 Leaf was removed 10.1.2.10/24 H3: H2: 10.1.1.20/24 42
  43. 43. Proxy-Gateway Anycast-Gateway Non DFA Mode* VLAN/Subnets stretched between leaves ✓ ✓ ✓ Common Anycast GW IP across leaves ✓ ✓ ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✓ ✓ (floods also across DFA Fabric) (local flood only) Common Anycast GW MAC across leaves Use Proxy-ARP/ND (respond to ARP/ND only if the destination is available in the RIB) (requires anchor Leaf) ARP Flooding in Layer-2 Domain ✗ Intra-Subnet forwarding Always routed (TTL decrement) Bridged Bridged Silent Host Discovery ✗ ✓ ✓ * VLANs/IP Subnets are only locally defined behind a DFA leaf (or a pair of vPC peer leaves) © 2013 Cisco and/or its affiliates. All rights reserved. 43
  44. 44. •  Forwarding mode is configurable at a subnet (SVI) level •  In both cases host routes are advertised between DFA leaf nodes •  Important: L2 non-IP packets are always bridged across the Vinci fabric, regardless of the specific forwarding mode deployed © 2013 Cisco and/or its affiliates. All rights reserved. 44
  45. 45. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
  46. 46. Advantages HR Finance Manufacturing Sales •  Any workload, any vFabric, rapidly •  Scalable Secure vFabrics •  vFabric Tenant Visibility •  Routing/Switching Segmentation © 2013 Cisco and/or its affiliates. All rights reserved. 46
  47. 47. Network CPOM Organization … VRF Org:Part VRF Segment/ VLAN Segment/ VLAN VRF Segment/ VLAN Partition Segment/ VLAN Network … Network Partition Network … Network Example Shown: Multiple Organizations and Partition per Organization possible © 2013 Cisco and/or its affiliates. All rights reserved. 47
  48. 48. Orchestrator CPOM Tenant Virtual DataCenter Network … Network … Organization Virtual DataCenter Network … Network Partition Network … Network … Partition Network … Network Closely aligned with Orchestrator hierarchies! © 2013 Cisco and/or its affiliates. All rights reserved. 48
  49. 49. FabricPath Frame Format •  Traditionally VLAN space is expressed over 12 bits (802.1Q tag) •  Limits the maximum number of segments in a datacenter to 4096 VLANs (4k) •  DFA leverages a double 802.1Q tag for a total address space of 24 bits •  Support of ~16M L2 segment (10K targeted at FCS) •  Segment-ID is hardware-based innovation offered by leaf and spine nodes part of the DFA Fabric Integrated Fabric Frame Format Segment-ID © 2013 Cisco and/or its affiliates. All rights reserved. = 802.1Q 802.1Q 49
  50. 50. •  Segment-IDs are utilized for providing isolation at Layer-2 and Layer-3 across the DFA Fabric VLAN 10 <-> Segment-ID 5000 VLAN 11 <-> Segment-ID 5001 …………………….. VLAN 20 <-> Segment-ID 5020 VLAN 20 <-> Segment-ID 5000 VLAN 41 <-> Segment-ID 5001 …………………….. VLAN 70 <-> Segment-ID 5020 Fabric •  802.1Q tagged frames received at the Leaf nodes from edge devices must be mapped to specific Segments •  The VLAN-Segment mapping can be performed on 802.1q Trunks 802.1q Trunk a Leaf device level •  VLANs become locally significant on the Leaf node and 1:1 mapped to a Segment-ID •  Segment-IDs are globally significant, VLAN IDs are VLANs VLANs locally significant Segment-IDs (Global) © 2013 Cisco and/or its affiliates. All rights reserved. 50
  51. 51. •  Each IP Subnet defined at the Leaf of the DFA Fabric is associated to a Layer-2 Domain, which is represented by a Segment-ID •  Multiple Segments can be defined for a given Tenant, Those Segments can be mapped to a Layer-3 VRF and uniquely identify that Tenant •  A dedicated Segment-ID value uniquely Red Tenant VRF_Red segment-ID 6000 identifies each VRF defined in the DFA Fabric Segment-ID 5000 10.1.1.0/24 Segment-ID 5002 12.1.1.0/24 Segment-ID 5001 11.1.1.0/24 © 2013 Cisco and/or its affiliates. All rights reserved. 51
  52. 52. •  Each VLAN can be mapped to a Segment-ID A VLAN becomes significant only at the Leaf level This increases the overall Namespace from 4k to 16M unique IDs for the Fabric •  A Virtual Fabric is basically a VRF! •  Each VRF uses a dedicated Segment-ID Like a MPLS VPN-Label © 2013 Cisco and/or its affiliates. All rights reserved. 52
  53. 53. Fabric Management Workload Automation Optimized Networking Virtual Fabrics Bundled functions are Modular, Flexible and follows your Choice of Integration and Speed of Adoption! © 2013 Cisco and/or its affiliates. All rights reserved. 53
  54. 54. DFA will FCS in Q1 CY’14 N5k/N6k 7.0(0)N1(1) N7k 6.2(2)/6.2(6) DCNM 7.0 Release
  55. 55. Nexus 7000 (F2/F2e) and Nexus 6000 as Full DFA-Spine – Full Co-Existence Support! N7k-S1 N7k-S2 N6k-S3 Nexus 5500 as L2-Only DFA-Leaf (no Segment-ID support) N6k-S4 Nexus 6000 as Full DFA-Leaf; supporting all the Functionalities L3 N5k-1 N6k-2 N2k Nexus 2000 FEX Support at every kind of DFA-Leaf (Full or L2-only) © 2013 Cisco and/or its affiliates. All rights reserved. N6k-3 N6k-4 N1kv N6k-6 L2 vSwitch Nexus 1000v enhancing Virtual Workload with VDP-Signalization 55
  56. 56. Platform Fabric Management Workload Automation Optimized Networking Virtualized Fabrics Nexus 6000 ✓ ✓ ✓ ✓ Nexus 5500 ✓ ✗ ✓(1,3) ✓(1,3) Nexus 7000 (M) ✓ ✗ ✗ ✗ Nexus 7k/7.7k (F2/F2e) ✓ ✗ ✓(2) ✓(2) Nexus 3000 ✗ ✗ ✗ ✗ Nexus 1000v ✓ ✓ ✓ ✗ 1No Segment-IDs 2Spine 3Layer-2 only © 2013 Cisco and/or its affiliates. All rights reserved. 56
  57. 57. Licensing: CPOM with all it’s functionality is FREE! Including DCNM Essential Edition
  58. 58. •  Thank you! •  Please complete the post-event survey •  Join us for upcoming webinars: Register: www.cisco.com/go/techadvantage Follow us © 2013 Cisco and/or its affiliates. All rights reserved. @GetYourBuildOn 58
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×