Embed Size (px)
Cisco Nexus 1000V for Microsoft Hyper-V: Expanding the Virtual Edge BRKVIR-2017
Appaji Malla
Sr. Product Manager
Cisco Cloud Networking Services Division
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000V for KVM
Resources
Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
3
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Legal Disclaimer
Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis.
This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
4
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000V for KVM
Resources
Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
5
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Physical Virtual Cloud Journey Consistency reduces operational risk and complexity
PHYSICAL
WORKLOAD
VIRTUAL
WORKLOAD
CLOUD
WORKLOAD
• One app per Server
• Static
• Manual provisioning
• Many apps per Server
• Mobile
• Dynamic provisioning
• Multi-tenant per Server
• Elastic
• Automated Scaling
HYPERVISOR VDC-1 VDC-2
CONSISTENCY: Policy, Features, Security, Management, Separation of Duties
Nexus 1000V, VM-FEX
vWAAS, VSG, ASA 1000V, vNAM*
Nexus 7K/5K/3K/2K
WAAS, ASA, NAM
Cloud Services Router (CSR 1000V) ASR, ISR
Switching
Routing
Services ** 1H CY 2013 6
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Virtual Networking Vision Any workload, any hypervisor, any cloud
Multi-Hypervisor
Multi-Services
Multi-Cloud
Nexus 1000V
7
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cloud technology stacks Multi-Hypervisor and Multi-Orchestration Strategy
Physical Network
vSphere Hyper-V Open Source
(Xen, KVM)
Nexus 2K-7K + ASR 9K (Edge)
UCS Computing Platform
Hypervisor vSphere, Hyper-V,
KVM
vCloud
Director/
DynamicOps
System
Center
Open
Source
Cloud Portal
and Orchestration
Storage Platform
CIAC/UCSD
OpenStack/
Partners
Virtual Network
Infrastructure
Nexus 1000V
Cloud Networking Services
vPath VXLAN
8
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Tenant A
Cisco Cloud Networking Services Hypervisor agnostic multi-services platform
Nexus 1000V
Nexus 1000V
• Distributed switch
• NX-OS consistency
8000+ Customers
VSG
• VM-level controls
• Zone-based FW
Shipping
ASA 1000V
• Edge firewall, VPN
• Protocol Inspection
Shipping
vWAAS
• WAN optimization
• App, traffic
Shipping
CSR 1000V (Cloud Router)
• WAN L3 gateway
• Routing and VPN
Shipping
ASA
1000V
Cloud
Firewall
Cisco
Virtual
Security
Gateway
(VSG)
vWAAS
Citrix
NetScaler
VPX
Imperva
SecureSphere
WAF Cloud
Services
Router
1000V
Zone A
Zone B
vPath VXLAN
Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*)
Ecosystem Services
• Citrix NetScaler VPX virtual ADC
• Imperva Web App. Firewall
Shipping
Physical Infrastructure (Compute, Network, Storage)
9
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus1000V InterCloud Securely Extend Enterprise Environment into Provider Cloud
Nexus 1000V InterCloud
Enterprise-Grade Crypto and Firewalling within & across clouds Secure
Simple Transparent Application Migration; Centralized Management
Flexible Choice of Provider Clouds and Hypervisors
Private
Hosted
Utility
Public
Community Managed
Nexus Switching
IOS Routing
Network Services
10
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
– Recent Nexus 1000V Promotions
– Nexus 1000V Architectural Overview
– Cisco Virtual Services Architecture
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000V for KVM
Resources
Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
11
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V is available in two editions Essential & Advanced Editions
12
Essential ($0) Advanced ($695/cpu)
VLANs, ACL, QoS
vPath
VXLAN
LACP
Multicast
Netflow, ERSPAN
Management
vTracker
vCenter Plugin
Virtual Security Gateway
Cisco TrustSec SXP Support
DHCP Snooping
IP Source Guard
Dynamic ARP Inspection
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Easy to get started on Cisco Nexus 1000V
Download Software
from cisco.com
Install Nexus 1000V
Using new Installer App
Create Port Profiles
& Start Using N1KV
Essential Edition – No licensing or procurement needed
Download Software
from cisco.com
Install Nexus 1000V
Using new Installer App
Change Switch mode to Advanced*
& Start Using N1KV
Advanced Edition – Get a 60-day free trial when you use essential
13
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Promo Overview
Base Package (40% price
reduction included)
• Nexus 1110-X Hosting Appliance
• 64 Universal Advanced Licenses
• Nexus 1000V License for ANY hypervisor. Migration allowed.
• VSG licenses included
Optional Package
(40% price reduction included)
• Additional 64 Universal Licenses
• Nexus 1000V License for ANY hypervisor. Migration allowed.
