Cisco Nexus 1000V for Microsoft Hyper-V Webinar March 6

Cisco Nexus 1000V for Microsoft Hyper-V

Damian Flynn, MVP Cloud and Datacenter & Infrastructure Architect, Lionbridge Gunnar Anderson, Product Marketing Manager, Cloud Networking & Services, Cisco Appaji Malla, Sr. Product Marketing Manager, Cloud Networking & Services, Cisco Sai Chaitanya, Technical Marketing Engineer, Cloud Networking & Services, Cisco

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Register and view recordings/presentations here: www.cisco.com/go/1000vcommunity

Date/Time Topic

Thur, Feb 21st at 0900 PST Cisco Open Network Environment (Cisco ONE) – Next Phase of Network Programmability and SDN

Thur, Feb 28th at 0900 PST Cisco One Platform Kit (onePK): Technical Deep Dive and key use cases

Wed, Mar 6th at 0900 PST Nexus 1000V for Hyper-V with Microsoft SCVMM integration

Wed, Mar 13th at 0900 PST Cisco ONE controller: Technical Deep Dive and key use cases

Wed, Mar 20th at 0900 PST 5000 Seat VDI Reference Architecture: Cisco UCS & Nexus 1000V, Citrix XenDesktop, and EMC VNX

Wed, Mar 27th at 0900 PST Nexus 1000V v2.2 for vSphere: More scale, Multicast-less VXLAN, VXLAN Gateway

Wed, April 3rd at 0900 PST Cloud Services Router (CSR 1000V): Technical deep dive and key use cases

Wed, April 10th at 0900 PST Cloud Security with ASA 1000V and Virtual Security Gateway v2.1 (VSG)

Wed, April 17th at 0900 PST Secure Hybrid Cloud solution with Nexus 1000V InterCloud & VNMC InterCloud

Wed, April 24th at 0900 PST Nexus 1100 for Cloud Network Services: New Services & Ecosystem

Wed, May 1st at 0900 PST Cloud Networking Services: vNAM and vWAAS

Wed, May 8th at 0900 PST Virtualized Multiservice Data Center (VMDC) solution with Cloud Networking Services

Wed, May 15th at 0900 PST Nexus 1000V for KVM (with OpenStack and VXLAN)

http://www.cisco.com/go/1000vcommunity


Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.


• Cisco Virtual Networking Solutions

• WS2012 & SCVMM 2012 Networking Overview

• Nexus 1000V architecture

• N1KV Integration with SCVMM

• Virtual Services

• How to participate in Public Beta

• Live Demo


Overlay Technology

Support

Operational Complexity

Managing

networks

across

physical &

virtual

environments

Maturing Hypervisor

market

Economics

Use-cases

requiring

different

hypervisors

Public Cloud

Security

concerns for

public cloud

Mobility

concerns

Resource

Utilization

VM Mobility

across DC

Mobility

across DCs

Mobility

across clouds

Virtual Services

Secure virtual

environment

Rich network

services

Diverse Virtualization Requirements for DataCenter Customers

Multi-services support with

vPath

Multi-hypervisor

Support

Consistent Operational

Model

Multi-cloud support


PHYSICAL

WORKLOAD

VIRTUAL

WORKLOAD

CLOUD

WORKLOAD

• One app per Server

• Static

• Manual provisioning

• Many apps per Server

• Mobile

• Dynamic provisioning

• Multi-tenant per Server

• Elastic

• Automated Scaling

HYPERVISOR VDC-1 VDC-2

CONSISTENCY: Policy, Features, Security, Management

Nexus 1000V, VM-FEX

Virtual WAAS, VSG, ASA 1000V, vNAM*

UCS for Virtualized Workloads

Nexus 7K/5K/3K/2K

WAAS, ASA, NAM

UCS for Bare Metal

Cloud Services Router (CSR 1000V) ASR

Switching

Routing

Services

Compute


Multi-Hypervisor

Multi-Services

Multi-Cloud

Nexus 1000V


Cisco Nexus 1000V

Cisco UCS VM-FEX

Cisco UCS Manager

Cisco UCS PowerTool

Cisco Unified Computing

(UCS)

Manageability Compute Networking

Certified for various Microsoft applications



• What is the pricing associated with Nexus 1000V for Hyper-V?

Ans: It will be consistent with the existing product.

• Does the product work with all vesions of Hyper-V?

Ans: the product works only with Hyper-V 3.0 – that version that is shipped with WS2012. Also, you need to have SCVMM 2012 to use N1KV.

• Can the same N1KV manage both ESX & Hyper-V?

Ans: No. Sepearate N1KV switches should be deployed for different hypervisor environments.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 11

Damian Flynn is the Infrastructure Architect on the Corporate IT team.

His current focus is on Software Defined Networks (SDN) with “Azure

for Window Server Services”, with perspective on Orchestration of

repeatable processes in “Dev/Ops” scenarios.

