1 / 94

Cisco Nexus 1000V for Microsoft Hyper-V: Expanding the Virtual Edge

Cisco Nexus 1000V for Microsoft Hyper-V: Expanding the Virtual Edge. BRKVIR -2017 Appaji Malla, Sr. Product Marketing Manager, DCG. Agenda. Partners. VSG. DCNM. VSM. NAM. Nexus 1110-X. Cloud Network Services. CSR. VSG. ASA 1000V. vWAAS. NAM. vPath. Nexus 1000V.

madison
Télécharger la présentation

Cisco Nexus 1000V for Microsoft Hyper-V: Expanding the Virtual Edge

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cisco Nexus 1000V for Microsoft Hyper-V: Expanding the Virtual Edge BRKVIR-2017 Appaji Malla, Sr. Product Marketing Manager, DCG

  2. Agenda Partners VSG DCNM VSM NAM Nexus 1110-X Cloud Network Services CSR VSG ASA1000V vWAAS NAM vPath Nexus 1000V • Cisco’s Virtual Networking Vision • Cisco Nexus 1000V Portfolio Overview • Recent Pricing Changes • Architectural Overview • Services Architecture • Cisco Nexus 1000V for Hyper-V • Port-profiles & network segments • SCVMM Networking Concetps • Powershell & SCOM • Deploying N1KV • Demo • Q&A

  3. Forward-Looking Information The information presented here on Nexus 1000V for Windows Server 2012 is under development and is subject to change before the general availability of these products.

  4. Physical  Virtual  Cloud Journey PHYSICAL WORKLOAD VIRTUAL WORKLOAD CLOUD WORKLOAD • One app per Server • Static • Manual provisioning • Many apps per Server • Mobile • Dynamic provisioning • Multi-tenant per Server • Elastic • Automated Scaling HYPERVISOR VDC-1 VDC-2 CONSISTENCY: Policy, Features, Security, Management, Separation of Duties Switching Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX Routing ASR, ISR Cloud Services Router (CSR 1000V) Services WAAS, ASA, NAM vWAAS, VSG, ASA 1000V, vNAM* ** 1H CY 2013

  5. B A VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM End to End DC Switching Portfolio Advanced Features & Strong Partner Ecosystem • Aggregation • Typical L3/L2 boundary. • Physical network services L3 NEXUS 7000 - VPC L2 Network Services Network Services C6K C6K Unified Compute System Fabric Interconnect • Unified Access • Non-blocking paths to servers & IP storage devices NEXUS 7000 - VPC NEXUS 5000 L2 NEXUS 2000 L2 Virtual Services (apply services to VM-VM traffic) • Virtual Access • Virtual network switches • Virtual services with horizontal scaling NEXUS 1000v VM VM VM VM VM VM VM VM VM VM Rack 1 Rack x Rack 1 Rack 2 Rack 3

  6. Cisco Virtual Networking Vision Nexus 1000V Multi-Cloud Multi-Services Multi-Hypervisor

  7. Cloud technology stacksMulti-Hypervisor and Multi-Orchestration Strategy vCloudDirector/ DynamicOps SystemCenter Open Source CIAC/OpenStack/ Partners Cloud Portal and Orchestration NSM ASA 1KV, vNAM vWAAS, VSG CSR 1KV Nexus 1KV NSM ASA 1KV, vNAM vWAAS, VSG CSR 1KV Nexus 1KV NSM ASA 1KV, vNAM vWAAS, VSG CSR 1KV Nexus 1KV NSM ASA 1KV, vNAM vWAAS, VSG CSR 1KV Nexus 1KV Virtual Network Infrastructure vPath vPath vPath vPath Hypervisor vSphere Hyper-V Open Source (Xen, KVM) vSphere, Hyper-V, Xen, KVM Computing Platform UCS Physical Network Nexus 2K-7K + ASR 9K (Edge) Storage Platform Solutions: Vblock, FlexPOD, VMDC, VDI, HCS, Cross-DC Mobility

  8. Cisco Cloud Services Hypervisor agnostic multi-services platform Tenant A Cisco Virtual Security Gateway (VSG) ASA 1000V CloudFirewall ImpervaSecureSphere WAF Zone A Cloud Services Router 1000V Citrix NetScalerVPX vWAAS • VM-level controls • Zone-based FW • Edge firewall, VPN • Protocol Inspection • Distributed switch • NX-OS consistency • WAN optimization • App, traffic Zone B Nexus 1000V vPath VXLAN CSR 1000V (Cloud Router) Ecosystem Services Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*) • Citrix NetScaler VPX virtual ADC • Imperva Web App. Firewall • WAN L3 gateway • Routing and VPN Physical Infrastructure (Compute, Network, Storage) Nexus 1000V VSG ASA 1000V vWAAS 7000+ Customers Shipping Shipping Shipping CY2013 CY2013

