© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Cisco Nexus 1000V

Ralf Eberhardt

reberhar@cisco.com

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2

Legal Disclaimer

Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3

Agenda

Networking Challenges of Server Virtualization

Cisco VN-Link Introduction

Cisco Nexus 1000V Overview & Architecture

Deployment Scenarios

Advanced Features

Additional Information

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4

With virtualization, VMs have a transparent view of their resources…

Transparency in the Eye of the Beholder

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5

…but its difficult to correlate network and storage back to virtual machines

Transparency in the Eye of the Beholder

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6

Scaling globally depends on maintaining transparency while also providing operational consistency

Transparency in the Eye of the Beholder

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7

Networking Challenges to Scaling Server Virtualization

Applied at physical server—not the individual VM

Impossible to enforce policy for VMs in motion

Security and Policy Enforcement

Lack of VM visibility, accountability, and consistency

Inefficient management model and inability to effectively troubleshoot

Operations andManagement

Muddled ownership as server admin must configure virtual network

Organizational redundancy creates compliance challenges

OrganizationalStructure

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8

Virtual machine aware network and storage services

Abstract physical and logical infrastructure

Virtual machines are the new data center building block

Cisco Virtual Network Link – VN-LinkVirtualizing the Network Domain

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9

VN-Link Brings VM Level GranularityProblems:

VN-Link:•Extends network to the VM •Consistent services •Coordinated, coherent management

VMotion• VMotion may move VMs

across physical ports—policy must follow

• Impossible to view or apply policy to locally switched traffic

• Cannot correlate traffic on physical links—from multiple VMsVLAN

101

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10

Cisco Nexus 1000VIndustry First 3rd Party Virtual Distributed Switch

Nexus 1000V provides enhanced VM switching for VMW ESX environments

Features VN-Link capabilities:

Policy-based VM connectivity

Mobility of network and security properties

Non-disruptive operational model

Ensures visibility and continued connectivity during VMotion

Enabling Acceleration of Server Virtualization Benefits

VMW ESX

Server 1Server 1

VMware vSwitch Nexus 1000V

VMW ESX

VMware vSwitch Nexus 1000V

Server 2Server 2

Nexus 1000V

VM #4

VM #3

VM #2

VM #1

VM #8

VM #7

VM #5

VM #5

VM #2

VM #3

VM #4

VM #5

VM #6

VM #7

VM #8

VM #1

VM #1

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11

What is a Virtual Distributed Switch?

A Virtual Distributed Switch, is a concept developed by VMware and Cisco to allow a single vSwitch to span multiple hosts.

VMW calls this a vNetwork Distributed Switch.

The Cisco Nexus 1000V, a 3rd party virtual distributed switch, will be supported in VMware ESX and Virtual Infrastructure in the 1st half of 2009

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12

Cisco Nexus 1000V Architecture

Virtual Supervisor Module (VSM) Virtual or Physical appliance

running Cisco OS (supports HA)

Performs management, monitoring, & configuration

Tight integration with VMware Virtual Center

Virtual Ethernet Module (VEM) Enables advanced networking

capability on the hypervisor

Provides each VM with dedicated “switch port”

Collection of VEMs = 1 Distributed Switch

Cisco Nexus 1000V Enables: Policy Based VM Connectivity

Mobility of Network & Security Properties

Non-Disruptive Operational Model

Virtual Center

VMW ESX

Server 1

VMware vSwitch

VMW ESX

Server 2

VMware vSwitch

VMW ESX

Server 3

VMware vSwitch

VM #1

VM #4

VM #3

VM #2

VM #5

VM #8

VM #7

VM #6

VM #9

VM #12

VM #11

VM #10

VEM VEM VEMNexus 1000V

Nexus 1000V

VSM

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13

Cisco Nexus 1000VFaster VM Deployment

VMW ESX

Server

VMW ESX

Server

Cisco Nexus 1000V

VM #1

VM #4

VM #3

VM #2

VM #5

VM #8

VM #7

VM #6

VM Connection Policy Defined in the network Applied in Virtual Center Linked to VM UUID

Defined Policies

WEB Apps

HR

DB

Compliance

Cisco VN-Link—Virtual Network LinkPolicy-Based

VM ConnectivityNon-Disruptive

Operational ModelMobility of Network

& Security Properties

Virtual Center

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14

Cisco Nexus 1000VRicher Network Services

VMW ESX

Server

VMW ESX

Server

Cisco Nexus 1000V

VM #5

VM #8

VM #7

VM #6

VM #4

VM #3

VM #2

VM #1

VM #4

VM #3

VM #2

VM #1

VN-Link Property Mobility VMotion for the network Ensures VM security Maintains connection stateVirtual

Center

VMs Need to Move VMotion DRS SW Upgrade/Patch Hardware Failure

Policy-Based VM Connectivity

Non-DisruptiveOperational Model

Mobility of Network & Security Properties

VN-Link: Virtualizing the Network Domain

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15

Cisco Nexus 1000VIncrease Operational Efficiency

VMW ESX

Server

VMW ESX

Server

Cisco Nexus 1000V

VM #5

VM #8

VM #7

VM #6

VM #4

VM #3

VM #2

VM #1

Network Benefits Unifies network mgmt and ops Improves operational security Enhances VM network features Ensures policy persistence Enables VM-level visibility

Policy-Based VM Connectivity

Non-DisruptiveOperational Model

Mobility of Network & Security Properties

VN-Link: Virtualizing the Network Domain

Virtual Center

Server Benefits Maintains existing VM mgmt Reduces deployment time Improves scalability Reduces operational workload Enables VM-level visibility

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16

How Does It Work?

