Nexus 1000v Tdm

Embed Size (px)

Citation preview

  • 8/22/2019 Nexus 1000v Tdm

    1/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

    Cisco Nexus 1000V

    Technical Decision Maker NDA Only

  • 8/22/2019 Nexus 1000v Tdm

    2/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3

    Legal Disclaimer

    Many of the products and features describedherein remain in varying stages of developmentand will be offered on a when-and-if-available

    basis. This roadmap is subject to change at thesole discretion of Cisco, and Cisco will have noliability for delay in the delivery or failure todeliver any of the products or features set forth

    in this document.

  • 8/22/2019 Nexus 1000v Tdm

    3/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4

    Agenda

    Networking Challenges of Server Virtualization

    Cisco VN-Link Introduction

    Cisco Nexus 1000VOverview & Architecture

    Deployment Scenarios

    Advanced Features

    Additional Information

  • 8/22/2019 Nexus 1000v Tdm

    4/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5

    With virtualization,

    VMs have atransparent view of

    their resources

    Transparency in the Eye of the Beholder

  • 8/22/2019 Nexus 1000v Tdm

    5/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6

    but its difficult to

    correlate network andstorage back to virtual

    machines

    Transparency in the Eye of the Beholder

  • 8/22/2019 Nexus 1000v Tdm

    6/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7

    Scaling globally

    depends on maintainingtransparency while also

    providing operational

    consistency

    Transparency in the Eye of the Beholder

  • 8/22/2019 Nexus 1000v Tdm

    7/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8

    Networking Challenges toScaling Server Virtualization

    Applied at physical

    servernot the

    individual VM

    Impossible to

    enforce policy for

    VMs in motion

    Security and PolicyEnforcement

    Lack of VM visibility,accountability, andconsistency

    Inefficientmanagement modeland inability toeffectivelytroubleshoot

    Operations andManagement

    Muddled ownership

    as server admin

    must configure

    virtual network

    Organizational

    redundancy creates

    compliance

    challenges

    OrganizationalStructure

  • 8/22/2019 Nexus 1000v Tdm

    8/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9

    Virtual machine aware

    network and storage services

    Abstract physical and logical

    infrastructure

    Virtual machines are the newdata center building block

    Cisco Virtual Network Link VN-LinkVirtualizing the Network Domain

  • 8/22/2019 Nexus 1000v Tdm

    9/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10

    VN-Link Brings VM Level Granularity

    Problems:

    VN-Link:Extends network to the VM

    Consistent services

    Coordinated, coherent

    management

    VMotion VMotion may move VMs

    across physical portspolicy

    must follow

    Impossible to view or apply

    policy to locally switchedtraffic

    Cannot correlate traffic on

    physical linksfrom multiple

    VMsVLAN101

  • 8/22/2019 Nexus 1000v Tdm

    10/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11

    Cisco Nexus 1000VIndustry First 3rd Party Virtual Distributed Switch

    Nexus 1000V providesenhanced VM switching forVMW ESX environments

    Features VN-Link

    capabilities:Policy-based VM connectivity

    Mobility of network and securityproperties

    Non-disruptive operational model

    Ensures visibility and

    continued connectivityduring VMotion

    Enabling Acceleration of Server Virtualization Benefits

    VMW ESX

    Server 1

    VMware vSwitchNexus 1000V

    VMW ESX

    VMware vSwitchNexus 1000V

    Server 2

    Nexus 1000V

    VM

    #4

    VM

    #3

    VM

    #2

    VM

    #1

    VM

    #8

    VM

    #7

    VM

    #5

    VM

    #5

    VM

    #2

    VM

    #3

    VM

    #4

    VM

    #5

    VM

    #6

    VM

    #7

    VM

    #8

    VM

    #1

    VM

    #1

  • 8/22/2019 Nexus 1000v Tdm

    11/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12

    What is a Virtual Distributed Switch?

    A Virtual Distributed Switch, is a concept developed byVMware and Cisco to allow a single vSwitch to spanmultiple hosts.

    VMW calls this a vNetwork Distributed Switch.

