Cisco Nexus 1010 Overview and Deployment€¦ · VEM-1 VEM-2 VEM-N Nexus 1000V Architecture VSMs hosted on a Physical Appliance: Nexus 1010

Sal Lopez Technical Marketing Engineer SAVBU

Cisco Nexus 1010 Overview and Deployment

Software Switch for VMware vSphere and vCloud Director

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential N1K 2

Date Business Sessions 22-‐Mar Nexus 1000V Family Overview and Update

5-‐Apr Virtual Network Services (vPath, NAM, vWAAS)

19-‐Apr Virtual Security Gateway Introduction

3-‐May Journey to the Cloud w/ N1KV: vCloud Director & Long Distance vMoNon

17-‐May Secure VDI with Nexus1000V & VSG

Date Technical Sessions 29-‐Mar Nexus 1000V New Features and InstallaNon

Overview

12-‐Apr Nexus1010 InstallaNon & Upgrade

26-‐Apr Virtual Security Gateway InstallaNon and Basic ConfiguraNon

10-‐May Nexus 1000V Advanced ConfiguraNon

24-‐May Nexus 1000V TroubleshooNng

Nexus 1000V Public Webinar Series


Nexus 1000V “My Community”

www.cisco.com/go/1000vcommunity








Nexus 1000V Screencasts


Nexus 1000V Screencasts

Cisco Confidential 8 © 2010 Cisco and/or its affiliates. All rights reserved.


Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Server 1 Server 2 Server 3

Nexus 1000V Architecture Comparison to a Physical Switch


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Nexus 1000V Architecture Moving to a Virtual Environment


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Nexus 1000V Architecture Supervisors Virtual Supervisor Modules (VSMs)

VSM1

VSM2

Virtual Appliance


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

VSM1

VSM2

Virtual Appliance

Nexus 1000V Architecture Linecards Virtual Ethernet Modules (VEMs)

VEM-N VEM-1 VEM-2


ESX ESX ESX

VSM1

VSM2

Virtual Appliance

Nexus 1000V Architecture VSM + VEMs = Nexus 1000V Virtual Chassis

VEM-N VEM-1 VEM-2

VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module

•  64 VEMs per 1000V (connected by L2 or L3)

•  200+ vEth ports per VEM •  2K vEths per 1000V •  Multiple 1000Vs can be created per vCenter

L2 M

ode

L3 M

ode


ESX ESX ESX

VSM1

VSM2

Virtual Appliance

Nexus 1000V Architecture Customer Request: Host VSMs on a Physical Appliance

VEM-N VEM-1 VEM-2


L2 M

ode

L3 M

ode

•  200+ vEth ports per VEM •  64 VEMs per 1000V •  2K vEths per 1000V •  Multiple 1000Vs can be created per vCenter

Physical Appliance?


Virtual Appliance

ESX ESX ESX

Nexus 1010

VSM-A1 VSM-A4

VSM-B1 VSM-B4


•  200+ vEth ports per VEM •  64 VEMs per 1000V •  2K vEths per 1000V •  Multiple 1000Vs can be created per vCenter

VEM-N VEM-1 VEM-2

Nexus 1000V Architecture VSMs hosted on a Physical Appliance: Nexus 1010

•  Up to 4 VSMs per Nexus 1010

• Nexus 1010s deployed in redundant pair

L2 M

ode

L3 M

ode

…

…


Embedding Intelligence for Virtual Services vPath – Virtual Service Datapath

Virtual Appliance

VSM

VEM-1 vPath

VEM-2 vPath

L2 M

ode

L3 M

ode

ESX ESX

vPath •  Virtual Service Datapath VSG •  Virtual Security Gateway for 1000v vWAAS •  Virtual WAAS

vWAAS VSG

vPath •  Traffic Steering •  Fast -Path Offload

• Nexus 1000V ver 1.4 & above


Nexus 1010 – Hosting Platform for Services

Virtual Appliance Nexus 1010

VSM-A1 VSM-A4

VSM-B1 VSM-B4

NAM

NAM

L2 M

ode

L3 M

ode

*VSG on 1010 target: 2Q CY11

vPath •  Virtual Service Datapath VSG •  Virtual Security Gateway for 1000v vWAAS •  Virtual WAAS

