of 20 /20
© 2009 Cisco. Public. 1 Cisco Nexus 1000V Introduction

Intro to Cisco Nexus 1000V

Embed Size (px)

DESCRIPTION

The Nexus 1000V provides VM-level visibility and security for VMware server virtualization. This software switch is embedded in the kernel of ESX on a server to deliver VM-aware network services.

Citation preview

Page 1: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 1

Cisco Nexus 1000VIntroduction

Page 2: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 2

Legal Disclaimer

Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

Page 3: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 3

US Bottling Company“The Nexus 1000V simplifies collaboration within the IT department by clearly separating responsibilities for our server group and network group”

Rory Regan, Telecom Manager

European Insurance Conglomerate“Taking control of the Cisco Nexus 1000V was simplified and intuitive. The process of virtualization of our datacenter will in fact accelerate and we will be able to virtualize everything that has been not possible in the past.”

Julien Mousqueton, Technical Architect

100s of Companies Use Nexus 1000V

Page 4: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 4

Server Virtualization Issues

1. vMotion moves VMs across physical ports—the network policy must follow

2. Impossible to view or apply network policy to locally switched traffic

3. Need collaboration between network and server admin

VLAN101

vCenter

Cisco CLI (NX-OS)

Page 5: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 5

Cisco Nexus 1000V

Industry’s first and most advanced software switch for VMware vSphere

Built on Cisco NX-OS Compatible with all switching platforms Maintain vCenter provisioning model

unmodified for server administration; allow network administration of virtual network via familiar Cisco NX-OS CLI

Policy-Based Policy-Based VM ConnectivityVM ConnectivityPolicy-Based Policy-Based

VM ConnectivityVM ConnectivityMobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Non-DisruptiveNon-Disruptive Operational Model Operational Model

vSphere

NexusNexus1000V1000V

Nexus 1000VNexus 1000V

VMVM VMVM VMVM VMVM

Page 6: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 6

Cisco Nexus 1000V

Nexus 1000V VSM

vSphere

NexusNexus1000V1000V VEMVEM

vSphere

NexusNexus1000V1000V VEMVEM

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM

vCentervCenter

Policy-Based Policy-Based VM ConnectivityVM ConnectivityPolicy-Based Policy-Based

VM ConnectivityVM ConnectivityMobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Cisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network Link

Page 7: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 7

Cisco Nexus 1000V

Nexus 1000V VSMvCentervCenter

vSphere

NexusNexus1000V1000V VEMVEM

vSphere

NexusNexus1000V1000V VEMVEM

Port ProfilesPort Profiles

WEB AppsWEB Apps

HRHR

DBDB

DMZDMZ

Port ProfilesPort Profiles

WEB AppsWEB Apps

HRHR

DBDB

DMZDMZ

VM Connection PolicyVM Connection Policy• Defined in the networkDefined in the network

• Applied in Virtual CenterApplied in Virtual Center

• Linked to VM UUIDLinked to VM UUID

VM Connection PolicyVM Connection Policy• Defined in the networkDefined in the network

• Applied in Virtual CenterApplied in Virtual Center

• Linked to VM UUIDLinked to VM UUID

Faster VM Deployment

Policy-Based Policy-Based VM ConnectivityVM ConnectivityPolicy-Based Policy-Based

VM ConnectivityVM ConnectivityMobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Cisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network Link

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM

Page 8: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 8

Cisco Nexus 1000V

Nexus 1000V VSM

vSphere

NexusNexus1000V1000V VEMVEM

vSphere

NexusNexus1000V1000V VEMVEM

Property MobilityProperty Mobility• VMotion for the networkVMotion for the network

• Ensures VM securityEnsures VM security

• Maintains connection stateMaintains connection state

Property MobilityProperty Mobility• VMotion for the networkVMotion for the network