• VSG licenses included
Nexus 5K & 6K customers can get N1KV at 40% price-reduction
14
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Promo Overview 2 PIDs: N5K-FEX-N1K-PROMO & N6K-FEX-N1K-PROMO
N6K-FEX-N1K-PROMO
N6001P-6FEX-1G
N6001P-4FEX-10G
N6001P-6FEX-10G
N6001P-4FEX-10GT
N6001P-6FEX-10GT
N6004EF-12FEX-1G
N6004EF-8FEX-10G
N6004EF-8FEX-10GT
Base Package:
N1110-X+64 licenses Optional Package:
Add. 64-licenses N6001P-8FEX-1G
N5K-FEX-N1K-PROMO
Optional Package:
Add. 64-licenses
N5548UP-4N2248TF Base Package:
N1110-X+64 licenses
N5548UPL3-2N2248TF
N6001P-4FEX-1G N6001P-2FEX-10G
N6004EF-4FEX-1G
N6004EF-6FEX-1G
N6004EF-8FEX-1G
N6004EF-4FEX-10G
N6004EF-6FEX-10G
N6004EF-4FEX-10GT
N6004EF-6FEX-10GT
N5548UPM-4FEX
N5596UPM-6FEX
N5596UP-6N2248TF
N5596UPMM-12N2248T
N5548UPM-6N2248TP
N5596UPM-8N2248TP
N5548UPM-6N2248TR
N5596UP-4N2232PF
N5596UP-4FEX
N5596UPMM-8FEX
N5596UPM-8N2248TF
N5548UP-4N2248TP
N5596UP-6N2248TP
N5548UP-4N2248TR
N5596UP-6N2248TR
15
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Other promotional bundles with Nexus 1000V Up to 30% discount when you buy N1KV with UCS or ASA 1000V
N1KV/UCS Promo Description List Price
N1K-VSG-UCS-BUN Nexus 1000V Advanced Edition with the purchase of UCS B/C series
configurable SKUs (not available with fixed SmartPlay Bundles) $495/cpu
N1KV/ASA1000V Description List Price
L-N1K-ASA1K-01-PR 1 Promo N1KV Advanced licenses & ASA1000V $2,495/cpu
L-N1K-ASA1K-04-PR 4 Promo N1KV Advanced licenses & ASA1000V incremental licenses $9,945/cpu
L-N1K-ASA1K-16-PR 16 Promo N1KV Advanced licenses & , ASA1000V incremental licenses $39,445/cpu
L-N1K-ASA1K-32-PR 32 Promo N1KV Advanced licenses & ASA1000V incremental licenses $78,645/cpu
16
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
– Recent Nexus 1000V Promotions
– Nexus 1000V Architectural Overview
– Cisco Virtual Services Architecture
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000V for KVM
Resources
Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
17
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Server Virtualization Issues Policy Mobility, Lack of VM Traffic Visibility, Operational Complexity
1. VM Migration moves VMs across physical ports—the network policy must follow this VM Motion (across racks, PODS, DCs)
2. Must view or apply network/security policy to locally switched traffic
3. Need to maintain segregation of duties while ensuring non-disruptive operations
Port Group
Server Admin
Network Admin
Security
Admin
18
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Overlay Technology
Support
Operational Complexity
Managing
networks across
physical & virtual
environments
Choice of Hypervisors
Different types of
workloads require
different
hypervisors
Cloud Use-cases
Security concerns,
and hybrid cloud
use-cases
Resource Utilization
VM Mobility within
the DC, across DCs
and across clouds.
Customer Issues in virtualized environments
Complex Workloads
Requirement for
a secure virtual
environment with
rich network
services
Diverse Virtualization Requirements for DataCenter Customers
Multi-services support
Multi-hypervisor Support
Consistent Operational
Model
Multi-cloud support
19
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Fast Changing DC environments Require platform-agnostic design & future-proof architectures
• Any Service, Any hypervisor, any cloud • Built on highly reliable NX-OS platform • Validated designs for new use-cases
Cisco Nexus 1000V
Reduced Risk Reduced Time to deploy Investment Protection
Fast Changing Technology Cycles
• Emerging choices for hypervisors & cloudstacks
• Pressure to reduce risk, TTM & protect investment
• New virtualization use-cases
Future-proof Architectures
• Consistency across hypervisors & cloudstacks
• Evolutionary approach to operational processes
• Proven, tested foundation
20
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Hypervisor Hypervisor Hypervisor
VEM-N VEM-1 VEM-2
Modular Switch
… Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Ba
ck P
lan
e
Cisco Nexus 1000V Overview Architecture consistent with other modular switches
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
VSM1
VSM2
Virtual Appliance Network
Admin
Server
Admin 21
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Virtual Appliance Physical Appliance: Nexus 1100
VSM
VEM-1 VEM-2 vPath vPath
Hypervisor Hypervisor
vPath • Service Binding
(Traffic Steering)
• Fast-Path Offload
• VXLAN-Aware
Cisco Nexus 1000V Overview Integrated Switching & Services
VXLAN VXLAN VXLAN* • 16mil. L2 segments
• Mobility across DC
• Friendly to services
Scale-out architecture for cloud
Built for multi-tenancy
Hosting platform for N1KV VMs
Simplifies network operations
vWAAS VSG ASA1000V NS1000V
NAM VSG
Primary VSM NS1000V
NAM VSG
Secondary VSM NS1000V
22
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Overview
Dedicated NX-OS appliance for hosting virtual services
– Two form factors: 1110-S, 1110-X
– Up to 10 virtual services can be hosted on the 1110-X platform
Simplifies lifecycle management of virtual services
– Network/security team can deploy, upgrade, manage
Virtual services currently supported
– Nexus 1000V virtual supervisor modules (VSMs), Network Analysis Module (NAM)
– Virtual Security Gateway (VSG), Data Center Network Manager (DCNM)
– Citrix NetScaler 1000V*, Imperva WAF**
Cloud Services Platform aka Cisco Nexus 1100
23
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Uniform Management Interface across hypervisors
NTP
TACACS+
RADIUS
Netflow
SPAN & ERSPAN
NX-OS CLI
SNMP Support
NetConf/XML
CDP
Syslog
vm-network-definition (id, vlan, ip-pool) – for network segments
logical-network-definition (name, id, connected-ports) – fabric n/w
virtual-port-profile (type, id, maxports, switch-id) – for vEth
uplink-port-profile (state, type, id, maxports, switch-id) – for PNIC
ip-address-pool (name, dhcp-server, range etc.) – for ip-pools
Cisco Nexus 1000V
REST-APIs for manageability
24
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Strong Management Ecosystem
Cisco Prime Infra. Cisco Prime DCNM Cisco PNSC Cisco UCSD & CIAC
• NX-OS CLI, SNMP, NetConf/XML, REST*
• CDP, NTP, Telnet/SSH
• Syslog, ACL- Logging, TACACS+, RADIUS
• Netflow, SPAN, ERSPAN, REST-ful APIs
Consistent management
interfaces across physical & virtual
Your existing Mgmt tools
work well with Nexus 1000V
*Available in H2CY13
Cisco NMS Support
Systems Management Vendors
Other ISVs
Virtualization Vendors
25
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Proven Architecture for virtualization use-cases
Nexus 1000V
Portfolio
Vblock (Converged
Virtualization Infrastructure)
Virtual Desktop Infrastructure (User Identity & Security)
DC to DC VM Migration (Disaster Recovery)
Private & Public Cloud Deployments
(Multi-tenancy & Scalability)
PCI
(Security & Compliance)
Hosted Collaboration (Quality of Service &
Availabiity)
26
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
For Server Admins
For Network Admins
Cisco Nexus 1000V Overview Simplified Operations for network & server admins
Consistent feature-set across physical & virtual
• Consistent feature-set, operational model & consistent mgmt tools
• Reduces operational complexity
Visibility into VM-to-VM Traffic
• SPAN, ERSPAN, Netflow, VM-level Traffic Statistics
• Simplifies troubleshooting and allows better network design
Cisco Validated Design Guides
• Well-tested, well-documented designs for new use-cases
• Reduces risk, and time-to-deploy new technologies
Future-proofs application architecture
• Consistent feature-set across any hypervisor, and any cloud
• Flexibility to choose any hypervisor platform
Simplifies operational processes
• Integration with VM-mgmt tools, Simplified installation process, visibility into VM network
• Reduced operational burden on server admins
Improves app security, mobility & availability
• Additional NX-OS security features, strong services port-folio, VXLAN & DCI etc.
