Cisco nexus 1000v

3,466 views
3,350 views

Published on

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,466
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
328
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Cisco nexus 1000v

  1. 1. Cisco Nexus 1000V: Technical Preview Paul Fazzone Product Manager pf
  2. 2. Transparency in the Eye of the Beholder With virtualization, VMs have a transparent view of their resources…
  3. 3. Transparency in the Eye of the Beholder …but its difficult to correlate network and storage back to virtual machines
  4. 4. Transparency in the Eye of the Beholder Scaling globally depends on maintaining transparency while also providing operational consistency
  5. 5. Networking Challenges to Scaling Server Virtualization Security and Policy Operations and Organizational Enforcement Management Structure Applied at physical Lack of VM visibility, Muddled ownership server—not the accountability, and as server admin individual VM consistency must configure virtual network Impossible to enforce Inefficient policy for VMs in management model Organizational motion and inability to redundancy creates effectively compliance troubleshoot challenges
  6. 6. Why the Network is Changing… Desire for VM-level access-layer policy & monitoring Virtualization is driving higher link utilization More demanding role of network (i.e. DRS, vMotion) Current approaches lead to inconsistent network policies
  7. 7. Cisco Virtual Network Link – VN-Link Virtual Network Link (VN-Link) is about: – VM-level network granularity – Mobility of network and security properties (follow the VM) VNIC – Policy-based configuration of VM interfaces VNIC Hypervisor (Port Profiles) – Non-disruptive operational model VN-Link refers to a literal link VN-Link with Nexus 1000V VETH VETH – Replaces Hypervisor switch with Cisco modular switch (software)
  8. 8. VN-Link Brings VM Level Granularity Problems: VMotion  VMotion may move VMs across physical ports—policy must follow  Impossible to view or apply policy to locally switched traffic  Cannot correlate traffic on physical links—from multiple VMs VLAN 101 VN-Link: Extends network to the VM Consistent services Coordinated, coherent management
  9. 9. VN-Link With the Cisco Nexus 1000V Cisco Nexus 1000V Software Based Server  Industry’s first 3rd-party vNetwork VM VM VM VM #1 #2 #3 #4 Distributed switch for ESX  Built on Cisco NX-OS Nexus 1000V  Compatible with all switching platforms VMW ESX  Maintain vCenter provisioning model NIC NIC unmodified for server administration; allow network administration of Nexus Nexus 1000V 1000V via familiar Cisco NX-OS CLI LAN Policy-Based Mobility of Network Non-Disruptive VM Connectivity & Security Properties Operational Model
  10. 10. vNetwork – 3rd Party Virtual Switches  Enterprise networking vendors can provide their own implementations CURRENT of the virtual switch leveraging the vSwitch vSwitch vSwitch vNetwork switch API interfaces  Enables support for 3rd party networking capabilities, including monitoring and management of the virtual network vNetwork vNetwork Distributed Switch Third Party Switch Products vNetwork Platform vNetwork Platform
  11. 11. VI Virtual Networking - 3rd Party Virtual Switch Style Host1 Host2 Host3 Host4 W2003EE-32-A W2003EE-32-B W2003EE-32-A2 W2003EE-32-B2 W2003EE-32-A3 W2003EE-32-B3 W2003EE-32-A4 W2003EE-32-B4 Single Distributed Port Group 3rd Party Distributed vSwitch Machine Network Virtual Single Distributed vNetwork Platform Switch 3rd Party Distributed Switch Spanning Host1, Host2, Host3, Host4
  12. 12. Cisco Nexus 1000V Architecture Server 1 Server 2 Server 3 VM VM VM VM VM VM VM VM VM VM VM VM #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 VEM VMware vSwitch VEM VMware vSwitch VMware vSwitch VEM VMW ESX VMW ESX VMW ESX Virtual Supervisor Module (VSM)  Virtual or Physical appliance running Virtual Ethernet Module (VEM) Cisco OS (supports HA)  Enables advanced networking Cisco Nexus 1000V Installation:&  Performs management, monitoring, capability on the hypervisor vCenter  configuration ESX & ESXi  Provides each VM with dedicated  Tight integrationInstallation “switch Manual with VMware  VUM & port” Nexus 1000V vCenter  VEM is installed/upgraded like an  Collection of VEMs = 1 Distributed ESX patch Switch VSM
  13. 13. VSM to vCenter Communication Nexus 1000V vCenter VSM Two-way API between the VSM and vCenter Certificate (Cisco self signed or customer supplied) ensures secure communications Connection is setup on the VSM n1000v# show svs connections connection vc: ip address: 10.95.5.227 protocol: vmware-vim https datacenter name: Nexus1K-RC1 DVS uuid: 58 ae 0f 50 c4 f9 af 4d-47 df c7 a8 f5 72 f5 64 config status: Enabled operational status: Connected