• Ensures VM securityEnsures VM security

• Maintains connection stateMaintains connection state

VMs Need to MoveVMs Need to Move• VMotionVMotion

• DRSDRS

• SW Upgrade/PatchSW Upgrade/Patch

• Hardware FailureHardware Failure

VMs Need to MoveVMs Need to Move• VMotionVMotion

• DRSDRS

• SW Upgrade/PatchSW Upgrade/Patch

• Hardware FailureHardware Failure

vCentervCenter

Richer Network Services

Policy-Based Policy-Based VM ConnectivityVM ConnectivityPolicy-Based Policy-Based

VM ConnectivityVM ConnectivityMobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Cisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network Link

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVMVMVM VMVM VMVM VMVM

Page 9: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 9

Cisco Nexus 1000V

Nexus 1000V VSM

vSphere

NexusNexus1000V1000V VEMVEM

vSphere

NexusNexus1000V1000V VEMVEM

vCentervCenter

Network Admin BenefitsNetwork Admin Benefits• Unifies network mgmt and opsUnifies network mgmt and ops• Improves operational securityImproves operational security• Enhances VM network Enhances VM network

featuresfeatures• Ensures policy persistenceEnsures policy persistence• Enables VM-level visibilityEnables VM-level visibility

Network Admin BenefitsNetwork Admin Benefits• Unifies network mgmt and opsUnifies network mgmt and ops• Improves operational securityImproves operational security• Enhances VM network Enhances VM network

featuresfeatures• Ensures policy persistenceEnsures policy persistence• Enables VM-level visibilityEnables VM-level visibility

VI Admin BenefitsVI Admin Benefits• Maintains existing VM mgmtMaintains existing VM mgmt• Reduces deployment timeReduces deployment time• Improves scalabilityImproves scalability• Reduces operational workloadReduces operational workload• Enables VM-level visibilityEnables VM-level visibility

VI Admin BenefitsVI Admin Benefits• Maintains existing VM mgmtMaintains existing VM mgmt• Reduces deployment timeReduces deployment time• Improves scalabilityImproves scalability• Reduces operational workloadReduces operational workload• Enables VM-level visibilityEnables VM-level visibility

Increased Operational Efficiency

Policy-Based Policy-Based VM ConnectivityVM ConnectivityPolicy-Based Policy-Based

VM ConnectivityVM ConnectivityMobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Cisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network Link

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM

Page 10: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 10

Cisco Nexus 1000V Architecture

Nexus 1000V VSM

vCentervCenter

Virtual Supervisor Module (VSM)Virtual Supervisor Module (VSM) Virtual or Physical appliance running Virtual or Physical appliance running

Cisco NXOS (supports HA)Cisco NXOS (supports HA)

Performs management, monitoring, & Performs management, monitoring, & configurationconfiguration

Tight integration with VMware vCenterTight integration with VMware vCenter

Virtual Supervisor Module (VSM)Virtual Supervisor Module (VSM) Virtual or Physical appliance running Virtual or Physical appliance running

Cisco NXOS (supports HA)Cisco NXOS (supports HA)

Performs management, monitoring, & Performs management, monitoring, & configurationconfiguration

Tight integration with VMware vCenterTight integration with VMware vCenter

Virtual Ethernet Module (VEM)Virtual Ethernet Module (VEM) Enables advanced networking Enables advanced networking

capability on the hypervisorcapability on the hypervisor

Provides each VM with dedicated Provides each VM with dedicated “switch port”“switch port”

Collection of VEMs = 1 vNetwork Collection of VEMs = 1 vNetwork Distributed SwitchDistributed Switch

Virtual Ethernet Module (VEM)Virtual Ethernet Module (VEM) Enables advanced networking Enables advanced networking

capability on the hypervisorcapability on the hypervisor

Provides each VM with dedicated Provides each VM with dedicated “switch port”“switch port”

Collection of VEMs = 1 vNetwork Collection of VEMs = 1 vNetwork Distributed SwitchDistributed Switch

