Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Nexus 1000V Technical Overview

Published byRudolf Fowler Modified over 9 years ago

Similar presentations

Presentation on theme: "Cisco Nexus 1000V Technical Overview"— Presentation transcript:

1 Cisco Nexus 1000V Technical Overview

2 Agenda Introduction System Overview Switching Overview
Policy Management Advanced Features Network Management Troubleshooting & Diagnostics Design Examples Installation

3 Transparency in the Eye of the Beholder
With virtualization, VMs have a transparent view of their resources…

4 Transparency in the Eye of the Beholder
…but its difficult to correlate network and storage back to virtual machines

5 Transparency in the Eye of the Beholder
Scaling globally depends on maintaining transparency while also providing operational consistency

6 Scaling Server Virtualization
Networking Challenges Applied at physical server—not the individual VM Impossible to enforce policy for VMs in motion Security & Policy Enforcement Lack of VM visibility, accountability, and consistency Inefficient management model and inability to effectively troubleshoot Operations & Management Muddled ownership as server admin must configure virtual network Organizational redundancy creates compliance challenges Organizational Structure VM environments are mobile & increasingly complex Higher % of virtual workloads are mission critical Disparate operation models are inefficient Lack of visibility impacts problem resolution Security & Compliance enforcement is missing 6

7 VN-Link Brings VM Level Granularity
Problems: VMotion VMotion may move VMs across physical ports—policy must follow Impossible to view or apply policy to locally switched traffic Cannot correlate traffic on physical links—from multiple VMs VLAN 101 VN-Link: Extends network to the VM Consistent services Coordinated, coherent management Cisco VN-Link Switch

8 VN-Link With the Cisco Nexus 1000V
Cisco Nexus 1000V Software Based VM VM VM VM Industry’s first 3rd-party vNetwork Distributed Switch for VMware vSphere Built on Cisco NX-OS Compatible with all switching platforms Maintain vCenter provisioning model unmodified for server administration; allow network administration of virtual network via familiar Cisco NX-OS CLI vSphere Nexus 1000V Nexus 1000V Policy-Based VM Connectivity Mobility of Network & Security Properties Non-Disruptive Operational Model

9 Cisco Nexus 1000V System Overview

10 Cisco Nexus 1000V Components
Cisco VSMs vCenter Server Virtual Ethernet Module(VEM) Replaces Vmware’s virtual switch Enables advanced switching capability on the hypervisor Provides each VM with dedicated “switch ports” Virtual Supervisor Module(VSM) CLI interface into the Nexus 1000V Leverages NX-OS 4.04a Controls multiple VEMs as a single network device Cisco VEM VM1 VM2 VM3 VM4 Cisco VEM VM5 VM6 VM7 Cisco VEM VM9 VM10 VM11 VM12

11 Cisco Nexus 1000V ‘Virtual Chassis’
pod5-vsm# show module Mod Ports Module-Type Model Status Virtual Supervisor Module Nexus1000V active * Virtual Supervisor Module Nexus1000V ha-standby Virtual Ethernet Module NA ok Cisco VSMs Cisco VEM VM1 VM2 VM3 VM4 Cisco VEM VM5 VM6 VM7 VM8

12 Single Chassis Management
Upstream-Switch#show cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID N1KV-Rack Eth 1/ S Nexus 1000V Eth2/2 N1KV-Rack Eth 2/ S Nexus 1000V Eth3/2 A single switch from control plane and management plane perspective Protocols such as CDP and SNMP operate as a single switch Cisco VSMs Cisco VEM Cisco VEM

13 Virtual Supervisor Modules Options
VSM-PA VSM - Physical Appliance 2HCY09 Cisco Branded Physical Server Hosts 4 VSM Virtual Appliance Deployed in pairs for redundancy VSM - Virtual Appliance ESX Virtual Appliance Supports 64 VEMs Installable via ISO or OVA file Cisco VEM VM4 VM5 VM6 VM7 Cisco VEM VM8 VM9 VM10 VM11 Cisco VEM VM1 VM2 VM3 VSM-VA

14 Cisco Nexus 1000V Scalability
A single Nexus 1000V supports: 2 Virtual Supervisor modules (HA) 64* Virtual Ethernet modules 512 Active VLANs 2048 Ports (Eth + Veth) 256 Port Channels Nexus 1000V A single Virtual Ethernet module supports: 216 Ports Veths 32 Physical NICs 8 Port Channels * VEMs pending final VMware/Cisco scalability testing ** Overall system limits are lower than VEM limit x 64 Cisco VEM