  14. 14. Deploying the Cisco Nexus 1000V Collaborative Deployment Model 1. VMW vCenter & Cisco Nexus 1000V Server 1 relationship established 2. Network Admin configures Nexus 1000V Nexus 1000V—VEM to support new ESX hosts VMW ESX 3. Server Admin plugs new ESX host into network & 3. adds host to Cisco 2. switch in vCenter Nexus 1000V vCenter 1. VSM
  15. 15. Deploying the Cisco Nexus 1000V Collaborative Deployment Model 1. VMW vCenter & Cisco Nexus 1000V Server N Server 1 relationship established 2. Network Admin configures Nexus 1000V to support new ESX Nexus 1000V—VEM Nexus 1000V 1000V—VEM Nexus hosts VMW ESX VMW ESX 3. Server Admin plugs new ESX host into network & adds host to Cisco 4. switch in vCenter Nexus 1000V 4. Repeat step three to add another host and extend the switch vCenter configuration VSM
  16. 16. Cisco Nexus 1000V Architecture – Network View nexus1000v01# show module Mod Ports Module-Type Model Status --- ----- -------------------------------- ------------------ ------------ 1 1 Virtual Supervisor Module Nexus1000V active * VSM 3 48 Virtual Ethernet Module ok 4 48 Virtual Ethernet Module ok VEM Mod Sw Hw World-Wide-Name(s) (WWN) --- -------------- ------ -------------------------------------------------- 1 4.1(1a)S1(0.14 0.0 -- 3 NA 0.0 -- 4 NA 0.0 -- Mod MAC-Address(es) Serial-Num --- -------------------------------------- ---------- 1 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA 3 02-00-0c-00-07-00 to 02-00-0c-00-07-80 NA 4 02-00-0c-00-08-00 to 02-00-0c-00-08-80 NA Mod Server-IP Server-UUID Server-Name --- --------------- ------------------------------------ -------------------- ESX 1 192.168.32.31 3 192.168.32.101 48c8d12a-1e15-00db-5efe-001e0bcae426 esx01a.cisco.com Details 4 192.168.32.102 48c8da10-e70b-aa66-3089-001e0bcab2e4 esx02b.cisco.com
  17. 17. vNetwork Distributed Switch – VI Admin View
  18. 18. Cisco Nexus 1000V - Faster VM Deployment Virtualizing the Network Domain Policy-Based Mobility of Network Non-Disruptive VM Connectivity & Security Properties Operational Model Server Server VM VM VM VM VM VM VM VM #1 #2 #3 #4 #5 #6 #7 #8 Cisco Nexus 1000V Defined Policies VMW ESX VMW ESX WEB Apps HR VM Connection Policy  Defined in the network DB  Applied in vCenter Compliance  Linked to VM UUID vCenter
  19. 19. Policy Based VM Connectivity Enabling Policy 1. Nexus 1000V automatically enables port groups in vCenter Server 1 2. Server Admin uses vCenter to VM VM VM VM #1 #2 #3 #4 assign vnic policy from available port groups 3. Nexus 1000V automatically 2. Nexus 1000V - VEM enables VM connectivity at VM VMW ESX power-on 3. WEB Apps:  PVLAN 108, Isolated 1. Nexus 1000V  Security Policy = Port 80 and 443 Available Port Groups  Rate Limit = 100 Mbps WEB Apps HR  QoS Priority = Medium vCenter  Remote Port Mirror = Yes DB Compliance VSM
  20. 20. Policy Definition with NX-OS Port Profiles Port Profiles (aka Port Groups) defined in the Nexus 1000V VSM Port profiles are pushed to vCenter via API Upon connection/reconnection with vCenter the VSM re-verifies the correct port profile configuration exists within vCenter Port profile ‘state’ and ‘type’ must be set for propagation to occur – N1K-CP(config-port-prof) state enable – N1K-CP(config-port-prof) vmware port-group (optional name)
  21. 21. Port Profile – Network View n1000v-RC# show port-profile port-profile web-server-dmz-2 description: Web Server – DMZ-2 status: enabled capability uplink: no system vlans: none port-group: Web Server – DMZ-2 max-ports: 32 Port Group inherit: Name config attibutes: switchport mode access switchport acess vlan 5 ip port access-group web-secure in ACL ip flow monitor output no shutdown evaluated config attibutes: switchport mode access switchport acess vlan 5 ip port access-group web-secure in ip flow monitor output no shutdown assigned interfaces: Vethernet10 Interfaces
  22. 22. Port Groups - VI Admin View Consistent Workflow: VI admin selects Port Groups when configuring a VM in VMware Virtual Infrastructure Client
