1. Journey to the Cloud with the Cisco Nexus 1000VSal Lopez
Technical Marketing EngineerJake Howering Product Manager Cisco
Confidential N1KV TDM 2011 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 1
2. J o o e L S e N u c n x r u g u e e n r s y D i 1 s V 0 o t
t a D 0 I 0 n t e c V e h w i v a F t 2011 Cisco and/or its
affiliates. All rights reserved. h C l o M o m e N i y l u t x o i
d u v O s n w e 1 / (vPath, NAM, vWAAS) 0 v r N 0 e i 1 0 Virtual
Network Services K V w : V a & v n V C S l o d G p U u d d a D
i e t e r c o t Virtual Security Gateway Introduction r & V e N
e N e N e N v O i e r t x x x x v r u u u u u a s s s s e i l 1 1 1
1 e S 0 0 0 0 w 1 0 0 0 c 0 0 0 0 u r V V V v O i y e t e T K e N o
r y v r Nexus 1000V Public Webinar Series G a u e i w e F b e t e F
e l a a w t s w a t u & h o y e r u o e r e B e s T t s i s a t
c n h g P n a r n d i c I a c t n l i s e c t a v O l e s l a v r t
o i e i Cisco Confidential n w 2
3. Todays Agenda Nexus 1000V Architecture Joe Dillon vCloud
Director Integration Sal Lopez Virtualized Workload Mobility
(vMotion) Jake Howering Q &A 2011 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential 3
4. 2010 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 4
5. Comparison to a Physical Switch Modular Switch Supervisor-1
Supervisor-2 Back Plane Linecard-1 Linecard-2 Linecard-NServer 1
Server 2 Server 3 2011 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 5
6. Moving to a Virtual Environment Modular Switch Supervisor-1
Supervisor-2 Back Plane Linecard-1 Linecard-2 Linecard-N ESX ESX
ESX 2011 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 6
7. Supervisors Virtual Supervisor Modules (VSMs) Virtual
Appliance VSM1 VSM2 Modular Switch Supervisor-1 Supervisor-2 Back
Plane Linecard-1 Linecard-2 Linecard-N ESX ESX ESX 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
7
8. Linecards Virtual Ethernet Modules (VEMs) Virtual Appliance
VSM1 VSM2 Modular Switch Supervisor-1 Supervisor-2 Back Plane
Linecard-1 Linecard-2 Linecard-N VEM-1 VEM-2 VEM-N ESX ESX ESX 2011
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 8
9. VSM + VEMs = Nexus 1000V Virtual Chassis Virtual Appliance
VSM1 VSM2 64 VEMs per 1000V (connected by L2 or L3) 200+ vEth ports
per VEM L2 Mode L3 Mode 2K vEths per 1000V Multiple 1000Vs can be
created per vCenter VEM-1 VEM-2 VEM-N ESX ESX ESXVSM: Virtual
Supervisor ModuleVEM: Virtual Ethernet Module 2011 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 9
10. Customer Request: Host VSMs on a Physical Appliance Virtual
Appliance Physical Appliance? VSM1 VSM2 L2 Mode L3 Mode 200+ vEth
ports per VEM VEM-1 VEM-2 VEM-N 64 VEMs per 1000V 2K vEths per
1000V Multiple 1000Vs can be created per vCenter ESX ESX ESXVSM:
Virtual Supervisor ModuleVEM: Virtual Ethernet Module 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
10
11. VSMs hosted on a Physical Appliance: Nexus 1010 Virtual
Appliance Nexus 1010 VSM-A1 VSM-A4 Up to 4 VSMs per Nexus 1010
VSM-B1 VSM-B4 Nexus 1010s deployed in redundant pair L2 Mode L3
Mode 200+ vEth ports per VEM VEM-1 VEM-2 VEM-N 64 VEMs per 1000V 2K
vEths per 1000V Multiple 1000Vs can be created per vCenter ESX ESX
ESXVSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module 2011
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 11
12. vPath Virtual Service Datapath Virtual Appliance vWAAS VSG
VSM vPath Virtual Service Datapath L2 Mode L3 Mode VSG Virtual
Security Gateway for 1000v vWAAS vPath Virtual WAAS Traffic
Steering VEM-1 VEM-2 Fast -Path Offload vPath vPath ESX ESX Nexus
1000V ver 1.4 & above 2011 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 12
13. Virtual Appliance Nexus 1010 vWAAS VSG VSM-A1 VSM-A4 NAM
VSM-B1 VSM-B4 NAM vPath Virtual Service Datapath L2 Mode L3 Mode
VSG Virtual Security Gateway for 1000v vWAAS Virtual WAAS VEM-1
VEM-2 vPath vPath ESX ESX *VSG on 1010 target: 2Q CY11 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
13
15. Builds on vSphere VMware vCloud Director Creates and
Manages User Portals Catalogs Security Virtual Data Centers Secures
Clouds Virtual Datacenter 1 (Gold) VMware vShield Virtual
