End-to-End Data Center Virtualization - Cisco€¦ · Data Center Virtualization Overview • Front-End Data Center Virtualization. Core Layer. Aggregation Layer. Networking Services

Cisco Public 1© 2010 Cisco and/or its affiliates. All rights reserved.

End-to-EndData Center VirtualizationTomáš Ondovčík

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Virtual SANs / Unified IO

Virtual Storage

Virtual Network ServicesVirtual Firewall Context

Virtual Machines & IO virtualization

Front-End Virtualization

Virtual Firewall Context


Virtual SLBContext

VSSVLAN VRF VPCVDC

vHBAVSANs FCoECNA

Access Layer – Physical and Virtual

• Data Center Virtualization Overview

• Front-End Data Center VirtualizationCore LayerAggregation LayerNetworking ServicesAccess Layer

• Server VirtualizationHypervisorsVirtual Access Layer Server IO Virtualization

• Back-End VirtualizationVirtual HBA & NPVUnified IO & FCoESAN & Storage

• Q&A

http://www.xensource.com/index.html�


CBS 31xx Blade

Nexus 7000End-of-Row

Access Layer

Catalyst 6500End-of-Row

CBS 31xxMDS 9124eNexus 4000

10GbE and 4/8Gb FC Server Access10Gb DCE / FCoE Server Access

1GbE Server Access

Gigabit Ethernet

10 Gigabit Ethernet

10 Gigabit DCE

4/8Gb Fiber Channel

10 Gigabit FCoE/DCE

MDS 9500Storage

SAN BSAN A

Aggregation Layer

Nexus 700010GbE AggCatalyst 6500 or appliances

DC Services

vPC

Nexus 700010GbE Core

vPCCore Layer

Nexus 5000 & Nexus 2000Top-of-Rack

Cisco UCSNexus 5000 &FCoETop-of-Rack

FIP

FIP


• Data Center Virtualization Overview

• Front-End Data Center VirtualizationCore LayerAggregation LayerNetworking ServicesAccess Layer

• Server VirtualizationHypervisorsVirtual Access Layer Server IO Virtualization

• Back-End VirtualizationVirtual HBA & NPVUnified IO & FCoESAN & Storage

• Implementation ExamplesvBlockSecure Cloud

• Q&A

Virtual SANs / Unified IO

Virtual Storage

Virtual Network ServicesVirtual Firewall Context

Virtual Machines & IO virtualization

Front-End Virtualization



Virtual SLBContext

VSSVLAN VRF VPCVDC

vHBAVSANs FCoECNA

Access Layer – Physical and Virtual

http://www.xensource.com/index.html�


Gigabit Ethernet

10 Gigabit Ethernet

10 Gigabit DCE

4/8Gb Fiber Channel

10 Gigabit FCoE/DCE

Nexus 700010GbE Core

vPCCore Layer

Aggregation Layer

Nexus 700010GbE Agg

vPC



Kernel

Infrastructure

Protocol StackVDCA

Nexus 7000 Physical Switch

VDC A

Pro

cess

AB

C

Pro

cess

DE

F

Pro

cess

XY

Z…

Protocol StackVDCB

VDC B

Pro

cess

AB

C

Pro

cess

DE

F

Pro

cess

XY

Z

…

Process “DEF” in VDC B Crashes

Process DEF in VDC A Is Not Affected and Will Continue to Run Unimpeded

ABCD

AB

C D


FIB TCAMSize 128K

ACL TCAMSize 64K

FIB TCAMSize 128K

FIB TCAMSize 128K

FIB TCAMSize 128K

VDC-1IP routes: 20K

ACL entries: 10K

VDC-2IP routes: 100KACL entries: 50K

ACL TCAMSize 64K

VDC-3IP routes: 100KACL entries: 50K

ACL TCAMSize 64K

ACL TCAMSize 64K

Linecard 1 Linecard 2

Linecard 3Linecard 4

Separate Resource Allocation Domains (Layer 3)


Vertical and Horizontal Consolidation• Lead with separate physical boxes as they provide the most scalable solution.