He has a keen interest in Cloud Computing from both a business strategy

and technical viewpoint and has presented sessions on building and

managing Private/Hybrid Clouds at a number of industry events. Damian

authored the Cloud chapters on two books, is active in many MS

Programs, blogs at www.damianflynn.com, tweets at @damian_flynn, and

and has published a number of white papers and technical articles.








• Live Demo



• Hyper-V extensible switch

“A virtual Ethernet switch that runs in the management operating system of the Hyper-V parent partition. Through the use of extensions, independent software vendors (ISVs) can extend the switch functionality.”

Cisco Nexus 1000V

Cisco UCS VM-FEX

Windows PowerShell

Unified tracing, capture &

diagnostics

SR-IOV

Dynamic VMQ

Port Mirror & ACL

IPsec Offload & QOS

Manageability Benefits Extensibility


• VHDX support

• Storage Enhancements

Windows Standards-Based Storage Management

Thin provisioning of logical units, and for the discovery of SAS storage

• Hyper-V Host Provisioning

Deep discovery with detailed information about physical network adapters

• VMM Console Add-Ins

Enable new actions or additional configuration for VMM objects

Embed custom WPF UI or Web Portals

• Enhanced Networking Architecture

Network Virtualization

Extensible Switch, Extension Support

• ·.

• ·.



VLAN 5

10.0.1.0/24

VLAN 15

10.0.1.0/24

LOGICAL PLAN

Virtu

al M

ach

ine

Netw

ork

s

Lo

gic

al

Netw

ork

s

Logical

Network

Network

Site

(Logical

Network

Definition)

Hyper-V Network Virtualization Filter

A

10.0.1.0/24

B

10.0.1.0/24

Tenant 2

10.0.1.0/24

Tenant 1

10.0.1.0/24

Internet All Tenants

Various SubnetsTenant 3

10.0.1.0/24

Tenant 4

10.0.1.0/24Tenant 5

10.0.1.0/24

Internet

VLAN 0 VLAN 25 VLAN 30 VLAN 35

Provider Network External NetworkVLAN Isolated Storage

External

VLAN-based configuration - You can continue to use familiar

virtual local area network (VLAN) technology for network isolation.

No isolation – You can get direct

access to the logical network with a

VM network. Appropriate for a host

management or shared Internet

networks.

Network virtualization – You can support multiple tenants

(also called clients or customers) with their own networks,

isolated from the networks of others.

Use external networks – You can use a vendor

network-management console that allows you

to configure settings on your forwarding

extension. VMM will import those settings.

Virtual Machine Networking

No VM networking –

Networks that don t

require access by VMs

do not use VM

networks. For example,

storage networks.

VLAN 10

Isolation method for

external networks is not

visible to VMM.


1

8


Port-Classifications

• Provide a level of indirection to Virtual Port Profiles

• Provide a way to group Port Profiles from different Hyper-V switch extensions

Bundling of profiles

from each extension is

the port-classification








• Live Demo


Nexus

1000V VSM

Extensible vSwitch

Nexus 1000V VEM

VM VM VM VM

VNICs

Advanced NX-OS feature-set

SCVMM Integration

vPath Services architecture

Consistent operational model PNICs


WS 2012 Hyper-V

Modular Switch

…

Linecard-N

Supervisor-1 (Active)

Supervisor-2 (StandBy)

Linecard-1

Linecard-2

Ba

ck P

lan

e

VEM-N VEM-1 VEM-2

VSM: Virtual Supervisor Module

VEM: Virtual Ethernet Module

VSM-1 (active)

VSM-2 (standby)

Virtual Appliance

Network

Admin

Server

Admin

NX-OS

Control Plane

NX-OS

Data Plane

WS 2012 Hyper-V WS 2012 Hyper-V


System Center Virtual Machine Manager

Cisco

Nexus

1000V

VEM

Cisco

Nexus

1000V

VEM

Cisco

Nexus

1000V

VEM

VM VM VM VM VM VM VM VM VM VM VM VM

Cisco Nexus 1000V VSM

Virtual Supervisor Module (VSM)

• Virtual or Physical appliance running Cisco NXOS (supports Hi-availability)

• Performs management, monitoring, and configuration

• Tight integration with management platforms

Virtual Ethernet Module (VEM)

• Enables advanced networking capability on the hypervisor

• Provides each virtual machine with dedicated “switch port”

• Collection of VEMs : 1 virtual network Distributed Switch

WS 2012 Hyper-V WS 2012 Hyper-V WS 2012 Hyper-V

Server Server Server


Switching L2 Switching, 802.1Q Tagging, Rate Limiting (TX)

IGMP Snooping, QoS Marking (COS & DSCP)