Datacenter n (Silver) Provides self-service Isolates users into
organizations VMware VMware Provides portability and vCenter Server
vCenter Server programmability for control VMware vSphere VMware
vSphere 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 15
16. Nexus 1000V: IEEE 802.1Q standard-based distributed virtual
switch Deployed with VMware vSphere 4.0 and 4.1 Deployable with
VMwares Desktop and Cloud products When deployed with vCloud
Director, Nexus 1000V continues to provide: Rich NX-OS based
networking features Operational and feature consistency with Cisco
Nexus 7K/5K/2K switches Administrative segregation across server
and network teams 2011 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 16
17. vCloud Director Functionality Nexus 1000V Support vCloud
Director has three layers of Networks: Nexus 1000V supports all
three Provider networks vCloud Director networks Organization
networks vApp networks Nexus 1000V supports L2/VLAN isolation
through Portgroup-backed vCloud Director leverages network network
pools pools to allow for self-service isolated network provisioning
by Nexus 1000V does not support end-users/tenants vCloud Network
Isolation (VCNI), a VMware technology Nexus 1000V supports vShield
vShield Edge for security functions Edge * Maintains IEEE 802.1Q
frame format; physical network 2011 Cisco and/or its affiliates.
All rights reserved. continues to provide ACL/security, monitoring,
Confidential Cisco etc. 17
18. Both Cisco and VMware consider Cisco Nexus 1000V an
integral component of VMwares vSphere and vCloud product lines
Cisco and VMware are working together on a jointly supportable
network isolation solution Both companies are committed to
delivering interoperable solutions for current and future versions
of these products 2011 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 18
19. Organization A Organization B Organization C vApp vApp vApp
vApp vApp vApp V V V V V V MV VM VM MV VM MV MV VM CloudVM MV VM MV
MV VM VM MV VM MV M M M M M M Cisco Nexus 1000V VEM Cisco Nexus
1000V VEM Cisco Nexus 1000V VSM Traffic Classification, Bandwidth
Reservation, Rate Limiting, QoS Statistics 2011 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 19
20. Organization A vApp MySQL DB WebServer Client Cloud Cisco
Nexus 1000V VEM Port-Mirroring Across L3 Boundaries Using ERSPAN
Cisco NAM VSB Cisco Nexus 1000V VSM Cisco Nexus 1010 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
20
21. VMware vCloud Director provides 2 mechanisms for this VLAN
based isolation 802.1Q Standards based with port-group backed or
VLAN backed network pools VLAN isolation has major benefits, as in
physical networks like QoS, monitoring and security Nexus 1000V
supports VLAN based isolation with port-group backed pools ETYPE =
DA SA 802.1Q VLAN ID Payload 0x8100 vCloud Director Network
Isolation (VCNI) VMware technology to be used with vSphere vDS 2011
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 21
22. Cloud Provider Organization A Organization B Org A vDC Org
B vDC vApp 1 vApp 2 vApp 3 vApp 4 VM1A VM1B VM2A VM2B VM2C VM3A
VM3B VM4A VM4B N1K 3 A2.3 VSE1 VSE2 VSE3 Network Type Label Nexus
1000V Port-Profile vApp Internal Network N1KV_vApp_VLAN301
N1KV_vApp_VLAN300 Organization Directly Connected External
Connected to N1KV_Provider_Ext Network Organization Routed Network
N1KV_Org_VLAN200, N1KV_Org_VLAN201 Provider External Network
N1KV_Provider_VLAN170 2011 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 22
23. vApps use vEthernet interfaces Static Fixed DVPort ID
throughout life of vNIC, even after VM reboot Allocated from
reserved port group pool Port groups with Static binding have
limited number of ports, defined by max-port Ephemeral New DVPort
ID each time vNIC is connected/disconnected and changes each time
VM is rebooted Not allocated by port group pool reservation Usage
based on max limit of DVS, not max-port setting Recommended for
dynamic/automated environments such as vCD 2011 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 23
24. VSM must be present on vCenter to be used with vCloud
Predefine port-profiles prior to vCloud networks definition