• Combined vertical & horizontal consolidation in small to medium designs

• Power, cooling and real estate optimization for multiple layers

• Simplified growth migration path

• Intra-Nexus7000 cabling needed for connectivity between Core and Aggregation layers.

core1

core2

agg2agg1

acc2acc1

agg4agg3

accYaccNacc2acc1 accYaccN

corecore

aggagg

Core VDCs

Aggregation VDCs

Core Devices

Aggregation Devices



Feature Overview

• Allow a single device to use a port channel across two upstream and/or downstream switches

• Aka MCEC (Multi-Chassis Etherchannel)

• Loosely Coupled

• Separate physical switches independent control and data plane. Both actives

• Eliminate STP blocked ports. Uses all available uplink bandwidth

• Dual-homed server operate in active-active mode

• Available on Nexus 7000 and Nexus 5000

Logical Topology without vPC

Logical Topology with vPC


Peer Link carries both vPC data and control traffic between peer switches Carries any flooded and/or orphan

port traffic Carries STP BPDUs IGMP updates,

etc. Carries Cisco Fabric Services

messages (vPC control traffic) to perform, among other things, the synchronization of the MAC address table

Recommended 2 x 10GbE ports Losing the peer link is undesirable vPC FT (fault-tolerant) link is an

additional mechanism to detect liveness of the peer. Can use any L3 port.

vPC Peer Link

Nexus 7000

Nexus 7000

Nexus 5000

Nexus 5000

Primary Goal: vPC peer link almost unutilized

vPC FT Link



• MAC addresses encode no location or network hierarchy

• Default forwarding behavior in bridged network is flood

• MAC filtering database limits scope of flooding

• Ultimately, does not scale – every switch learns every MAC

MAC Table

A

MAC Table

A

MAC Table

A

MAC Table

A

MAC Table

A

MAC Table

A

Layer 2 Domain


Branches of trees never interconnect (no loop)

Spanning Tree Protocol (STP) typically used to build this tree Tree topology implies:

Wasted bandwidth → increased oversubscription Sub-optimal paths Conservative convergence (timer-based) → failure

catastrophic (fails open)

11 Physical Links 5 Logical Links

S1

S2

S3


• IS-IS assigns addresses to all FabricPath switches automatically• Compute shortest, pair-wise paths• Support equal-cost paths between any FabricPath switch pairs

Plug-n-Play L2 IS-IS manages forwarding topology

L1L2

S1 S2 S3 S4

S11 S12 S42L2 Fabric

L3

L4

FabricPathRouting Table

Switch IF

S1 L1

S2 L2

S3 L3

S4 L4

S12 L1, L2, L3, L4

… …

S42 L1, L2, L3, L4


Classical Ethernet Mac Address Table

FabricPathRouting Table

Forwarding decision based on ‘FabricPath Routing Table’

A

S1 S2 S3 S4

S11 S12 S42FabricPath

B

Switch IF

… …

S42 L1, L2, L3, L4

MAC IFA 1/1… …B S42

1/1

• FabricPath header is imposed by ingress switch• Only switch addresses are used to make “routing” decisions• No MAC learning required inside the L2 Fabric

S11 S42A B

Classical Ethernet

Single mac address lookup at the edge


Cisco FabricPathFrame

Classical Ethernet Frame

• Switch ID – Unique number identifying each FabricPath switch• Sub-Switch ID – Identifies devices/hosts connected via VPC+• Port ID – Identifies the destination or source interface• Ftag (Forwarding tag) – Unique number identifying topology and/or

multidestination distribution tree• TTL – Decremented at each switch hop to prevent frames looping infinitely

DMAC SMAC 802.1Q Etype CRCPayload

DMAC SMAC 802.1Q Etype Payload CRC(new)

FPTag(32)

OuterSA(48)

OuterDA(48)

Endnode ID(5:0)

Endnode ID(7:6)

U/L

I/G

RSVD

OO

O/D

L

Etype

6 bits 1 1 2 bits 1 1 12 bits 8 bits 16 bits 10 bits 6 bits16 bits

Switch ID SubSwitch ID Ftag TTLPort ID

Original CE Frame


• IETF standard for Layer 2 multipathing

• Driven by multiple vendors, including Cisco

• Base protocol RFC ready for standardization but waiting on dependent standards

• Control-plane protocol RFCs still in process

• Target for standard completion is early CY2011

http://datatracker.ietf.org/wg/trill/


Enhancements which make the standard deployable…

FabricPath

Native mode TRILL mode

L2 ISIS

TTL and RPF checks

Conversational Learning

VPC+

Multi-TopologyL2 ISIS

TTL and RPF checks Resource Management



• Ethernet traffic between sites is encapsulated in IP: “MAC in IP”