Security Policy Mobility, Private VLANs w/ local PVLAN Enforcement

Access Control Lists (L2–4 w/ Redirect), Port Security

Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping*

Provisioning

Visibility Live Migration Tracking, NetFlow v.9 w/ NDE, CDP v.2

VM-Level Interface Statistics

SPAN & ERSPAN (policy-based)

Management VM Network Provisioning (port-profiles), CiscoWorks, Cisco DCNM

Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)

Hitless upgrade, SW Installer

Network Services Virtual Services Datapath (vPath) support for traffic steering & fast-path

off-load [leveraged by Virtual Security Gateway (VSG) and other services]

Full integration with System Center – VM Manager (SCVMM)

Faster network policy provisioning through port profiles

* Only with Advanced Edition


Networks & policies

synced to SCVMM

Adds hosts to N1KV

Connects VMs (VNICs) to

VM Networks

Nexus

1000V

VEM

Server

Nexus 1000V

VSM

Win 8 Hyper-V

SCVMM

Network

Admin

Create networks and

policies (logical

networks, network

sites, VMnetworks)

SCVMM manages the placement and

live-migration of the VMs based on

the constraints between VM

networks and the network sites. VM VM VM VM

Server

Admin


Provide SCVMM Credentials Provide Host info for Primary & Secondary VSM


• Why the Nexus 1000V, and my WS2012 experience?

• Alpha

New concepts for the Server Administrator (Let it go!)

What VSM, VEM, VFEX…

Tricky Installation, and lots of NX-OS CLI

• Beta

NX-OS maturing commands

Familiar environment for the Network Engineer

Unification with Microsoft WS/SC terminology, and VMM concepts

• Public Beta

Unified management for Physical and Virtual Infrastructure

Reduced time to resolution, via NX-OS access to the Virtual NIC


• Return the Status Quo Hyper-V Administrator are not Network Engineers (Honestly!)

• Deliver Consistency Physical and Virtual Networks implement consistent policies

Network Engineers manage both the Physical and Virtual Networks

Server Engineers manage the Compute and Storage

• Elasticity Vastly simplified host networking configuration

Faster, repeatable and consistent host provisioning

Clear segregation of ownership, accelerated problem resolution

• Business Process Improvements VMs and Physical devices are first class end points on the network

Standardized Policies for Tracing, Monitoring, Management, Debugging

Consistent Network visibility in the hybrid environment






• Virtual Services (N1KV)


• Live Demo


# network-segment-poool Intranet_POD1

# network-segment Intranet_POD1_SUBNET1

switchport mode access

switchport access vlan 20

ip-pool Intranet_POD1_Pool1

network-definition Intranet_POD1











Network Site “Intranet_POD1”

VM Network Intranet_POD1_SUBNET1



• A Network Site is a

grouping of VM Networks that

are always available together

on the same host

simultaneously

• A host uplink can be

configured to carry one or

more Network Sites


Port Profiles

Defined Policies

WEB Apps

HR

DB

DMZ

Policy-Based VM Connectivity

Mobility of Network and Security Properties

Non-Disruptive Operational Model

Cisco Virtual Networking

Nexus

1000V

VEM

Nexus

1000V

VEM

VM Connection Policy

• Defined in the network

• Applied in SCVMM

VM VM VM VM VM VM VM VM

VM Mgmt Station Nexus 1000V VSM

Server Server

Hypervisor Hypervisor


VMs Need to Move

• VM Migration

• Resource Scheduling

• SW upgrade/patch

• Hardware failure

Policy-Based VM Connectivity

Mobility of Network and Security Properties

Non-Disruptive Operational Model

Cisco Virtual Networking

VM VM VM VM

VM VM VM VM

VM Mgmt Station Nexus 1000V VSM

VM VM VM VM

VM Networking

Mobility

• Live Migration

• Ensures VM security

• Maintains connection state

Nexus

1000V

VEM

Nexus

1000V

VEM

Server Server

Hypervisor Hypervisor


Current N1KV/ESX Version N1KV/Hyper-V Version

# port-profile db-client

ip port access-group dbclient in

no shut

state enabled

# port-profile db-server

ip port access-group dbserver in

no shut

state enabled

# network-segment db-network



DB Clients DB Servers

DB Network

VM VM VM VM

# port-profile db-client



ip port access-group dbclient in

no shut

state enabled

# port-profile db-server



ip port access-group dbserver in

no shut

state enabled


$User = "admin"

$Password = ConvertTo-SecureString –String

"Secret123" –AsPlainText -Force

$VSMIPaddress = "10.105.228.108"

$URI = "http://"+ $VSMIPaddress + “/api/”

$Credentials = New-Object –TypeName

System.Management.Automation.PSCredential –

ArgumentList $User, $Password

Basic Parameters Required for API Calls

#Update IP-Pool Information - HTTP POST

$IPPURI=$URI +"hyper-v/ip-address-pool/pool1"

