View
4
Download
0
Category
Preview:
Citation preview
The Power When You Need It EffectThe Power When You Need It EffectVirtualization Aware Networking
Cloud Computing
Nexus 1000V Overview & Design
Cloud Computing
Maciej BocianMaciej Bocianmbocian@cisco.comArchitecture Sales Manager
Data Center and Virtualization Central Europe
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 1
Data Center and Virtualization, Central Europe
CCIE#7785
Agenda
1. vSphere vNetwork Distributed Switch2 Ci Vi t l N t k Li k T h l2. Cisco Virtual Network Link Technology
3. Cisco Nexus 1000VA hit tArchitecture
Deployment
InstallationInstallation
Difference to the vSwitch
2
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
The Story Today—Networking with VI3.5Separation of Network and
Server provisioning and management systems
Virtual Center managing & provisioning ESX hosts and vSwitches
vSwitch vSwitch vSwitch
Physical network managed and provisioning separately
Net ork isibilit ends at
Virtual Center
Network visibility ends at physical switch port
Different interfaces and toolstoolsIOS or IOS-like cli for
physical network
Network Management
3
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VC GUI and esxcfg cli for vSwitches
vSphere vNetwork Distributed Switch (VDS)Unified network virtualization management
vCenter provides abstracted, vSwitch
CU
R vSwitch vSwitch
Simplifies network
p ,resource-centric view of networking
vSwitchRR
ENT
vSwitch
Simplifies network management
Moves away from host-level network configuration (cluster level)(cluster level)Statistics and policies follow the VM simplifying debugging and
VDS
vNetwork Distributed Switch
troubleshootingBuilds foundation for networking resource pools (view the network as a
S
4
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
(view the network as a clustered resource)
vNetwork Distributed Switch & Cisco Nexus 1000V
vSwitch vSwitch vSwitch
Enterprise networking vendors can provide proprietary networking interfaces to monitor, control and manage virtual networksvSwitchC
UR
RE
vSwitch manage virtual networks
First offering: Cisco Nexus 1000V
Virtual machines retain policies, QoS as they move around theN
T QoS as they move around the datacenter
V
vNetwork Distributed Switch Cisco Nexus 1000V
VDS
5
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Agenda
1. vSphere vNetwork Distributed Switch
2 Cisco Virt al Net ork Link Technolog2. Cisco Virtual Network Link Technology3. Cisco Nexus 1000V
Architecture
Deployment
InstallationInstallation
Difference to the vSwitch
6
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VN-Link With the Cisco Nexus 1000V
Cisco Nexus 1000VCisco Nexus 1000VSoftware Based VV VV VV VV Industry’s first 3rd-party vNetwork
Distributed Switch for VMware vSphere
VVMM
VVMM
VVMM
VVMM
NexusNexus
Built on Cisco NX-OS Compatible with all switching
platformsvSphere
NexusNexus1000V1000V
Maintain vCenter provisioning model unmodified for server administration; allow network administration of virtual network via familiar Cisco NX OS CLI
Nexus 1000VNexus 1000V
network via familiar Cisco NX-OS CLI
PolicyPolicy--Based Based VM C ti itVM C ti it
PolicyPolicy--Based Based VM C ti itVM C ti it
Mobility of Network & Mobility of Network & S itS it PP titi
Mobility of Network & Mobility of Network & S itS it PP titi
NonNon--DisruptiveDisruptiveO ti l M d lO ti l M d l
NonNon--DisruptiveDisruptiveO ti l M d lO ti l M d l
7
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VM ConnectivityVM ConnectivityVM ConnectivityVM Connectivity Security Security PPropertiesropertiesSecurity Security PPropertiesroperties Operational ModelOperational ModelOperational ModelOperational Model
Agenda
1. vSphere vNetwork Distributed Switch
2 Cisco Virtual Network Link Technology2. Cisco Virtual Network Link Technology
3. Cisco Nexus 1000V
ArchitectureDeployment
Installation
Difference to the vSwitch
8
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco Nexus 1000V ComponentsCisco Nexus 1000V ComponentsCisco VSMs
Virtual Ethernet Module(VEM)R l V ’ i t l it h
vCenter Server
Virtual Supervisor Module(VSM)CLI i f i h N 1000V Replaces Vmware’s virtual switch
Enables advanced switching capability on the hypervisor
Provides each VM with dedicated “switch ports”
CLI interface into the Nexus 1000V Leverages NX-OS 4.04a Controls multiple VEMs as a single
network device
Cisco VEM Cisco VEM Cisco VEM
9
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM7 VM9 VM10 VM11 VM12
Cisco Nexus 1000V ‘Virtual Chassis’Cisco Nexus 1000V Virtual Chassispod5-vsm# show moduleMod Ports Module-Type Model Status--- ----- -------------------------------- ------------------ ------------1 0 Virtual Supervisor Module Nexus1000V active *1 0 Virtual Supervisor Module Nexus1000V active 2 0 Virtual Supervisor Module Nexus1000V ha-standby3 248 Virtual Ethernet Module NA ok
Cisco VSMs
Cisco VEM Cisco VEM
10
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8
Single Chassis ManagementUpstream-Switch#show cdp neighborCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
N1KV-Rack10 Eth 1/8 136 S Nexus 1000V Eth2/2N1KV-Rack10 Eth 2/10 136 S Nexus 1000V Eth3/2
A single switch from control plane and management plane perspective
Protocols such as CDP and SNMP t i l it h
Cisco VSMs
operate as a single switch
Cisco VEM Cisco VEM
11
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Virtual Supervisor Modules OptionsVirtual Supervisor Modules Options VSM-PA
VSM Virtual Appliance VSM - Physical Appliance 2HCY09VSM - Virtual Appliance ESX Virtual Appliance Supports 64 VEMs Installable via ISO or OVA file
y pp Cisco Branded Physical Server Hosts 4 VSM Virtual Appliance Deployed in pairs for redundancy
Cisco VEM Cisco VEM Cisco VEM
VM4 VM VM6 VM8 VM9 VM10VSM VA
12
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 VM10 VM11VSM-VA
Cisco Nexus 1000V ScalabilityCisco Nexus 1000V Scalability
A single Nexus 1000V supports: A single Nexus 1000V supports:2 Virtual Supervisor modules (HA)64 Virtual Ethernet modules512 Acti e VLANs
Nexus 1000V
512 Active VLANs2048 Ports (Eth + Veth)256 Port Channels
A single Virtual Ethernet module supports:
Cisco VEM216 Ports Veths32 Physical NICs8 Port Channels
13
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco Nexus 1000V DomainCisco Nexus 1000V Domain Each VSM is assigned a unique ‘Domain ID’
Domain ID ensures that VEMs do not respond to commands from non-pparticipating VSMs.
