© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Carlos Campos Data Center Systems Engineer CCIE#16993 Storage/R&S Cisco Nexus 1000V
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
1
Carlos Campos
Data CenterSystems Engineer
CCIE#16993 Storage/R&S
Cisco Nexus 1000V
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
2
Session Objectives
At the end of the session, you should be able to:
�Explain the concept of VN-Link
�Describe the key components of the Nexus 1000V
�Articulate the integration points of the Nexus 1000V
with VMware
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
3
Strategicalliance
�Cisco isinvestingmore eachtime onVMWare
stocks
andmakingnewprojectsalong
�Cisco ispioneerin innovationalongwithVMWare
productsandtests theirproductsforcertifiedsolutions
�Nexus 1000V won thebest newproductaward
at
VMWorld2008
�Cisco Services has anend-to-endvirtualization
directiveforconsultingservices
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
4
VMware
andvirtualization
�Virtualizedenvironmentsare thenatural transitonto
10G
Reduce cabling
Reduce total numberofports
Reduce virtual machineoversubscription
�Resourcesunderutilized
SeveralNICsusednowadays(VMKernel, console, data, backup) andnotallofthemare as
usedas data ones
�Inconsistentresponsabilities/configurations
Network configurationsnowalsobeingpartofserversarea(vSwitch) whichleadsto
inconsistentconfigurations
Uplinkvalidation(security/QoS) mightbe neededbefore
Vmotion
�Monitoringisnotpossibleforsaturation, DoSattacks, etcwithinVMWare
No IPS, IDS inform
ationexporting
�Virtual-machineflexibility
Diversity in virtual-machines isnotpossibleduetoVmnicsharingandno QoSpolicing
enforced
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
5
Before/afterVMWare
considerations
Before
After
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
6
Before/afterVMWare
considerations
Before
After
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
7
Before/afterVMWare
considerations
Before
After
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
8
Cisco Nexus 1000V
Industry First 3rdParty Virtual Distributed Switch
�Nexus 1000V provides
enhanced VM switching for
VMW ESX environments
�Features VN-Link
capabilities:
�Policy-based VM connectivity
�Mobility of network and security
properties
�Non-disruptive operational model
�Ensures visibility and
continued connectivity
during VMotion
Enabling Acceleration of Server Virtualization Benefits
VMW ESX
Server 1
Server 1
VMware vSwitch
Nexus 1000V
VMW ESX
VMware vSwitch
Nexus 1000V
Server 2
Server 2
Nexus 1000V
VM
#4
VM
#3
VM
#2
VM
#1
VM
#8
VM
#7
VM
#5
VM
#5
VM
#2
VM
#3
VM
#4
VM
#5
VM
#6
VM
#7
VM
#8
VM
#1
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
9
Policy-Based
VM Connectivity
Virtualizingthe Network Domain
Two Complementary Models to Address Evolving Customer Requirements
•Cisco switch for VMW ESX
•Compatible with any switching
platform
•Leverages Virtual Center for server
admin; Cisco CLI for network admin
•Scalable, hardware based, high
perform
ance solution
•Standards driven approach to
delivering hardware based VM
networking
•Combines VM & physical network
operations into 1 m
anaged node
VMW ESX
VM
#4
VM
#3
Server
VM
#2
VM
#1
Initiator
Nexus 5000
Nexus 5000 with VN-Link
(Hardware Based)
VMW ESX
VM
#1
VM
#4
VM
#3
Server
VM
#2
NIC
NIC
LAN
Nexus
