Embed Size (px)
DESCRIPTION
Cisco Nexus 1000V. Ralf Eberhardt [email protected]. Legal Disclaimer. - PowerPoint PPT Presentation
Citation preview
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Cisco Nexus 1000V
Ralf Eberhardt
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Legal Disclaimer
Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Agenda
Networking Challenges of Server Virtualization
Cisco VN-Link Introduction
Cisco Nexus 1000V Overview & Architecture
Deployment Scenarios
Advanced Features
Additional Information
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
With virtualization, VMs have a transparent view of their resources…
Transparency in the Eye of the Beholder
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
…but its difficult to correlate network and storage back to virtual machines
Transparency in the Eye of the Beholder
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Scaling globally depends on maintaining transparency while also providing operational consistency
Transparency in the Eye of the Beholder
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Networking Challenges to Scaling Server Virtualization
Applied at physical server—not the individual VM
Impossible to enforce policy for VMs in motion
Security and Policy Enforcement
Lack of VM visibility, accountability, and consistency
Inefficient management model and inability to effectively troubleshoot
Operations andManagement
Muddled ownership as server admin must configure virtual network
Organizational redundancy creates compliance challenges
OrganizationalStructure
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
Virtual machine aware network and storage services
Abstract physical and logical infrastructure
Virtual machines are the new data center building block
Cisco Virtual Network Link – VN-LinkVirtualizing the Network Domain
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
VN-Link Brings VM Level GranularityProblems:
VN-Link:•Extends network to the VM •Consistent services •Coordinated, coherent management
VMotion• VMotion may move VMs
across physical ports—policy must follow
• Impossible to view or apply policy to locally switched traffic
• Cannot correlate traffic on physical links—from multiple VMsVLAN
101
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
Cisco Nexus 1000VIndustry First 3rd Party Virtual Distributed Switch
Nexus 1000V provides enhanced VM switching for VMW ESX environments
Features VN-Link capabilities:
Policy-based VM connectivity
Mobility of network and security properties
Non-disruptive operational model
Ensures visibility and continued connectivity during VMotion
Enabling Acceleration of Server Virtualization Benefits
VMW ESX
Server 1Server 1
VMware vSwitch Nexus 1000V
VMW ESX
VMware vSwitch Nexus 1000V
Server 2Server 2
Nexus 1000V
VM #4
VM #3
VM #2
VM #1
VM #8
VM #7
VM #5
VM #5
VM #2
VM #3
VM #4
VM #5
VM #6
VM #7
VM #8
VM #1
VM #1
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
What is a Virtual Distributed Switch?
A Virtual Distributed Switch, is a concept developed by VMware and Cisco to allow a single vSwitch to span multiple hosts.
VMW calls this a vNetwork Distributed Switch.
The Cisco Nexus 1000V, a 3rd party virtual distributed switch, will be supported in VMware ESX and Virtual Infrastructure in the 1st half of 2009
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
Cisco Nexus 1000V Architecture
Virtual Supervisor Module (VSM) Virtual or Physical appliance
running Cisco OS (supports HA)
Performs management, monitoring, & configuration
Tight integration with VMware Virtual Center
Virtual Ethernet Module (VEM) Enables advanced networking
capability on the hypervisor
Provides each VM with dedicated “switch port”
Collection of VEMs = 1 Distributed Switch
Cisco Nexus 1000V Enables: Policy Based VM Connectivity
Mobility of Network & Security Properties
Non-Disruptive Operational Model
Virtual Center
VMW ESX
Server 1
VMware vSwitch
VMW ESX
Server 2
VMware vSwitch
VMW ESX
Server 3
VMware vSwitch
VM #1
VM #4
VM #3
VM #2
VM #5
VM #8
VM #7
VM #6
VM #9
VM #12
VM #11
VM #10
VEM VEM VEMNexus 1000V
Nexus 1000V
VSM
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Cisco Nexus 1000VFaster VM Deployment
VMW ESX
Server
VMW ESX
Server
Cisco Nexus 1000V
VM #1
VM #4
VM #3
VM #2
VM #5
VM #8
VM #7
VM #6
VM Connection Policy Defined in the network Applied in Virtual Center Linked to VM UUID
Defined Policies
WEB Apps
HR
DB
Compliance
Cisco VN-Link—Virtual Network LinkPolicy-Based
VM ConnectivityNon-Disruptive
Operational ModelMobility of Network
& Security Properties
Virtual Center
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
Cisco Nexus 1000VRicher Network Services
VMW ESX
Server
VMW ESX
Server
Cisco Nexus 1000V
VM #5
VM #8
VM #7
VM #6
VM #4
VM #3
VM #2
VM #1
VM #4
VM #3
VM #2
VM #1
VN-Link Property Mobility VMotion for the network Ensures VM security Maintains connection stateVirtual
Center
VMs Need to Move VMotion DRS SW Upgrade/Patch Hardware Failure
Policy-Based VM Connectivity
Non-DisruptiveOperational Model
Mobility of Network & Security Properties
VN-Link: Virtualizing the Network Domain
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Cisco Nexus 1000VIncrease Operational Efficiency
VMW ESX
Server
VMW ESX
Server
Cisco Nexus 1000V
VM #5
VM #8
VM #7
VM #6
VM #4
VM #3
VM #2
VM #1
Network Benefits Unifies network mgmt and ops Improves operational security Enhances VM network features Ensures policy persistence Enables VM-level visibility
Policy-Based VM Connectivity
Non-DisruptiveOperational Model
Mobility of Network & Security Properties
VN-Link: Virtualizing the Network Domain
Virtual Center
Server Benefits Maintains existing VM mgmt Reduces deployment time Improves scalability Reduces operational workload Enables VM-level visibility
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
How Does It Work?