15 Cisco Nexus 1000V Component Communication (cont.)
Two distinct virtual interfaces are used to communicate between the VSM and VEM Control Extended AIPC such as those within a physical chassis (6k, 7k, MDS). Carries low level messages to ensure proper configuration of the VEM. Maintains a 2sec heartbeat with the VSM to the VEM (timeout 6 seconds) Maintains syncronization between primary and secondary VSMs Packet Carries any network packets from the VEM to the VSM such as CDP or IGMP control Separate VLANs recommended Requires layer 2 connectivity Cisco VSMs C P L2 Cloud C P Cisco VEM

16 Cisco Nexus 1000V Component Communication (cont.)
Cisco VSMs vCenter Server Communication using the VMware VIM API over SSL Connection is setup on the VSM Requires installation of vCenter plug-in (downloaded from VSM) Once established the Nexus 1000V is created in vCenter pod5-vsm# show svs connections connection VC: hostname: phx2-dc-pod5-vc ip address: protocol: vmware-vim https certificate: default datacenter name: Phx2-Pod5 DVS uuid: df a e d6 a7 f4 76 4a 7f config status: Enabled operational status: Connected

17 Cisco Nexus 1000V Opaque Data
Each Nexus 1000V requires global setting on the VSMs and VEMs called Opaque Data Contains such data as control/packet VLAN, Domain ID, System Port Profiles VSM pushing the opaque data to vCenter Server vCenter Server pushes the opaque data to each VEM when they are added Cisco VSMs vCenter Server OD OD OD Cisco VEM Cisco VEM Cisco VEM OD OD OD

18 Cisco Nexus 1000V Domain Each VSM is assigned a unique ‘Domain ID’
Domain ID ensures that VEMs do not respond to commands from non-participating VSMs. Each packet between VSM and VEM is tagged with the appropriate Domain ID Domain range from Active VSM Other VSM DID 15 CMD DID 25 CMD Cisco VEM DID 15 Cisco VEM DID 15 Cisco VEM DID 15 DID 25 CMD

19 Cisco Nexus 1000V Switching

20 Distributed Data Plane
Each Virtual Ethernet Module forwards packets independent of each other. No address learning/synchronization across VEMs No concept of Crossbar/Fabric between the VEMs Virtual Supervisor Module is NOT in the data path No concept of forwarding from an ingress linecard to an egress linecard (another server) No Etherchannel across VEMs Cisco VSMs Cisco VEM Cisco VEM Cisco VEM

21 Cisco Nexus 1000V Switch Interfaces
Ethernet Port (eth) 1 per physical NIC interface Specific to each module vmnic0 = ethx/1 Up to 32 per host Po1 Eth3/1 Eth3/2 Port Channel (po) Aggregation of Eth ports Up to 8 Port Channels per host Veth1 Veth2 VM1 VM2 Virtual Ethernet Port (veth) 1 per VNIC (including SC and VMK) Notation is Veth(port number). No module number is assigned to enable consistent naming when moved 216 per host

22 Cisco Nexus 1000V vEth Interface
Virtual Ethernet Port vEths are assigned sequentially VM vNICs are statically bound to a vEth Assignment persistent through reboots May change if the vNIC is reassigned to another port profile vEths will move between modules when a VM is moved (HA, Vmotion, etc…) Default virtual ‘speed’ is Gigabit as negotiated with the guest OS By default performance is un-gated (i.e 1Gb vNIC can run faster than 1Gb) 2048 vEths supported system wide

23 Loop Prevention without STP
X BPDU X Cisco VEM VM1 VM2 VM3 VM4 Cisco VEM VM5 VM6 VM7 Cisco VEM VM9 VM10 VM11 VM12 Eth4/1 Eth4/2 X BPDU are dropped No Switching From Physical NIC to NIC Local MAC Address Packets Dropped on Ingress (L2)

24 MAC Learning Each VEM learns independently and maintains a separate MAC table VM MACs are statically mapped Other vEths are learned this way (vmknics and vswifs) No aging while the interface is up Devices external to the VEM are learned dynamically Cisco VEM VM1 VM2 Eth3/1 Cisco VEM VM3 VM4 Eth4/1 VEM 3 MAC Table VM1 Veth12 Static VM2 Veth23 Static VM3 Eth3/1 Dynamic VM4 Eth3/1 Dynamic VEM 4 MAC Table VM1 Eth4/1 Dynamic VM2 Eth4/1 Dynamic VM3 Veth8 Static VM4 Veth7 Static