VEM-1 vPath

VEM-2 vPath

ESX ESX

vWAAS VSG

Sal Lopez Technical Marketing Engineer SAVBU

Cisco Nexus 1010 Overview and Deployment


Agenda

§  Nexus 1010 Hardware and Software

§  Nexus 1000V VSM connectivity on Nexus 1010

§  Nexus 1010 Network Integration and Data Center Design

§  Nexus 1010 Virtual Service Blade Configuration and Verification

§  Nexus 1010 Upgrade Process


Nexus 1010 Hardware and Software

Software Switch for vSphere 4.0 and 4.1


Nexus 1010 Hardware Configuration

Based on UCS Physical Appliance §  2 x Intel X5650- 2.66GHz, 6 core §  16 GB RAM §  2 x 500GB SATA-II HDD §  1 x Quadport GE NIC Card §  1 x Serial Port §  1 x Rail-Kit


Nexus 1010 Ports and Components §  Cisco Integrated Management Controller for lights out, out of band

management (use KVM cable to setup), similar to CMP for other NX-OS switches

§  6 Gigabit Ethernet ports (2 LOM for management/control, 4 on PCIe card)

1 Power supply (one) 2 CIMC port (RJ-45) 10/100 Mbps3 USB 2.0 connectors (two) 4 Serial connector (DB9)5 Video connector (15-pin VGA) 6 Gigabit Ethernet Ports (1 and 2)7 Gigabit Ethernet ports (3 to 6) 8 Standard-profile PCIe card slot (not used)


Nexus 1010 Virtual Service Blade

§  The Nexus 1010 comes with a new concept of Virtual Services called Virtual Service Blade (VSB)

§ Shipping today: VSM virtual service blade NAM virtual service blade

§ VSG, DCNM in future releases

Nexus 1000V VSM

Nexus 1010 Manager

Network Analysis Module*

* Optional virtual service blade add-on


Nexus 1010 Scalability

Nexus 1000V VSM Nexus 1000V VSM Nexus 1000V VSM Nexus 1000V VSM

Nexus 1010 Manager

Network Analysis Module

Nexus 1010 Manager: Cisco management experience

Manages a total of 5 virtual service blades (ie. 4 VSMs and 1 NAM)

Each VSM can manage up to 64 VEMs (256 total VEMs)


Feature Comparison

VSM as VM VSM on Nexus 1010

Nexus 1000V features and scalability VEM running on vSphere 4 Enterprise Plus NX-OS high availability of VSM Software-only deployment Installation like a standard Cisco switch

Network Team owns/manages the VSM VSM Isolation from production VM environment in case of outage Least number of steps to deploy VSM


Nexus 1010 Managed By Network Team

§ VSM planned and deployed on networking equipment

§ Access to console consistent with existing network gear (no additional software needed)

§  Troubleshoot via Cisco NX-OS CLI § Nexus 1010 platform can be managed via SNMP § Secured by AAA


Nexus 1010 High Availability § Process HA at NX-OS level

• Modular OS based on Linux

§ Virtual Service Blade redundancy • Nexus 1010 automation and state synchronization • Create primary VSM once and secondary VSM gets created for you

§ Chassis Level Redundancy • Deployed in pairs • Same mechanisms used as redundant supervisors on switches • Prevent split brain scenario with CIMC as backup connection

§ Network Level Redundancy • Flexible network integration options with traffic isolation, trunking and LACP


Nexus 1000V VSM connectivity on Nexus 1010



VSM to VEM Communications

VM VM VM VM

Nexus 1000V VSM On Nexus 100

L2 Network

Control VLAN • Extend the usual backplane of the switch over the network • Carries low level messages to ensure proper configuration of the VEM. • Maintains a 1 sec heartbeat with the VSM to the VEM (timeout of 6 seconds) • Maintains syncronization between primary and secondary VSMs Packet VLAN For control plane processing like CDP, IGMP snooping, or stat collections like SNMP, Netflow

Control VLAN Packet VLAN

Two virtual interfaces are used to communicate between the VSM and VEM


Layer 2 connectivity of the VSM and VEM

VM VM VM VM

L2 Network

Control VLAN Packet VLAN

§ For L2 deployment, Control and Packet VLAN needs to be configured end to end to allow communication between the VSM and the VEM If those VLANs are not configured end to end the VEM will not show up even if it looks like it is in vCenter Control VLAN and Packet VLAN needs to be configured as system VLAN on the uplink port-profile Can use 1 or 2 VLANs for Control/Packet traffic Nexus 1000V VSM

On Nexus 100


Layer 3 connectivity of the VSM and VEM

VM VM VM VM

L3 Network

For L3 Control, L2 adjacency for Control and Packet not required

VSM uses a svs mode type layer 3 using either the control0 Interface or the mgmt0 interface User can specify an IP address for control0 to use a separate network for VEM – VSM communication svs-domain svs mode L3 interface (control0 | mgmt0)