    The Cisco Nexus 1000V, a 3rd party virtual distributedswitch, will be supported in VMware ESX and VirtualInfrastructure in the 1st half of 2009

  • 8/22/2019 Nexus 1000v Tdm

    12/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13

    Cisco Nexus 1000V Architecture

    Virtual Supervisor Module (VSM)

    Virtual or Physical appliancerunning Cisco OS (supports HA)

    Performs management, monitoring,& configuration

    Tight integration with VMwareVirtual Center

    Virtual Ethernet Module (VEM)

    Enables advanced networkingcapability on the hypervisor

    Provides each VM with dedicatedswitch port

    Collection of VEMs = 1 DistributedSwitch

    Cisco Nexus 1000V Enables:

    Policy Based VM Connectivity

    Mobility of Network & SecurityProperties

    Non-Disruptive Operational Model

    Virtual Center

    VMW ESX

    Server 1

    VMware vSwitch

    VMW ESX

    Server 2

    VMware vSwitch

    VMW ESX

    Server 3

    VMware vSwitch

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    VM

    #5

    VM

    #8

    VM

    #7

    VM

    #6

    VM

    #9

    VM

    #12

    VM

    #11

    VM

    #10

    VEM VEM VEMNexus 1000V

    Nexus 1000V

    VSM

  • 8/22/2019 Nexus 1000v Tdm

    13/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14

    Cisco Nexus 1000VFaster VM Deployment

    VMW ESX

    Server

    VMW ESX

    Server

    Cisco Nexus 1000V

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    VM

    #5

    VM

    #8

    VM

    #7

    VM

    #6

    VM Connection Policy

    Defined in the network

    Applied in Virtual Center

    Linked to VM UUID

    Defined Policies

    WEB Apps

    HR

    DB

    Compliance

    Cisco VN-LinkVirtual Network Link

    Policy-Based

    VM Connectivity

    Non-Disruptive

    Operational Model

    Mobility of Network

    & Security Properties

    Virtual

    Center

  • 8/22/2019 Nexus 1000v Tdm

    14/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15

    Cisco Nexus 1000VRicher Network Services

    VMW ESX

    Server

    VMW ESX

    Server

    Cisco Nexus 1000V

    VM

    #5

    VM

    #8

    VM

    #7

    VM

    #6VM

    #4

    VM

    #3

    VM

    #2

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    VM

    #1

    VN-Link Property Mobility

    VMotion for the network

    Ensures VM security

    Maintains connection stateVirtual

    Center

    VMs Need to Move

    VMotion

    DRS

    SW Upgrade/Patch

    Hardware Failure

    Policy-Based

    VM Connectivity

    Non-Disruptive

    Operational Model

    Mobility of Network

    & Security Properties

    VN-Link: Virtualizing the Network Domain

  • 8/22/2019 Nexus 1000v Tdm

    15/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16

    Cisco Nexus 1000VIncrease Operational Efficiency

    VMW ESX

    Server

    VMW ESX

    Server

    Cisco Nexus 1000V

    VM

    #5

    VM

    #8

    VM

    #7

    VM

    #6VM

    #4

    VM

    #3

    VM

    #2

    VM

    #1

    Network Benefits

    Unifies network mgmt and ops

    Improves operational security

    Enhances VM network features

    Ensures policy persistence

    Enables VM-level visibility

    Policy-Based

    VM Connectivity

    Non-Disruptive

    Operational Model

    Mobility of Network

    & Security Properties

    VN-Link: Virtualizing the Network Domain

    Virtual

    Center

    Server Benefits

    Maintains existing VM mgmt

    Reduces deployment time

    Improves scalability

    Reduces operational workload

    Enables VM-level visibility

  • 8/22/2019 Nexus 1000v Tdm

    16/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17

    How Does It Work?

    Deploying the Nexus 1000V

  • 8/22/2019 Nexus 1000v Tdm

    17/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18

    Deploying the Cisco Nexus 1000VCollaborative Deployment Model

    1. VMW Virtual Center& Cisco Nexus1000V relationshipestablished

    2. Network Admin

    configures Nexus1000V to supportnew ESX hosts

    3. Server Admin plugsnew ESX host intonetwork & adds host

    to Cisco switch inVirtual Center

    1.