Each packet between VSM and VEM is tagged with the appropriate Domain ID
Domain range from 1-4095
Active VSM Other VSM
DID 15 CMD DID 25 CMD
Cisco VEM DID 15 Cisco VEM DID 15 Cisco VEM DID 15
DID 25 CMD
14
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Distributed Data PlaneDistributed Data Plane Each Virtual Ethernet Module forwards packets independent of
each other.No address learning/synchronization across VEMsNo address learning/synchronization across VEMsNo concept of Crossbar/Fabric between the VEMs
Virtual Supervisor Module is NOT in the data pathNo concept of forwarding from an ingress linecard to an egress linecard (another server)No Etherchannel across VEMs
Cisco VSMs
Cisco VEMCisco VEMCisco VEM
15
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco Nexus 1000V Switch InterfacesCisco Nexus 1000V Switch Interfaces
Ethernet Port (eth)1 per physical NIC interface1 per physical NIC interfaceSpecific to each modulevmnic0 = ethx/1Up to 32 per host
Po1
Up to 32 per host
Port Channel (po)Aggregation of Eth ports
Eth3/1 Eth3/2
Veth2Veth1
Virtual Ethernet Port (veth)
gg g pUp to 8 Port Channels per host
VM1 VM2
1 per VNIC (including SC and VMK)Notation is Veth(port number). No module number is assigned to enable consistent naming when moved
16
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
consistent naming when moved216 per host
Cisco Nexus 1000V vEth InterfaceCisco Nexus 1000V vEth Interface
Virtual Ethernet Port
vEths are assigned sequentially
VM vNICs are statically bound to a vEthAssignment persistent through rebootsAssignment persistent through reboots
May change if the vNIC is reassigned to another port profile
vEths will move between modules when a VM is moved (HA, Vmotion, etc…)
Default virtual ‘speed’ is Gigabit as negotiated with the guest OS
By default performance is un-gated (i.e 1Gb vNIC can run faster than y p g (1Gb)
2048 vEths supported system wide
17
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Loop Prevention without STPLoop Prevention without STP
Cisco VEM Cisco VEM Cisco VEM
Eth4/1 Eth4/2 XCisco VEM Cisco VEM Cisco VEM
X
VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM7 VM9 VM10 VM11 VM12
BPDU are dropped No Switching From Physical NIC to NIC
Local MAC Address Packets Dropped on
18
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Ingress (L2)
MAC LearningMAC Learning
Each VEM learns independentl andindependently and maintains a separate MAC table
VM MAC t ti ll VM MACs are statically mapped
Other vEths are learned this way (vmknics and vswifs)
Cisco VEM
Eth4/1
Cisco VEM
Eth3/1
way (vmknics and vswifs)
No aging while the interface is up
Devices external to theVM3 VM4VM1 VM2
Devices external to the VEM are learned dynamically
VEM 3 MAC Table
VM1 Veth12 StaticVM2 Veth23 StaticVM3 Eth3/1 DynamicVM4 Eth3/1 Dynamic
VEM 4 MAC Table
VM1 Eth4/1 DynamicVM2 Eth4/1 DynamicVM3 Veth8 StaticVM4 Veth7 Static
19
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VM4 Eth3/1 Dynamic VM4 Veth7 Static
Port ChannelsPort Channels
1. Standard Cisco Port ChannelsChannelsBehaves like EtherChannel
2. Link Aggregation Control Protocol (LACP) Support
3. 17 hashing algorithms available Po1 Po2
Selected either system wide or per module
Default is source MACCisco VEM
4. Automated creation using Port Profiles
VM1 VM2 VM3 VM4
20
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
What is a Port-Profile?What is a Port Profile?
