1. 2014 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 1 Les services rseaux se virtualisent aussi ! Mai 2014
Portfolio et Dmonstrations Damien Gouju [email protected] Vincent
Esposito [email protected] Systems Engineers Data Center Solutions
& Expertise 2. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 2 Principaux blocs fonctionnels dun
Data Center La virtualisation a introduit un nouveau bloc
fonctionnel Virtual Access SERVEURS VIRTUAL ACCESS EXTENSION LAN DC
SAN ROUTAGE LAN BACKBONE WAN LAN DEDIE SECURITE ET IP SERVICES
RESEAU DE MANAGEMENT OUT OF BAND SYSTEMES DE MANAGEMENT LAN
SWITCHING LAN STOCKAGE / SAUVEGARDE SERVEURS DE SAUVEGARDE STOCKAGE
SERVEURS 3. 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 3 Consquences rseau de la virtualisation
serveurs Challenges 1. Le dplacement des VMs implique une cohrence
de configuration rseau de bout en bout 2. Impossible de voir ou
dappliquer une rgle rseau pour le trafic commut localement dans
lhyperviseur 3. Ncessit dune nomenclature commune et dune
collaboration troite entre les quipes serveur et rseau (ex : pour
les rgles de scurit) Port Group Administration hyperviseur
Administration rseau 4. Passer du provisionnement sur demande au
self-provisionning (aka Cloud) 4. 2014 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential 4 Cisco Nexus 1000v Un
chassis modulaire virtuel Chassis modulaire Server 1 Server 2
Server 3 Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane
Linecard-N 5. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 5 Cisco Nexus 1000v Un chassis
modulaire virtuel Chassis modulaire Supervisor-1 Supervisor-2
Linecard-1 Linecard-2 BackPlane Linecard-N Hyperviseur Hyperviseur
Hyperviseur 6. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 6 Cisco Nexus 1000v Un chassis
modulaire virtuel Chassis modulaire VSM1 VSM2 Appliances virtuelles
VSM: Virtual Supervisor Module Supervisor-1 Supervisor-2 Linecard-1
Linecard-2 BackPlane Linecard-N Hyperviseur Hyperviseur Hyperviseur
7. 2014 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 7 Cisco Nexus 1000v Un chassis modulaire virtuel
Chassis modulaire VEM-NVEM-1 VEM-2 VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module VSM1 VSM2 Appliances virtuelles
Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane
Linecard-N Hyperviseur Hyperviseur Hyperviseur 8. 2014 Cisco and/or
its affiliates. All rights reserved. Cisco Confidential 8 Cisco
Nexus 1000v Un chassis modulaire virtuel Chassis modulaire
VEM-NVEM-1 VEM-2 VSM: Virtual Supervisor Module VEM: Virtual
Ethernet Module VSM1 VSM2 Appliances virtuelles L2Mode L3Mode
Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane
Linecard-N Hyperviseur Hyperviseur Hyperviseur 9. 2014 Cisco and/or
its affiliates. All rights reserved. Cisco Confidential 9 Cisco
Nexus 1000v Une mme architecture pour adresser les diffrents
hyperviseurs VM VM VM VM Nexus 1000V VEM ESXiNexus 1000V VSM
vCenter / vCD VM VM VM VM Nexus 1000V VEM Hyper-VNexus 1000V VSM
SCVMM VM VM VM VM Nexus 1000V VEM KVMNexus 1000V VSM OpenStack
Controller Node (future) 10. 2014 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 10 Nexus 1000v tire bnfice des
fonctions NX-OS Commutation L2 L2 Switching, 802.1Q Tagging, VLAN
Segmentation, VXLAN, Rate Limiting (TX) IGMP Snooping, QoS Marking
(COS & DSCP) Scurit Policy Mobility, Private VLANs w/ local
PVLAN Enforcement Access Control Lists (L24 w/ Redirect), Port
Security Provisionning Automated vSwitch Config, Port Profiles,
Virtual Center Integration Optimized NIC Teaming with Virtual Port
Channel Host Mode Visibilit ERSpan, NetFlow v9 w/ NDE, CDP v.2
VM-Level Interface Statistics Management Virtual Center VM
Provisioning, Cisco Network Provisioning, CiscoWorks ISSU, Cisco
CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3) Virtual Desktop (VDI)
DHCP Snooping, Dynamic ARP Inspection, Port Security Virtual
Service Domains Virtual Services Insertion de traffic intelligent
avec vPath (VSG, vWAAS, VPX, ASA 1000v) Essentialedition(Gratuit!)