    2.

    VMW ESX

    Server 1

    Nexus 1000VVEM

    3.

    Nexus 1000V

    VSMVirtual

    Center

  • 8/22/2019 Nexus 1000v Tdm

    18/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19

    Deploying the Cisco Nexus 1000VCollaborative Deployment Model

    1. VMW Virtual Center& Cisco Nexus1000V relationshipestablished

    2. Network Admin

    configures Nexus1000V to supportnew ESX hosts

    3. Server Admin plugsnew ESX host intonetwork & adds host

    to Cisco switch inVirtual Center

    4. Repeat step three toadd another host andextend switchconfiguration

    VMW ESX

    Server 1

    Nexus 1000VVEM

    VMW ESX

    Server N

    Nexus 1000VVEM

    4.

    Nexus 1000V

    Nexus 1000V

    VSMVirtual

    Center

  • 8/22/2019 Nexus 1000v Tdm

    19/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20

    Policy Based VM ConnectivityEnabling Policy

    1. Nexus 1000V automatically enablesport groups in Virtual Center

    2. Server Admin uses Virtual Center toassign vnic policy from available portgroups

    3. Nexus 1000V automatically enablesVM connectivity at VM power-on

    1.

    VMW ESX

    Server 1

    Nexus 1000V - VEM

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    Available Port Groups

    WEB Apps HR

    DB Compliance

    2.

    Nexus 1000V

    VSMVirtual Center

    3.

    WEB Apps:

    PVLAN 108, Isolated

    Security Policy = Port 80 and 443

    Rate Limit = 100 Mbps

    QoS Priority = Medium

    Remote Port Mirror = Yes

  • 8/22/2019 Nexus 1000v Tdm

    20/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21

    Virtual Center

    VMW ESX

    Server

    Nexus 1000V - VEM

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    Policy Based VM ConnectivityWhat Can a Policy Do?

    Policy definition supports:

    VLAN, PVLAN settings

    ACL, Port Security, ACL

    Redirect

    Cisco TrustSec (SGT)

    NetFlow Collection

    Rate Limiting

    QoS Marking (COS/DSCP)

    Remote Port Mirror (ERSPAN)Nexus 1000V

    VSM

  • 8/22/2019 Nexus 1000v Tdm

    21/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22

    Mobility of Security and Network PropertiesFollowing Your VMs Around

    1. Virtual Center kicks off aVmotion (manual/DRS)and notifies Nexus 1000V

    2. During VM replication,

    Nexus 1000V copies VMport state to new host

    VMW ESX

    Server 2

    Nexus 1000 -VEM

    VMW ESX

    Server 1

    Nexus 1000VVEMNexus 1000V

    VM

    #5

    VM

    #8

    VM

    #7

    VM

    #6

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    Mobile Properties Include:

    Port policy

    Interface state andcounters

    Flow statistics

    Remote port mirrorsession

    Nexus 1000V

    VSM

    Virtual

    Center

    VM

    #1

    Network Persistence

    VM port config, state

    VM monitoring statistics

    2.

    VMotion Notification

    Current: VM1 on Server 1

    New: VM1 on Server 2

    1.

  • 8/22/2019 Nexus 1000v Tdm

    22/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23

    Mobility of Security and Network PropertiesFollowing Your VMs Around

    1. Virtual Center kicks off aVmotion (manual/DRS) &notifies Nexus 1000V

    2. During VM replication,

    Nexus 1000V copies VMport state to new host

    3. Once VMotion completes,port on new ESX host isbrought up & VMs MACaddress is announced to

    the network

    VMW ESX

    Server 2

    Nexus 1000 -VEM

    VMW ESX

    Server 1

    Nexus 1000VVEMNexus 1000V

    VM

    #5

    VM

    #8

    VM

    #7

    VM

    #6

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    Virtual

    Center

    VM

    #1

    Nexus 1000V

    VSM

    Network Update ARP for VM1 sent

    to network

    Flows to VM1 MAC

    redirected to Server 2

    3.