• Fewer security, availability & utilization issues
27
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
– Recent Nexus 1000V Promotions
– Nexus 1000V Architectural Overview
– Cisco Virtual Services Architecture
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000V for KVM
Resources
Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
28
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
New Services Requirements in Data Center
Traditional Data Center Virtual/Cloud Data Center
FW WAN Opt
• Application-specific services
• Form factors:
Appliance
Switch module
• Virtual appliance form factor
• Dynamic instantiation/provisioning
• Service transparent to VM mobility
• Support scale-out
• Large scale multitenant operation
Virtual Service Node (VSN)
ADC/ SLB
APP
OS
Hypervisor
VDC-1
VDC-2
29
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Hypervisor
Traditional Service Nodes
Virtual Contexts
VLANs
Redirect VM traffic via VLANs to external (physical) firewall
App Server
Database Server
Web Server
App Server
Database Server
Web Server
VSN
VSN
Apply hypervisor-based virtual network services
Hypervisor
Virtual Service Nodes
Services deployment in Virtualized DC
30
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Nexus 1000V
Distributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VM VM
VM
vPath
Log/Audit Initial Packet
Flow
Virtual Service
Node (VSN)
1 Flow Access Control
(policy evaluation)
2
Decision
Caching 3
4
Intelligent Traffic Steering with vPath
31
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Nexus 1000V
Distributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VM VM
VM
vPath
Remaining packets
from flow
ACL offloaded to
Nexus 1000V
(policy enforcement)
Log/Audit
Virtual Service
Node (VSN)
Performance Acceleration with vPath
32
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Service chaining with vPath
Cisco Nexus 1000V
Distributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VM VM
Cisco vPath
VSN1
VSN2
1 2
3
4 5
33
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Nexus 1000V
Distributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VM VM
VM
vPath
ACL offloaded to
Nexus 1000V
(policy enforcement)
Multi-tenancy with vPath
Tenant1 VSN
Tenant2 VSN
Tenant1 Client Tenant2 Client
Tenant1 VMs Tenant2 VMs
34
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Extending
firewalling & other
network services
to VM to VM
traffic on VXLAN
Nexus 1000V
Distributed Virtual Switch vPath
vPath Extends services to VMs on VXLANs
VM VM VM VM
VSN1
VXLAN 101
VXLAN 5001
VSN2
35
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Without vPath With vPath
• Complex deployment- per
host service nodes
• Capacity planning made
difficult
• No Fast path acceleration
• Manual service chaining
• Services tightly coupled with
network topology
• Distributed Service Insertion
• Better capacity planning (service
at tenant-level)
• Application based dynamic
service chains
• Non-disruptive operations
• Fast-Path acceleration
• Decouple Network and Services
vPath Benefits
36
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
Cisco Nexus 1000V for Hyper-V
– Nexus 1000V/Hyper-V architecture Overview
– Design Consistency across hypervisors
– SCVMM Networking Concepts
– Nexus 1000V Integration with SCVMM
– Deploying Nexus 1000V for Hyper-V
– Demo
Cisco Nexus 1000V for KVM
Resources Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
37
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Hyper-V: Comparison with ESX Terminology
VMware ESX Microsoft Hyper-V
Virtual Distributed Switch (VDS) Logical Switch
Port Group Virtual Port Profiles + VM networks
vmknic Host VNIC
Folder/Data Center Host Group
vMotion Live Migration
Distributed Resource Scheduling (DRS) Dynamic Optimization
Distributed Power Mgmt (DPM) Power Management
vCenter, vCloud Director SCVMM, SCO
Site Recovery Manager Hyper-V Replica
Virtual Machine Disk (VMDK) Virtual Hard Disk (VHDX)
38
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Hyper-V Extensible Switch Architecture
Extensions process all network traffic including VM-to-VM traffic
Forwarding Extensions can capture and Filter Traffic as well
Nexus 1000V will work with other 3rd party Capture and Filtering Extensions as well
Live Migration and NIC Offloads continue to work even when the extensions are present
39
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
System Center Virtual Machine Manager
40
Manages Hyper-V Virtualization environment
Similar in function to VMware vCenter Server
– But includes some functionality similar to VMware vCloud Director
What SCVMM Manages
– Hyper-V hosts
– Virtual Machines
– Logical Switches
– Logical Networks and Network Sites
– VM Networks and Subnets
– IP Addressing
– Port Profiles and Classifications
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
SCVMM Management of Switch Extensions
Virtualization
Root Partition
3rd Party components
SCVMM
Service
SCVMM
Vendor network mgmt
console
Policy
database
Vendor
SCVMM
Plugin
VM VM VM
41
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for Hyper-V Award Winning Networking Platform for Hyper-V
Nexus
1000V VSM
Extensible vSwitch
Nexus 1000V VEM
VM VM VM VM
VNICs
Advanced NX-OS feature-set
Innovative Services architecture (vPath)
Consistent operational model
SCVMM Integration PNICs
42
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
