16
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 1 Nexus 1000V – Ver 2.1 New Frontier in Virtual Maching Networking Uday Gokarn Product Manager, Data Center Group October 11. 2012

Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

Embed Size (px)

Citation preview

Page 1: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 1

Nexus 1000V – Ver 2.1 New Frontier in Virtual Maching NetworkingUday GokarnProduct Manager, Data Center Group

October 11. 2012

Page 2: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Agenda• Architecture Overview

• New in just released Nexus 1000V ver 1.5.2

• Innovations in Nexus 1000V version 2.1

Cisco Public

Page 3: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Virtual Appliance Nexus 1010

vWAAS VSG VSM

NAM

NAM

VSG

VSG

Primary

Secondary

VSM

VSM

Cisco Nexus 1000 Portfolio

3

L3

Co

nn

ect

ivity

VSM: Virtual Supervisor Module

VEM: Virtual Ethernet Module

vPath: Virtual Service Data-path

VXLAN: Scalable Segmentation

VSG: Virtual Security Gateway

vWAAS: Virtual WAAS

ASA 1000V: Tenant-edge security

Virtual Service BladesVirtual Supervisor Module (VSM)

Network Analysis Module (NAM)

Virtual Security Gateway (VSG)

Data Center Network Manager (DCNM)

VEM-2

vPath

Win Server 2012

VXLAN

VEM-1

vPath

VMware ESX

VXLAN

ASA 1000V

VXLAN• 16M address space for LAN

segments

• Network Virtualization (Mac-over-UDP)

vPath• Service Binding (Traffic Steering)

• Fast-Path Offload

• Service Chaining

VEM-3

vPath

Open Source Hyp

VXLAN

Cisco Public

Page 4: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Latest innovations in Nexus 1000V Release 1.5.2 • True management control plane (Nexus 1000V Virtual Supervisor Module)

• VXLAN – First in the industry to release VXLAN Attend Break Out session – Today (5:00 to 6:00 PM) & Thursday August 30th (10:30AM to 11:30AM)

• vPath 2.0 Intelligent Traffic Steering to Network Services and fast path offload ASA 1000V & Virtual Security Gateway with service chaining – Now Shipping

• Separation of duties

• Supports vSphere 5.0, 5.0 U1 & 5.1 & vCloud Director v1.5

Nexus 1000V Release 1.5.2 now available for download

Cisco Public

Page 5: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

Cisco Public 5© 2011 Cisco and/or its affiliates. All rights reserved.

New Innovations in Nexus 1000V version 2.1

Cisco Public

Page 6: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

New Features in version 2.1

• Essential and Advanced Edition support

• vCenter Plug-in

• vTracker

• Enhanced upgrade process

• Enhanced Installer App

• Split VSMs across data centers

• VEMs in remote branch offices

• Cisco TrustSec SXP support

Releasing soon

“Further Simplify and Enrich the End-User Experience”

Cisco Public

Page 7: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

VMware vCenter Plug-inProviding a holistic view of the virtual network from VMware vCenter

• N1KV Dashboard in vCenter presenting the VSM level and VEM level information

• VSM level information:• VSM health status

• License information

• Limits information

• VEM level information• Summary

• PNIC information

• Connected VM’s

• Limits

Cisco Public

Page 8: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

vTrackerAdded visibility into the virtual and physical network

Providing added network information at the fingertips:

1. vMotion View

2. VLAN View

3. VM-Info View

4. VM vNIC View

5. Module PNIC View

6. Upstream network view

VLAN View

vMotion View

Cisco Public

Page 9: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Simplifying Upgrade Process1. Flexibility to schedule N1KV upgrades on a per-host basis

Enabling incremental upgrades even during short maintenance windows

2. Simultaneously upgrade N1KV along with vSphere Hypervisor Requires vSphere version 5.0 U1 & above Supported in N1KV version – 1.5.2 and above

3. Modify VSM configurations between the upgrade maintenance windows VSM configuration changes allowed: Add/remove modules, port config, vlans, and other commands

Cisco Public

Page 10: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Enhanced Installer AppSimplifying the installation process

• Single pane of glass – simplified installation process

VSMs, VEMs,

VSM HA

VSM – VEM communication mode

• Options: Standard or Custom Installation

• The app supports:L3 (default) & L2 mode

HA mode (default)

Can load inputs from a config file

• Recommended for clean installation only

Cisco Public

Page 11: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Redundancy across DataCenters

Active and Standby VSMs across DCs VSM can be split across two Datacenters Max Latency of 10ms recommended

Cisco Nexus 7000 Series

vSphere

Nexus1000V

vSphere

Nexus1000V

Cisco Nexus 7000 Series

Active VSM

Standby VSM

DC1

DC2

Cisco Public

Page 12: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Enabling Centralized Management of N1KVExtending VEMs to branch offices

VSM can be in a central location in the Head Quarter Datacenter VEMs can be spread across in different branches Use case: Centralized management for both DC and branch

Central VSM

VEM - Branch 1

VEM - Branch 2

VEM - Branch 3

Cisco Public

Page 13: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1313

“Marketing VM”Security

Group Tag

Security Group Tag

Wireless UserSXP

WAN/ Campus Network

VM VM VM

SXPSXP

SGT = “Marketing”

Security Group Tag “Marketing

Server”

Cisco TrustSec SupportEnables DC segmentation for virtual workloads

Data Center segmentation and consistent security policy enforcement across

physical and virtual workloads

Cisco Public

Page 14: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1414

Nexus 1000V

Active Directory

VDI Endpoint

ConnectionBrokers

Role assigned based on port profile

• Valid AD credentials and AD Group assignment enable the Connection Broker to assign the HVD from the Group VM Pool

• N1KV enables SGT in the port profile for dynamic IP/SGT binding

• SGACL/SGFW enforcement restricts the user’s access to only authorized application servers

Role-based access to application server

groups

vCenter

VM Pool Assignment (port group)

AD Group to VM Pool Mapping

Identity Services Engine

1

Use

r

cred

entia

ls

2

AD Gro

up

Assig

nmen

t

3

4

6

N7K or ASA

0

0UCS B/C Series

Hosted Virtual Desktops

(HVD)

UCS B/C Series

vApp

vApp

vApp

SGACL – NexusSGFW - ASA

5

- IP/SGT learned and sent to N7K/ASA via SXP

SXP

Security Group Tag

Cisco TrustSec SupportVXI Use Case

- SGT assigned to vEthernet port

Cisco Public

Page 15: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

Summary - New Features in version 2.1

• Essential and Advanced Edition support

• vCenter Plug-in

• vTracker

• Enhanced upgrade process

• Enhanced Installer App

• Split VSMs across data centers (split VEMs across DCs is already supported)

• VEMs in remote branch offices

• Cisco TrustSec SXP support

“Further Simplify and Enrich the End-User Experience”

Currenty in Beta with overwhelming response

Cisco Public

Page 16: Nexus 1000V: Ver 2.1 New Frontier in Virtual Maching Networking

Thank you.