  23. 23. Policy Based VM Connectivity Virtualization Admin Benefits Accelerate & Simplify deployment of new ESX hosts – Network Admin provisions physical switch trunks & ESX host PNICs in a uniform and consistent way (takes care of both sides of physical connection) – Virtualization Admin 1) plugs in a new ESX host, 2) assigns PNICs to Cisco vNetwork Distributed Switch in vCenter, 3) ESX PNIC configuration (including vMotion & Console) automatically assigned and enabled, 4) ESX host ready for VMs Ensure proper connectivity & networking safeguards are in place – Virtualization Admin leverages existing workflow (vCenter & Port Groups) to assign VNIC policy. – Network Admin responsible for ensuring Port Groups provide proper VLAN access & DC network security policy – Cisco Nexus 1000V extends VM networking to include IP/Port security rules, multi-host PVLAN, Flow Statistics, Quality of Service.
  24. 24. Cisco Nexus 1000V Richer Network Services Virtualizing the Network Domain Policy-Based Mobility of Network Non-Disruptive VM Connectivity & Security Properties Operational Model Server VM VM VM VM VM VM VM VM VM #1 VM#2 VM #3 VM #4 #1 #2 #3 #4 #5 #6 #7 #8 Cisco Nexus 1000V VMW ESX VMW ESX VMs Need to Move  VMotion VN-Link Property Mobility  DRS  VMotion for the network  SW Upgrade/Patch  Ensures VM security  Hardware Failure  Maintains connection state vCenter
  25. 25. Mobility of Security & Network Properties Following Your VMs Around 1. vCenter kicks off a Server 1 Server 2 VMotion (manual/DRS) VM VM VM VM VM VM VM VM and notifies Nexus #1 #2 #3 #4 #5 #6 #7 #8 1000V 2. During VM replication, Nexus Nexus 1000V—VEM 1000V Nexus 1000 -—VEM Nexus 1000V copies VM VMW ESX VMW ESX port state to new host Mobile Properties Include: 2.  Port policy 1.  Interface state and counters Nexus 1000V  Flow statistics Network Persistence VMotion Notification   Current: VM1 onstate 1 VM port config, Server  Remote port mirror vCenter  New: VM1 on Server 2  VM monitoring statistics session VSM
  26. 26. Mobility of Security & Network Properties Following Your VMs Around 1. vCenter kicks off a Server 1 Server 2 VMotion VM VM VM VM VMVM VM VM VM (manual/DRS) & #1 #2 #3 #4 #1 #5 #6 #7 #8 notifies Nexus 1000V 2. During VM replication, Nexus Nexus 1000V—VEM 1000V Nexus 1000 -—VEM Nexus 1000V copies VMW ESX VMW ESX VM port state to new host 3. Once VMotion 3. completes, port on new ESX host is brought up & VM’s Nexus 1000V MAC address is Network Update  ARP for VM1 sent announced to the to network vCenter network  Flows to VM1 MAC redirected to Server 2 VSM
  27. 27. Mobility of Network & Security Properties Virtualization Admin Benefits Prevent ESX host/network config discrepancies from impacting VMotion – VMotion domains can be configured once and the vSwitch parameters across the cluster will always be consistent with the physical network Gain consistent visibility into VM-level I/O – Virtual applications can be diagnosed using the same tools and method NOCs currently use in the physical environment. 1 consistent operations model provides faster MTTR of virtual applications Secure I/O to VMs located in the DMZ – The use of IP/Port security rules (also know as Access Control Lists) can lock down traffic to/from a particular VM. For instance, a Web server in a DMZ can have traffic limited only to Port 80 to support a Web Server. This rule set is applied to the VM VNIC and moves with the VM during VMotion
  28. 28. Cisco Nexus 1000V Increase Operational Efficiency Virtualizing the Network Domain Policy-Based Mobility of Network Non-Disruptive VM Connectivity & Security Properties Operational Model Server Server VM VM VM VM VM VM VM VM #1 #2 #3 #4 #5 #6 #7 #8 Cisco Nexus 1000V Server Benefits VMW ESX Network Benefits VMW ESX  Unifies network mgmt and ops  Maintains existing VM mgmt  Reduces deployment time  Improves operational security  Improves scalability  Enhances VM network features  Reduces operational workload  Ensures policy persistence  Enables VM-level visibility  Enables VM-level visibility vCenter
  29. 29. Non-Disruptive Operational Model Virtualization Admin Benefits VM workflow doesn’t change – Virtualization administrator continues to leverage vCenter for VM creation, maintenance, monitoring ESX vSwitch configuration & management responsibility offloaded – vSwitch and Port Groups now provisioned along with the physical network infrastructure ensuring consistency, virtualization administrator subscribes VMs to available Port Groups and vSwitch is dynamically provisioned Equip Data Center operations teams to respond to applications issues – By extending the data center network operations model and troubleshooting toolkit down to the virtualization infrastructure, customers can leverage physical world tools and diagnostic procedures for their VM-based applications – 1 consistent model for the whole data center
  30. 30. Increase Operational Efficiency What stays the same? What gets better?