  9. Cisco Nexus1000VInterCloud: Securely Extend Enterprise Environment into Provider Cloud ENTERPRISE CLOUDS PROVIDER CLOUDS Hosted Utility Private Community Managed Public Nexus 1000V InterCloud Flexible Simple Secure Nexus Switching IOS Routing Network Services Enterprise-Grade Crypto and Firewalling within & across clouds Transparent Application Migration; Centralized Management Choice of Provider Clouds and Hypervisors

  10. Agenda Partners VSG DCNM VSM NAM Software Switch for VMware vSphere and vCloud Director Nexus 1110-X Cloud Network Services CSR VSG ASA1000V vWAAS NAM vPath Nexus 1000V • Cisco’s Virtual Networking Vision • Cisco Nexus 1000V Portfolio Overview • Recent Pricing Changes • Architectural Overview • Services Architecture • Cisco Nexus 1000V for Hyper-V • Demo • Q&A

  11. Cisco Nexus 1000V is available in two editions Essential & Advanced

  12. Start using Cisco Nexus 1000V today Essential Edition – No licensing or procurement needed Advanced Edition – Get a 60-day free trial when you use essential Existing N1KV 1.xCustomers • Get free upgrade to v2.1 Advanced Edition (at no cost) • This upgrade also includes free VSG licenses • Existing TAC support contract will include VSG support Seamless upgrade to Advanced Edition

  13. Agenda Partners VSG DCNM VSM NAM Software Switch for VMware vSphere and vCloud Director Nexus 1110-X Cloud Network Services CSR VSG ASA1000V vWAAS NAM vPath Nexus 1000V • Cisco’s Virtual Networking Vision • Cisco Nexus 1000V Portfolio Overview • Recent Pricing Changes • Architectural Overview • Services Architecture • Cisco Nexus 1000V for Hyper-V • Demo • Q&A

  14. Server Virtualization Issues Policy Mobility, Lack of VM Traffic Visibility, Operational Complexity 1. VM Migration moves VMs across physical ports—the network policy must follow this VM Motion (across racks, PODS, DCs) 2. Must view or apply network/security policy to locally switched traffic PortGroup Hypervisor Hypervisor 3. Need to maintain segregation of duties while ensuring non-disruptive operations Security Admin Server Admin Network Admin

  15. Customer Issues in virtualized environments Resource Utilization Complex Workloads Choice of Hypervisors Operational Complexity Cloud Use-cases Security concerns, and hybrid cloud use-cases VM Mobility within the DC, across DCs and across clouds. Requirement for a secure virtual environment with rich network services Managing networks across physical & virtual environments Different types of workloads require different hypervisors Multi-hypervisor Support Multi-services support Multi-cloud support Consistent Operational Model Overlay Technology Support Diverse Virtualization Requirements for DataCenter Customers

  16. Cisco Nexus 1000V Overview Architecture consistent with other modular switches Virtual Appliance VSM1 VEM-N VEM-1 VEM-2 VSM2 Network Admin Supervisor-1 Modular Switch Supervisor-2 Linecard-1 Back Plane Linecard-2 … Linecard-N Hypervisor Hypervisor Hypervisor Server Admin VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module

  17. Cisco Nexus 1000V Overview Virtual Appliance Nexus 1110 Integrated Switching & Services Platform ASA1000V vWAAS VSG VSM VSM NAM VSG Primary VSM NAM VSG Secondary VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module vPath: Virtual Service Data-path VSG: Virtual Security Gateway vWAAS: Virtual WAAS ASA1000V: Tenant-edge security Virtual Blades Virtual Supervisor Module (VSM) Network Analysis Module (NAM) Virtual Security Gateway (VSG) vPath vPath • vPath • Service Binding (Traffic Steering) • Fast-Path Offload VEM-1 VEM-2 WS 2012 Hyper-V WS 2012 Hyper-V

  18. Port Profile Configuration • n1000v# show port-profile name VM-Data-ClientOS • port-profile VM-Data-ClientOS • type: Vethernet • description: • status: enabled • max-ports: 32 • min-ports: 1 • inherit: • config attributes: • switchport mode access • switchport access vlan 110 • no shutdown • evaluated config attributes: • switchport mode access • switchport access vlan 110 • no shutdown • assigned interfaces: • Vethernet10 • Support Commands Include: • Port management • VLAN • PVLAN • Port-Channel • ACL • Netflow • Port security • QoS