    VM

    #1

  • 8/22/2019 Nexus 1000v Tdm

    23/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24

    Increase Operational Efficiency

    Task Virtualization or

    Server Admin

    Network Admin

    vSwitch Config Automated Same as physical network

    Port Group Config Automated Policy Based

    Port GroupAssignment

    Unchanged(Virtual Center based)

    -

    Add new ESX host Automated

    (assign NIC & go)

    Unchanged

    NIC Teaming Config Automated EtherChannel Optimized

    VM Creation Unchanged Policy BasedSecurity Policy Based ACL, PVLAN, IP Redirect,

    Port Security, TrustSec

    Visibility VM Specific VM Specific

    Management Tools Unchanged

    (Virtual Center)

    Cisco CLI, XML API,

    SNMP, DCNM

    What stays the same? What gets better?

  • 8/22/2019 Nexus 1000v Tdm

    24/35 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25

    Cisco Nexus 1000VThree New Features that Make a Difference

    Encapsulated RemoteSPAN (ERSPAN)

    Mirror VM interfacetraffic to a remote sniffer

    Identify root cause forconnectivity issues

    No host-based sniffervirtual appliance tomaintain

    Follows your VM withVMotion or DRS

    NetFlow v.9with Data Export

    View flow-based statsfor individual VMs

    Captures multi-tieredapp traffic inside a

    single ESX host

    Export aggregate statsto dedicated collectorfor DC-wide VM view

    Follows your VM withVMotion or DRS

    Private VLANs(PVLANs)

    Great for mixed useESX clusters

    Segment VMs w/oburning IP addresses

    Supports isolated,community andpromiscuous trunk ports

    Follows your VM withVMotion or DRS

  • 8/22/2019 Nexus 1000v Tdm

    25/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26

    Cisco Nexus 1000V VM Security

    Server

    Private VLAN Promiscuous port

    Isolated port

    Community port

    Server

    I

    Server

    ICisco Nexus 1000V

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    VM

    #4

    VM

    #3

    VM

    #2

    VM

    #1

    VM

    #4

    VM

    #3

    VM

    #2

    VM

    #1

    VMW ESX VMW ESX VMW ESX

    I I

    Security FeaturesAccess Control List

    Port Security

    DHCP Snooping

    IP Source Guard

    Dynamic ARP Inspection

    P CC

    Cisco TrustSecAdmission control: 802.1X

    Hop-by-hop crypto:

    802.1AE

    Security Group Tag

    SGACL

    Matrix

    Destination Group

    S

    ource

    Group - +

    + -

  • 8/22/2019 Nexus 1000v Tdm

    26/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27

    Key Features of the Nexus 1000V

    Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)

    IGMP Snooping, QoS Marking/Queuing

    Security Policy Mobility, PVLAN, ACL (L24 w/ Redirect), Port Security

    Cisco TrustSecAuthentication, Admission, Access Control

    Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration

    Optimized NIC Teaming

    Visibility

    Historical VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2 VM-Level Interface Statistics, Wireshark

    Management Virtual Center VM Provisioning, Cisco Network Provisioning

    Cisco CLI, XML API, SNMP (v.1, 2, 3)

  • 8/22/2019 Nexus 1000v Tdm

    27/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28

    Virtual Center

    Nexus 1000V Deployment ScenariosPick Your Flavor

    1. Works with all types ofservers (rack optimized,blade servers, etc.)

    2. Works with any type ofupstream switch (Blade,Top or Rack, Modular)

    3. Works at any speed(1G or 10G)

    4. Nexus 1000V VSM can

    be deployed as a VM or aphysical appliance

    Blade Servers

    Rack Optimized

    Servers

    Nexus 1000V

    VSM

  • 8/22/2019 Nexus 1000v Tdm

    28/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29

    Roadmap Summary

    Q3

    CY09

    Q2

    CY09

    Q3

    CY08

    Q4

    CY08

    Q1

    CY09

    Q2

    CY08

    Q4

    CY09

    Nexus 1000V

    N1KV

    Beta 3

    N1KV

    Beta 2

    N1KV

    Beta 1

    N1K-VA

    GA - VMWN1K-PA

    GA - VMW

    N1KV

    Appliance

    Beta

    Note: Nexus 1000V GA dates dependent on VMware release schedule

    Target for VMware release is 1st half CY2009

  • 8/22/2019 Nexus 1000v Tdm

    29/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30

    Product Availability & Support

    Nexus 1000V is a Cisco product & will be sold andsupported through Ciscos normal channels.