• Dynamic encapsulation based on MAC routing table

• No Pseudo-Wire or Tunnel state maintained

OTV at a Glance

Communication between MAC1 (site 1) and MAC2 (site 2)Server 1

MAC 1Server 2MAC 2

OTV OTVMAC IF

MAC1 Eth1

MAC2 IP B

MAC3 IP B

IP A IP B

Encap DecapMAC1 MAC2 IP A IP B MAC1 MAC2 MAC1 MAC2


Eth 4

Eth 3

MAC TABLE

VLAN MAC IF100 MAC 1 Eth 2

100 MAC 2 Eth 1

100 MAC 3 IP B

100 MAC 4 IP B

MAC 2

MAC 1

Core

MAC 4

MAC 3

OTV

External IP A

External IP B

West East

L2 L3 L3 L2

OTV Inter-Site Traffic

MAC Table contains MAC addresses reachable through

IP addresses

OTV

Encap2

Layer 2Lookup

1

No Pseudo-Wire state is maintained.

The encapsulation is done based on a Layer 2 destination lookup.

3 Decap4 MAC 1 MAC 3

6

MAC TABLE

VLAN MAC IF100 MAC 1 IP A

100 MAC 2 IP A

100 MAC 3 Eth 3

100 MAC 4 Eth 4

Eth 1

Eth 2

Layer 2Lookup

5

MAC 1 MAC 3

IP A IP BMAC 1 MAC 3 MAC 1 MAC 3IP A IP BMAC 1 MAC 3

Presenter

Presentation Notes


Networking Services

Catalyst 6500 or appliancesDC Services

Gigabit Ethernet

10 Gigabit Ethernet

10 Gigabit DCE

4/8Gb Fiber Channel

10 Gigabit FCoE/DCE

Front-End: Networking Services


One Physical DeviceMultiple Virtual Systems

(Dedicated Control and Data Path)

• Distinct context configuration files

• Separate routing tables

• RBAC with contexts, roles, domains

• Independent application rule sets

• Resource allocation manager (resource classes)

25% 25% 20%15%15%100%

Cisco Application Infrastructure Control

System Separation for Server Load Balancing and SSL

• ACL memory• Buffers for syslog messages and TCP out-of-order (OOO) segments• Concurrent connections (through-the-ACE traffic)• Management connections (to-the-ACE traffic)• Proxy connections• Set resource limit as a rate (number per second)• Regular expression (regexp) memory• SSL connections• Sticky entries• Static or dynamic network address translations (Xlates)


Virtual Firewalls

• VLANs can be shared if needed (right-hand side example)• Each context has its own policies

(NAT, ACLs, inspection engines, etc.)• FWSM concurrently supports

routed or transparent virtual firewalls• Resource management for contexts

Core/Internet

FW SMVFW VFW VFW

MSFC

Core/Internet

FW SMVFW VFW VFW

MSFC

A B C A B C

Vlan 10 Vlan 20 Vlan 30

Vlan 11 Vlan 21 Vlan 31 Vlan 11 Vlan 21 Vlan 31

Vlan 10

• number of MAC addresses• number of concurrent/per seconds TCP/UDP connections• fixups (applications inspections) per second • number of concurrent hosts connected throguh FWSM• number of concurrent IPSec connections• number of concurrent ASDM/SSH/Telnet sessions• Syslog messages per second• number of concurrent address translations


Combination Example

v5

v105

v6 v7

v107

v2081v2082v2083...

v206 v207

v206

BU-4BU-2 BU-3

v105

v108

BU-1

1

2

3

4

* vX = VLAN X**BU = Business Unit

VRF

VRF

VRFVRFVRF

v208

“Front-End” VRFs (MSFC)

Firewall Module Contexts

ACE Module Contexts

“Back-End” VRFs (MSFC)

Server Side VLANs

v207

3

4

v8

Presenter

Presentation Notes

active-standby to core


Client-Server Flow

Server to Server Flow

• Logical Topology to support multi-tier application traffic flow

Same physical VDC serviceschassis sandwich modelAddition of multiple virtual contexts to the transparent services modulesAddition of VRF routing instances within the sub-aggregation VDCService module contexts and VRFs are linked together by VLANs toform logical traffic pathsExample Web/App server farmand Database server cluster homedto separate VRFs to direct traffic through the services