  19. Server Admin’s View of Port-profiles

  20. Port Profile Configuration Faster VM Deployment Cisco Virtual Networking Policy-Based VM Connectivity Mobility of Network and Security Properties Non-Disruptive Operational Model VM VM VM VM VM VM VM VM Port Profiles Defined Policies WEB Apps HR DB DMZ • VM Connection Policy • Defined in the network • Applied in Virtual Center • Linked to VM UUID Nexus 1000V VEM Nexus 1000V VEM Hypervisor Hypervisor Server Server VMMgmt Station Nexus 1000V VSM

  21. Port Profile Configuration Policy Mobility with VM Migration Cisco Virtual Networking Policy-Based VM Connectivity Mobility of Network and Security Properties Non-Disruptive Operational Model VM VM VM VM VM VM VM VM VM VM VM VM • VMs Need to Move • VM Migration • Resource Scheduling • SW upgrade/patch • Hardware failure • VM Networking • Mobility • VMotion for the network • Ensures VM security • Maintains connection state Nexus 1000V VEM Nexus 1000V VEM Hypervisor Hypervisor Server Server VMMgmt Station Nexus 1000V VSM

  22. Network Admins Server Admins Non-disruptive Operational Model with N1KV Consistent NX-OS Feature-set and Services Nexus1000v VSM VMMgmt Center Nexus OS CLI VMMgmt Interface • Install hypervisor on hosts with N1KVVEM • Create VM and assign Port profiles to VM • Create or Update network policies • No hand-off required between network and server admins • Complete visibility to the VM-to-VM traffic • Consistent feature-set & CLI for physical & virtual networks • Same management tools used across physical & virtual networks

  23. Proven Architecture for virtualization use-cases *Based on default Citrix configuration

  24. Broader Mobility Diameter with Overlays Infrastructure Flexibility & Better Resource Utilization Limited Rack-wide VM Mobility Virtual/Cloud Data Center DC DC POD POD POD POD VLAN VLAN VLAN VLAN VXLAN

  25. Uniform Management Interface across physical, virtual and across hypervisors • NX-OS CLI • SNMP Support • NetConf/XML • CDP • Syslog • NTP • TACACS+ • RADIUS • Netflow • SPAN & ERSPAN vm-network-definition (id, vlan, ip-pool) – for network segments logical-network-definition (name, id, connected-ports) – fabric n/w virtual-port-profile (type, id, maxports, switch-id) – for vEth uplink-port-profile (state, type, id, maxports, switch-id) – for PNIC ip-address-pool (name, dhcp-server, range etc.) – for ip-pools Cisco Nexus 1000V REST-APIs for manageability

  26. Strong Management Ecosystem Cisco NMS Support Cisco NSM & CIAC Cisco Prime Infra. Cisco VNMC Cisco Prime DCNM Systems Management Vendors Consistent management interfaces across physical & virtual • NX-OS CLI, SNMP, NetConf/XML, REST* • CDP, NTP, Telnet/SSH • Syslog, ACL- Logging, TACACS+, RADIUS • Netflow, SPAN, ERSPAN, REST-ful APIs Other ISVs Virtualization Vendors Your existing Mgmt tools work well with Nexus 1000V *Available in H2CY13

  27. Cisco Nexus 1000V: Customer Benefits Consistent Network Services • Leverage existing virtual services • Virtual Security Gateway, Virtual WAAS, ASA1000V, NAM • Services can be hosted on Nexus 1010 • NX-OS feature across multiple hypervisors & across physical and virtual environments • Advanced NX-OS switching features, including security, visibility, QoS, segmentation (VXLAN), port channel, … Consistent Networking Features • NX-OS CLI across multiple hypervisors & physical/virtual • Separation of duties between network & server admins • Dynamic provisioning and VM mobility awareness • Leverage existing monitoring and management tools Consistent Operational Model

  28. Agenda Partners VSG DCNM VSM NAM Software Switch for VMware vSphere and vCloud Director Nexus 1110-X Cloud Network Services CSR VSG ASA1000V vWAAS NAM vPath Nexus 1000V • Cisco’s Virtual Networking Vision • Cisco Nexus 1000V Portfolio Overview • Recent Pricing Changes • Architectural Overview • Services Architecture • Cisco Nexus 1000V for Hyper-V • Demo • Q&A

  29. Virtualization and Cloud Driving New Requirements in Data Center Traditional Data Center Virtual/Cloud Data Center VDC-1 Hypervisor VDC-2 • Virtual appliance form factor • Dynamic instantiation/provisioning • Service transparent to VM mobility • Support scale-out • Large scale multitenant operation APP FW Virtual Service Node (VSN) WAN Opt ADC/ SLB OS • Application-specific services • Form factors: • Appliance • Switch module