Advanced (auCPU) 11. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 11 Embarquer les services rseau
Nouveau point dinsertion Des services embarqus sur demande:
Ingnierie = Temps, ressources, cots VLANs Obliger le passage du
trafic dans lappliance App Server Database Server Web Server App
Server Database Server Web Server Nexus 1000v Des services embarqus
de fait: Port-profile = Compliance, self-provisionning Un point de
passage naturel: le Virtual Switch VSNVSN 12. 2014 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 12 Les services
rseau virtualiss Portfolio et ecosystme Routeur WAN Serveurs Tenant
ASAv Cloud Firewall Nexus 1000V Infrastructure physique Datacenter
Cloud vWAAS Cisco Virtual Security Gateway Switches Citrix
NetScaler VPX Imperva SecureSphere WAF Cloud Services Router 1000V
Zone A Zone B vPath** Multi-Hypervisor (VMware, Microsoft,
OpenStack, Xen*) Nexus 1000V (Dist. Virtual Switch) Switch Distribu
Cohrence NX-OS VSG (Zone-based FW) Contrle la VM FW par zones ASAv
(Cloud FW) Edge firewall, VPN Inspection protocolaire vWAAS (WAN
Optimization) Optimisation du WAN Traffic Applicatif +7000 clients
Disponible Disponible Disponible CSR 1000V (Cloud Router)
Passerelle WAN L3 Routage et VPN Disponible Ecosystme de Services
Citrix NetScaler VPX virtual ADC Imperva Web App. FW Disponible
vNAM (Network Analytics) Visibilit applicative(L2 -L7) Disponible
*Roadmap Network Analysis Module (vNAM) VSG Prime Network Services
Controller API **Pre-standard NSH 13. 2014 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 13 Place aux
Dmonstrations! 14. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 14 Thmes des dmonstrations Scurit
Firewalling: ASAv VPN: ASAv + Anyconnect Filtrage Zone-Based: VSG
Flexibilit Loadbalancing: Citrix NetScaler 1000v Routage et
Extension L2: CSR 1000v + OTV Optimisation WAN: vWAAS Visibilit
Sonde rseau ERSPAN / Netflow: vNAM Trafic SNMP: SNMP Nexus 1000v +
Cacti Services Rseaux Virtualiss 15. 2014 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 15 N1Kv N1Kv
N1Kv Topologie du lab VSG WAN WEB1 WEB2 FILER Client Filer Client
Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv
NetScaler Site HQ Datacenter Cloud Site Distant VSG 16. 2014 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 16
N1Kv N1Kv N1Kv Demo 1: Filtrage avecASAv VSG WAN WEB1 WEB2 FILER
Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM
vWAAS vWAAS ASAv NetScaler Site HQ Datacenter Cloud Site Distant
VSG Scurit 17. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 17 N1Kv N1Kv N1Kv Demo 2: VPN avecASAv
VSG WAN WEB1 WEB2 FILER Client Filer Client Web Client Filer Client
VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud
Site Distant VSG Scurit NetScaler 18. 2014 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 18 Fonctions de
lASAv Fonctions du train ASA 9.x ASAv Suppression du Clustering et
du mode multi-contextes La virtualisation limine laspect contexte /
cluster Plusieurs vNICs, sous-interfaces VLANs Crypto logicielle
Remote Access VPN IPv6, NAT66, NAT46/NAT64 SDN et outils
traditionnels dadministration ASAv30 jusqu 2Gbps Mme politiques
grer sur le modle physique / virtuel Licence: Capacit / Fonctions,
perptuel ou sur 1-3-5 ans ASAV est disponible sur vSphere Roadmap
sur KVM / Hyper-V 19. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 19 N1Kv N1Kv N1Kv Demo 3: Zone-based
Firewall avec VSG VSG WAN WEB1 WEB2 FILER Client Filer Client Web
Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ
Datacenter Cloud Site Distant VSG Scurit NetScaler 20. 2014 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 20
Services de scurit virtualiss ASA & VSG Tenant BTenant A VDC
vApp vApp VDC Prime Network Services Controller ASA 5500-X / ASA SM