1000VNexus 1000V
Cisco Nexus 1000V
(Software Based)
Cisco Virtual Network Link –VN-Link
Mobility of Netw
ork
& Security Properties
Non-Disruptive
Operational Model
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
10
Cisco Nexus 1000V
Overview
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
11
Cisco Nexus 1000V Components
VMW ESX
Server 3
VM
#9
VM
#12
VM
#11
VM
#10 VEM
VMW ESX
Server 2
VM
#5
VM
#8
VM
#7
VM
#6 VEM
VMW ESX
Server 1
VM
#1
VM
#4
VM
#3
VM
#2 VEM
Virtual Ethernet Module(VEM)
�Replaces existing vSwitch
�Enables advanced switching capability
on the hypervisor
�Provides each VM with dedicated
“switch ports”
Virtual Supervisor Module(VSM)
�CLI interface into the Nexus 1000V
�Leverages NX-OS 4.01
�Controls multiple VEMsas a single
network device
Virtual Center
Nexus 1000V
VSM
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
12
Nexus 1000V ‘Virtual Chassis’Model
�One Virtual Supervisor Module managing
multiple Virtual Ethernet Modules
•Dual Supervisors to support HA environments
�A single Nexus 1000V can span multiple ESX
Clusters
SVS-CP# show module
Mod Ports Module-Type Model Status
---
-----
------------------------------------------------------------
--
1 1 Supervisor Module Cisco Nexus 1000V active *
2 1 Supervisor Module Cisco Nexus 1000V standby
3 48 Virtual Ethernet Module ok
4 48 Virtual Ethernet Module ok
--More--
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
13
Single Chassis Management
Upstream-4948-1#show cdpneighbor
Capability Codes: R -Router, T -Trans Bridge, B -Source Route Bridge
S -Switch, H -Host, I -IGMP, r -Repeater, P -Phone
Device ID Local Intrfce
Holdtme
Capability
Platform Port ID
N1KV-Rack10 Gig 1/5 136 S Nexus
1000V Eth2/2
N1KV-Rack10 Gig 1/10 136 S Nexus
1000V Eth3/5
N1KV-Rack10 Gig 1/12 136 S Nexus
1000V Eth21/2
�A single switch from control plane and m
anagement
plane perspective
Protocols such as CDP operates as a single switch
XML API and SNMP m
anagement appears as a single ‘virtual
chassis’
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
14
Virtual Supervisor Options
VSM
VSM
VSM
VSM
VSM
VSM
VSM Virtual Appliance
�ESX Virtual Appliance
�Special dependence on CPVA
server
�Supports up to 64 VEMs
VMW ESX
Server 3
VM
#9
VM
#12
VM
#11
VM
#10 VEM
VMW ESX
Server 2
VM
#5
VM
#8
VM
#7
VM
#6 VEM
VMW ESX
Server 1
VM
#1
VM
#4
VM
#3
VM
#2 VEM
VSM Physical Appliance
�Cisco branded x86 server
�Runs multiple instances of the
VSM virtual appliance
�Each VSM managed
independently
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
15
Virtual Ethernet Module
�VEM is a light weight (~10MB RAM) module that provides
switching capability on the ESX host
�Single VEM instance per ESX host
�Relies on the VSM to provide configuration
�Stores basic configslocally (system VLANs, Domain ID, etc…)
�Can run in last known good state without VSM connectivity
�Some will not work (Vmotion) in this state
�Must have VSM connectivity upon reboot to switch VM traffic
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
16
Switching Interface Types
�Physical Ethernet Ports
-NIC cards on each server
-Appears as ‘Eth’interface on a specific module in NX-OS
Example –‘Eth10/7’
-Static assignment as long as the module ID does not change
-Up to 32 per host
�Virtual Ethernet Ports
-Virtual Machine facing ports
-Appears as ‘Veth’within NX-OS.