Deploying the Nexus 1000V

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17

Deploying the Cisco Nexus 1000VCollaborative Deployment Model

1. VMW Virtual Center & Cisco Nexus 1000V relationship established

2. Network Admin configures Nexus 1000V to support new ESX hosts

3. Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center

1.

2.

VMW ESX

Server 1

Nexus 1000V—VEM

3.

Nexus 1000V

VSMVirtual Center

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18

Deploying the Cisco Nexus 1000VCollaborative Deployment Model

1. VMW Virtual Center & Cisco Nexus 1000V relationship established

2. Network Admin configures Nexus 1000V to support new ESX hosts

3. Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center

4. Repeat step three to add another host and extend switch configuration

VMW ESX

Server 1

Nexus 1000V—VEM

VMW ESX

Server N

Nexus 1000V—VEM

4.

Nexus 1000V

Nexus 1000V

VSMVirtual Center

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19

Policy Based VM ConnectivityEnabling Policy

1. Nexus 1000V automatically enables port groups in Virtual Center

2. Server Admin uses Virtual Center to assign vnic policy from available port groups

3. Nexus 1000V automatically enables VM connectivity at VM power-on

1.

VMW ESX

Server 1

Nexus 1000V - VEM

VM #1

VM #4

VM #3

VM #2

Available Port Groups

WEB Apps HR

DB Compliance

2.

Nexus 1000V

VSMVirtual Center

3. WEB Apps: PVLAN 108, Isolated Security Policy = Port 80 and 443 Rate Limit = 100 Mbps QoS Priority = Medium Remote Port Mirror = Yes

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20

Virtual Center

VMW ESX

Server

Nexus 1000V - VEM

VM #1

VM #4

VM #3

VM #2

Policy Based VM ConnectivityWhat Can a Policy Do?

Policy definition supports: VLAN, PVLAN settings

ACL, Port Security, ACL Redirect

Cisco TrustSec (SGT)

NetFlow Collection

Rate Limiting

QoS Marking (COS/DSCP)

Remote Port Mirror (ERSPAN))

Nexus 1000V

VSM

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21

Mobility of Security and Network PropertiesFollowing Your VMs Around

1. Virtual Center kicks off a Vmotion (manual/DRS) and notifies Nexus 1000V

2. During VM replication, Nexus 1000V copies VM port state to new host

VMW ESX

Server 2

Nexus 1000 -—VEM

VMW ESX

Server 1

Nexus 1000V—VEMNexus 1000V

VM #5

VM #8

VM #7

VM #6

VM #1

VM #4

VM #3

VM #2

Mobile Properties Include:

Port policy

Interface state and counters

Flow statistics

Remote port mirror session

Nexus 1000V

VSM

Virtual Center

VM #1

Network Persistence VM port config, state

VM monitoring statistics

2.

VMotion Notification Current: VM1 on Server 1 New: VM1 on Server 2

1.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22

Mobility of Security and Network PropertiesFollowing Your VMs Around

1. Virtual Center kicks off a Vmotion (manual/DRS) & notifies Nexus 1000V

2. During VM replication, Nexus 1000V copies VM port state to new host

3. Once VMotion completes, port on new ESX host is brought up & VM’s MAC address is announced to the network

VMW ESX

Server 2

Nexus 1000 -—VEM

VMW ESX

Server 1

Nexus 1000V—VEMNexus 1000V

VM #5

VM #8

VM #7

VM #6

VM #1

VM #4

VM #3

VM #2

Virtual Center

VM #1

Nexus 1000V

VSM

Network Update ARP for VM1 sent

to network Flows to VM1 MAC

redirected to Server 2

3.

VM #1

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23

Increase Operational EfficiencyWhat stays the same? What gets better?What stays the same? What gets better?