Firewalls trs haute performance Richesse fonctionnelle pour la
scurit dun domaine ASAv Firewall protgeant le tenant Base ASA Nexus
1000v Nexus 1000v vPath Hyperviseur Hyperviseur vPath Virtual
Security Gateway Apporter une scurit intra-tenant Assurer la
scalabilit et la performance VSG VSG VSG VSG VSG VSG est disponible
sur vSphere & Hyper-V (KVM: future) Inclus dans la licence
Nexus 1000v Advanced! 21. 2014 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 21 N1Kv N1Kv N1Kv Demo 4:
Loadbalancing avec Citrix NetScaler 1000v VSG WAN WEB1 WEB2 FILER
Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM
vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant VSG
Flexibilit NetScaler 22. 2014 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 22 Citrix NetScaler 1000v
NetScaler 1000v disponible sur Nexus 1110 et vSphere Licence lie la
capacit / aux fonctions Loadbalancer complet virtualis - Content
Switching - Caching - DNS et GSLB - SSL et SSL Offload -
Compression - Firewall Applicatif (L7) Reporting intgr
Administration par Prime Network Services Controller ou loutil
Citrix embarqu 23. 2014 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 23 N1Kv N1Kv N1Kv Demo 5: Mobilit avec
OTV sur CSR1000v VSG WAN WEB1 WEB2 FILER Client Filer Client Web
Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ
Datacenter Cloud Site Distant VSG Flexibilit OTV OTV NetScaler 24.
2014 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 24 Cloud Services Router 1000v Vritable routeur Cisco
IOS virtualis IOS XE complet Routage avanc (OSPF, EIGRP, BGP, PBR)
Large panel de fonctionnalits (IPv6, VRF, MPLS, OTV, IPSec, QoS,
NAT, GRE, LISP, ACL, ) Flexibilit de connectivit par ajout
dinterfaces virtuelles Administration via Prime Network Service
Controller, CLI IOS, Cisco Prime Infrastructure et API RESTful
CSR1000v disponible sur vSphere, KVM, OpenStack, Xen & Hyper-V
Licence lie la capacit / aux fonctions Disponible sur EC2! 25. 2014
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 25 N1Kv N1Kv N1Kv Demo 6: Optimisation des flux avec
vWAAS VSG WAN WEB1 WEB2 Client Filer Client Web Client Filer Client
VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud
Site Distant VSG Flexibilit FILER OTV OTV NetScaler 26. 2014 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 26
Virtual WAAS Optimisation de flux de toutes natures: - Microsoft
Exchange NTLM MAPI / eMAPI, SharePoint - Citrix ICA et ICA w/SSL,
Multi Stream ICA, - Optimisation des impressions - CIFS, SMB v2.x
natif - Caching en fonction du contexte applicatif - Optimisation
des flux TCP Interoprable avec les appliances WAVE et ISR Gestion
consistante avec Prime Central Manager vWAAS disponible sur vSphere
(Hyper-V roadmap) Licence lie la capacit / aux fonctions 27. 2014
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 27 N1Kv N1Kv N1Kv Demo 7: Visibilit avec vNAM VSG WAN
WEB1 WEB2 Client Filer Client Web Client Filer Client VPN CSR1kv
CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant
VSG FILER Visibilit OTV OTV NetScaler 28. 2014 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 28 Cisco Prime
Virtual NetworkAnalysis Module (vNAM) Outil de management et de
reporting centralis Support de SPAN, RSPAN, ERSPAN et NetFlow
Analyse du trafic rseau (Packet Capture, QoS, Jitter, ) Gestion des
encapsulations (VXLAN, CAPWAP, OTV, GRE, ) Fournit une visibilit
des applications (moteur dinspection protocolaire) et de leur temps
de rponse Solution conomique! vNAM hberge sur Nexus 1110, vSphere
et KVM Hyper-V: Roadmap Licence lie au dbit du trafic 29. 2014
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 29 Services rseaux Virtualiss Offre complte et ouverte
Continuit des oprations Tirent partie du N1kv Multi- hyperviseurs
Solutions prouves Conclusion