Upload
cisco-data-center-sdn
View
688
Download
6
Embed Size (px)
Citation preview
Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 1
Nexus 1000V – Ver 2.1 New Frontier in Virtual Maching NetworkingUday GokarnProduct Manager, Data Center Group
October 11. 2012
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Agenda• Architecture Overview
• New in just released Nexus 1000V ver 1.5.2
• Innovations in Nexus 1000V version 2.1
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Virtual Appliance Nexus 1010
vWAAS VSG VSM
NAM
NAM
VSG
VSG
Primary
Secondary
VSM
VSM
Cisco Nexus 1000 Portfolio
3
L3
Co
nn
ect
ivity
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
vPath: Virtual Service Data-path
VXLAN: Scalable Segmentation
VSG: Virtual Security Gateway
vWAAS: Virtual WAAS
ASA 1000V: Tenant-edge security
Virtual Service BladesVirtual Supervisor Module (VSM)
Network Analysis Module (NAM)
Virtual Security Gateway (VSG)
Data Center Network Manager (DCNM)
VEM-2
vPath
Win Server 2012
VXLAN
VEM-1
vPath
VMware ESX
VXLAN
ASA 1000V
VXLAN• 16M address space for LAN
segments
• Network Virtualization (Mac-over-UDP)
vPath• Service Binding (Traffic Steering)
• Fast-Path Offload
• Service Chaining
VEM-3
vPath
Open Source Hyp
VXLAN
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Latest innovations in Nexus 1000V Release 1.5.2 • True management control plane (Nexus 1000V Virtual Supervisor Module)
• VXLAN – First in the industry to release VXLAN Attend Break Out session – Today (5:00 to 6:00 PM) & Thursday August 30th (10:30AM to 11:30AM)
• vPath 2.0 Intelligent Traffic Steering to Network Services and fast path offload ASA 1000V & Virtual Security Gateway with service chaining – Now Shipping
• Separation of duties
• Supports vSphere 5.0, 5.0 U1 & 5.1 & vCloud Director v1.5
Nexus 1000V Release 1.5.2 now available for download
Cisco Public
Cisco Public 5© 2011 Cisco and/or its affiliates. All rights reserved.
New Innovations in Nexus 1000V version 2.1
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
New Features in version 2.1
• Essential and Advanced Edition support
• vCenter Plug-in
• vTracker
• Enhanced upgrade process
• Enhanced Installer App
• Split VSMs across data centers
• VEMs in remote branch offices
• Cisco TrustSec SXP support
Releasing soon
“Further Simplify and Enrich the End-User Experience”
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
VMware vCenter Plug-inProviding a holistic view of the virtual network from VMware vCenter
• N1KV Dashboard in vCenter presenting the VSM level and VEM level information
• VSM level information:• VSM health status
• License information
• Limits information
• VEM level information• Summary
• PNIC information
• Connected VM’s
• Limits
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
vTrackerAdded visibility into the virtual and physical network
Providing added network information at the fingertips:
1. vMotion View
2. VLAN View
3. VM-Info View
4. VM vNIC View
5. Module PNIC View
6. Upstream network view
VLAN View
vMotion View
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Simplifying Upgrade Process1. Flexibility to schedule N1KV upgrades on a per-host basis
Enabling incremental upgrades even during short maintenance windows
2. Simultaneously upgrade N1KV along with vSphere Hypervisor Requires vSphere version 5.0 U1 & above Supported in N1KV version – 1.5.2 and above
3. Modify VSM configurations between the upgrade maintenance windows VSM configuration changes allowed: Add/remove modules, port config, vlans, and other commands
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Enhanced Installer AppSimplifying the installation process
• Single pane of glass – simplified installation process
VSMs, VEMs,
VSM HA
VSM – VEM communication mode
• Options: Standard or Custom Installation
• The app supports:L3 (default) & L2 mode
HA mode (default)
Can load inputs from a config file
• Recommended for clean installation only
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Redundancy across DataCenters
Active and Standby VSMs across DCs VSM can be split across two Datacenters Max Latency of 10ms recommended
Cisco Nexus 7000 Series
vSphere
Nexus1000V
vSphere
Nexus1000V
Cisco Nexus 7000 Series
Active VSM
Standby VSM
DC1
DC2
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Enabling Centralized Management of N1KVExtending VEMs to branch offices
VSM can be in a central location in the Head Quarter Datacenter VEMs can be spread across in different branches Use case: Centralized management for both DC and branch
Central VSM
VEM - Branch 1
VEM - Branch 2
VEM - Branch 3
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1313
“Marketing VM”Security
Group Tag
Security Group Tag
Wireless UserSXP
WAN/ Campus Network
VM VM VM
SXPSXP
SGT = “Marketing”
Security Group Tag “Marketing
Server”
Cisco TrustSec SupportEnables DC segmentation for virtual workloads
Data Center segmentation and consistent security policy enforcement across
physical and virtual workloads
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1414
Nexus 1000V
Active Directory
VDI Endpoint
ConnectionBrokers
Role assigned based on port profile
• Valid AD credentials and AD Group assignment enable the Connection Broker to assign the HVD from the Group VM Pool
• N1KV enables SGT in the port profile for dynamic IP/SGT binding
• SGACL/SGFW enforcement restricts the user’s access to only authorized application servers
Role-based access to application server
groups
vCenter
VM Pool Assignment (port group)
AD Group to VM Pool Mapping
Identity Services Engine
1
Use
r
cred
entia
ls
2
AD Gro
up
Assig
nmen
t
3
4
6
N7K or ASA
0
0UCS B/C Series
Hosted Virtual Desktops
(HVD)
UCS B/C Series
vApp
vApp
vApp
SGACL – NexusSGFW - ASA
5
- IP/SGT learned and sent to N7K/ASA via SXP
SXP
Security Group Tag
Cisco TrustSec SupportVXI Use Case
- SGT assigned to vEthernet port
Cisco Public
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Summary - New Features in version 2.1
• Essential and Advanced Edition support
• vCenter Plug-in
• vTracker
• Enhanced upgrade process
• Enhanced Installer App
• Split VSMs across data centers (split VEMs across DCs is already supported)
• VEMs in remote branch offices
• Cisco TrustSec SXP support
“Further Simplify and Enrich the End-User Experience”
Currenty in Beta with overwhelming response
Cisco Public
Thank you.