System Center Virtual Machine Manager
Cisco
Nexus
1000V
VEM
Cisco
Nexus
1000V
VEM
Cisco
Nexus
1000V
VEM
VM VM VM VM VM VM VM VM VM VM VM VM
Cisco Nexus 1000V VSM
Virtual Supervisor Module (VSM)
• Performs management, monitoring, and configuration
• Tight integration with management platforms
Virtual Ethernet Module (VEM)
• Enables advanced networking capability on the hypervisor
• Provides each virtual machine with dedicated “switch port”
• Collection of VEMs : 1 virtual switch
WS 2012 Hyper-V WS 2012 Hyper-V WS 2012 Hyper-V
Server Server Server
Cisco Nexus 1000V for Hyper-V A simple Deployment Scenario
43
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Switching L2 Switching, 802.1Q Tagging, VLAN, Rate Limiting (TX)
IGMP Snooping, QoS Marking (COS & DSCP)
Security Policy Mobility, Private VLANs w/ local PVLAN Enforcement
Access Control Lists, Port Security, Cisco TrustSec Support*
Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping*
Provisioning Port Profiles, Integration with virtualization & cloud mgmt. tools
Optimized NIC Teaming with Virtual Port Channel – Host Mode
Visibility VM Migration Tracking, NetFlow v.9 w/ NDE, CDP v.2
VM-Level Interface Statistics, SPAN & ERSPAN (policy-based)
Network Services Virtual Services Datapath (vPath) support for traffic steering & fast-path off-load
[leveraged by Virtual Security Gateway (VSG)* and other services]
Cisco Nexus 1000V for Hyper-V Features
Management Integrated Provisioning with SCVMM, Cisco LMS, Cisco DCNM, Cisco VNMC
Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)
Hitless upgrade, SW Installer
* Available only with Advanced Edition 44
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
Cisco Nexus 1000V for Hyper-V
– Nexus 1000V/Hyper-V architecture Overview
– Design Consistency across hypervisors
– SCVMM Networking Concepts
– Nexus 1000V Integration with SCVMM
– Deploying Nexus 1000V for Hyper-V
– Demo
Cisco Nexus 1000V for KVM
Resources Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
45
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VM VM VM VM
Nexus
1000V
VEM
VM VM VM VM
Nexus
1000V
VEM Nexus 1000V
VSM
WS 2012 Hyper-V Nexus 1000V
VSM
VMware vSphere
VMware vCenter
SCVMM
Cisco Nexus 1000V for Hyper-V Consistent Architecture across hypervisors
46
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
vPath and Cloud Network Services Consistent Services Infrastructure across Hypervisors
VMware
vCenter
Cisco
PNSC
Cisco
Nexus
1000V
Virtual Machine
Attributes
Po
rt
Pro
file
s
VSNs vPath
MSFT
SCVM
M
Cisco
PNSC
Cisco
Nexus
1000V
Virtual Machine
Attributes
Po
rt
Pro
file
s
VSNs vPath
47
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Nexus 1110
VMware ESX VMware ESX
VSM VSG*
WS 2012 Hyper-V WS 2012 Hyper-V
VSM NAM VSG
Existing Nexus 1010 virtual blades support EITHER hypervisor environment
VEM-2 vPath VXLAN
VEM-1 vPath VXLAN
VEM-2 vPath VXLAN?
VEM-1 vPath VXLAN?
Cloud Services Appliance – Nexus 1110 Consistent Hosting Platform across Hypervisors
48
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
Cisco Nexus 1000V for Hyper-V
– Nexus 1000V/Hyper-V architecture Overview
– Design Consistency across hypervisors
– SCVMM Networking Concepts
– Nexus 1000V Integration with SCVMM
– Deploying Nexus 1000V for Hyper-V
– Demo
Cisco Nexus 1000V for KVM
Resources Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
49
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts
Logical Networks
Network Sites
VM Networks
Port Classifications
Logical Switch
Multiple user-defined constructs
50
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Host5
VM VM VM
Host6
VM VM VM
Host3
VM VM VM
Host4
VM VM VM
Host1
VM VM VM
Host2
VM VM VM
Logical Network
Microsoft SCVMM Networking Concepts Logical Networks & Network Sites
51
Network Site2
San Jose Seattle
Network Site3 Network Site1
Logical Network = { Network Sites }; Network Sites = {(Hosts, VLAN/IP-Subnets) }
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts Logical Networks & Network Sites
52
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts VMs are bound to VM Networks
53
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts Port-Classifications
Extensible vSwitch
VM VM VM VM
VNICs
Bundling of profiles
from each extension
is port-classification
PNICs
Port-Classification = {Forwarding Profile, Filtering Profile, Capture Profile} per VNIC
54
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts
Switch Template created on SCVMM - allows consistent configuration on all HyperV Hosts where Logical Switch is instantiated
Logical Switch = {Switch extensions, Uplink Profiles, Port-classifications}
Logical Switch
55
Extensible vSwitch
VM VM VM VM
VNICs
PNICs
Choose the port-classifications allowed by this logical switch
Choose the extensions supported by this logical switch
Choose the uplink profiles (VLANs and network policies to be applied to this logical switch
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts
Choose network
– VM Network
– VM Subnet is tied to the Network (1:1)
Choose IP address type
– Can be dynamic (DHCP) or statically assigned
– Choose IP pool for static IPs
Choose Port Profile Classification
– Policy (QoS, Security, Monitoring)
– A Classification refers to a Port Profile
Associating VM VNICs to VM Networks & Port-classifications
Network Profile
Policy Profile
56
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Logical Network ‘DMZ’