FT VLANs

Enterprise Network

VLAN 161

VLAN 163

FT VLAN

Web/AppServer Farm

Transparent FWSM Contexts

TransparentACE Contexts

VRF VRF

VRF Instances

Aggregation VDC

Services

Sub-Agg VDC

Access

VLAN 180

Data Center Core

VLAN 153

VLAN 152

VRF VRF

VLAN 181

FT VLANs

FT VLAN

DB ServerCluster

VLAN 151

VLAN 162

Using Virtualization and Service Insertion

Core

Aggregation VDC

Access

Sub-AggregationVDC

6500Services Chassis

Enterprise Network


CBS 31xx Blade

Nexus 7000End-of-Row

Access Layer

Catalyst 6500End-of-Row

CBS 31xxMDS 9124eNexus 4000

10GbE and 4/8Gb FC Server Access10Gb DCE / FCoE Server Access1GbE Server Access

Nexus 5000 & Nexus 2000Top-of-Rack

Nexus 5000 &FCoETop-of-Rack

Gigabit Ethernet

10 Gigabit Ethernet

10 Gigabit DCE

4/8Gb Fiber Channel

10 Gigabit FCoE/DCE

Front-End: Access Layer


ONE platform for all Server-Access switching needs

Device Consolidation thru common platform for LAN / SAN / HPC needs

Unified Ports1GE, Lossless 10GE,

FCoE, 1/2/4/8G FC

40GE Ready

FEX support:100M/1000M BaseT,

1/10G SFP, 1/10G BaseT

Low power / Cooling< 7W/port

Industry-leading density in 1RU/2RU form-factor:96 10GE ports in 2RU

Back-to-Front & Front-to-Back Airflow

Pay As You Grow!Flexible port configurations of

32 to 96 ports

50% Reduction in Management Points &

Cabling Costs

Build Highly Scalable PODs Beyond 640 10GE ports or

960 GE ports

Cisco Nexus 5000 Series SwitchesCisco Nexus 5548 Switch

Cisco Nexus 5520 SwitchCisco Nexus 5510 Switch


Dynamic Ports Allocation: Lossless Ethernet or Fibre Channel

Flexible LAN & storage convergence based on business needs

Service can be adjusted based on the demand for specific traffic

Convert protocol support on the same port dynamically

All ports on 5596 16 port Expansion Module

on 5548 and 5596

Simplify switch purchase -remove ports ratio guess work

Increase design flexibility Remove specific protocol

bandwidth bottlenecks

Unified Port

Native Fiber Channel

Lossless Ethernet:1/10GbE, FCoE, iSCSI, NAS

Benefits Use-cases

Presenter

Presentation Notes

Cisco Unified port technology enables ports to be dynamically allocated to support Fibre Channel, iSCSI or FCoE data or loss less Ethernet thus offering unparalleled flexibility and choice Unified ports allows the customers not to worry about predetermining the amount of physical, rigid ports they require for convergence prior to making a network switch purchase— removes all guess work around the selection of port types and ratios thus simplifying the purchasing decisions. This technology provides variable connectivity options and complete flexibility and choice enabling customer-paced network convergence and design flexibility. With Unified ports customer can shift protocol support allowing them to provide service based on the demand and bandwidth requirements.


In Layer 2 Mode, with NX-OS release 5.0(3)N1(1), each Nexus 5500 is capable of supporting up to 24 Nexus 2000 Series Fabric Extenders, corresponding to

In Layer 3 Mode (with L3 License enabled), each Nexus 5500 is limited to supporting up to 8 Nexus 2000 Series Fabric Extenders, corresponding to

8 x FEX

24 x FEX

Layer 3 Scaling

1152 1 Gigabit Ethernet Ports




Layer 2 Scaling


Extends Network Fabric into a Remote Rack

• FEX is a Remote Linecard to Nexus 5K

• FEX host interfaces configured and managed via N5K

• Forwarding, Queuing, and Policy enforcement for host interface traffic by N5K

1 2 3 4 5

Parent SwitchNexus 5500 Series

5

1 2 3

1 2 3

Server

Slot 100

1 2 3

1 2 3

Slot 112

Server


Pods of 512 10GbE or 768 GbE Servers

1 12

Nexus 5500 with Layer 3

LAN

N7000/C6500

1GbE Servers100Mb iLO

10 GbE Servers

1 12

Mid

-Mar

ket

Agg

rega

tion

Sca

labl

e E

ther

net H

igh-Perform

ance C

ompute

Convergence &Virtualization

LAN

N7000/C6500

1/10 GbE Rack Servers 10GbE

Blade Servers

MDS

SAN

VSM

VEM

VM 1 VM 2

Over 1000s of compute nodes

MDS

SAN

MDS

SANLAN

N7000/C6500


Cisco UCS

Servers Layer

Servers Layer



Extend Network Fabric into a Server

• Adapter-FEX presents standard PCIevirtual NICs (vNICs) to servers

• Adapter-FEX virtual NICs are configured and managed via Nexus 5500

• Forwarding, Queuing, and Policy enforcement for vNIC traffic by Nexus 5500

1 2 3 4 5


5

1 2 3

1 2 3

Server

Slot 100 1 2 3

1 2 3

Server


Further Reducing Management Points

• Adapter-FEX connected to Nexus 2000 Fabric Extender - Cascaded FEX-Link deployment

