Best Practice forDeploying VXLAN withCisco Nexus 1000V andVMware vCloud DirectorHan YangProduct Manager, Data Center Group...
Virtual Appliance                                                                         Nexus 1010            ASA 1000V ...
Tenant A            Virtualized/Cloud                                                                                     ...
No-Cost Version                $695 per CPU MSRP                               Nexus 1000V Essential Edition              ...
N1KV Release 1.X                                                                 N1KV Release 2.1                         ...
Why VXLAN?© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   6
New Workload Exceeding                            Elastic Virtual                                                         ...
Virtual Overlay Nework Crossing Layer 3                   VM                                      VM     VM               ...
Overlay                                                                                 Physical                          ...
• Ethernet in IP overlay network                                                                          • Tunnel between...
• Forwarding mechanisms similar to Layer       2 bridge: Flood & Learn             VEM learns VM’s Source (MAC, Host VXLAN...
Web                                                        DB   DB                                    Web                 ...
Web                                 DB   DB                                        Web                        VM          ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
VM1 Communicating with VM2 in a VXLAN                                               MAC:                      VM 1        ...
Nexus 1000V VXLANIntegration with VMwarevCloud Director© 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Co...
vCloud Director 1.5 or 5.1•   Cisco Nexus 1000V Series 1.5 Release 4.2(1)SV1(5.2)    is fully integrated into VMware vClou...
VMware Cloud Orchestration                                                                                  vCloud Directo...
© 2011 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   21
vCloud Director Network                                                                                             Name  ...
OpenStack                                                                      Nexus 1000V Quantum Plug-in                ...
VXLAN 5500                                                                                               VLAN 100         ...
• IP Multicast forwarding is required (based on IETF draft)           More multicast groups are better           Multiple ...
Unprecedented Infrastructure Flexibility                                              Rack-Wide VM Mobility               ...
• VXLAN is virtual overlay network for                     Top 5 for deploying VXLAN      multitenant cloud               ...
Thank you.
Upcoming SlideShare
Loading in …5
×

Best Practice for Deploying VXLAN with CIsco Nexus 1000V and VMware vCloud Director

3,617 views

Published on

Published in: Technology

Comments are closed

  • Be the first to comment

Best Practice for Deploying VXLAN with CIsco Nexus 1000V and VMware vCloud Director