Allocate a range of VLAN IDs to use for vCloud deployment and
associate each to a unique port-profile Use descriptive
port-profile names that include type of network and/or customer
information VLAN ID vApp, Organization or Provider part of name Use
these when creating port-group backed network pools from vCloud
Director interface Will eventually be assigned to a VM by vCloud
Director, so can use QoS and security within port-profile 2011
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 24
25. Create an network pools to be used by an Organization
Specifically to be used: External Organization Network and
Organization Networks Use VLANs 170, 200 and 300 vApps and networks
similar to the following diagram 2011 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential 25
26. Org A vApp VSE1 VSE2 VM1A VM2A VM2B VM2C N1KV_vApp_VLAN301
Direct Connected N1KV_vApp_VLAN300 N1KV_Org_VLAN200
N1KV_Provider_VLAN170 Port-Profile Network to Provider Port-Profile
Port-Profile Port-Profile VEM VEM VEM Nexus 1000V VEM Nexus 1000V
VEM Nexus 1000V VEM ESXi ESXi ESXi Data Center Network vCenter
Server Nexus 1000V VSM 26 2011 Cisco and/or its affiliates. All
rights reserved. vCloud Director Confidential Cisco
27. Define a range of VLANs and conventions vlan 170 name
Provider_Infra_VLAN170 vlan 200 name Org_VLAN200 Descriptive Names
vlan 300 name vApp_VLAN300 2011 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 27
28. Port-profile configuration on VSM port-profile type
vethernet N1KV_Provider_VLAN170 vmware port-group port-binding
ephemeral switchport mode access switchport access vlan 170
Descriptive Port-Profile no shutdown state enabled name with VLAN
ID port-profile type vethernet N1KV_Org_VLAN200 vmware port-group
port-binding ephemeral switchport mode access switchport access
vlan 200 no shutdown Use of ephemeral state enabled port binding
port-profile type vethernet N1KV_vApp_VLAN300 vmware port-group
service-policy input platinum_in_mark port-binding ephemeral
switchport mode access Provide QoS Policy switchport access vlan
300 no shutdown for vApp state enabled 2011 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 28
29. Port-Group backed network pool configuration on vCloud
Director interface Previously Defined Port-Profile 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
29
30. Networks visible from the Provider and Organization Views
2011 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 30
31. Nexus 1000V and vCloud Director Interopability Technical
White Paper https://communities.cisco.com/docs/DOC-21111 Nexus
1000V Configuration Guides www.cisco.com/go/nexus1000V vCloud
Director Administrators Guide www.vmware.com/products/vcloud 2011
Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 31
32. VirtualizedWorkload Mobility Data Center Strategyin Data
CenterInterconnectJake Howering, Product ManagerCisco Systems
Architecture and Strategy Unit (SASU)May 2011 2008 Cisco Systems,
Inc. All rights reserved. Cisco Confidential 33
33. Virtualized Workload MobilityA New Validated Design with
the Nexus 1000vTodays TopicsSystems Architecture and Strategy
UnitData Center InterconnectVirtualized Workload Mobility Cisco
Confidential 34
34. Systems Architecture and Strategy UnitEnabling execution
Partner Integration Implementation Application Networking &
Data Center Switching TG Switching TG Service Systems Architecture
and Provider Strategy Unit Integration Ethernet Cloud Services
Switching TG & Switching TG Implementation Enterprise
Integration Implementation Cisco Confidential 35
35. Systems Architecture and Strategy UnitProgram overview
Mission Provide scalable flexible Data Center and Borderless
solutions, which focus on real-world challenges, provide dramatic
differentiation and result in significant reduction in
implementation/integration. Scope Data Center Interconnect (DCI)
Cloud Computing Data Center POD Interconnect Borderless Network
Cisco Products & 3rd party productsDeliverables Design and
Implementation Guide (DIG) Master Verification Publication (MVP)
Transfer of Information (TOI) Focused Launch and Marketing Campaign
Cisco Confidential 36
36. Systems Architecture and Strategy Unit Process and