1 A port profile is a container used to define a common set of1. A port-profile is a container used to define a common set of configuration commands for multiple interfaces
2. Define once and apply many times
3. Simplifies management by storing interface configuration
4. Key to collaborative management of virtual networking resources
5. Why is it not like a template or SmartPort macro? Port-profiles are ‘live’ policies
Editing an enabled profile will cause config changes to propagate toEditing an enabled profile will cause config changes to propagate to all interfaces using that profile (unlike a static one-time macro)
21
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Port Profile ConfigurationPort Profile Configuration
n1000v# show port-profile name WebProfileport-profile WebProfiledescription:status: enabledcapability uplink: no
Support Commands Include:
P t t
Support Commands Include:
P t tcapability uplink: nosystem vlans:port-group: WebProfileconfig attributes:switchport mode accessit h t l 110
Port management VLAN PVLAN Port-channel
Port management VLAN PVLAN Port-channelswitchport access vlan 110
no shutdownevaluated config attributes:switchport mode accessswitchport access vlan 110
Port-channel ACL Netflow Port Security
Port-channel ACL Netflow Port Securityp
no shutdownassigned interfaces:Veth10
y QoS
y QoS
22
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Port Profile Policy DistributionPort Profile Policy Distribution
n1000v(config)# port-profile WebServersn1000v(config-port-prof)# switchport mode accessn1000v(config-port-prof)# switchport access vlan 100n1000v(config-port-prof)# no shutg p p
Cisco VSM
PP
23
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
vCenter Server
Overriding Port Profile Configuration
1. Administrators can interact with individual switchports, overriding a port profile
Overriding Port Profile Configuration
a port profile
2. Use to isolating problems with one or two interfaces without changing the port-profile and affecting other ports
3. Manual configuration always takes precedence over a port profile configuration
1000 ( fi )# i t th t 2
4. The ‘no’ command can remove the override and restore the
n1000v(config)# int vethernet 2n1000v(config-if)# switchport access vlan 250
profile’s config by doing:
n1000v(config)# int vethernet 2n1000v(config-if)# no switchport access vlan
24
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
n1000v(config if)# no switchport access vlan
Port Profile InheritancePort Profile Inheritance Profile inheritance allows the construction of profile hierarchies
‘Parent’ profiles pass configuration to ‘child’ profiles Parent profiles pass configuration to child profiles
Only the child profiles need to be visible within VC
Updates to the parent filter to the child
Child profiles can be updated independently
n1000v(config)# port-profile Webn1000v(config-port-prof)# switchport mode accessn1000v(config-port-prof)# switchport access vlan 100n1000v(config-port-prof)# no shut
n1000v(config)# port-profile Web-Goldn1000v(config-port-prof)# inherit port-profile Web
n1000v(config)# port-profile Web-Silvern1000v(config-port-prof)# inherit port-profile Webn1000v(config port prof)# inherit port profile Web
n1000v(config-port-prof)# service-policy output Goldn1000v(config-port-prof)# vmware port-group Web-Gold
n1000v(config port prof)# inherit port profile Webn1000v(config-port-prof)# service-policy output Silvern1000v(config-port-prof)# vmware port-group Web-Silver
Effective Port Profile – Web-Gold Effective Port Profile – Web-Silver
25
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Access PortVLAN 100Gold QoS Policy
Access PortVLAN 100Silver QoS Policy
Uplink Port ProfilesUplink Port Profiles Special profiles that define physical NIC
properties
Usually configured as a trunk
Defined by adding ‘capability uplink’ to a port profile
Uplink profiles cannot be applied to vEths
Non-uplink profiles cannot be applied to NIC
Cisco VEM
NICs
Only selectable in vCenter when adding a host or additional NICs
VM1 VM2 VM3 VM4
n1000v(config)# port-profile DataUplinkn1000v(config-port-prof)# switchport mode trunkn1000v(config-port-prof)# switchport trunk allowed vlan 10-15n1000v(config-port-prof)# system vlan 51, 52n1000v(config-port-prof)# channel-group mode auto sub-group cdpn1000v(config port prof)# capability uplink
26
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VM1 VM2 VM3 VM4n1000v(config-port-prof)# capability uplinkn1000v(config-port-prof)# no shut
Cisco Nexus 1000V Architecture
NexusNexus NexusNexusNexus
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
vSphere
NexusNexus1000V1000VVEMVEM
vSphere vSphere
Nexus1000V VEM
NexusNexus1000V1000VVEMVEM
Nexus 1000V VSM
Virtual Supervisor Module (VSM)Virtual Supervisor Module (VSM) Virtual or Physical appliance running Virtual or Physical appliance running
Cisco NXOS (supports HA)Cisco NXOS (supports HA) Performs management, monitoring, & Performs management, monitoring, &
fi tifi ti
Virtual Supervisor Module (VSM)Virtual Supervisor Module (VSM) Virtual or Physical appliance running Virtual or Physical appliance running
Cisco NXOS (supports HA)Cisco NXOS (supports HA) Performs management, monitoring, & Performs management, monitoring, &
fi tifi ti
Virtual Ethernet Module (VEM)Virtual Ethernet Module (VEM) Enables advanced networking Enables advanced networking
capability on the hypervisorcapability on the hypervisor
Virtual Ethernet Module (VEM)Virtual Ethernet Module (VEM) Enables advanced networking Enables advanced networking
capability on the hypervisorcapability on the hypervisorCisco Nexus 1000V InstallationCisco Nexus 1000V InstallationCisco Nexus 1000V InstallationCisco Nexus 1000V Installation
vCentervCenter
configurationconfiguration Tight integration with VMware vCenterTight integration with VMware vCenter
configurationconfiguration Tight integration with VMware vCenterTight integration with VMware vCenter
capability on the hypervisorcapability on the hypervisor Provides each VM with dedicated Provides each VM with dedicated
“switch port”“switch port” Collection of VEMs = 1 vNetwork Collection of VEMs = 1 vNetwork
Distributed SwitchDistributed Switch
capability on the hypervisorcapability on the hypervisor Provides each VM with dedicated Provides each VM with dedicated
“switch port”“switch port” Collection of VEMs = 1 vNetwork Collection of VEMs = 1 vNetwork
Distributed SwitchDistributed Switch
Cisco Nexus 1000V InstallationCisco Nexus 1000V Installation ESX & ESXiESX & ESXi VUM & Manual InstallationVUM & Manual Installation VEM is installed/upgraded like an ESX VEM is installed/upgraded like an ESX
patchpatch
Cisco Nexus 1000V InstallationCisco Nexus 1000V Installation ESX & ESXiESX & ESXi VUM & Manual InstallationVUM & Manual Installation VEM is installed/upgraded like an ESX VEM is installed/upgraded like an ESX
patchpatch
27
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
pppp
Scaling Server Virtualization with Nexus 1000V
1. Offload VM networking to network teamAbstracts network configuration from virtualization
tteamNetwork administrator to provide consistent
network configuration to VM