25 Port Channels Standard Cisco Port Channels
Behaves like EtherChannel Link Aggregation Control Protocol (LACP) Support 17 hashing algorithms available Selected either system wide or per module Default is source MAC Automated creation using Port Profiles Po1 Po2 Cisco VEM VM1 VM2 VM3 VM4

26 Port Channel Hashing Options
pod5-vsm(config)# port-channel load-balance ethernet ? dest-ip-port Destination IP address and L4 port dest-ip-port-vlan Destination IP address, L4 port and VLAN destination-ip-vlan Destination IP address and VLAN destination-mac Destination MAC address destination-port Destination L4 port source-dest-ip-port Source & Destination IP address and L4 port source-dest-ip-port-vlan Source & Destination IP address,L4 port and VLAN source-dest-ip-vlan Source & Destination IP address and VLAN source-dest-mac Source & Destination MAC address source-dest-port Source & Destination L4 port source-ip-port Source IP address and L4 port source-ip-port-vlan Source IP address, L4 port and VLAN source-ip-vlan Source IP address and VLAN source-mac Source MAC address source-port Source L4 port source-virtual-port-id Source Virtual Port Id vlan-only VLAN only

27 virtual Port Channel - Host Mode
Allows a single PC to span multiple upstream switches using ‘subgroups’ Forms up to two subgroups based on Cisco Discovery Protocol (CDP) Subgroups can be manually defined outside of a Port Profile vEths are round robin assigned to a subgroup and then hashed within a subgroup Does not support LACP Does not require EtherChannel upstream when using source hashing EtherChannel is recommended upstream Required when connecting to multiple switches (only supports two upstream switches when using flow based hashing) SG0 Po1 SG1 Cisco VEM VM1 VM2 VM3 VM4

28 Cisco Nexus 1000V Policy Management

29 What is a Port-Profile? A port-profile is a container used to define a common set of configuration commands for multiple interfaces Define once and apply many times Simplifies management by storing interface configuration Key to collaborative management of virtual networking resources Why is it not like a template or SmartPort macro? Port-profiles are ‘live’ policies Editing an enabled profile will cause config changes to propagate to all interfaces using that profile (unlike a static one-time macro)

30 Port Profile Configuration
n1000v# show port-profile name WebProfile port-profile WebProfile description: status: enabled capability uplink: no system vlans: port-group: WebProfile config attributes: switchport mode access switchport access vlan 110 no shutdown evaluated config attributes: assigned interfaces: Veth10 Support Commands Include: Port management VLAN PVLAN Port-channel ACL Netflow Port Security QoS

31 Port Profile Policy Distribution
n1000v(config)# port-profile WebServers n1000v(config-port-prof)# switchport mode access n1000v(config-port-prof)# switchport access vlan 100 n1000v(config-port-prof)# no shut Cisco VSM PP vCenter Server

32 Overriding Port Profile Configuration
Administrators can interact with individual switchports, overriding a port profile Use to isolating problems with one or two interfaces without changing the port-profile and affecting other ports Manual configuration always takes precedence over a port profile configuration The ‘no’ command can remove the override and restore the profile’s config by doing: n1000v(config)# int vethernet 2 n1000v(config-if)# switchport access vlan 250 n1000v(config)# int vethernet 2 n1000v(config-if)# no switchport access vlan

33 Port Profile Inheritance
Profile inheritance allows the construction of profile hierarchies ‘Parent’ profiles pass configuration to ‘child’ profiles Only the child profiles need to be visible within VC Updates to the parent filter to the child Child profiles can be updated independently n1000v(config)# port-profile Web n1000v(config-port-prof)# switchport mode access n1000v(config-port-prof)# switchport access vlan 100 n1000v(config-port-prof)# no shut n1000v(config)# port-profile Web-Gold n1000v(config-port-prof)# inherit port-profile Web n1000v(config-port-prof)# service-policy output Gold n1000v(config-port-prof)# vmware port-group Web-Gold n1000v(config)# port-profile Web-Silver n1000v(config-port-prof)# inherit port-profile Web n1000v(config-port-prof)# service-policy output Silver n1000v(config-port-prof)# vmware port-group Web-Silver Effective Port Profile – Web-Gold Access Port VLAN 100 Gold QoS Policy Effective Port Profile – Web-Silver Access Port VLAN 100 Silver QoS Policy