$IPPArg = '{"name":"pool1",

"addressRangeStart":"192.168.0.2",

"addressRangeEnd":"192.168.0.16"}‘

ConvertFrom-Json -InputObject $IPPArg

Invoke-RestMethod -Uri $IPPURI -Credential

$Credential -Method Post -Body $IPPArg

Read/Write Object (IP Pool)

#$VMNURI = $URI +"hyper-v/vm-network-definition/vmn4"

$VMNArg = '{"name":"VMN4"}‘

ConvertFrom-Json -InputObject $VMNArg

Invoke-RestMethod -Uri $VMNURI -Credential $Credential

-Method Delete -Body $VMNArg

DELETE Object (VM network)


• Xian SCOM Plugin for Nexus 1000V

• Monitors various metrics:

Availability (ICMP and SNMP)

TCP Connections

Uptime

Traffic, total, error etc.

Bandwidth

3

5








• Live Demo


Nexus 1000V

Distributed Virtual Switch

VM VM VM

VM VM

VM

VM VM VM

VM

VM

VM VM VM

VM VM VM VM

VM

vPath

Log/Audit

Initial Packet

Flow

Virtual Security

Gateway (VSG)*

1 Flow Access Control

(policy evaluation)

2

Decision

Caching 3

4

* First version only supports network attributes


Nexus 1000V

Distributed Virtual Switch

VM VM VM

VM VM

VM

VM VM VM

VM

VM

VM VM VM

VM VM VM VM

VM

vPath

Remaining

packets from flow

ACL offloaded to

Nexus 1000V

(policy enforcement)

Log/Audit

Virtual Security

Gateway (VSG)*

* First version only supports network attributes








• Live Demo


High Touch Beta

• Over-subscribed.

• We have quite a number of participants that wanted to be part of the hi-touch beta

Public Beta

• Available to all participants that have a valid email-id, company name, and contact adress

• That are willing to test the product and provide constructive feedback

• Participate in the discussion forums, and contribute to the N1KV communitt


[email protected]

mailto:[email protected]






• Cisco Nexus 1000V software

Virtual Supervisor Module (VSM) ISO (n1000vh-dk9.5.2.1.SM1.5.0.1.iso)

Virtual Ethernet Module (VEM) MSI package (Nexus1000V.msi)

VSEM Provider MSI Package (CiscoProviderInstaller.msi)

N1KV Installer App (Cisco Nexus 1000V Installer)

• Installation Document & Screencast

Getting Started Guide for Cisco Nexus 1000V for Microsoft Hyper-V

• Beta Test-cases Document

Outlines sample test cases and configurations for the alpha features

• Cisco Nexus 1000V Beta Process Overview Presentation

• Documentation








• Live Demo


SCVMM

VM

Nexus

1000V

VSM

HOST01

Employee

VM Contractor

VM

WebServer

VM

HOST02 HOST03

Nexus 1000V

VEM -1

Nexus 1000V

VEM -2 HyperV

Switch


Win 2012 Hyper-V Win 2012 Hyper-V

Use Case 1 – Security using Access Control Lists

Nexus 1000V VSM

Nexus

1000V

VEM

Nexus

1000V

VEM

Configure the port-profiles so that web-server access is restricted: • Employee can access • Contractor is restricted

Contractor Employee Web

Server


Use Case 2 – Traffic Monitoring using Encapsulated Route Span (ERSPAN)


Nexus 1000V VSM

Nexus

1000V

VEM

Nexus

1000V

VEM

Configure a ERSPAN session on WebServer VM interface

Monitor the traffic the vNAM running on Nexus 1110


Server

VNAM



Nexus 1000V VSM

Nexus

1000V

VEM

Nexus

1000V

VEM

Live Migrate the VM

Demonstrate that SPAN session is maintained.


Server

Use Case 3 – Policy (SPAN) maintained across Live Migration

VNAM


• Cisco-Microsoft Partnership: http://www.cisco.com/go/microsoft

• Cisco Nexus 1000V: http://www.cisco.com/go/nexus1000v

• Cisco UCS VM-FEX: http://www.cisco.com/go/vmfex

• Solution Overview: http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/solution_overview_c22-687087.html

• Q&A Doc: http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/faq_c67_687090_ns1154_Networking_Solutions_Q_and_A.html

http://www.cisco.com/go/microsoft

http://www.cisco.com/go/nexus1000v

http://www.cisco.com/go/vmfex

http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/solution_overview_c22-687087.html




http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/faq_c67_687090_ns1154_Networking_Solutions_Q_and_A.html




Thank you.

Cisco Nexus 1000V for Microsoft Hyper-V Webinar March 6

Technology

pst cisco

cisco andor

cisco confidential

cisco ucs nexus

thesole discretion of

pst nexus

cloud network services

pst cloud security