    It will be available in conjunction with an upgraded

    version of the VMW ESX product in the 1st half of 2009

    Cisco Services & SmartNet support will be available

    Nexus 1000V is in BETA now talk to the BU for moreinformation

    Nexus 1000V will have a flexible licensing mechanism,more detail will be provided closer to generalavailability.

  • 8/22/2019 Nexus 1000v Tdm

    30/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31

    Accelerate Server VirtualizationEnable, Simplify, Scale

    Security and PolicyEnforcement

    EnableVM-levelsecurity and policy

    Scalethe use ofVMotion and DRS

    Operation &Management

    Simplifymanagement andtroubleshooting withVM-level visibility

    Scalewithautomated server &networkprovisioning

    OrganizationalStructure

    Enable flexiblecollaboration withindividual team

    autonomy

    Simplify andmaintain existingVM mgmt model

  • 8/22/2019 Nexus 1000v Tdm

    31/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32

    Cisco Nexus 1000: More Information

    http://www.cisco.com/go/datacenter

  • 8/22/2019 Nexus 1000v Tdm

    32/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33

  • 8/22/2019 Nexus 1000v Tdm

    33/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 34

    Policy-Based

    VM Connectivity

    Virtualizing the Network Domain

    Two Complementary Models to Address Evolving Customer Requirements

    Cisco switch for VMW ESX

    Compatible with any switching

    platform

    Leverages Virtual Center for server

    admin; Cisco CLI for network admin

    Scalable, hardware based, high

    performance solution

    Standards driven approach to

    delivering hardware based VM

    networking

    Combines VM & physical network

    operations into 1 managed node

    VMW ESX

    VM

    #4

    VM

    #3

    ServerVM

    #2

    VM

    #1

    Initiator

    Nexus 5000

    Nexus 5000 with VN-Link

    (Hardware Based)

    VMW ESX

    VM

    #1

    VM

    #4

    VM

    #3

    Server

    VM

    #2

    NIC NIC

    LAN

    Nexus

    1000V

    Nexus 1000V

    Cisco Nexus 1000V

    (Software Based)

    Cisco Virtual Network Link VN-Link

    Mobility of Network

    & Security Properties

    Non-Disruptive

    Operational Model

  • 8/22/2019 Nexus 1000v Tdm

    34/35

    2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 35

    VN-Link With the Cisco Nexus 1000V

    Cisco Nexus 1000V

    Software Based

    VMW ESX

    VM

    #1

    VM

    #4

    VM

    #3

    ServerVM

    #2

    Nexus 1000V

    NIC NIC

    LAN

    Nexus

    1000V

    Industrys first third-party ESX

    switch

    Built on Cisco NX-OS

    Compatible with switching platforms

    Maintain Virtual Center provisioning

    model unmodified for server

    administration; allow network

    administration of Nexus 1000V via

    familiar Cisco NX-OS CLI

    Policy-Based

    VM Connectivity

    Non-Disruptive

    Operational Model

    Mobility of Network

    and Security Properties

  • 8/22/2019 Nexus 1000v Tdm

    35/35

    Policy-Based

    VM Connectivity

    Non-Disruptive

    Operational Model

    Mobility of Network

    and Security Properties

    VMW ESX

    VM

    #4

    VM

    #3

    Server

    VM

    #2

    VM

    #1

    VN-Link

    Nexus

    Nexus Switch with VN-Link

    Hardware Based

    Allows scalable hardware-based

    implementations through hardware

    switches Standards-based initiative: Cisco &

    VMware proposal in IEEE 802 to

    specify Network Interface

    Virtualization

    Combines VM and physical network

    operations into one managed node

    VN-Link with Network Interface Virtualization