• Forwarding, Queuing, and Policy enforcement for vNIC traffic still done by Nexus 5500

1 2 3 4 5


5

1 2 3

1 2 3

Server

Slot 100 1 2 3

1 2 3

Server

1 2 3


UCS P81E Virtual Interface Card for UCS C-Series

• Supports upto 16 vNICs when working with Nexus 5548

• Capable of supporting both Ethernet vNICs and FCoE capable vNICs (Future)

• Each vNIC accessible to server with Standard PCIe as regular NICs


Port 0 Port 1

1 2 3 4 5 6Nexus 5K

vNICs presented to host OS as standard PCIe NICs

Step 1: Port Profiles defined on Nexus 5KAttributes: VLAN, BW, QoSStep 2: Enable VNTag mode on server interfaceHost BootsStep 3: Adapter management tool used to define

“Adapter Profile”Step 4: Host rebootedStep 5: Port Profile name list provided to Adapter

management tool – associate vNICs with profilesStep 6: Adapter “creates interfaces” using VIC protocol Step 7: Adapter-FEX bringup complete

5 6

Port Profile 5Port Profile 4

Port Profile 3Port Profile 2

Port Profile 1

Port Profile 5Port Profile 4Port Profile 3Port Profile 2Port Profile 1

vNIC 3

vNIC 2

vNIC 1

vNIC 5

vNIC 4

1 2 3 4 5

vNICs show up as standard PCIe NICs to

Host OS

Adapter-FEXCapable Adapter

PP

PP

PP

PP

PP

UCS C-Series Chassis


Port 0 Port 1

Designate active-standby uplinks per vNIC

• UCS P81E VIC support Uplink Failover capability

• Designate an failover uplink per vNIC – will be used only if active vNIC fails

• Optional configuration per vNIC

Port Profile 5Port Profile 4Port Profile 3Port Profile 2Port Profile 1

vNIC 3

vNIC 2

vNIC 1

vNIC 5

vNIC 4

UCS Chassis

Adapter-FEXCapable Adapter

Port 0 standby for vNIC 2 and vNIC 4

Port 1 standby for vNIC 5

vNICs 1 and 3 have no standby


Per-vNIC View of the Topology

Nexus 5500vPC Primary

Server with FEX-enabled Adapter

Nexus 5500Secondary

FEX 101

Nexus 5500 Nexus 5500

Server with FEX-enabled Adapter

interface vethernet 105bind interface ethernet 101/1/1 channel 5bind interface ethernet 102/1/30 channel 1005inherit port-profile user_mgmt

FEX 102

interface vethernet 105bind interface ethernet 101/1/1 channel 1005bind interface ethernet 102/1/30 channel 5inherit port-profile user_mgmt

interface vethernet 105bind interface ethernet 1/1 channel 5inherit port-profile user_mgmt

interface vethernet 105bind interface ethernet 1/5 channel 1005

inherit port-profile user_mgmt



Comparison to a Physical Switch

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Server 1 Server 2 Server 3


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Moving to a Virtual Environment


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Supervisors Virtual Supervisor Modules (VSMs)

VSM1

VSM2


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

VSMs are Virtual Appliances

VSM1

VSM2

Virtual Appliance


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

VSM1

VSM2

Virtual Appliance

Linecards Virtual Ethernet Modules (VEMs)

VEM-NVEM-1 VEM-2


ESX ESX ESX

VSM1

VSM2

Virtual Appliance

VSM + VEMs = Nexus 1000V Virtual Chassis

VEM-NVEM-1 VEM-2

VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module

• 64 VEMs per 1000V (connected by L2 or L3)

• 200+ vEth ports per VEM

• 2K vEths per 1000V

• Multiple 1000Vs can be created per vCenter

L2 M

ode

L3 M

ode


ESX ESX ESX

VSM1

VSM2

Virtual Appliance

Customer Request: Host VSMs on a Physical Appliance

VEM-NVEM-1 VEM-2


L2 M

ode

L3 M

ode

• 200+ vEth ports per VEM• 64 VEMs per 1000V• 2K vEths per 1000V• Multiple 1000Vs can be created per vCenter

Physical Appliance?