Nexus 1000V VSM On Nexus 100


Nexus 1010 Network Integration and Data Center Design



Nexus 1010 Network Integration Design

There are 4 uplink options to connect the Nexus 1010 to the Network

This will influence how the control, packet, management and data information will be connected to rest of the network


Nexus 1010 Network Integration – Uplink Type 1

§  Nexus 1010 uplink type 1:Ports 1 and 2 carry Management, Control and Data traffic

N1010-1 Active Chassis

N1010-2 HA-Standby Chassis

Eth1 Eth2 Eth1 Eth2

Sample Topology: Common L2 Network with upstream switch N5K/N2K

Active VSM HA-Standby VSM

Upstream Switch Access Ports: interface ethernet 101/1/1-2 !-- multiple vlans trunked across link switchport mode trunk !--only allow mgmt, control and data vlans switchport trunk allowed vlan 170,250-251 !-- enable portfast edge spanning-tree port type edge trunk

Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Total Bandwidth per device is 1Gbps


Eth1 Eth2 Eth2 Eth1



Setup 2 Setup 1



§  Nexus 1010 uplink type 2:Ports 1 and 2 carry Management and Control; Ports 3-6 carry Data traffic

§  Can use clustered switch technology (MCEC, vPC, VSS, etc.) for max bandwidth Sample Topology: Common L2 Network, upstream switch N5K/N2K with vPC

Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Eth3-6:forwarding in LACP bundle Total Bandwidth per device is 5Gbps


E1 E2 E2 E1



E3 E4 E5 E6 E3 E4 E5 E6

1 2

6 1

2 3 4 5

3 4 5 6

Upstream LACP Ports (both switches): interface ethernet 101/1/2, 101/1/4 !-- multiple vlans trunked across link switchport mode trunk !-- only allow mgmt, control and data vlans switchport trunk allowed vlan 251 !-- enable portfast edge spanning-tree port type edge trunk !-- add interface to port-channel, this is a vpc channel-group 1010 mode active !-- this is a unique vpc for N1010-1 interface port-channel 1010 vpc 1010

**Config must be repeated for N1010-2 on interfaces 101/1/5-6


Nexus 1010 Network Integration – Uplink Type 3 (Most Common for VSM Deployment)

§  Nexus 1010 uplink type 3:Ports 1 and 2 carry Management; Ports 3-6 carry Control and Data traffic

§  Can use clustered switch technology (MCEC, vPC, VSS, etc.) for max bandwidth Sample Topology: Common L2 Network, upstream switch N5K/N2K with vPC

Upstream LACP Ports (both switches): interface ethernet 101/1/2, 101/1/4 !-- multiple vlans trunked across link switchport mode trunk !-- only allow mgmt, control and data vlans switchport trunk allowed vlan 250-251 !-- enable portfast edge spanning-tree port type edge trunk !-- add interface to port-channel, this is a vpc channel-group 1010 mode active !-- this is a unique vpc for N1010-1 interface port-channel 1010 vpc 1010

**Config must be repeated for N1010-2 on interfaces 101/1/5-6 Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Eth3-6:forwarding in LACP bundle Total Bandwidth per device is 5Gbps


E1 E2 E2 E1



E3 E4 E5 E6 E3 E4 E5 E6

1 2

6 1

2 3 4 5

3 4 5 6



§  Nexus 1010 uplink type 4:Ports 1 and 2 carry Management; Ports 3 and 4 carry Control, Ports 5 and 6 carry Data traffic

Upstream Switch Access Ports: interface ethernet 101/1/1 !-- multiple vlans trunked across link switchport mode trunk !-- only allow mgmt, control and data vlans switchport trunk allowed vlan 170 !-- enable portfast edge spanning-tree port type edge trunk

Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Eth3: active (forwarding) Eth4: standby (not forwarding) Eth5: active (forwarding) Eth6: standby (not forwarding) Total Bandwidth per device is 3Gbps


E1 E2 E2 E1



E3 E4 E5 E6 E3 E4 E5 E6

Sample Topology: Common L2 Network with upstream switch N5K/N2K


Nexus 1010 Network Connectivity Summary

Uplink Description

Option 1 Ports 1-2 Carry All Management, Control, and Data Traffic • Really easy to deploy

Option 2 Ports 1-2 Carry Management and Control, Ports 3-6 Carry Data Traffic • Most of the bandwidth available for other Virtual Service Blades (ie. NAM)

Option 3 Ports 1-2 Carry Management, Ports 3-6 Carry Control and Data Traffic • Most bandwidth for VSM Virtual Service Blades and other VSBs