2 Optimi e band idth to ser er / greater2. Optimize bandwidth to server w/ greater availabilityDual connectivity to non-clustered switchesQuality of Service for VMotion Service Console
Po2SG0 SG1
Po1SG0 SG1
Quality of Service for VMotion, Service Console, and VM traffic
3. Enable virtual machines to be basic building blocks of data center
Cisco VEMC P
Consistent network operational model for physical and virtual infrastructure
Easier regulatory compliance VM Data
VMKSC
28
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco Nexus 1000V – Faster VM Deployment
PolicyPolicy--Based Based PolicyPolicy--Based Based Mobility of Network & Mobility of Network & Mobility of Network & Mobility of Network & NonNon--DisruptiveDisruptiveNonNon--DisruptiveDisruptive
Cisco VNCisco VN--Link: Virtual Network LinkLink: Virtual Network LinkCisco VNCisco VN--Link: Virtual Network LinkLink: Virtual Network Link
Defined PoliciesDefined PoliciesDefined PoliciesDefined Policies
VM ConnectivityVM ConnectivityVM ConnectivityVM Connectivity Security PropertiesSecurity PropertiesSecurity PropertiesSecurity Properties Operational ModelOperational ModelOperational ModelOperational ModelVVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
S h
NexusNexus1000V1000VVEMVEM
S h
NexusNexus1000V1000VVEMVEM
Defined PoliciesDefined PoliciesWEB AppsWEB AppsHRHRDBDB
Defined PoliciesDefined PoliciesWEB AppsWEB AppsHRHRDBDB vSphere vSphereDMZDMZDMZDMZ
VM Connection PolicyVM Connection PolicyVM Connection PolicyVM Connection Policy
Nexus 1000V VSMC tC t
yy•• Defined in the networkDefined in the network•• Applied in Virtual CenterApplied in Virtual Center•• Linked to VM UUIDLinked to VM UUID
yy•• Defined in the networkDefined in the network•• Applied in Virtual CenterApplied in Virtual Center•• Linked to VM UUIDLinked to VM UUID
29
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Nexus 1000V VSMvCentervCenter
Cisco Nexus 1000V – Richer Network Services
PolicyPolicy--Based Based PolicyPolicy--Based Based Mobility of Network & Mobility of Network & Mobility of Network & Mobility of Network & NonNon--DisruptiveDisruptiveNonNon--DisruptiveDisruptive
Cisco VNCisco VN--Link: Virtual Network LinkLink: Virtual Network LinkCisco VNCisco VN--Link: Virtual Network LinkLink: Virtual Network Link
VMs Need to MoveVMs Need to MoveVMs Need to MoveVMs Need to Move
VM ConnectivityVM ConnectivityVM ConnectivityVM Connectivity Security PropertiesSecurity PropertiesSecurity PropertiesSecurity Properties Operational ModelOperational ModelOperational ModelOperational ModelVVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
S h
NexusNexus1000V1000VVEMVEM
S h
NexusNexus1000V1000VVEMVEM
VMs Need to MoveVMs Need to Move•• VMotionVMotion•• DRSDRS•• SW Upgrade/PatchSW Upgrade/Patch
H d F ilH d F il
VMs Need to MoveVMs Need to Move•• VMotionVMotion•• DRSDRS•• SW Upgrade/PatchSW Upgrade/Patch
H d F ilH d F il vSphere vSphere
VNVN--Link Property MobilityLink Property MobilityVNVN--Link Property MobilityLink Property Mobility
•• Hardware FailureHardware Failure•• Hardware FailureHardware Failure
Nexus 1000V VSM
p y yp y y•• VMotion for the networkVMotion for the network•• Ensures VM securityEnsures VM security•• Maintains connection stateMaintains connection state
p y yp y y•• VMotion for the networkVMotion for the network•• Ensures VM securityEnsures VM security•• Maintains connection stateMaintains connection state
C tC t
30
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Nexus 1000V VSMvCentervCenter
Cisco Nexus 1000V - Increased Operational Efficiency
PolicyPolicy--Based Based PolicyPolicy--Based Based Mobility of Network & Mobility of Network & Mobility of Network & Mobility of Network & NonNon--DisruptiveDisruptiveNonNon--DisruptiveDisruptive
Cisco VNCisco VN--Link: Virtual Network LinkLink: Virtual Network LinkCisco VNCisco VN--Link: Virtual Network LinkLink: Virtual Network Link
VI Ad i B fitVI Ad i B fitVI Ad i B fitVI Ad i B fit
VM ConnectivityVM ConnectivityVM ConnectivityVM Connectivity Security PropertiesSecurity PropertiesSecurity PropertiesSecurity Properties Operational ModelOperational ModelOperational ModelOperational ModelVVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
S h
NexusNexus1000V1000VVEMVEM
S h
NexusNexus1000V1000VVEMVEM
VI Admin BenefitsVI Admin Benefits•• Maintains existing VM mgmtMaintains existing VM mgmt•• Reduces deployment timeReduces deployment time•• Improves scalabilityImproves scalability•• Reduces operational workloadReduces operational workload
VI Admin BenefitsVI Admin Benefits•• Maintains existing VM mgmtMaintains existing VM mgmt•• Reduces deployment timeReduces deployment time•• Improves scalabilityImproves scalability•• Reduces operational workloadReduces operational workload
vSphere vSphere
Network Admin BenefitsNetwork Admin Benefits•• Unifies network mgmt and opsUnifies network mgmt and opsNetwork Admin BenefitsNetwork Admin Benefits•• Unifies network mgmt and opsUnifies network mgmt and ops
•• Enables VMEnables VM--level visibilitylevel visibility•• Enables VMEnables VM--level visibilitylevel visibility
Nexus 1000V VSMC tC t
Unifies network mgmt and opsUnifies network mgmt and ops•• Improves operational securityImproves operational security•• Enhances VM network Enhances VM network
featuresfeatures•• Ensures policy persistenceEnsures policy persistence•• Enables VMEnables VM--level visibilitylevel visibility
Unifies network mgmt and opsUnifies network mgmt and ops•• Improves operational securityImproves operational security•• Enhances VM network Enhances VM network
featuresfeatures•• Ensures policy persistenceEnsures policy persistence•• Enables VMEnables VM--level visibilitylevel visibility
31
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Nexus 1000V VSMvCentervCenterEnables VMEnables VM level visibilitylevel visibilityEnables VMEnables VM level visibilitylevel visibility
Agenda
1. vSphere vNetwork Distributed Switch
2 Cisco Virtual Network Link Technology2. Cisco Virtual Network Link Technology
3. Cisco Nexus 1000VArchitectureArchitecture
DeploymentInstallation
Difference to the vSwitch
32
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Key Features of the Nexus 1000V
Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)
IGMP Snooping, QoS Marking (COS & DSCP)
Security Policy Mobility, Private VLANs w/ local PVLAN Enforcement
Access Control Lists (L2–4 w/ Redirect), Port Security
Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration
Optimized NIC Teaming with Virtual Port Channel – Host Mode
Visibility VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2
VM-Level Interface Statisticsy
Management Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks
Cisco CLI Radius TACACs Syslog SNMP (v 1 2 3)
33
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Management Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)
Deploying the Cisco Nexus 1000VCollaborative Deployment ModelCollaborative Deployment Model
NexusNexus1000V1000VVEMVEM
1. VMW vCenter & Cisco Nexus 1000V relationship established
3. vSphere
2. 2. Network Admin
configures Nexus 1000V to support new ESX hosts
3. Server Admin plugs new ESX host into network & adds host to Cisco switch in
Nexus 1000V VSMvCentervCenter
1.