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24

Cisco Nexus 1000VThree New Features that Make a Difference

Encapsulated Remote SPAN (ERSPAN)

Mirror VM interface traffic to a remote sniffer

Identify root cause for connectivity issues

No host-based sniffer virtual appliance to maintain

Follows your VM with VMotion or DRS

NetFlow v.9 with Data Export

View flow-based stats for individual VMs

Captures multi-tiered app traffic inside a single ESX host

Export aggregate stats to dedicated collector for DC-wide VM view

Follows your VM with VMotion or DRS

Private VLANs(PVLANs)

Great for mixed use ESX clusters

Segment VMs w/o burning IP addresses

Supports isolated, community and promiscuous trunk ports

Follows your VM with VMotion or DRS

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25

Cisco Nexus 1000V – VM SecurityServer Server

Private VLANPrivate VLAN• Promiscuous portPromiscuous port• Isolated portIsolated port• Community portCommunity port

ServerServer

I

ServerServer

ICisco Nexus 1000VCisco Nexus 1000VCisco Nexus 1000VCisco Nexus 1000V

VM VM #1#1VM VM #1#1

VM VM #4#4VM VM #4#4

VM VM #3#3VM VM #3#3

VM VM #2#2VM VM #2#2

VM VM #4#4VM VM #4#4

VM VM #3#3VM VM #3#3

VM VM #2#2VM VM #2#2

VM VM #1#1VM VM #1#1

VM VM #4#4VM VM #4#4

VM VM #3#3VM VM #3#3

VM VM #2#2VM VM #2#2

VM VM #1#1VM VM #1#1

VMW ESXVMW ESX VMW ESXVMW ESX VMW ESXVMW ESX

II II

Security FeaturesSecurity Features• Access Control ListAccess Control List• Port SecurityPort Security• DHCP SnoopingDHCP Snooping• IP Source GuardIP Source Guard• Dynamic ARP InspectionDynamic ARP Inspection

PP CCCC

Cisco TrustSecCisco TrustSec• Admission control: 802.1XAdmission control: 802.1X• Hop-by-hop crypto: Hop-by-hop crypto: 802.1AE802.1AE

• Security Group TagSecurity Group Tag

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26

Key Features of the Nexus 1000V

Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)

IGMP Snooping, QoS Marking/Queuing

Security Policy Mobility, PVLAN, ACL (L2–4 w/ Redirect), Port Security

Cisco TrustSec—Authentication, Admission, Access Control

Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration

Optimized NIC Teaming

Visibility Historical VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2

VM-Level Interface Statistics, Wireshark

Management Virtual Center VM Provisioning, Cisco Network Provisioning

Cisco CLI, XML API, SNMP (v.1, 2, 3)

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27

Virtual CenterVirtual Center

Nexus 1000V Deployment ScenariosPick Your Flavor

1. Works with all types of servers (rack optimized, blade servers, etc.)

2. Works with any type of upstream switch (Blade, Top or Rack, Modular)

3. Works at any speed (1G or 10G)

4. Nexus 1000V VSM can be deployed as a VM or a physical appliance

Blade Servers

Rack OptimizedServers

Nexus 1000V

VSM

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28

Accelerate Server VirtualizationEnable, Simplify, Scale

Security and Policy Enforcement

Enable VM-level security and policy

Scale the use of VMotion and DRS

Operation & Management

Simplify management and troubleshooting with VM-level visibility Scale with automated server & network provisioning

Organizational Structure

Enable flexible collaboration with individual team autonomy

Simplify and maintain existing VM mgmt model

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29

Cisco Nexus 1000: More Information…

http://www.cisco.com/go/datacenter

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31

Policy-BasedVM Connectivity

Virtualizing the Network Domain

Two Complementary Models to Address Evolving Customer Requirements

• Cisco switch for VMW ESX

• Compatible with any switching platform

• Leverages Virtual Center for server admin; Cisco CLI for network admin

•Scalable, hardware based, high performance solution

•Standards driven approach to delivering hardware based VM networking

•Combines VM & physical network operations into 1 managed node

VMW ESX

VM #4

VM #3

ServerVM #2

VM #1

Initiator

Nexus 5000

Nexus 5000 with VN-Link(Hardware Based)

VMW ESX

VM#1

VM #4

VM #3

ServerVM #2

NIC NIC

LAN

Nexus 1000V

Nexus 1000V

Cisco Nexus 1000V(Software Based)

Cisco Virtual Network Link – VN-Link

Mobility of Network & Security Properties

Non-Disruptive Operational Model

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32

VN-Link With the Cisco Nexus 1000V

Cisco Nexus 1000VSoftware Based

VMW ESX

VM#1

VM #4

VM #3

ServerVM #2

Nexus 1000V

NIC NIC

LAN

Nexus1000V

Industry’s first third-party ESX switch Built on Cisco NX-OS Compatible with switching platforms Maintain Virtual Center provisioning

model unmodified for server administration; allow network administration of Nexus 1000V via familiar Cisco NX-OS CLI

Policy-Based VM Connectivity

Non-Disruptive Operational Model

Mobility of Network and Security Properties

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33

Policy-Based VM Connectivity

Non-Disruptive Operational Model

Mobility of Network and Security Properties

VMW ESX

VM #4

VM #3

ServerVM #2

VM #1

VN-Link

Nexus

Nexus Switch with VN-LinkHardware Based

Allows scalable hardware-based implementations through hardware switches

Standards-based initiative: Cisco & VMware proposal in IEEE 802 to specify “Network Interface Virtualization”

Combines VM and physical network operations into one managed node

VN-Link with Network Interface Virtualization