Deploying the Nexus 1000V
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
Deploying the Cisco Nexus 1000VCollaborative Deployment Model
1. VMW Virtual Center & Cisco Nexus 1000V relationship established
2. Network Admin configures Nexus 1000V to support new ESX hosts
3. Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center
1.
2.
VMW ESX
Server 1
Nexus 1000V—VEM
3.
Nexus 1000V
VSMVirtual Center
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Deploying the Cisco Nexus 1000VCollaborative Deployment Model
1. VMW Virtual Center & Cisco Nexus 1000V relationship established
2. Network Admin configures Nexus 1000V to support new ESX hosts
3. Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center
4. Repeat step three to add another host and extend switch configuration
VMW ESX
Server 1
Nexus 1000V—VEM
VMW ESX
Server N
Nexus 1000V—VEM
4.
Nexus 1000V
Nexus 1000V
VSMVirtual Center
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Policy Based VM ConnectivityEnabling Policy
1. Nexus 1000V automatically enables port groups in Virtual Center
2. Server Admin uses Virtual Center to assign vnic policy from available port groups
3. Nexus 1000V automatically enables VM connectivity at VM power-on
1.
VMW ESX
Server 1
Nexus 1000V - VEM
VM #1
VM #4
VM #3
VM #2
Available Port Groups
WEB Apps HR
DB Compliance
2.
Nexus 1000V
VSMVirtual Center
3. WEB Apps: PVLAN 108, Isolated Security Policy = Port 80 and 443 Rate Limit = 100 Mbps QoS Priority = Medium Remote Port Mirror = Yes
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Virtual Center
VMW ESX
Server
Nexus 1000V - VEM
VM #1
VM #4
VM #3
VM #2
Policy Based VM ConnectivityWhat Can a Policy Do?
Policy definition supports: VLAN, PVLAN settings
ACL, Port Security, ACL Redirect
Cisco TrustSec (SGT)
NetFlow Collection
Rate Limiting
QoS Marking (COS/DSCP)
Remote Port Mirror (ERSPAN))
Nexus 1000V
VSM
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
Mobility of Security and Network PropertiesFollowing Your VMs Around
1. Virtual Center kicks off a Vmotion (manual/DRS) and notifies Nexus 1000V
2. During VM replication, Nexus 1000V copies VM port state to new host
VMW ESX
Server 2
Nexus 1000 -—VEM
VMW ESX
Server 1
Nexus 1000V—VEMNexus 1000V
VM #5
VM #8
VM #7
VM #6
VM #1
VM #4
VM #3
VM #2
Mobile Properties Include:
Port policy
Interface state and counters
Flow statistics
Remote port mirror session
Nexus 1000V
VSM
Virtual Center
VM #1
Network Persistence VM port config, state
VM monitoring statistics
2.
VMotion Notification Current: VM1 on Server 1 New: VM1 on Server 2
1.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Mobility of Security and Network PropertiesFollowing Your VMs Around
1. Virtual Center kicks off a Vmotion (manual/DRS) & notifies Nexus 1000V
2. During VM replication, Nexus 1000V copies VM port state to new host
3. Once VMotion completes, port on new ESX host is brought up & VM’s MAC address is announced to the network
VMW ESX
Server 2
Nexus 1000 -—VEM
VMW ESX
Server 1
Nexus 1000V—VEMNexus 1000V
VM #5
VM #8
VM #7
VM #6
VM #1
VM #4
VM #3
VM #2
Virtual Center
VM #1
Nexus 1000V
VSM
Network Update ARP for VM1 sent
to network Flows to VM1 MAC
redirected to Server 2
3.
VM #1
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Increase Operational EfficiencyWhat stays the same? What gets better?What stays the same? What gets better?