Microsoft SCVMM Networking Concepts Putting everything together
57
Network-site ‘DMZ_POD1’
DMZ_Pod1_Subnet1
DMZ_Pod1_Subnet2
DMZ_Pod1_Subnet3
Network-site ‘DMZ_POD2’
DMZ_Podz2_Subnet4
DMZ_Pod2_Subnet5
DMZ_Pod2_Subnet6
Clients VM VM VM
IP-Pool1
IP-Pool2
IP-Pool3
IP-Pool4
IP-Pool5
IP-Pool6
Guests VM VM
Servers
VM VM
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
Cisco Nexus 1000V for Hyper-V
– Nexus 1000V/Hyper-V architecture Overview
– Design Consistency across hypervisors
– SCVMM Networking Concepts
– Nexus 1000V Integration with SCVMM
– Deploying Nexus 1000V for Hyper-V
– Demo
Cisco Nexus 1000V for KVM
Resources Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
58
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Terminology
SCVMM Terminology Cisco Nexus 1000V Terminology
Logical Networks Logical Networks
Network Sites Network Segment Pools
VM Networks Network Segments
IP-Pools IP-Pools & IP-Pool Templates
Port-Classifications Port-profiles
59
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
nsm logical network DMZ
# nsm network segment pool DMZ_POD1
# member-of logical network DMZ
# nsm network segment DMZ_POD1_SUBNET1
member-of network segment pool DMZ_POD1
switchport mode access
switchport access vlan 20
ip pool import template DMZ_POD1_Pool1
# nsm network segment DMZ_POD1_SUBNET2
member-of network segment pool DMZ_POD1
switchport mode access
switchport access vlan 21
ip pool import template DMZ_POD1_Pool2
# nsm network segment DMZ_POD1_SUBNET3
member-of network segment pool DMZ_POD1
switchport mode access
switchport access vlan 22
ip pool import template DMZ_POD1_Pool3
Cisco Nexus 1000V for Hyper-V Defining “Network sites” and “VM Networks”
Network Site “DMZ_POD1”
VM Network DMZ_POD1_SUBNET1
VM Network DMZ_POD1_SUBNET2
VM Network DMZ_POD1_SUBNET3
Logical network “DMZ”
60
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Current N1KV/ESX Version N1KV/Hyper-V Version
Network Segments and Port Profiles Splitting the port-profile into “Network Connectivity” and “Policy”
# port-profile db-client
ip port access-group dbclient in
no shut
state enabled
# port-profile db-server
ip port access-group dbserver in
no shut
state enabled
#nsm network segment db-network
switchport mode access
switchport access vlan 10
Data Base Clients Data Base Servers
Data Base Network (VLAN 10)
VM VM VM VM
# port-profile db-client
switchport mode access
switchport access vlan 10
ip port access-group dbclient in
no shut
state enabled
# port-profile db-server
switchport mode access
switchport access vlan 10
ip port access-group dbserver in
no shut
state enabled 61
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for Hyper-V Operational Model with SCVMM
Networks & policies
synced to SCVMM
Adds hosts to N1KV
Connects VMs (VNICs) to
VM Networks
Nexus
1000V
VEM
Server
Nexus 1000V
VSM
WS 2012 Hyper-V
SCVMM
Network
Admin
Create networks and
policies (logical
networks, network
sites, VMnetworks)
SCVMM manages the placement and
live-migration of the VMs based on the
constraints between VM networks and
the network sites.
VM VM VM VM
Server
Admin
1
2
3
4
5
62
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V PowerShell Cmdlets Available from http://developer.cisco.com/web/n1k/hyperv
Open a connection to VSM from PowerShell using the credentials
Identify the required
PowerShell CmdLets
Run the Cmdlet directly from
the PowerShell Prompt
Parse the response for the required information
PowerShell CmdLet: <Action>-N1k<Object>
Action Verbs
Create an object* New
Read an object Get
Update an object Set
Delete an object Remove
*Objects can be Logical Networks, VM networks, Port-profiles, IP-Pools, Port-profiles etc.
Write/Update Operations are only supported on limited set of objects
Examples
Create a Logical Network* New-N1kLogicalNetwork()
Read port-profile info Get-N1kPortProfile()
Update an IP-Pool Set-N1kPoolTemplate()
Remove network segment Remove-N1kNetworkSegment()
63
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for Hyper-V Accessing N1KV with PowerShell CmdLets
Set-N1kIpPoolTemplate
Set-N1kLogicalNetwork
Set-N1kNetworkSegment
Set-N1kNetworkSegmentPool
Get-N1kPortProfile
Get-N1kUplinkPortProfile
Get-N1kUplinkPorts
Get-N1kVirtualPortProfile
Get-N1kVirtualPorts
Get-N1kVsemSystemInfo
New-N1kIpPoolTemplate
New-N1kLogicalNetwork
New-N1kNetworkSegment
New-N1kNetworkSegmentPool
New-N1kVMNetwork
Remove-N1kIpPoolTemplate
Remove-N1kLogicalNetwork
Remove-N1kNetworkSegment
Remove-N1kNetworkSegmentPool
Remove-N1kVMNetwork
64
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Security Profiles Device Profiles VM attributes
Port Profiles Interactions
VM/Network Attributes
Packets (Slow-Path)
VM-to-IP Binding
Packets (Fast-Path)
Cisco Virtual Security Gateway System Architecture
Hyper-V Servers
Nexus 1000V VEM vPath
Microsoft
SCVMM
VSM VSM VSN
VSG
Packets (Fast-Path)
Cisco Prime Network Services
Controller (PNSC)
65
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Virtual Security Gateway Defining Security Policies
Security Profile
Policy Set
Policy 2
Rule 1
Rule 2
Rule N
Policy N
Rule 1
Rule 2
Rule N
Policy 1
Rule 2
Rule N
Rule 1
Rule is analogous to an Access Control Entry; Policy is analogous to an ACL
66
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for Hyper-V
Xian SCOM Plugin for Nexus 1000V
Monitors
– Availability (ICMP and SNMP)
– TCP Connections
– Uptime
– Traffic, total, error etc.