Virtual Appliance

ESX ESX ESX

Nexus 1010

VSM-A1 VSM-A4

VSM-B1 VSM-B4


• 200+ vEth ports per VEM• 64 VEMs per 1000V• 2K vEths per 1000V• Multiple 1000Vs can be created per vCenter

VEM-NVEM-1 VEM-2

VSMs hosted on a Physical Appliance: Nexus 1010

• Up to 4 VSMs per Nexus1010

• Nexus 1010s deployed in redundant pair

L2 M

ode

L3 M

ode


vPath – Virtual Service Datapath

Virtual Appliance

VSM

VEM-1vPath

VEM-2vPath

L2 M

ode

L3 M

ode

ESX ESX

vPath• Virtual Service Datapath

vPath• Traffic Steering

• Fast -Path Offload

• Nexus 1000V ver 1.4 & above


vPath – Virtual Service Datapath

Virtual Appliance

VSM

VEM-1vPath

VEM-2vPath

L2 M

ode

L3 M

ode

ESX ESX

vPath• Virtual Service DatapathVSG• Virtual Security Gateway for 1000vvWAAS• Virtual WAAS

vWAAS VSG

VSG and vWAAS

available now


Virtual Appliance Nexus 1010

VSM-A1 VSM-A4

VSM-B1 VSM-B4

NAM

NAM

VSG

VSG

L2 M

ode

L3 M

ode

*VSG on 1010 target: 2Q CY11

vPath• Virtual Service DatapathVSG• Virtual Security Gateway for 1000vvWAAS• Virtual WAAS

VEM-1vPath

VEM-2vPath

ESX ESX

Services available2H, CY’11


Gigabit Ethernet

10 Gigabit Ethernet

10 Gigabit DCE

4/8Gb Fiber Channel

10 Gigabit FCoE/DCE

SAN & Storage

VSAN, NPIV, NPV and Storage Access

MDS 9500Storage

SAN BSAN A


• Consolidation of SAN islandsIncreased utilization of fabric ports with Just-In-Time provisioning

• Deployment of large fabricsDividing a large fabric in smaller VSANs

Disruptive events isolated per VSAN

RBAC for administrative tasks

Zoning is independent per VSAN

• Advanced traffic managementDefining the paths for each VSAN

VSANs may share the same EISL

Cost effective on WAN links

• Resilient SAN Extension

• Standard solution (ANSI T11 FC-FS-2 section 10)

SAN Islands

Department A

Department B Department C

Virtual SANs (VSANs)

Department A

Department B

Department C


• N-Port ID Virtualization (NPIV) provides a means to assign multiple FC IDs to a single N port.

• This feature was intended to allow multiple applications to share the same Fiber Channel HBA

• The use of different pWWN allows access control, zoning, and port security to be implemented at the application level.

• Usage applies to applications such as VMWare, MS Virtual Server and Citrix

Application Server FC Switch

Email

Web

File Services

Email I/ON_Port_ID 1

Web I/ON_Port_ID 2

File Services I/ON_Port_ID 3

F_Port


• N-Port Virtualizer (NPV) utilizes NPIV functionality to allow a “switch” to act like a Server doing multiple logins through 1 physical link

• Real server connected (via CNAs) to Nexus 5000 do not login to Nexus 5000 but to upstream FC switch. The same applies to FC edge switches (ex.: MDS blade switches).

Physical uplink from Nexus 5000 to FC switch does actual “FLOGI”

Subsequent server logins are converted (proxy) to “FDISC” to login to upstream FC switch

• No local switching is done on an FC switch in NPV mode

• FC edge switch in NPV mode Does NOT take up a domain id

• Scalability will be dependent on FC “login” limitation (MDS is ~10K per fabric)

Nexus 5000, MDS 91xx, MDS blade switches, UCS Fabric Interconnect FC Core Switch

Eth1/1

Eth1/2

Eth1/3

Server1N_Port_ID 1

Server2N_Port_ID 2

Server3N_Port_ID 3

F_Port

Server1

Server2

Server3

Thank you.

Documents

End-to-End Data Center Virtualization - Cisco€¦ · Data Center Virtualization Overview • Front-End Data Center Virtualization. Core Layer. Aggregation Layer. Networking Services