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
Cisco Nexus 1000VThree New Features that Make a Difference
Encapsulated Remote SPAN (ERSPAN)
Mirror VM interface traffic to a remote sniffer
Identify root cause for connectivity issues
No host-based sniffer virtual appliance to maintain
Follows your VM with VMotion or DRS
NetFlow v.9 with Data Export
View flow-based stats for individual VMs
Captures multi-tiered app traffic inside a single ESX host
Export aggregate stats to dedicated collector for DC-wide VM view
Follows your VM with VMotion or DRS
Private VLANs(PVLANs)
Great for mixed use ESX clusters
Segment VMs w/o burning IP addresses
Supports isolated, community and promiscuous trunk ports
Follows your VM with VMotion or DRS
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
Cisco Nexus 1000V – VM SecurityServer Server
Private VLANPrivate VLAN• Promiscuous portPromiscuous port• Isolated portIsolated port• Community portCommunity port
ServerServer
I
ServerServer
ICisco Nexus 1000VCisco Nexus 1000VCisco Nexus 1000VCisco Nexus 1000V
VM VM #1#1VM VM #1#1
VM VM #4#4VM VM #4#4
VM VM #3#3VM VM #3#3
VM VM #2#2VM VM #2#2
VM VM #4#4VM VM #4#4
VM VM #3#3VM VM #3#3
VM VM #2#2VM VM #2#2
VM VM #1#1VM VM #1#1
VM VM #4#4VM VM #4#4
VM VM #3#3VM VM #3#3
VM VM #2#2VM VM #2#2
VM VM #1#1VM VM #1#1
VMW ESXVMW ESX VMW ESXVMW ESX VMW ESXVMW ESX
II II
Security FeaturesSecurity Features• Access Control ListAccess Control List• Port SecurityPort Security• DHCP SnoopingDHCP Snooping• IP Source GuardIP Source Guard• Dynamic ARP InspectionDynamic ARP Inspection
PP CCCC
Cisco TrustSecCisco TrustSec• Admission control: 802.1XAdmission control: 802.1X• Hop-by-hop crypto: Hop-by-hop crypto: 802.1AE802.1AE
• Security Group TagSecurity Group Tag
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
Key Features of the Nexus 1000V
Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)
IGMP Snooping, QoS Marking/Queuing
Security Policy Mobility, PVLAN, ACL (L2–4 w/ Redirect), Port Security
Cisco TrustSec—Authentication, Admission, Access Control
Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration
Optimized NIC Teaming
Visibility Historical VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2
VM-Level Interface Statistics, Wireshark
Management Virtual Center VM Provisioning, Cisco Network Provisioning
Cisco CLI, XML API, SNMP (v.1, 2, 3)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
Virtual CenterVirtual Center
Nexus 1000V Deployment ScenariosPick Your Flavor
1. Works with all types of servers (rack optimized, blade servers, etc.)
2. Works with any type of upstream switch (Blade, Top or Rack, Modular)
3. Works at any speed (1G or 10G)
4. Nexus 1000V VSM can be deployed as a VM or a physical appliance
Blade Servers
Rack OptimizedServers
Nexus 1000V
VSM
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
Accelerate Server VirtualizationEnable, Simplify, Scale
Security and Policy Enforcement
Enable VM-level security and policy
Scale the use of VMotion and DRS
Operation & Management
Simplify management and troubleshooting with VM-level visibility Scale with automated server & network provisioning
Organizational Structure
Enable flexible collaboration with individual team autonomy
Simplify and maintain existing VM mgmt model
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
Cisco Nexus 1000: More Information…
http://www.cisco.com/go/datacenter
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
Policy-BasedVM Connectivity
Virtualizing the Network Domain
Two Complementary Models to Address Evolving Customer Requirements
• Cisco switch for VMW ESX
• Compatible with any switching platform
• Leverages Virtual Center for server admin; Cisco CLI for network admin
•Scalable, hardware based, high performance solution
•Standards driven approach to delivering hardware based VM networking
•Combines VM & physical network operations into 1 managed node
VMW ESX
VM #4
VM #3
ServerVM #2
VM #1
Initiator
Nexus 5000
Nexus 5000 with VN-Link(Hardware Based)
VMW ESX
VM#1
VM #4
VM #3
ServerVM #2
NIC NIC
LAN
Nexus 1000V
Nexus 1000V
Cisco Nexus 1000V(Software Based)
Cisco Virtual Network Link – VN-Link
Mobility of Network & Security Properties
Non-Disruptive Operational Model
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
VN-Link With the Cisco Nexus 1000V
Cisco Nexus 1000VSoftware Based
VMW ESX
VM#1
VM #4
VM #3
ServerVM #2
Nexus 1000V
NIC NIC
LAN
Nexus1000V
Industry’s first third-party ESX switch Built on Cisco NX-OS Compatible with switching platforms Maintain Virtual Center provisioning
model unmodified for server administration; allow network administration of Nexus 1000V via familiar Cisco NX-OS CLI
Policy-Based VM Connectivity
Non-Disruptive Operational Model
Mobility of Network and Security Properties
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
Policy-Based VM Connectivity
Non-Disruptive Operational Model
Mobility of Network and Security Properties
VMW ESX
VM #4
VM #3
ServerVM #2
VM #1
VN-Link
Nexus
Nexus Switch with VN-LinkHardware Based
Allows scalable hardware-based implementations through hardware switches
Standards-based initiative: Cisco & VMware proposal in IEEE 802 to specify “Network Interface Virtualization”
Combines VM and physical network operations into one managed node
VN-Link with Network Interface Virtualization