34 Uplink Port Profiles Special profiles that define physical NIC properties Usually configured as a trunk Defined by adding ‘capability uplink’ to a port profile Uplink profiles cannot be applied to vEths Non-uplink profiles cannot be applied to NICs Only selectable in vCenter when adding a host or additional NICs Cisco VEM VM1 VM2 VM3 VM4 n1000v(config)# port-profile DataUplink n1000v(config-port-prof)# switchport mode trunk n1000v(config-port-prof)# switchport trunk allowed vlan 10-15 n1000v(config-port-prof)# system vlan 51, 52 n1000v(config-port-prof)# channel-group mode auto sub-group cdp n1000v(config-port-prof)# capability uplink n1000v(config-port-prof)# no shut

35 Cisco Nexus 1000V System VLANs
System VLANs enable interface connectivity before an interface is programmed i.E VEM can’t communicate with VSM during boot Required System VLANs Control Packet Recommended System VLANs IP Storage Service Console VMKernel Management Networks Cisco VSM C P L2 Cloud C P Cisco VEM

36 System VLAN Guidelines
Port profiles that contain system VLANs are ‘system port profiles’ The system VLAN list must be a subset of the allowed VLAN list on trunk ports There must be only one system VLAN on an access port (the access VLAN) The ‘no system vlan’ command can be given only when no interface is using the profile. Once a system profile is in use by at least one interface, you can only add to the list of system vlans, but not delete any vlans from the list. For a profile with system VLANs, ‘no port-profile SysProfile’, ‘no vmware port-group’ and ‘no state enabled’ commands can be given only when no interface is using that profile

37 Automated Port Channel Configuration
Port channels can be automatically formed using port profile Interfaces belonging to different modules cannot be added to same channel-group. E.g. Eth2/3 and Eth3/3 ‘auto’ keyword indicates that interfaces inheriting the same uplink port-profile will be automatically assigned a channel-group. Each interface in the channel must have consistent speed/duplex Channel-group does not need to exit and will automatically be created n1000v(config)# port-profile Uplink n1000v(config-port-prof)# channel-group auto

38 Cisco Nexus 1000V Security

39 Access Control List Overview
ACLs provide traffic filtering mechanisms Provides filtering for ingress and egress VM traffic for additional network security Permit/Drop traffic based on ACL policies ACL types supported: IPv4 and MAC ACLs Ingress and Egress Supported on Eth and vEth interfaces Configured via port profiles or directly on the interface 39

40 Port Security Overview
Port Security secures a port by limiting and identifying the MAC addresses that can access a port. Secure MACs can be manually configured or dynamically learnt Two security violation types are supported Addr-Count-Exceed Violation MAC Move Violation Port security can be applied to vEths Cannot be applied to physical interfaces Three types of secure MACs Static Sticky Dynamic

41 Types of Secure MAC Addresses
Secure MAC Type Source Aging Persistence through interface flaps Persistence through Switch reboot Static CLI Configuration No Yes (with copy run start) Sticky Dynamically Learnt Dynamic No (Default)/ Aging Time and Type - Configurable

42 Cisco Nexus 1000V Private VLANs
Private VLANs divide a normal VLAN into sub-L2 domains Consist of a Primary VLAN and one or more secondary VLANs Used to segregate L2 traffic without wasting IP address space (smaller subnets) Secondary VLAN access is restricted by setting ‘community’ or isolated’ status

43 PVLAN Definitions Primary VLAN: VLAN carrying downstream traffic from the router(s) to the host ports. Secondary VLAN: Can be either an isolated VLAN or a community VLAN. A port assigned to the isolated VLAN is a isolated port. A port assigned to a community VLAN is a community port. Isolated VLAN : Communicate only with the primary VLAN Community VLAN: Communicate within community and with primary VLAN

44 PVLAN Promiscuous Ports
Promiscuous port: can communicate with all isolated ports and community ports and vice versa. Promiscuous ports are the boundary between the PVLAN domain and the rest of the network Secondary VLANs are remapped to the primary vlan at the promiscuous port. Nexus 1000V supports promiscuous trunk ports and promiscuous access ports Most deployments will use promiscuous trunk port

45 PVLAN Topology Examples
Regular Trunk Port to Upstream switch Defines N1KV uplink as regular trunk port Defines PVLAN configuration in upstream switch PVLAN extends into upstream switch. Defines SVI promiscuous port in upstream switch Promiscuous Trunk Port to Upstream switch Defines N1KV uplink as promiscuous trunk PVLAN ends at the promiscuous trunk port. No PVLAN configuration in upstream switch