Cisco Nexus 1000V InstallationCisco Nexus 1000V Installation ESX & ESXiESX & ESXi

VUM & Manual InstallationVUM & Manual Installation

VEM is installed/upgraded like an ESX VEM is installed/upgraded like an ESX patchpatch

Cisco Nexus 1000V InstallationCisco Nexus 1000V Installation ESX & ESXiESX & ESXi

VUM & Manual InstallationVUM & Manual Installation

VEM is installed/upgraded like an ESX VEM is installed/upgraded like an ESX patchpatch

vSphere

NexusNexus1000V1000V VEMVEM

vSphere vSphere

Nexus1000V VEM

NexusNexus1000V1000V VEMVEM

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM

Page 11: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 11

Port Profile: Network Admin View

Support Commands Include:

Port management VLAN PVLAN Port-channel ACL Netflow Port Security QoS

Support Commands Include:

Port management VLAN PVLAN Port-channel ACL Netflow Port Security QoS

Page 12: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 12

Port Profile: Server Admin View

Page 13: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 13

Features of the Nexus 1000V

Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)

IGMP Snooping, QoS Marking (COS & DSCP)

Security Policy Mobility, Private VLANs w/ local PVLAN Enforcement

Access Control Lists (L2–4 w/ Redirect), Port Security

Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration

Optimized NIC Teaming with Virtual Port Channel – Host Mode

Visibility VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2

VM-Level Interface Statistics

Management Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks

Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)

Page 14: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 14

ROI: Virtualize 30% More Applications

Virtualize DMZ’s with VLAN isolation, and security policy enforcement with ACL

Virtualize PCI, SOX, HIPAA applications with Netflow, ERSPAN, and port statistics

Virtualize Tier-1 applications with LACP, vPC host mode

Virtualize High Density VM’s with DHCP Snooping, Port Security, Dynamic ARP Inspection

Page 15: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 15

ROI: Spend 30% Fewer Hours

With a distributed switch, network change requests take 1 hour per domain rather than 30 minutes per server (for 3 servers that is 30% less time)

With Nexus 1000V, regulatory and organizational audits take 20 minutes per server rather than 1 hour

With Nexus 1000V, the server admin can offload network configuration to the network admin, this division of labor increases productivity

Fewer hours “keeping the lights on” means more hours “innovating”

Page 16: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 16

ROI: Example

Before: 100 servers, 10% virtualizedAfter: 24 servers, 40% virtualized

vSS = VMware Standard Switch with Enterprise EditionvDS = Virtual Distribute Switch with Enterprise Plus1000V = Cisco Nexus 1000V Virtual Distributed Switch Source: VMware Operational Readiness Assessments, Cisco customer case studies, Lightreading analyst study, VMmark Benchmark Study, Cisco/VMware ROI Model

OpexCapex Availability

3yr Savings $1,034,30420 x 1000V and support ($24,340)Nexus 1000V ROI $1,009,965

vDS75

servers

vSS100

servers

vDS167

hrs/yr

vSS288

hrs/yr

vDS1.0

Err/yr

vSS1.0

Err/yr

3-Year 1000V ROI vs. vDS $976,723

3-Year 1000V ROI vs. vDS $42,281

3-Year 1000V ROI vs. vDS $15,300

1000V155

hrs/yr

1000V0.4

Err/yr

1000V24

servers

Page 17: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 17

Flexible Deployment Options

All servers on VMware Compatibility List

All switches, including all Cisco switches

1G & 10G NICs

Page 18: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 18

100s of Companies Use Nexus 1000V

University of Arizona

Page 19: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 19

Evaluate Promotion

No-charge Evaluationwww.cisco.com/go/1000veval

Promotional bundle $795 for Nexus 1000V and vSphere Enterprise Plus

Until 12/15/09

Page 20: Intro to Cisco Nexus 1000V

© 2009 Cisco. Public. 20