Cisco switch in vCenter
34
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Deploying the Cisco Nexus 1000VCollaborative Deployment ModelCollaborative Deployment Model
1 VMW vCenter & Cisco1. VMW vCenter & Cisco Nexus 1000V relationship established
2. Network Admin fi N
NexusNexus1000V1000VVEMVEM
NexusNexus1000V1000VVEMVEMconfigures Nexus
1000V to support new ESX hosts
3. Server Admin plugs new
vSphere
VEMVEM
vSphere
VEMVEM
ESX host into network & adds host to Cisco switch in vCenter
4 Repeat step three to add4. Repeat step three to add another host and extend the switch configuration Nexus 1000V VSMvCentervCenter
4.
35
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Policy Based VM ConnectivityEnabling PolicyEnabling Policy
1. Nexus 1000V automatically enables port groups in
VVMM
VVMM
VVMM
VVMMenables port groups in
VMware vCenter
2. Server Admin uses vCenter to assign vnic policy from
NexusNexus1000V1000VVEMVEM
3. MM MM MM MM
available port groups
3. Nexus 1000V automatically enables VM connectivity at VM power-on
vSphere
VEMVEM
1. 2.
po e o
Defined PoliciesDefined PoliciesWEB AWEB ADefined PoliciesDefined PoliciesWEB AWEB A
WEB Apps:WEB Apps:PVLAN 108, IsolatedPVLAN 108, Isolated
WEB Apps:WEB Apps:PVLAN 108, IsolatedPVLAN 108, Isolated
Nexus 1000V VSMvCentervCenter
WEB AppsWEB AppsHRHRDBDBDMZDMZ
WEB AppsWEB AppsHRHRDBDBDMZDMZ
,,Security Policy = Port 80 and 443 Security Policy = Port 80 and 443 Rate Limit = 100 MbpsRate Limit = 100 MbpsQoS Priority = MediumQoS Priority = MediumRemote Port Mirror = YesRemote Port Mirror = Yes
,,Security Policy = Port 80 and 443 Security Policy = Port 80 and 443 Rate Limit = 100 MbpsRate Limit = 100 MbpsQoS Priority = MediumQoS Priority = MediumRemote Port Mirror = YesRemote Port Mirror = Yes
36
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Policy Based VM Connectivity
What can a policy do? What can a policy do? VVMM
VVMM
VVMM
VVMM
vSphere
NexusNexus1000V1000VVEMVEM
Policy definition supports:Policy definition supports:•• VLAN, PVLAN settingsVLAN, PVLAN settings•• ACL Port Security ACLACL Port Security ACL vSphere•• ACL, Port Security, ACL ACL, Port Security, ACL
RedirectRedirect•• Cisco Trust Sec (SGT)Cisco Trust Sec (SGT)•• NetFlowNetFlow CollectionCollection•• NetFlowNetFlow CollectionCollection•• Rate LimitingRate Limiting•• QoSQoS Marking (COS/DSCP) Marking (COS/DSCP)
R t P t MiR t P t Mi
Nexus 1000V VSMvCentervCenter
•• Remote Port Mirror Remote Port Mirror (ERSPAN)(ERSPAN)
37
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Mobility of Security & Network PropertiesMobility of Security & Network PropertiesFollowing your Following your VMsVMs aroundaround1 vCenter kicks off a
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM1. vCenter kicks off a
Vmotion (manual/DRS) and notifies Nexus 1000V NexusNexus
1000V1000VVEMVEM
NexusNexus1000V1000VVEMVEM
MM MM MM MM MM MM MM MM
2. During VM replication, Nexus 1000V copies VM port state to new host
vSphere
VEMVEM
vSphere
VEMVEM
1 2
Mobile PropertiesMobile PropertiesMobile PropertiesMobile Properties
1. 2.
Nexus 1000V VSMvCentervCenter
Mobile Properties Mobile Properties Include:Include:
Port policyPort policyInterface state and countersInterface state and counters
Mobile Properties Mobile Properties Include:Include:
Port policyPort policyInterface state and countersInterface state and counters VMotion Notification
Current: VM1 on Server 1Network Persistence VM port config, state
38
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Flow statisticsFlow statisticsRemote port mirror sessionRemote port mirror sessionFlow statisticsFlow statisticsRemote port mirror sessionRemote port mirror session
New: VM1 on Server 2p g,
VM monitoring statistics
Mobility of Security & Network Propertiesy y pFollowing your Following your VMsVMs aroundaround
1. vCenter kicks off a VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMM
VVMMVmotion (manual/DRS)
and notifies Nexus 1000V
2 During VM replicationNexusNexus1000V1000VVEMVEM
NexusNexus1000V1000VVEMVEM
MM MM MM MM MM MM MMMM
2. During VM replication, Nexus 1000V copies VM port state to new host
vSphere
VEMVEM
vSphere
VEMVEM
33. Once VMotion completes, port on new ESX host is brought up & VM’s MAC address
3.
is announced to the network Nexus 1000V VSMvCentervCenter
Network Update ARP for VM1 sent
to network Flows to VM1 MAC
39
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
redirected to Server 2
Increase Operational EfficiencyWhat stays the same? What gets better?What stays the same? What gets better?