46 Cisco Nexus 1000V Quality of Service

47 Cisco Nexus 1000V Quality of Service
Nexus 1000V provides traffic classification, marking and policing Police traffic to/from VMs Mark traffic leaving the ESX host Can be configured multiple ways Individual Eths or vEths Port-Channels Port Profiles Policies can be applied on input or output Statistics per policy (input/output) per interface Nexus 1000V does not implement queuing or full traffic shaping 47

48 QoS Classification Support
Classification support based on: Access-group: ACL reference Class-map (hierarchical classes possible) Cos (L2 header) Discard-class: internal QoS value Dscp: From IP TOS Ip rtp: UDP port list Packet length: IP Datagram size; inclusive ranges Precedence: 3 bit value from within Dscp field Qos-group: Internal QoS value

49 QoS Marking Support Support for marking:
Cos (L2 header) Discard-class: Internal QoS value Dscp: In IP TOS Precedence: 3 bit value from within Dscp field Qos-group: Internal QoS value Packets are only marked when leaving a VEM Intra-VEM traffic is not marked

50 QoS Feature Overview: Policing
Standard MQC configuration Traffic categorized into Conforming traffic Exceeding traffic Violating traffic Policer Actions Set various fields Markdown DSCP Transmit or Drop

51 Cisco Nexus 1000V Network Management

52 Nexus 1000V Management Overview
Tightly Integrated with Data Center Infrastructure Nexus 1000V offers a layered approach to device & solution management: Familiar Cisco NX-OS CLI for direct device configuration & seamless integration with TACACs, AAA & Radius Support for vCenter vNetwork Distibuted Switch API Syslog & SNMP MIB support for integration with centralized management tools from Cisco & other vendors. CiscoWorks LMS & Data Center Network Manager (Q1 2010) support via SNMP & XML API VM VM VM VM vSphere Nexus 1000V VEM CLI SNMP XML vCenter Nexus 1000V VSM VDS API

53 Nexus 1000V Management NX-OS CLI Features
Nexus 1000V VSM Cisco NX-OS CLI based management features are all accessible through the Nexus 1000V VSM Includes familiar Cisco CLI based “config” & “show” commands along with new features to simplify configuration and troubleshooting of a VM environment (ex. Port Profiles, Veth interfaces) Configure SNMP polling variables & permissions Review locally & export detailed network device SYSLOG messages Support for advanced network diagnostics like ERSPAN (remote port mirroring), NetFlow v.9 statistics gathering & WireShark for local CLI-based packet capture & analysis

54 Nexus 1000V Management SNMP & Supported MIBs
Nexus 1000V VSM Device support for SNMP v.3 (read) through Nexus 1000V VSM Generic MIBs CISCO-TC SNMPv2-MIB SNMP-COMMUNITY-MIB SNMP-FRAMEWORK-MIB SNMP-NOTIFICATION-MIB SNMP-TARGET-MIB Configuration ENTITY-MIB IF-MIB CISCO-ENTITY-EXT-MIB CISCO-ENTITY-FRU- CONTROL-MIB CISCO-FLASH-MIB CISCO-IMAGE-MIB CISCO-CONFIG-COPY- MIB CISCO-ENTITY- VENDORTYPE-OID-MIB ETHERLIKE-MIB CISCO-LAG-MIB MIB-II Monitoring NOTIFICATION-LOG-MIB CISCO-PROCESS-MIB Security CISCO-AAA-SERVER-MIB CISCO-COMMON-MGMT- MIB CISCO-PRIVATE-VLAN- MIB Miscellaneous CISCO-CDP-MIB CISCO-LICENSE-MGR- MIB CISCO-ENTITY-ASSET- MIB

55 Data Center Network Manager (Q1 2010*)
Nexus 1000V Management CiscoWorks & DCNM Plans Nexus 1000V VSM GUI-based network device management including Fault Monitoring, Topology, Inventory/Config Support & advanced Port Profile Management CiscoWorks LMS (May 2009) Resource Manager Essentials Inventory Management Configuration Management Campus Manager Network discovery Topology mapping VLAN Management Device Fault Manager Quickly and easily detect, isolate, and correct network device faults Data Center Network Manager (Q1 2010*) Discovery, Inventory Physical Topology Mapping Physical & VETH Ports Port Profiles Port Channel ( LACP ) VLAN PVLAN Local SPAN IPv4 ACL/MAC ACL Port Security Topology Mapping (Port Channel, VLAN) DCNM foundational capabilities: •          AAA Rules•          RADIUS•          TACACS+•          RBAC (Roles and Users)•          Device and Credentials•          DCNM Licensed Devices•          DCNM User management•          Auto Sync with Devices•          Statistical Data Collection•          DCNM Server log settings•          Event Browser•          AAA authentication for DCNM•          DCNM installer•          Oracle DB support•          Concurrent CDP Discovery * release still in planning