– Bandwidth
SCOM Management Plugin from Jalasoft
67
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Overview
Cisco Nexus 1000V for Hyper-V
– Nexus 1000V/Hyper-V architecture Overview
– Design Consistency across hypervisors
– SCVMM Networking Concepts
– Nexus 1000V Integration with SCVMM
– Deploying Nexus 1000V for Hyper-V
– Demo
Cisco Nexus 1000V for KVM
Resources Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
68
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Installation
Prerequisites
• WS2012 or later
• SCVMM 2012 SP1 UR2 v. 3.1.6020.0 or later
• Windows Active Directory Service
• Enable Hyper-V Cmdlets in PowerShell on Hyper-V hosts (with VEM)
System Requirements
• Hardware Requirements: none other than those imposed by Hyper-V role
• VSM VM Requirements: 4GB hard disk, 4GB RAM, 4 NICs
VSM Configuration
• Need VSM IP-address
• VSM Domain ID (1 to 1023)
• Layer 3 connectivity between VSM and the VEMs
• TCP Port 80 open between SCVMM and VSM
Prerequisites & System Requirements
69
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Installation
Virtual Supervisor Module ISO (n1000vh-dk9.5.2.1.SM1.5.1.iso)
Virtual Ethernet Module MSI package (Nexus1000V-VEM-5.2.1.SM1.5.1.msi)
Cisco VSEM Provider MSI package (Nexus1000V-VSEMProvider-5.2.1.SM1.5.1.msi)
Cisco SCVMM VM Template (Cisco Nexus1000V VSM Template)
Installation Package Contents
70
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Installation Simple 4-step deployment process
Download Nexus 1000V image
• Go to http://www.cisco.com/go/1000v/hyper-v
• Click on the Download link
Install N1KV Components into
SCVMM
• Install Cisco Nexus 1000V VSEM Provider MSI
• Install Cisco VSM Template File
• Copy VEM to SCVMM Switch Extension Location
• Copy VSM ISO to SCVMM Library
Install and Configure VSM
• Create Microsoft switch for VSM Connectivity
• Install VSM VM using SCVMM VM template
• Configure VSM
Configure SCVMM Fabric
• Add N1KV Switch Extension manager to SCVMM
• Create Logical Switch
• Create VM Networks
71
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Installation Virtual Switch Extension Manager (VSEM) & Logical Switch
VSEM Port-classifications –
defines network policy
for virtual machine
interfaces
Logical Switch
Uplink Profiles –
defines VLANs and
network policy to be
applied to the server
uplink
72
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V Installation
Choose network
– VM Network
– VM Subnet is tied to the Network (1:1)
Choose IP address type
– Can be dynamic (DHCP) or statically assigned
– Choose IP pool for static IPs
Choose Port Profile Classification
– Policy (QoS, Security, Monitoring)
– A Classification refers to a Port Profile
Associate VM VNICs to VM Networks & Port-classifications
73
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Publishing Logical Networks Nexus 1000V VSM publishes Logical Networks to SCVMM
74
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Add a host (VEM) to Nexus 1000V Configure Logical switch & Uplink on one or more Physical adapters
75
Select Fabric tab
Select the host
Right-Click for Properties
Select Virtual Switches
For each uplink, select N1KV as the logical switch & the uplink port-profile
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Add a Veth to a host (N1KV VEM) Configure Logical switch & Uplink on one or more Physical adapters
76
Select “VM & Services” tab
Select the host
Select the VM
Right-Click for Properties
Select Hardware Configuration
Select Network Adapters
Select VM Network and Logical Switch
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Update
Cisco Nexus 1000V for Hyper-V
– Nexus 1000V/Hyper-V architecture Overview
– Design Consistency across hypervisors
– SCVMM Networking Concepts
– Nexus 1000V Integration with SCVMM
– Deploying Nexus 1000V for Hyper-V
– Demo
Cisco Nexus 1000V for KVM
Resources Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
77
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Win 2012 Hyper-V
Win 2012 Hyper-V
NAM
Demo Topology
Nexus 1000V VSM
Nexus
1000V
VEM
Nexus
1000V
VEM
Configure the port-profiles so that web-server access is restricted: • Employee can access • Contractor is restricted
NAM (or any other monitoring tool) can be configured to analyze the VM-to-VM traffic using ERSPAN on N1KV.
Contractor Employee Web
Server
78
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public 79
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Update
Cisco Nexus 1000V for Hyper-V
– Nexus 1000V/Hyper-V architecture Overview
– Design Consistency across hypervisors
– SCVMM Networking Concepts
– Nexus 1000V Integration with SCVMM
– Deploying Nexus 1000V for Hyper-V
– Demo
– What is new with v1.5.2?
Cisco Nexus 1000V for KVM
Resources Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
80
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
What is new with N1KV/Hyper-V v1.5.2?
Support for Windows Server 2012 R2
Additional PowerShell Commands
Multi-hypervisor Licensing
VSG/PNSC support for VM and Custom attributes
R2 support, VSG with VM-attributes, multi-hypervisor licensing
81
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
What is new with N1KV/Hyper-V v1.5.2?