Task Virtualization or Server Admin
Network Admin
What stays the same? What gets better?What stays the same? What gets better?
vSwitch Config Automated Same as physical networkPort Group Config Automated Policy BasedPort Group Unchanged -Assignment (Virtual Center based)Add new ESX host Automated
(assign NIC & go)Unchanged
NIC Teaming Config Automated EtherChannel OptimizedNIC Teaming Config Automated EtherChannel OptimizedVM Creation Unchanged Policy BasedSecurity Policy Based ACL, PVLAN, IP Redirect,
Port Security TrustSecPort Security, TrustSecVisibility VM Specific VM SpecificManagement Tools Unchanged
(Virtual Center)Cisco CLI, XMP API,
SNMP, DCNM
40
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
( ) ,
Cisco Nexus 1000V – VM SecurityVVMM
VVMM
VVMM
VVMM
II PP CC
VVMM
VVMM
VVMM
VVMM
CC II
VVMM
VVMM
VVMM
VVMM
vSphere vSphere vSphere
II PP CC CC II
Cisco Cisco TrustSecTrustSec
P i t VLANP i t VLAN
Security FeaturesSecurity Features•• Access Control ListAccess Control List•• Port SecurityPort Security
•• Admission control: 802.1XAdmission control: 802.1X•• HopHop--byby--hop crypto: 802.1AEhop crypto: 802.1AE•• Security Group TagSecurity Group Tag
SGACL Destination GroupPrivate VLANPrivate VLAN•• Promiscuous portPromiscuous port•• Isolated portIsolated port•• Community portCommunity port
yy•• DHCP SnoopingDHCP Snooping•• IP Source GuardIP Source Guard•• Dynamic ARP InspectionDynamic ARP Inspection
Matrix
Sour
ce
Gro
up - ++
41
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
S G + -
Nexus 1000V Deployment ScenariosNexus 1000V Deployment ScenariosPick your flavorPick your flavor
Rack Optimized1. All types of servers
2. 1G & 10G NICs
3 Any type of physical switch
Blade Serversp
Servers
3. Any type of physical switch (Cisco & other vendors)
4. Requires External Management ApplianceManagement Appliance (VSM) which can be a virtual or physical appliance
5. Requires VMware vSphere q p4.0 Enterprise Plus License
6. Network stats, interface state, flow stats maintained Nexus 1000V VSMvCentervCenter
42
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
in VEM, exposed through VSM
Nexus 1000V VSMvCentervCenter
Agenda
1. vSphere vNetwork Distributed Switch
2 Cisco Virtual Network Link Technology2. Cisco Virtual Network Link Technology
3. Cisco Nexus 1000VArchitectureArchitecture
Deployment
InstallationInstallationDifference to the vSwitch
43
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco Nexus 1000V Installation OverviewCisco Nexus 1000V Installation Overview
1 Installing the Cisco Nexus 1000V is a five step process involving1. Installing the Cisco Nexus 1000V is a five step process involving the server and network administrators
1) Install the primary and secondary VSMs2) D fi li k d VM t fil2) Define uplink and VM port profiles3) Connect the primary VSM and VC4) Install the VEM (manually or using VUM)5) Adding the ESX host to the Nexus 1000V
2. Repeat steps 4 and 5 for each additional ESX host
44
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Creating the VSM VM using ISOCreating the VSM VM using ISO
1 Create VM1. Create VMType: Other 64 bit Linux
1 Processor
2 GB RAM2 GB RAM
3 vNICs (e1000 Driver)
Minimum 3GB SCSI Hard Disk with LSI Logic adapter (default)adapter (default)
2. Reserve 2GB RAM for the VM
3. Configure VM network adaptersadapters
4. Attach ISO to VM and power on
45
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Creating the VSM VM using OVACreating the VSM VM using OVA
1 From VC File menu select “Deploy OVF Template ”1. From VC File menu, select Deploy OVF Template…OVA deployment automated the VSM VM configuration Configuration is limited to mapping portgroups to proper networks
2. CPU and RAM still need to be reserved for the VM
46
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VSM Dedicated ResourcesVSM Dedicated Resources
1 Each VSM requires dedicated1. Each VSM requires dedicated resources (not shared)
2. Set the RAM reservation to 2GB3. Set CPU reservation to 1Ghz
47
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VSM Setup WizardVSM Setup Wizard
1 Automatically runs when the VSM VM is started for the first time1. Automatically runs when the VSM VM is started for the first time
2. Minimum configuration suggested:Switch name
Out-of-band management configuration
Default gateway
Telnet/SSH service
Domain parameters (domain ID, control/packet VLAN)
3 Secondary VSM will reboot and gather configuration from the3. Secondary VSM will reboot and gather configuration from the Primary VSM
48
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Registering Nexus 1000V Plug-inRegistering Nexus 1000V Plug in1. Plug-in enables VC to communicate with the VSM and contains the security certificate2 Download http://<VSM-IP>/cisco nexus1000V extension xml2. Download http://<VSM IP>/cisco_nexus1000V_extension.xml3. In VC client, go to Plug-ins menu and select “Manage plug-ins…”
4. Right-click under “Available Plug-ins” and select “New Plug-in”
49
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Connecting the VSM to the VCConnecting the VSM to the VC
1. Nexus 1000V Plug-in must be registered first!1. Nexus 1000V Plug in must be registered first!2. Configure the connection on the VSM
n1000V(config)# svs connection vc1000V( fi )# t l in1000V(config-svs-conn)# protocol vmware-vimn1000V(config-svs-conn)# remote ip address 172.28.15.111n1000V(config-svs-conn)# vmware dvs datacenter-name WestDCn1000V(config-svs-conn)# connect
The connection name (‘vc’ in the example) is arbitraryProtocol specifies the type of server to connect to (only VMware is supported)Remote IP address is the VC IP addressDatacenter name is the name of the datacenter that will contain the Nexus 1000VDatacenter name is the name of the datacenter that will contain the Nexus 1000V
Datacenter must be present on VC before connectingConnect command initiates the connection with the VC and creates the Nexus 1000V
in VC
50
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Connecting the VSM to the VC (cont.)Connecting the VSM to the VC (cont.)