56 CiscoWorks & DCNM Plans
GUI-based network device management including Fault Monitoring, Topology, Inventory/Config Support & advanced Port Profile Management CiscoWorks LMS (May 2009) Resource Manager Essentials Inventory Management Configuration Management Campus Manager Network discovery Topology mapping VLAN Management Device Fault Manager Quickly and easily detect, isolate, and correct network device faults Data Center Network Manager (Q1 2010*) Discovery, Inventory Physical Topology Mapping Physical & VETH Ports Port Profiles Port Channel ( LACP ) VLAN PVLAN Local SPAN IPv4 ACL/MAC ACL Port Security Topology Mapping (Port Channel, VLAN) * release still in planning

57 Cisco Nexus 1000V Troubleshooting & Diagnostics

58 Switched Port ANalyzer
Similar to SPAN in physical Cisco switches (Cat6k, N7k) Configured as “sessions” One or more source ports and/or VLANs Ingress Egress Both One or more destinations Can define “Source VLAN Filters” SPANing is allowed only within the same host (ESX)

59 Local SPAN Src/Dst Interfaces
Source Interface Characteristics: Can be Ethernet, virtual Ethernet, port-channel, or VLAN Cannot be a destination port Can be configured to monitor the direction of traffic —receive (ingress), transmit (egress), or both Source ports can be in the same or different VLANs For VLAN SPAN sources, all active ports in the source VLAN are included as source ports Destination Interface Characteristics Can be Ethernet, virtual Ethernet, or port-channel Cannot be a SPAN source port Must be on the same host as the source port(s) Is not monitored if it belongs to a source VLAN of any SPAN session

60 Encapsulated Remote SPAN
ERSPAN mirrors traffic in an encapsulated envelope to a IP destination Designed to monitor the traffic on VEMs remotely Similar to local SPAN except ERSPAN supports sends packets outside an individual VEM Sources: Ethernet, Vethernet, Port-Channel, VLAN. Supports multiple sources from multiple VEMs IP destination Can define “Source VLAN Filters”

61 Exporting Logs from VC ESX system logs containing VEM details can be exported from VC

62 Cisco NetFlow Netflow is a Cisco technology that provides traffic accounting and monitoring on packet flowing through the network on a per-flow basis Netflow provides the following benefits: Traffic analysis and planning for Network planning Usage based billing The who, what, where, when and how much IP traffic questions are answered Typical use cases: Who are top N talkers? What % of traffic are they? How many users are on the network at any given time? When will service upgrades affect the least number of users? How does a flow stay active? Where do they come from? Alarm DOS attacks like Smurf, Fraggle and SYN floods

63 Cisco Nexus 1000V Design Examples

64 VSM - Virtual Appliance
VSM VM Placement VSM - Virtual Appliance Primary and Secondary VSMs should remain on separate machines VMware anti-affinity rules can be applied VSM - Performance Requires 2GB dedicated RAM (not shared) 1Ghz vCPU VSM should not be VMotioned Cisco VEM VM4 VM5 VM6 VM7 Cisco VEM VM8 VM9 VM10 Cisco VEM VM1 VM2 VM3 VSM-VA-1 VSM-VA-2

65 Nexus 1KV & VMware Traffic
VM Data – All data from VMs including the VSMs. Usually multiple VLANs VMkernel – Primarily used for Vmotion. Also used for IP storage Server Console – ESX management Control – N1KV switch control traffic. The most important interfaces on the switch! Packet – Carries CDP and IGMP control

66 Port Channel Hashing Classification
Source Based Hashing Hashes all traffic from a single source down the same link vPC-HM requires no upstream special configuration (EtherChannel) Exmaples are source MAC, VLAN, Virtual Port Flow Based Hashing Each flow may take a different path vPC may require EtherChannel upstream Examples include any hash using dst, L4 port, or combinations or src/dst/port

67 Two NIC Configuration Access Layer Configuration N1K Port Channel
Trunk port No EtherChannel N1K Port Channel Single PC (vPC-HM) VM Data, Service Console, VM Kernel, Control and Packet SG0 Po1 SG1 VEM Configuration Source Based Hashing Cisco VEM C P Use Case Small 1Gb servers (rack or blade) 10Gb (Ethernet or FCoE) VM Data SC VMK