Option 4 Ports 1-2 Carry Management, Ports 3-4 Carry Control, Ports 5-6 Carry Data Traffic • Clear separation of all the different types of traffic


Nexus 1010 in the Access Layer Core

Access

Compute/Virtual Access

Nexus 1000V VEM ESXi

Aggregation

L3

L2

Nexus 1000V VSM VSB

§  L2 Control for VSM to VEM is easier here

All servers/switches below need Control/Packet VLANs L2 Network Services such as VSG (future)

§  L3 Control for VSM possible

§  HA pair can be dedicated per POD or customer

More VSBs available per POD or customer


Nexus 1010 in the Aggregation Layer Core

Access

Compute/Virtual Access

Nexus 1000V VEM ESXi

Aggregation

L3

L2

Nexus 1000V VSM VSB

§  L3 Control for VSM to VEM is more flexible here

IP routing should be robust Suitable for long distance(future)

§  L2 Control for VSM possible

§ HA pair can be shared among PODs or customers

If using L3, there should be IP connectivity to VSM VSB from each POD


Nexus 1010 and VSB Configuration



Nexus 1010 Initial Setup - CIMC


Nexus 1010 Initial Configuration §  Access Console via Telnet or Serial over LAN §  Setup System Admin Account and Basic System Configuration

telnet 172.25.182.99 2005 Trying 172.25.182.99... Connected to 172.25.182.99. Escape character is '^]' ---- System Admin Account Setup ---- Enter the password for "admin": Confirm the password for "admin": Enter HA role[primary/secondary]: primary Enter network-uplink type <1-4>: 1. Ports 1-2 carry all management, control and data vlans 2. Ports 1-2 management and control, ports 3-6 data 3. Ports 1-2 management, ports 3-6 control and data 4. Ports 1-2 management, ports 3-4 control, ports 5-6 data 3 Enter control vlan <1-3967, 4048-4093>: 250 Enter the domain id<1-4095>: 201 Enter management vlan <1-3967, 4048-4093>: 170 Saving boot configuration. Please wait... [########################################] 100%

HA Role for each chassis

Network uplink type for network integration

Domain ID must be unique Mgmt VLAN is shared with VSM


VSM VSB Installation Steps on Nexus 1010

§ Create VSM as VSB on N1010

§ Register certificate as plug-in in vCenter

§ Define ethernet and vethernet port-profile Includes VLANs and physical settings to upstream switch For mac-pinning, upgrade feature level

§  Install VEM using vCenter


Creating and Configuring a VSM VSB

tme-1010-1(config)# virtual-service-blade VSM-1010-1

tme-1010-1(config-vsb-config)# virtual-service-blade-type new nexus-1000v.4.0.4.SV1.3a.iso

tme-1010-1(config-vsb-config)# interface control vlan 251

tme-1010-1(config-vsb-config)# interface packet vlan 252

tme-1010-1(config-vsb-config)# enable

Enter vsb image: [nexus-1000v.4.0.4.SV1.3.iso]

Enter domain id[1-4095]: 203

Management IP version [V4/V6]: [V4]

Enter Management IP address: 10.29.170.84

Enter Management subnet mask: 255.255.255.0

IPv4 address of the default gateway: 10.29.170.1

Enter HostName: VSM-1010-1

Enter the password for 'admin': P@ssw0rd1

tme-1010-1(config-vsb-config)#no shut

One command deploys both Primary and Secondary VSM This is done only for HA aware VSBs

Create and name the VSB


VSB Control and HA Verification §  The Network Admin has total control over the VSB deployment tme-1010-1# show virtual-service-blade

virtual-service-blade AV2-1010-VSM

Description:

Slot id: 2

Host Name: AV2-VSM-1

Management IP: 10.29.170.254

VSB Type Name : VSM-1.0

Interface: control vlan: 254

Interface: management vlan: 170

Interface: packet vlan: 255

Interface: internal vlan: NA

Ramsize: 2048

Disksize: 3

Heartbeat: 132670

HA Admin role: Primary

HA Oper role: ACTIVE

Status: VSB POWERED ON

Location: PRIMARY

SW version: 4.0(4)SV1(3a)

HA Admin role: Secondary

HA Oper role: STANDBY

Status: VSB POWERED ON

Location: SECONDARY

SW version: 4.0(4)SV1(3a)

VSB Info:

Domain ID : 401

VSBs deployed in an HA pair by default (result of enable command).