1 Resulting output on VC after issuing connect command1. Resulting output on VC after issuing connect command
51
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Adding an Uplink Port ProfileAdding an Uplink Port Profile1. In order to insert a module into the VSM (i.e. add a host to the vDS
on VC), you must configure an uplink port-profile for a host to use
n1000V(config)# port-profile SystemUplinksn1000V(config-port-prof)# capability uplinkn1000V(config-port-prof)# switchport mode trunkn1000V(config-port-prof)# switchport trunk allowed vlan 51-52n1000V(config-port-prof)# system vlan 51, 52n1000V(config-port-prof)# vmware port-group SystemUplinksn1000V(config-port-prof)# no shutdownn1000V(config port prof)# state enabledn1000V(config-port-prof)# state enabled
2. The third parameter of the “vmware port-group” command is optionalU d t if th th t i di l d i th VCUsed to specify the name that is displayed in the VCIf left blank, the port-profile name will be used
52
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Adding an Uplink Port Profile (cont.)Adding an Uplink Port Profile (cont.)1. Resulting output on VC after issuing port-profile command
53
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Manual VEM InstallationManual VEM Installation
1 The host VEM VIB file must be installed before performing the “Add1. The host VEM .VIB file must be installed before performing the Add Host” operation on VC
2. Steps to install VEM bits on hostC th VEM k t th ESX h t i (SCP th h VC)Copy the VEM package onto the ESX host using (SCP or through VC)SSH into the host and run esxupdate
# esxupdate -b ./cross_cisco-vem-v100-4.0.4.1.0.42-0.4.2-release.vib --nosigcheck update
cross cisco-vem-v100-4 0 4 1 ######################################## [100%]cross_cisco vem v100 4.0.4.1.. ######################################## [100%]
Unpacking cross_cisco-vem-v1.. ######################################## [100%]
Installing cisco-vem-v100-esx ######################################## [100%]
Running [/usr/sbin/vmkmod-install.sh]...
okok.
#
After esxupdate completes, the “Add Host” operation can be performed on the VC
54
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Automated Installation with VUMAutomated Installation with VUM
1 What is VUM?1. What is VUM?VMware Update Manager
Used for patching/updating software on ESXUses ‘esxupdate’ on application on ESX host to do the installation and
management of software modules
2. Starting the installationgSimply click “Add Host”, and VUM will take care of loading the VEM
onto the hostThe host pulls the packages from the VUM repository. The VSM web serverThe host pulls the packages from the VUM repository. The VSM web server
is only used to populate the VUM repository
55
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Adding a Host to the Nexus 1000V1. Right click on the Cisco Nexus 1000V and select ‘Add Host’
56
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Verifying the Installation1. The ‘show module’ command on the VSM will display the VEM if the installation is completed
successfullypod5-vsm# show moduleMod Ports Module-Type Model Status--- ----- -------------------------------- ------------------ ------------1 0 Virtual Supervisor Module Nexus1000V active *2 0 Virtual Supervisor Module Nexus1000V ha-standby3 248 Virtual Ethernet Module NA ok
Mod Sw Hw--- --------------- ------1 4.0(4)SV1(0.42) 0.02 4.0(4)SV1(0.42) 0.03 4.0(4)SV1(0.42) 0.4
Mod MAC-Address(es) Serial-NumMod MAC Address(es) Serial Num--- -------------------------------------- ----------1 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA2 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA3 02-00-0c-00-03-00 to -2-00-0c-00-03-80 NA
Mod Server-IP Server-UUID Server-Name--- --------------- ------------------------------------ --------------------1 10.95.5.159 NA NA2 10.95.5.159 NA NA3 10 95 5 151 41483531 3141 5553 4537 31324e353646 ph 2 dc pod5 h 1
57
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
3 10.95.5.151 41483531-3141-5553-4537-31324e353646 phx2-dc-pod5-hv1
Migrating to the Cisco Nexus 1000V Migration Wizard enables simple migration from the vSwitch to the
Cisco Nexus 1000V
58
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Agenda
1. vSphere vNetwork Distributed Switch
2 Cisco Virtual Network Link Technology2. Cisco Virtual Network Link Technology
3. Cisco Nexus 1000VArchitectureArchitecture
Deployment
InstallationInstallation
Difference to the vSwitch
59
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Keep your process consistentNetwork Administrator view Server Administrator view
N1k-VSM# sh port-profile name Ubuntu-VM
port-profile Ubuntu-VM
description:
status: enabled
capability uplink: nop y p
capability l3control: no
system vlans: none
port-group: Ubuntu-VM
max-ports: 32
i h itinherit:
config attributes:
switchport mode access
switchport access vlan 95
no shutdown
assigned interfaces:
Vethernet2
Vethernet4
60
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Keep your process consistentFew of the Datacenter are completely virtualized
Using Nexus 1000V keeps all the process consistent and give Using Nexus 1000V keeps all the process consistent and give you the same visibility for VMs and Server
Troubleshoot your network as before using tools you knowTroubleshoot your network as before using tools you know
Make your regulatory compliance much easier because of the simpler process
Cisco VEM
ERSPANNetflowCounters
61
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VM1 VM2 VM3 VM4 CDP PVLAN
virtual Port Channel Host Mode
Allows a single PC to span multiple upstream switches using ‘subgroups’switches using subgroups