  1. 1. Best Practice forDeploying VXLAN withCisco Nexus 1000V andVMware vCloud DirectorHan YangProduct Manager, Data Center Group© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. Virtual Appliance Nexus 1010 ASA 1000V vWAAS VSG VSM VSM NAM VSG Primary VSM NAM VSG Secondary VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module L3 Connectivity vPath: Virtual Service Data-path Virtual Service Blades Virtual Supervisor Module (VSM) VXLAN: Scalable Segmentation Network Analysis Module (NAM) VSG: Virtual Security Gateway Virtual Security Gateway (VSG) vWAAS: Virtual WAAS Data Center Network Manager (DCNM) ASA 1000V: Tenant-edge security vPath VXLAN VEM-1 VEM-2 VEM-3• Service Binding (Traffic Steering) • 16M address space for LAN vPath VXLAN vPath VXLAN vPath VXLAN segments• Fast-Path Offload VMware ESX Win Server 2012 Open Source Hyp • Network Virtualization (Mac-over- UDP) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 2
  3. 3. Tenant A Virtualized/Cloud Zone A Zone B ASA Data Center 1000V VSG Servers vWAAS WAN SwitchesRouter vPath VXLAN Nexus 1000V Physical Infrastructure Multi-Hypervisor Nexus 1000V VSG ASA 1000V vWAAS CSR 1000V (Cloud Router) • Distributed switch • VM-level controls • Edge firewall, VPN • WAN optimization • WAN L3 gateway • NX-OS consistency • Zone-based FW • Protocol Inspection • Application traffic • Routing and VPN 6000+ Customers Shipping Shipping Shipping Beta© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  4. 4. No-Cost Version $695 per CPU MSRP Nexus 1000V Essential Edition Nexus 1000V Advanced Edition The world’s most advanced virtual switch Adds Cisco value-add features for DC and Cloud • Full Layer-2 Feature Set • All Feature of Essential Edition • Security, QoS Policies • VSG firewall bundled (previously sold • VXLAN virtual overlays separately) • Full monitoring and management • Support for Cisco TrustSec SGA policies capabilities • Platform for other Cisco DC Extensions in • vPath enabled Virtual Services the Future Freemium Pricing Model Offers Flexibility for Customers to Deploy Cisco Virtual Data Center© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  5. 5. N1KV Release 1.X N1KV Release 2.1 N1KV – Advanced Edition: N1KV licenses bought and No Cost deployed Free Upgrade to use existing licenses Release 2.1 Advanced Existing Cisco TAC Support Contract Will Include Cisco VSG Support VSG License*: No Cost * Contact Cisco Representative for Free VSG licenses© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. Why VXLAN?© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. New Workload Exceeding Elastic Virtual VM VM Capacity Workload VM VM VM VM VM VM VM VM VM VM VM Layer 2 Mobility Across Layer 3? Layer 2 On Physical Server & Network How to Optimally Leverage Infrastructure Physical Infrastructure? Layer 3© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. Virtual Overlay Nework Crossing Layer 3 VM VM VM VM VM VM VM Utilize All Links in Port Channel w/ UDP Add More Pods to Scale© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  9. 9. Overlay Physical Firewall Gateway Gateway WAN VM Router Data Center Network • Overlay: Instant provisioning • Overlay needs gateway to access Gateway physical network • Physical network to support overlay Bare Metal Servers traffic pattern© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  10. 10. • Ethernet in IP overlay network • Tunnel between VEMs Entire L2 frame encapsulated in UDP VMs do NOT see VXLAN ID 50 bytes of overhead • IP multicast used for L2• Include 24 bit VXLAN Identifier broadcast/multicast, unknown unicast 16 M logical networks • Technology submitted to IETF for Mapped into local bridge domains standardization With VMware, Citrix, Red Hat, and Others• VXLAN can cross Layer 3 Ethernet Frame Outer Outer Inner InnerMA Optional Original Outer Outer IP Outer IP Outer VXLAN ID (24 MAC MAC MAC DA C Inner 802.1Q Ethernet CRC 802.1Q DA SA UDP bits) DA SA SA Payload VXLAN Encapsulation© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. • Forwarding mechanisms similar to Layer 2 bridge: Flood & Learn VEM learns VM’s Source (MAC, Host VXLAN IP) tuple• Broadcast, Multicast, and Unknown Unicast Traffic VM broadcast & unknown unicast traffic are sent as multicast VM VM VM VM• Unicast Traffic Unicast packets are encapsulated and sent directly (not via multicast) to destination host VXLAN IP (Destination VEM) VEM 1 VEM 2© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. Web DB DB Web VM VM VM VM Join Multicast Group Join Multicast Group 239.1.1.1 239.2.2.2 Join Multicast Group Join Multicast Group 239.2.2.2 239.