68 Four NIC Configuration
Access Layer Configuration Trunk port No EtherChannel N1KV Port Channel 1 vPC-HM VM Data SG0 SG1 SG0 SG1 N1KV Port Channel 2 vPC-HM Service Console, VM Kernel, Control and Packet Po1 Po2 Cisco VEM C P VEM Configuration Source Based Hashing Use Case Medium 1Gb servers (rack or blade) Need to separate VMotion from Data VM Data SC VMK

69 Four NIC Alternative-1 Configuration
Clustered Switches Access Layer Configuration Trunk port Single EtherChannels spanning both switchs Port Channel 1 Standard EtherChannel VM Data, Service Console, VM Kernel, Control and Packet Po1 VEM Configuration Flow Based Hashing Cisco VEM C P Use Case ‘Clustered’ Switches (7K vPC, 6K VSS, 3K VBS) Maximizes VM bandwidth Shared links for VMotion and Data VM Data SC VMK

70 Four NIC Alternative-2 Configuration
Clustered Switches Access Layer Configuration Trunk port Two EtherChannels spanning each switch N1KV Port Channel 1 Standard EtherChannel VM Data N1KV Port Channel 2 Standard EtherChannel Service Console, VM Kernel, Control and Packet Po1 Po2 Cisco VEM C P VEM Configuration Flow Based Hashing Use Case ‘Clustered’ Switches (7K vPC, 6K VSS, 3K VBS) Still maintains separation of Data and VMotion VM Data SC VMK

71 Six NIC Configuration Access Layer Configuration N1KV Port Channel 1
Trunk port Separate EtherChannels from each switch to Po1 only N1KV Port Channel 1 vPC-HM VM Data SG0 SG1 SG0 SG1 N1KV Port Channel 2 vPC-HM Service Console, VM Kernel, Control and Packet Po1 Po2 Cisco VEM C P VEM Configuration Flow Based Hashing Use Case High performance servers Greater than 1Gb VM bandwidth Seperate links for VMotion and Data VM Data SC VMK

72 Cisco Nexus 1000V Installation

73 Cisco Nexus 1000V Installation Overview
Installing the Cisco Nexus 1000V is a five step process involving the server and network administrators 1) Install the primary and secondary VSMs 2) Define uplink and VM port profiles 3) Connect the primary VSM and VC 4) Install the VEM (manually or using VUM) 5) Adding the ESX host to the Nexus 1000V Repeat steps 4 and 5 for each additional ESX host

74 Creating the VSM VM using ISO
Create VM Type: Other 64 bit Linux 1 Processor 2 GB RAM 3 vNICs (e1000 Driver) Minimum 3GB SCSI Hard Disk with LSI Logic adapter (default) Reserve 2GB RAM for the VM Configure VM network adapters Attach ISO to VM and power on

75 Creating the VSM VM using OVA
From VC File menu, select “Deploy OVF Template…” OVA deployment automated the VSM VM configuration Configuration is limited to mapping portgroups to proper networks CPU and RAM still need to be reserved for the VM

76 VSM Dedicated Resources
Each VSM requires dedicated resources (not shared) Set the RAM reservation to 2GB Set CPU reservation to 1Ghz

77 VSM Setup Wizard Automatically runs when the VSM VM is started for the first time Minimum configuration suggested: Switch name Out-of-band management configuration Default gateway Telnet/SSH service Domain parameters (domain ID, control/packet VLAN) Secondary VSM will reboot and gather configuration from the Primary VSM

78 Registering Nexus 1000V Plug-in
Plug-in enables VC to communicate with the VSM and contains the security certificate Download In VC client, go to Plug-ins menu and select “Manage plug-ins…” Right-click under “Available Plug-ins” and select “New Plug-in”

79 Connecting the VSM to the VC
Nexus 1000V Plug-in must be registered first! Configure the connection on the VSM n1000v(config)# svs connection vc n1000v(config-svs-conn)# protocol vmware-vim n1000v(config-svs-conn)# remote ip address n1000v(config-svs-conn)# vmware dvs datacenter-name WestDC n1000v(config-svs-conn)# connect The connection name (‘vc’ in the example) is arbitrary Protocol specifies the type of server to connect to (only VMware is supported) Remote IP address is the VC IP address Datacenter name is the name of the datacenter that will contain the Nexus 1000V Datacenter must be present on VC before connecting Connect command initiates the connection with the VC and creates the Nexus 1000V in VC