CRUD Operations for User-creation
– To Create/Read/Update/Delete VSM user account information
– Get-User, New-User, Set-User, Remove-User
Managing SPAN & ERSPAN sessions
– To Create/Read/Update/Delete SPAN/ERSPAN session information
– Get-Session, New-Session, Set-Session, Remove-Session
CRUD operations for port-profiles
– To Create/Update/Delete port-profiles
– New-PortProfile, Set-PortProfile, Remove-PortProfile
New REST-APIs & PowerShell Commands
82
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
What is new with N1KV/Hyper-V v1.5.2? Multi-hypervisor Licensing
Before v1.5.2
• Separate Advanced Licenses for each hypervisor version
• Licenses for one hypervisor won’t work on other hypervisors
After v1.5.2
• Existing N1KV Licenses can be used for N1KV/Hyper-V
• If you already bought N1KV/Hyper-V, we will issue new universal licenses
83
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Condition
What is new with N1KV/Hyper-V v1.5.2? Virtual Security Gateway with support for VM & Custom attributes
VM Attributes
VM Name
Guest OS name
Port Profile Name
VM DNS Name
Network Attributes
IP Address
Network Port
Operator
eq
neq
gt
lt
range
Not-in-range
Prefix
Operator
member
Not-member
Contains
And (Global Level)
Or (Global Level)
Source
Condition
Destination
Condition Action
Rule
Attribute Type
Network
VM
User Defined
vZone
Condition Match
Criteria
Match All (And)
Match Any (Or)
84
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Virtual Security Gateway use-case Secure zoning using VM attributes
Source Destination Protocol Action
Zone=TRNG Zone=TRNG Any Permit
Any Zone=TRNG Any Permit
Zone=TRNG Any Any Drop
If vm-name contains “TRNG”, that VM belongs to TRNG zone
Database Servers
VM VM VM VM VM VM VM VM VM VM
Training Servers
VM VM VM VM VM VM VM VM VM VM
Dev Servers
VM VM VM VM VM VM VM VM VM VM
Exchange Servers
VM VM VM VM VM VM VM VM VM VM
R&D Servers
VM VM VM VM VM VM VM VM VM VM
QA Servers
VM VM VM VM VM VM VM VM VM VM
85
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Update
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000V for KVM
Resources
Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
86
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for KVM Integration with KVM & OpenStack
Nexus
1000V
VEM
Server
Nexus 1000V
VSM
OpenStack Controller
Nova Service
Network
Admin
VM VM VM VM
Cloud
Admin
Horizon Service
Neutron Service
Other Services
87
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for KVM
Expand Cisco Nexus 1000V support to KVM
Tight Integration with OpenStack – Neutron Service Integration
– Deployment Integration
– REST-APIs
VXLAN Support – Without IP multicast
– Ease VXLAN deployment
Highly Scalable Platform
88
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for KVM
Nexus 1000V
REST API
KVM
Tenant 1
Virtual Services
vWAAS
VSG ASA 1KV
Tenant 3
ASA 55xx
Physical Workloads
Physical
(VLAN)
Network
VXLAN – VLAN Gateway
Virtual Workloads
Tenant 2
Nexus 1000V Neutron Plug-in
OpenStack
89
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Neutron Architecture
Clients Neutron Service Backend Networks
Physical and Virtual
91
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Basic Neutron Abstractions & APIs
• Create, Delete, Update
• List, Show
Networks
• Create, Delete, Update
• List, Show
Subnets
• Create, Delete, Update
• List, Show
Ports
Neutron
92
What is new with N1KV/ESX?
93
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Nexus 1000V for VMware vSphere?
Increased Scale
• 128 hosts
• 300 ports per host
• 4000+ ports per VSM
Simplified VXLAN Deployment
• No IP-multicast requirement
• VSM distributes relevant VXLAN info to all VEMs
• Flooding avoidance through MAC distribution
• Head-end replication to reduce broadcast traffic
VXLAN Gateway
• Seamless integration with Physical network (VXLAN to VLAN bridging)
• Hosted as a VM on any ESX host
• Support for hi-availability (active/standby)
What is new in v2.2?