Verify VSB IP address and Control, Mgmt and Packet VLANs


Nexus 1010 and VSB Network Verification tme-1010-1# show network-uplink type

Administrative topology id: 3

Operational topology id: 3

tme-1010-1# show network summary

-----------------------------------------------------------------------

Port State Speed MTU

-----------------------------------------------------------------------

GigabitEthernet1 up 1000 1500






PortChannel1 up 1000 1500

PortChannel2 up 1000 1500

VbEthernet1/1 up 1000 1500



Po1 represents active/standby bundle between E1 and E2 Po2 represents the LACP bundle between E3-E6

Configured and actual operating topology are shown


NAM Virtual Blade on Nexus 1010 Optimize Application Performance and Network Resources

§  Application Performance Monitoring

§  Traffic Analysis and Reporting Applications, Host, Conversations, VLAN, QoS, etc. Per-application, per-user traffic analysis

§  View VM-level Interface Statistics

§  Packet Capture and Decodes

§  Historical Reporting and Trending

ERSPAN

Nexus 1000V VSM

vSphere

Nexus 1000V VEM

vCenter

NetFlow

NAM Virtual

Blade on Nexus 1010

VM VM VM VM


Creating and Configuring a NAM VSB

N1010-1(config)# virtual-service-blade NAM-VSB

N1010-1(config-vsb-config)# virtual-service-blade-type name NAM-1.0

N1010-1(config-vsb-config)# interface data vlan 180

N1010-1(config-vsb-config)# enable

Enter vsb image: nam-app-x86_64.4-2-1-fc5.iso

Enter Management IPV4 address: 10.29.180.99

Enter Management subnet mask: 255.255.255.0

IPv4 address of the default gateway: 10.29.180.1

Enter HostName: vNAM-1

Setting Web user/passwd will enable port 80. Enter[y|n]: [n] y

Web User name: [admin]

Web User password: P@ssw0rd

N1010-1(config-vsb-config)# no shut

IP address for Web GUI administration

Data VLAN for Non-VSM VSBs


Access NAM VSB via Web GUI

§ Use the previously defined IP address and credentials


Nexus 1010 Upgrade Process



Upgrading the Nexus 1010 Appliance Software (1 of 2)

§ Download new ISO image from CCO

§  Log into active N1010 via console

§ Copy new image over to bootflash

§ Use the install command install nexus1010 bootflash:nexus-1010.4.2.1.SP1.2.iso

§ Save configuration

§  Log into VSM VSB

§ Switch over HA active VSM VSBs to active N1010


Upgrading the Nexus 1010 Appliance Software (2 of 2)

§  From N1010 CLI, reload standby when all active VSM

VSBs are switched over to active ie. reload module 2 if Secondary is standby

§  From withing VSM VSB CLI, switchover HA active VSBs to newly upgraded N1010 (originally standby from above)

§  Reload the original active N1010 Non HA VSBs may experience disruption (NAM)

§  To upgrade VSM NX-OS, please follow N1KV upgrade procedure

Note: Must make Secondary VSM the active first


For More Information

§ Nexus 1010 Virtual Services Appliance Hardware Installation Guide

§ Nexus 1010 Software Installation and Upgrade Guide

§ Nexus 1010 Deployment Guide

§ Nexus 1000V Configuration, Installation and Upgrade Guides

§ NAM VSB Configuration Guide

§ Nexus 1000V Webinar Series

See the following Resources


Date Business Sessions 22-‐Mar Nexus 1000V Family Overview and Update

5-‐Apr Virtual Network Services (vPath, vWAAS, NAM)

19-‐Apr Virtual Security Gateway Introduction

3-‐May Journey to the Cloud w/ N1KV: vCloud Director & Long Distance vMoNon

17-‐May Secure VDI with Nexus1000V & VSG

Date Technical Sessions 29-‐Mar Nexus 1000V New Features and InstallaNon

Overview

12-‐Apr Nexus1010 InstallaNon & Upgrade

26-‐Apr Virtual Security Gateway InstallaNon and Basic ConfiguraNon Overview

10-‐May Nexus 1000V Advanced ConfiguraNon

24-‐May Nexus 1000V TroubleshooNng

Web Sites www.cisco.com/go/1000v

www.cisco.com/go/nexus1010

www.cisco.com/go/vsg

www.cisco.com/go/vnmc

www.cisco.com/go/1000vcommunity (Preso and Q&A posted here)

Sign up at: http://tinyurl.com/1000v-webinar

Thank you.

Documents

Cisco Nexus 1010 Overview and Deployment€¦ · VEM-1 VEM-2 VEM-N Nexus 1000V Architecture VSMs hosted on a Physical Appliance: Nexus 1010