-Not assigned to a specific module to simplify VMotion
Example –‘Veth68’
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
17
Cisco Nexus 1000V Scalability @
FCS
�A single Nexus 1000V
•66 modules (2x Supervisors and 64x
Ethernet Modules)
�Virtual Ethernet Module:
•32 physical NICs
•256 virtual NICs
�Limit Per Nexus 1000V
•512 Port Profiles
•2048 physical ports
•8,192 virtual ports (vmknic, vswif, vnic)
Virtual Supervisor
Virtual Supervisor --Standby
Standby
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
VEM
Virtual Supervisor
Virtual Supervisor --
Active
Active
Nexus 1000V
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
18
Virtual Supervisor to Virtual Center
�One way API between the VSM and Virtual Center
�Certificate (Cisco self signed or customer supplied) ensures
secure communications
�Connection is setup on the Supervisor
N1K-CP# show svsconnections
Connection VC:
IP address: 10.95.112.10
Protocol: vmware-vim https
vmwaredvsdatacenter-name: PHXLab
ConfigStatus: Enabled
OperStatus: Connected
Nexus 1000V
VSM
Virtual Center
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
19
Supervisor to Ethernet Module
�Two distinct virtual interfaces are used
to communicate between the VSM and
VEM
•Control
•Carries low level messages to ensure
proper configuration of the VEM.
•Maintains a 2 sec heartbeat what the
VSM to the VEM (timeout 6 seconds)
•Packet
•Carries any network packets between the
VEM and the VSM such as CDP/LLDP
�Must be on two separate VLANs
�Supports both L2 and L3 designs
VMW ESX
VM
#1
VM
#4
VM
#3
VM
#2 VEM
Nexus 1000V
VSM
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
20
Introduction to Port
Profiles
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
21
Introduction to Port Profiles
�Port Profiles are a collection ‘interface’commands
i.e.:
switchportmode access
switchportaccess vlan57
no shutdown
�Applied at the interface level using to either physical or
virtual interfaces
�Dynamic configuration
Port Profile changes are propagated immediately to all ports using that profile
�Interfaces can be configured m
anually in conjunction
with a profile
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
22
VMW ESX
Server
Nexus 1000V -VEM
VM
#1
VM
#4
VM
#3
VM
#2
What Can A Profile Contain?
Policy definition supports:
�VLAN, PVLAN settings
�ACL, Port Security, ACL
Redirect
�Cisco TrustSec(SGT)
�NetFlowCollection
�Rate Limiting
�QoSMarking (COS/DSCP)
�Remote Port M
irror (ERSPAN))
Nexus 1000V
VSM
Virtual Center
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
23
Port Profiles Propagation
�Port profiles are pushed via the Virtual Center API
�Upon connection/reconnection with Virtual Center the
VSM re-verifies the correct port profile configuration
exists within Virtual Center
�Port profile ‘state’and ‘type’must be set for
propagation to occur
N1K-CP(config-port-prof) state enable
N1K-CP(config-port-prof) vmwareport-group (optional name)
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
24
Network Administrator View
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
25
VMware Administrator View
�Consistent Workflow:
Continue to select Port Groups
when configuring a VM in
VMware Virtual Infrastructure
Client
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
26
Port Profile Mobility –Sim
plified VMotion
VMW ESX
Server 2
Nexus 1000 -—VEM
VMW ESX
Server 1
Nexus 1000V—VEM Nexus 1000V
VM
#5
VM
#8
VM
#7
VM
#6
VM
#1
VM
#4
VM
#3
VM
#2
VM
#1
Nexus 1000V
VSM
VM
#1
Virtual Center
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
27
Other joint
Solutions with
VMWare
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
28
Virtual Desktop Infrastructure and W
AAS
What is it?
•Centrally-hosted desktops with network
enhancements to enable highly interactive
applications and branch services
•Branch office printing
•Desktop protocol acceleration
(Vista & 64 bit XP)
Customer Benefits
•Enhanced User Experience
•Manageability
•Data security
•Cost savings
•Ease of upgrades / patches
ACE
WAAS
WAASWAN
LAN
Perform
ance
Over WAN
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
29
Lock Step
VMWare Fault Tolerance –
The killer App for 10GE
Go with Nexus 7000 and Nexus 5000
Zero downtime, zero data loss
No OS or app modifications needed
Easier to setup and manage than
traditional clustering
More cost effective than fault-tolerant
hardware
Two VMs kept in lock-step across
physically separate machines
In a hardware failure, second VM
continues executing without pause
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
30
Q&A
©2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
31