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  13. 13. Web DB DB Web VM VM VM VM• Encapsulate with Blue VXLAN ID • Encapsulate with Red VXLAN ID• Multicast to Servers Registered for 239.1.1.1 • Multicast to Servers Registered for 239.2.2.2 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 VEM 1 VEM 2 VEM 3 Multicast Multicast Multicast© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  15. 15. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 Unicast MAC Table: VEM 2 VM Source MAC Remote Host VXLAN IP Layer 3 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 VEM 1 VEM 2 VEM 3 MAC Table: VEM 1 MAC Table: VEM 2 VM Source MAC Remote Host VM Source MAC Remote Host VXLAN IP VXLAN IP VM2:xyz 2.2.2.2 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. VM1 Communicating with VM2 in a VXLAN MAC: VM 1 abc VM 2 MAC: VM 3 xyzVXLAN VXLAN VXLANVMKNIC VMKNIC VMKNIC 1.1.1.1 2.2.2.2 3.3.3.3 Unicast MAC Table: VEM 1 MAC Table: VEM 2 VM Source MAC Remote Host VM Source MAC Remote Host VXLAN IP VXLAN IP VM2:xyz 2.2.2.2 VM1:abc 1.1.1.1© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  18. 18. Nexus 1000V VXLANIntegration with VMwarevCloud Director© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  19. 19. vCloud Director 1.5 or 5.1• Cisco Nexus 1000V Series 1.5 Release 4.2(1)SV1(5.2) is fully integrated into VMware vCloud Director vShield Manager 5.0.1 or vCenter 5.1• Support dynamic network provisioning Port-group backed pools VLAN-backed pools vShield Edge 5.0.1 or 5.1 Network isolation backed pools (via VXLAN) Nexus 1000V v1.5.2• vSphere 4.1, 5.0, or 5.1 vSphere 4.1, 5.0, or 5.1 Host © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  20. 20. VMware Cloud Orchestration vCloud Director vShield Manager VMware VMware/Cisco Network Stack Cisco Network Stack Network Stack (future) Network Services Mgr (Cisco Network Mgmt) vShield Edge vShield Edge (Security) (Security) ASA 1000V (Security) vSwitch Nexus 1000V Nexus 1000V vSphere Cisco Unified Computing System© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  21. 21. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  22. 22. vCloud Director Network Name vSphere Port Group Name© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
  23. 23. OpenStack Nexus 1000V Quantum Plug-in REST API Physical Nexus 1000V VXLAN – VLAN (VLAN) Gateway Network ASA 1KV VSG ASA 55xx Hypervisor vWAAS Virtual Services Tenant 1 Tenant 2 Tenant 3 Virtual Workloads Physical Workloads© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  24. 24. VXLAN 5500 VLAN 100 VLAN 200 L2 Domain A L2 Domain B L2 Domain C VXLAN VXLAN Web VXLAN Gateway VXLAN Gateway ASA VM Gateway Gateway 5500 Bare Metal DB Server Layer 3© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  25. 25. • IP Multicast forwarding is required (based on IETF draft) More multicast groups are better Multiple segments can be mapped to a single multicast group If VXLAN transport is contained to a single VLAN, IGMP Querier must be enabled on that VLAN If VXLAN transport is traversing routers, multicast routing must be enabled.• Increased MTU needed to accommodate VXLAN encapsulation overhead Physical infrastructure must carry 50 bytes more than the VM VNIC MTU size. e.g. 1500 MTU on VNIC -> 1550 MTU on switches and routers.• Leverage 5-tuple hash distribution for uplink and interswitch LACP• If VXLAN traffic is traversing a router, proxy ARP must be enabled on first hop router• Prepare for more traffic between L2 domains© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
  26. 26. Unprecedented Infrastructure Flexibility Rack-Wide VM Mobility DC-Wide VM Mobility DC DC POD POD POD POD VLAN VLAN VLAN VLAN VXLAN© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  27. 27. • VXLAN is virtual overlay network for Top 5 for deploying VXLAN multitenant cloud 1. IP Multicast: Required 2. MTU Size: Increase 50 bytes• Nexus 1000V is first to support VXLAN and integrated with VMware 3. 5 Tuple Hashing: Turn on vCloud Director 4. Proxy ARP: For crossing L3 boundaries 5. More traffic between L2 domains• VXLAN to VLAN Gateway provides virtual to physical connectivity For More Information• Nexus 1000V Essentials & Advanced Editions http://tinyurl.com/N1k-Resources© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
  28. 28. Thank you.

×