deliverablesProcess Information Architecture design Test plan
Design verification collection development development &
integration Phase 1 Phase 2 Phase 3 Phase 4Deliverables Systems
Systems Master Design & Requirements Architecture Verification
Implementation Documentation Specification Plan Guide (SRD) (SAS)
(MVP) (DIG) Cisco Confidential 37
37. Data Center VirtualizationDriving Application Mobility and
Resource Optimization Server Virtualization Consolidation of
physical servers as virtual servers to reduce management, power and
cooling, etc Hypervisors such as vSphere with VMware VMotion enable
application mobility Storage Virtualization Consolidation of
physical storage assets to logical storage assets + Network
Virtualization Creating pools of network ports that are isolated,
but which reside on the same physical infrastructure + Data Center
Interconnect for the Virtualized Data Center Cisco Confidential
38
38. Data Center InterconnectMany Good Reasons to have Multiple
Data CenterLocationsBusiness Driver IT Solutions Workload Mobility
Virtual Machine Cost of Real Estate, Power, Cooling Mobility Server
Clustering Cloud Computing Business Models Data Center
Maintenance/migration/consolidation Cisco Confidential 39
39. Virtualized Data CenterOne Virtual Data Center, distributed
locations Data Center Interconnect SAN LAN SAN LAN Cisco
Confidential 40
40. Virtual Machine Mobility Across Data CentersData Center 1
Data Center 2 Data Center Interconnect VMware vCenter Nexus Nexus
1000V 1000V vSphere vSphere Cisco Confidential 41
41. Data Center Interconnect (DCI)ComponentsDCI Purpose
EcosystemComponentsVirtualization Server Virtualization is a
baseline requirement, preparing virtualNetwork and machines for
application mobilityServer Network Virtualization is a baseline
requirement to enable virtual network connectivityLAN Extensions
Extend same VLAN across Data Centers to enable Layer 2 connectivity
between Virtual MachinesStorage Providing applications access to
storage locally, as well asExtensions remotely with desirable
storage attributesRouting Routing users to the data center where
the application residesOptimization while keeping symmetrical
routing in consideration for IP services (e.g. Firewall) Cisco
Confidential 42
42. Virtualized Workload Mobility DCI Phase 4 Scheduled Release
July 10, 2011 Virtualized Workload Mobility Virtualized Workload
Mobility enables: Data Center Virtualized Server Disaster Planning
consolidation Resource strategies, including and/or expansion
distribution over Disaster Avoidance over distance distance
capabilities Virtualized Workload Mobility Cisco Confidential
43
43. Virtualized Workload Mobility Main Goals *CVD Validate
Nexus 1000v in DCI Define Architecture Constraints and address
customer concerns Define a DCI Architecture that supports workload
mobility * Cisco Validated Design Cisco Confidential 44
44. Virtualized Workload Mobility DCI Phase 4 Solution
Components Virtualization Nexus 1000v VMware vSphere LAN Extension
Overlay Transport Virtualization Virtual Port Channels Storage
Extension Synchronous Replication with Fibre Channel Share Storage
Model Netapp FlexCache EMC VPLEX Routing Optimization Egress the
Virtual Data Center - HSRP Localization Ingress the Virtual Data
Center ACE/GSS integration with vCenter Cisco Confidential 45
45. Virtualized Workload Mobility Constraints and Concerns
Virtualized Workload Mobility Constraints Concerns Storage
Synchronous VMware 5 ms Service System Replication RTT Performance
Integration Fibre Channel Theoretical: Which storage Will Nexus
distance ~ 100 2.5 ms one model to 1000v port km way ~ 750 km
choose profile migrate Optimize with Optics: 2.5 ms Which storage
Will application storage one way ~ 500 products to performance
extensions km use degrade Distance at 100 km Multiple Test
Iterations Cisco Confidential 46
46. Nexus 1000v Deployment Model Stretching the Cluster to
100km apartNexus 1000v VSM Pair VNMC Layer 2 Extension V S M V S M
C t v e n e r ( ) ( d b ) ( ) A t i S t A t i c e v a n y c e v S h
S h S h S h v p e e r v p e e r v p e e r v p e e r i l i d