80 Connecting the VSM to the VC (cont.)
Resulting output on VC after issuing connect command

81 Adding an Uplink Port Profile
In order to insert a module into the VSM (i.e. add a host to the vDS on VC), you must configure an uplink port-profile for a host to use n1000v(config)# port-profile SystemUplinks n1000v(config-port-prof)# capability uplink n1000v(config-port-prof)# switchport mode trunk n1000v(config-port-prof)# switchport trunk allowed vlan 51-52 n1000v(config-port-prof)# system vlan 51, 52 n1000v(config-port-prof)# vmware port-group SystemUplinks n1000v(config-port-prof)# no shutdown n1000v(config-port-prof)# state enabled The third parameter of the “vmware port-group” command is optional Used to specify the name that is displayed in the VC If left blank, the port-profile name will be used

82 Adding an Uplink Port Profile (cont.)
Resulting output on VC after issuing port-profile command

83 Manual VEM Installation
The host VEM .VIB file must be installed before performing the “Add Host” operation on VC Steps to install VEM bits on host Copy the VEM package onto the ESX host using (SCP or through VC) SSH into the host and run esxupdate # esxupdate -b ./cross_cisco-vem-v release.vib --nosigcheck update cross_cisco-vem-v ######################################## [100%] Unpacking cross_cisco-vem-v1.. ######################################## [100%] Installing cisco-vem-v100-esx ######################################## [100%] Running [/usr/sbin/vmkmod-install.sh]... ok. # After esxupdate completes, the “Add Host” operation can be performed on the VC

84 Automated Installation with VUM
What is VUM? VMware Update Manager Used for patching/updating software on ESX Uses ‘esxupdate’ on application on ESX host to do the installation and management of software modules Starting the installation Simply click “Add Host”, and VUM will take care of loading the VEM onto the host The host pulls the packages from the VUM repository. The VSM web server is only used to populate the VUM repository

85 Adding a Host to the Nexus 1000V
Right click on the Cisco Nexus 1000V and select ‘Add Host’

86 Verifying the Installation
The ‘show module’ command on the VSM will display the VEM if the installation is completed successfully pod5-vsm# show module Mod Ports Module-Type Model Status Virtual Supervisor Module Nexus1000V active * Virtual Supervisor Module Nexus1000V ha-standby Virtual Ethernet Module NA ok Mod Sw Hw (4)SV1(0.42) 0.0 (4)SV1(0.42) 0.0 (4)SV1(0.42) 0.4 Mod MAC-Address(es) Serial-Num c-5a-a8 to c-62-a8 NA c-5a-a8 to c-62-a8 NA c to c NA Mod Server-IP Server-UUID Server-Name NA NA NA NA e phx2-dc-pod5-hv1

87 Migrating to the Cisco Nexus 1000V
Migration Wizard enables simple migration from the vSwitch to the Cisco Nexus 1000V

88

Download ppt "Cisco Nexus 1000V Technical Overview"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Nexus 1000V Ralf Eberhardt

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Nexus 1000V Ralf Eberhardt
Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Chapter 3: Link Aggregation

Chapter 3: Link Aggregation
Virtual LANs.

Virtual LANs.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
© 2009 Cisco Systems, Inc. and VMware 1 Accelerating Cloud Computing Infrastructure: Cisco Nexus 1000V Phil Veniot Systems Engineer

© 2009 Cisco Systems, Inc. and VMware 1 Accelerating Cloud Computing Infrastructure: Cisco Nexus 1000V Phil Veniot Systems Engineer
© 2010 Cisco Systems, Inc. All rights reserved. 1 Nexus 1000V Switch Nexus 1010 Appliance.

© 2010 Cisco Systems, Inc. All rights reserved. 1 Nexus 1000V Switch Nexus 1010 Appliance.
Introducing VMware vSphere 5.0

Introducing VMware vSphere 5.0
© 2009 Cisco Systems, Inc. All rights reserved. 1 Cuong Tran SAVBU – TME August 2009 Nexus 1000V and HP’s Virtual Connect.

© 2009 Cisco Systems, Inc. All rights reserved. 1 Cuong Tran SAVBU – TME August 2009 Nexus 1000V and HP’s Virtual Connect.
Server Access and Virtualization Business Unit Cisco Nexus 1010.

Server Access and Virtualization Business Unit Cisco Nexus 1010.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Similar presentations

Ads by Google