94
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Citrix NetScaler 1000V in Cloud Services Portfolio
VSM = Virtual Supervisor Module
DCNM = Data Center Mgt. Center
Nexus 1000V
vPath
Any Hypervisor
VM VM VM
• Citrix Best-in-Class virtual application delivery
controller (vADC)
• Sold and supported by Cisco
• Integrated with Nexus 1110/1010, vPath
Cisco Cloud Network Services (CNS) Citrix
NetScaler
1000V
Prime virtual
NAM
Imperva
SecureSphere
WAF
Virtual
Security
Gateway
Nexus 1110 Cloud Services Platform
VSM VSM DCNM*
Citrix
NetScaler
1000V
100
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Hypervisor
App Tier Virtual Services DB Tier
VM
VM
VM
VM
VM
VM
Data vPath Cisco vPath
Hypervisor
Cisco vPath
• With vPath there is no Source NAT required on SLB to receive return traffic. NetScaler 1000V
dynamically inserts flow entry in vPath
• Supports Use Source IP without Application changes
Citrix NetScaler 1000V with vPath
VM
VM
VM
VM
VM
VM
1
2
3
4 5
6
101
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
VSM VSM
Agenda
Cisco’s Virtual Networking Vision
Cisco Nexus 1000V Portfolio Update
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000V for KVM
Summary & Resources
– Reference Solutions
– Webinars
– Deployment Guides, Cheat Sheets
Cisco Nexus 1000V
Cloud Network Services
vPath
VSG ASA1000V vWAAS NAM CSR NetScaler
1000V
102
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Converged Infrastructure
Virtual Desktop
DC to DC VM Migration
DC-wide Mobility
Secure Multi-tenancy
Private & Public Clouds
Validated Designs VMware vSphere
WS 2012 Hyper-V
KVM & others
VSG, ASA1000V
vWAAS, CSR
Ecosystem Partners
vCloud Director
SCVMM, Openstack
InterCloud
Cisco Virtual Networking Solution Summary
Powered by Nexus 1000V
Multi-Cloud
Multi-Service
Multi Hypervisor
Reduced time to deploy
Reduced Risk
Investment Protection
Consistent Feature-set
Consistent Network Services
Consistent Operational Model 103
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Reference Solutions With Nexus 1000V, Nexus 1010, VSG & vWAAS
vBlock with Nexus 1000V; Vblock with VSG and vWAAS
FlexPOD with Nexus 1000V and Nexus 1010
Virtual Multi-tenant Data Center with Nexus 1000V
Virtual Desktop
– 1000V and VMware View
– 1000V and Citrix XenDesktop
– 1000V and VSG in VXI Reference Architecture
Virtual Workload Mobility (aka DC-to-DC vMotion)
– Cisco, VMware and EMC (with 1000V and VSG)
– Cisco, VMware and NetApp (with 1000V and VSG)
PCI 2.0 with Nexus 1000V and VSG
104
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Additional N1KV/Hyper-V Resources
Cisco Nexus 1000V for Microsoft Hyper-V: http://www.cisco.com/go/1000v/hyper-v
Cisco Virtual Security Gateway: http://www.cisco.com/go/vsg
Cisco Nexus 1000V Portfolio: http://www.cisco.com/go/1000v
N1KV PowerShell: http://developer.cisco.com/web/n1k/hyperv
N1KV Community Site: http://www.cisco.com/go/1000vcommunity
Cisco-Microsoft Partnership: http://www.cisco.com/go/microsoft
105
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Additional Nexus 1000V Portfolio Resources
CCO Links
– 1000V: www.cisco.com/go/1000v
– 1010: www.cisco.com/go/1010
– VSG: www.cisco.com/go/vsg
– VNMC: www.cisco.com/go/vnmc
– vWAAS: www.cisco.com/go/waas
– NAM on 1010: www.cisco.com/go/nam
White papers:
– Nexus 1000V and vCloud Director
– N1K on UCS Best Practices
– Nexus 1000V QoS White paper (draft)
– VSG and vCloud Director (draft)
– vWAAS Technical Overview, vWAAS for Cloud-ready WAN Optimization
Cheat Sheets
– Nexus 1010 Configuration Cheat Sheet v.2.0 – https://communities.cisco.com/docs/DOC-28188
– Nexus 1000V with UCS Configuration Cheat Sheet v.1.1
– https://communities.cisco.com/docs/DOC-28187
– More on the way
Deployment Guides
– Nexus 1000V Deployment Guide
– Nexus 1000V on UCS – Best Practices
– Nexus 1010 Deployment Guide
– VSG Deployment Guide
My Cisco Community: www.cisco.com/go/1000vcommunity
106
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Cisco Cloud Lab Hands On Training & Demos
Hands on labs available for Nexus 1000V and VSG in Cloud Lab
https://cloudlab.cisco.com
Open to all Cisco employees
Customers/Partners require sponsorship from account team for access via CCO LoginID
Extended duration lab licenses for 1000V and VSG are available upon request
107
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Additional Nexus 1000V Public Links
N1K Download and 60-day Eval: www.cisco.com/go/1000vdownload
N1K Product Page: www.cisco.com/go/1000v
N1K Community: www.cisco.com/go/1000vcommunity
N1K Twitter www.twitter.com/official_1000V
N1K Webinars: www.cisco.com/go/1000vcommunity
N1K Case Studies: www.tinyurl.com/n1k-casestudy
N1K Whitepapers www.tinyurl.com/n1k-whitepaper
N1K Deployment Guide: www.tinyurl.com/N1k-Deploy-Guide
VXI Reference Implementation: www.tinyurl.com/vxiconfigguide
N1K on UCS Best Practices: www.tinyurl.com/N1k-On-UCS-Deploy-Guide
108
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Call to Action…
Visit the World of Solutions:-
Cisco Campus
Walk-in Labs
Technical Solutions Clinics
Meet the Engineer
Lunch Time Table Topics, held in the main Catering Hall
Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014
109
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Complete your online session evaluation
Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt
Complete Your Online Session Evaluation
110
IP Pools in SCVMM
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts IP Pools – Who does IP Address Management?
113
Who decides on IP address ranges?
– Network admin
– SCVMM admin
Who allocates IP Addresses?
– DHCP Server as part of network infrastructure
– SCVMM as part of VM creation and replication
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
Microsoft SCVMM Networking Concepts IP Pools - Address Ranges Chosen and Allocated by an external DHCP Server
114
#nsm ip pool template name my-dhcp-pool
description “Pool for DHCP segments”
dhcp
#nsm network segment mydhcpnet1
ip-pool my-dhcp-pool
#nsm network segment mydhcpnet2
ip-pool my-dhcp-pool
Clients Servers
DHCP
Server
mydhcpnet1
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
IP Pools Created for SCVMM by Nexus 1000V IP Ranges Chosen by Nwk Admin, Individual IP Addresses allocated by SCVMM
115
# nsm ip pool template DMZ_POD1_Pool1
Ip address 10.10.11.2 10.10.11.254
subnet-mask 255.255.255.0
gateway 10.10.11.1
dns-servers 192.168.1.2
#nsm network segment DMZ_POD1_SUBNET1
ip pool import template DMZ_POD1_Pool1
© 2014 Cisco and/or its affiliates. All rights reserved. BRKVIR-2017 Cisco Public
IP Pools Created and Allocated by SCVMM IP Address Ranges Chosen and Allocated by Server Admin
116
# network-segment mysubnet1
# <no reference to ip-pool>