  31. 31. Key Features of the Cisco Nexus 1000V  L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting Switch  IGMP Snooping, QoS Marking/Classification  Policy Mobility, PVLAN, ACL (L2–4 w/ Redirect), Port Security Secure  Cisco Security Toolkit, TrustSec  Automated vSwitch Config, Port Profiles, vCenter Integration Provision  Virtual Port Channel – Host Mode  Historical vMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2 View  VM-Level Interface Statistics, Wireshark  vCenter VM Provisioning, Cisco Network Provisioning Manage  Cisco CLI, XML API, SNMP (r/w)
  32. 32. Cisco Nexus 1000V Three New Features that Make a Difference Encapsulated Remote NetFlow v.9 Private VLANs SPAN (ERSPAN) with Data Export (PVLANs)  Mirror VM interface  View flow-based stats  Great for mixed use traffic to a remote sniffer for individual VMs ESX clusters  Identify root cause for  Captures multi-tiered  Segment VMs w/o connectivity issues app traffic inside a burning IP addresses  No host-based sniffer single ESX host  Supports isolated, virtual appliance to  Export aggregate stats community and maintain to dedicated collector promiscuous trunk ports  Follows your VM with  Follows your VM with  Follows your VM with VMotion or DRS VMotion or DRS VMotion or DRS
  33. 33. Nexus 1000V Deployment Scenarios Pick Your Flavor Rack Optimized 1. Works with all servers on Servers the VMW Hardware Blade Servers Compatibility List 2. Requires next version of VMW ESX or ESXi (1H 2009) 3. Works with ANY upstream switch (Blade, Top or Rack, Modular) 4. Works at any speed (1G or 10G) Nexus 1000V 5. Nexus 1000V VSM can be deployed as a VM or a physical appliance VSM vCenter
  34. 34. Olivier Parcollet Direction des Systèmes d'information SETAO
  35. 35. SETAO Background Responsible for urban transportation for metropolitan area of Orleans 100,000 riders each day 24km MAN Metropolitan Area Network High availability is critical
  36. 36. SETAO Design Primary Data Center VMotion 19 km Backup Data Center DCI VSS SRM
  37. 37. Evaluation of Nexus 1000V beta NX-OS consistent with rest of IOS-based network – Provides visibility to each VM Great for troubleshooting – Tools to monitor and diagnose individual VM traffic – Example: Use Cisco Discovery Protocol to isolate configuration errors in physical network that cause VMotion problems Very good integration with Virtual Center – Example: Port Profiles automatically become Port Groups Conclusion: Will deploy Nexus 1000V in production – Already tested the migration in SEATO’s complex environment
  38. 38. Accelerate Server Virtualization Enable, Simplify, Scale Security and Policy Operation & Organizational Enforcement Management Structure Simplify Enable flexible Enable VM-level management and collaboration with security and policy troubleshooting with individual team VM-level visibility autonomy Scale the use of Scale with Simplify and VMotion and DRS automated server & maintain existing network VM mgmt model provisioning
  39. 39. More Information… VMWorld Europe 2009 Events – TP34 – Designing the Next Generation Data Center – Ed Bugnion – Nexus 1000V Demonstration – Cisco Booth – VMware Nexus 1000V Hands-On LAB On the Web – http://www.cisco.com/go/1000v
  40. 40. Thank you for coming. Rate your session and watch for the highest scores!

×