Forms up to two subgroups based on Cisco Discovery Protocol (CDP)
Subgroups can be manually defined outside of a Port
Po1 SG1SG0
Subgroups can be manually defined outside of a Port Profile
Does not require EtherChannel upstream when using source hashing
Cisco VEMEtherChannel is recommended upstream
Required when connecting to multiple switches
VM1 VM2 VM3 VM4
(only supports two upstream switches when using flow based hashing)
62
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco Nexus 1000V3 new features that make a difference3 new features that make a difference
Private VLANsNetflow v.9 with Data Encapsulated
• Great for mixed use ESX clusters
(PVLANs)• View flow based stats
for individual VMs
Export
• Mirror VM interface traffic to a remote sniffer
Remote SPAN (ERSPAN)
• Segment VMs w/o burning IP addresses
• Supports isolated, community and
• Captures multi-tiered app traffic inside a single ESX host
• Export aggregate stats
• Identify root cause for connectivity issues
• No host based sniffer virtual appliance to y
promiscuous trunk ports
• Follows your VM w/ VMotion or DRS
to dedicated collector for DC-wide VM view
• Follows your VM w/ VMotion or DRS
virtual appliance to maintain
• Follows your VM w/ VMotion or DRS
63
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VMotion or DRS
VMW vSwitch & the Cisco Nexus 1000VFeature ESX 3.5: Standard
vSwitchESX 4.0: vNetwork Standard Switch
ESX 4.0: vNetwork Distributed
SwitchCisco Nexus 1000V
Switching Features
Layer 2 Forwarding Yes Yes Yes Yes
IEEE 802.1Q VLAN Tagging Yes Yes Yes Yes
Multicast Support Yes Yes Yes Yes
IGMP Snooping v3 - - - Yes
VMotion Support Yes Yes Yes Yes
Network Policy VMotion - - Yes Yes
Upstream Switch Connectivity
EtherChannel Yes Yes Yes Yes
Asyncronous Port Channels - - - YesAsyncronous Port Channels - - - Yes
Link Aggregation Control Protocol (LACP) - - - Yes
Load Balancing Algorithms
Virtual Switchport ID Yes Yes Yes Yes
Source MAC Yes Yes Yes YesSource MAC Yes Yes Yes Yes
Source-Destination IP Yes Yes Yes Yes
Source-Destination MAC - - - Yes
Source-Destination-Port IP - - - Yes
Additional Hashing Options - - - Yes
64
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Additional Hashing Options Yes
VMW vSwitch & the Cisco Nexus 1000VFeature
ESX 3.5: Standard vSwitch
ESX 4.0: vNetwork
Standard Switch
ESX 4.0: vNetwork
Distributed Switch
Cisco Nexus 1000V
Traffic Management Features
T R t Li iti Y Y Y YTx Rate Limiting Yes Yes Yes Yes
Rx Rate Limiting - - Yes Yes
Quality of Service Marking
DSCP - - - Yes
T f S i YType of Service - - - Yes
Class of Service - - - Yes
Security Features
Port Security Yes Yes Yes Yesy
VMSafe Compatible Yes Yes Yes Yes
Private VLANs - - Yes Yes
PVLAN Promiscuous Trunk Support - - - Yes
Access Control Lists - - - Yes
DHCP Snooping - - - Yes
IP Source Guard - - - Yes
Dynamic ARP Inspection - - - Yes
65
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
VMW vSwitch & the Cisco Nexus 1000V
FeatureESX 3.5: Standard vSwitch
ESX 4.0: vNetwork
Standard Switch
ESX 4.0: vNetwork
Distributed Switch
Cisco Nexus 1000V
Management FeaturesgVMware vCenter Support Yes Yes Yes Yes
Third Party Accessible APIs Yes Yes Yes Yes
Network Policy Groups Yes Yes Yes Yes
Multi-Tier Policy Groups - - - Yes
SPAN - - - Yes
ERSPAN - - - Yes
Netflow v5 * * * Yes
Netflow v9 - - - Yes
SNMP v3 Read/Write - - - Yes
CDP v1/v2 Yes Yes Yes Yes
Syslog ** ** ** Yes
Packet Capture & Analysis - - - Yes
Radius/TACACS+ - - - Yes
* Experimental Support** Network Syslog information is compiled and exported with other non network related vCenter events
66
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
** Network Syslog information is compiled and exported with other, non-network related, vCenter events.
Accelerate Server VirtualizationBenefits of the Nexus 1000VBenefits of the Nexus 1000V
O ti &O ti &O ti &O ti & O i ti lO i ti lO i ti lO i ti l
EnableEnable VMVM--levellevelEnableEnable VMVM--levellevel
Security & Policy Security & Policy EnforcementEnforcement
Security & Policy Security & Policy EnforcementEnforcement
Simplify Simplify t dt d
Simplify Simplify t dt d
Operations & Operations & ManagementManagementOperations & Operations & ManagementManagement
Enable Enable flexible flexible Enable Enable flexible flexible
Organizational Organizational StructureStructure
Organizational Organizational StructureStructure
Enable Enable VMVM level level security and policysecurity and policy
Scale Scale the use of the use of VM ti d DRSVM ti d DRS
Enable Enable VMVM level level security and policysecurity and policy
Scale Scale the use of the use of VM ti d DRSVM ti d DRS
management and management and troubleshooting troubleshooting with with VMVM--level level visibilityvisibility
management and management and troubleshooting troubleshooting with with VMVM--level level visibilityvisibility
collaboration with collaboration with individual team individual team autonomyautonomy
collaboration with collaboration with individual team individual team autonomyautonomy
VMotion and DRSVMotion and DRSVMotion and DRSVMotion and DRSScale Scale with with automated server & automated server & network network
Scale Scale with with automated server & automated server & network network
Simplify Simplify and and maintain existing maintain existing VMVM mgmt modelmgmt model
Simplify Simplify and and maintain existing maintain existing VMVM mgmt modelmgmt model
67
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
provisioningprovisioningprovisioningprovisioning
68
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID
Recommended