  30. Services deployment in Virtualized DC • 2 • 1 Redirect VM traffic via VLANs to external (physical) firewall Apply hypervisor-basedvirtual network services Hypervisor Hypervisor Web Server App Server Database Server Web Server App Server Database Server VSN VSN Virtual Service Nodes VLANs Virtual Contexts Virtual Service Nodes Traditional Service Nodes

  31. Intelligent Traffic Steering with vPath VM VM VM VM VM VM VM VM VM VM Virtual Service Node (VSN) VM VM VM VM VM VM VM VM VM 4 Nexus 1000V Distributed Virtual Switch vPath DecisionCaching 3 Flow Access Control (policy evaluation) 2 Initial Packet Flow 1 Log/Audit

  32. Performance Acceleration with vPath VM VM VM VM VM VM VM VM VM VM Virtual Service Node (VSN) VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath ACL offloaded to Nexus 1000V (policy enforcement) Remaining packets from flow Log/Audit

  33. Agenda Partners VSG DCNM VSM NAM Software Switch for VMware vSphere and vCloud Director Nexus 1110-X Cloud Network Services CSR VSG ASA1000V vWAAS NAM vPath Nexus 1000V • Cisco’s Virtual Networking Vision • Cisco Nexus 1000V Portfolio Overview • Cisco Nexus 1000V for Microsoft Hyper-V • Product Overview • Port-profiles & network segments • SCVMM Networking Concetps • Powershell & SCOM • Deploying N1KV • Demo • Q&A

  34. Cisco Nexus 1000V for Microsoft Hyper-V Consistency for Investment protection & Reduced operational risk Nexus 1000V VSM VM VM VM VM Nexus 1000V VEM Server

  35. Hyper-V: Comparison with ESXTerminology

  36. Hyper-V Extensible Switch Architecture Nexus 1000V is a Forwarding Extension • Extensions process all network traffic including VM-to-VM traffic • Forwarding Extensions can capture and Filter Traffic as well • Nexus 1000V will work with other 3rd party Capture and Filtering Extensions as well • Live Migration and NIC Offloads continue to work even when the extensions are present Capture Extension Filtering Extension Forwarding Extension

  37. System Center Virtual Machine Manager • Manages Hyper-V Virtualization environment • Similar in function to VMware vCenter Server • But includes some functionality similar to VMware vCloud Director • What SCVMM Manages • Hyper-V hosts • Virtual Machines • Logical Switches • Logical Networks and Network Sites • VM Networks and Subnets • IP Addressing • PortProfiles and Classifications

  38. SCVMM Management of Switch Extensions SCVMM VM VM VM 3rd Party components Virtualization Root Partition Capture Extension SCVMMService Vendor SCVMM Plugin Filtering Extension Forwarding Extension Physical NIC Vendor network mgmt console Policy database

  39. Cisco Nexus 1000V Architecture on Hyper-V VM VM VM VM VM VM VM VM VM VM VM VM Cisco Nexus 1000V VEM Cisco Nexus 1000V VEM Cisco Nexus 1000V VEM • Virtual Ethernet Module (VEM) • Enables advanced networking capability on the hypervisor • Provides each virtual machine with dedicated “switch port” • Collection of VEMs : 1 Logical Switch WS 2012 Hyper-V WS 2012 Hyper-V WS 2012 Hyper-V • Virtual Supervisor Module (VSM) • Virtual or Physical appliance running Cisco NXOS (supports Hi-availability) • Performs management, monitoring, and configuration • Tight integration with SCVMM Server Server Server Cisco Nexus 1000V VSM System Center Virtual Machine Manager

  40. Cisco Nexus 1000V Overview Consistent NX-OS Features across physical & virtual environments • L2 Switching, 802.1Q Tagging, VLAN, Rate Limiting (TX) • IGMP Snooping, QoS Marking (COS & DSCP) Switching • Policy Mobility, Private VLANs w/ local PVLAN Enforcement • Access Control Lists, Port Security, Cisco TrustSec Support* • Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping* Security Network Services • Virtual Services Datapath (vPath) support for traffic steering & fast-path off-load [leveraged by Virtual Security Gateway (VSG)* and other services] • Port Profiles, Integration with virtualization & cloud mgmt. tools • Optimized NIC Teaming with Virtual Port Channel – Host Mode Provisioning • VM Migration Tracking, NetFlowv.9 w/ NDE, CDPv.2 • VM-Level Interface Statistics, SPAN & ERSPAN (policy-based) Visibility • Integrated Provisioning with SCVMM, Cisco LMS, Cisco DCNM, Cisco VNMC • Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3) • Hitless upgrade, SW Installer Management * Available only with Advanced Edition

  41. Agenda Partners VSG DCNM VSM NAM Software Switch for VMware vSphere and vCloud Director Nexus 1110-X Cloud Network Services CSR VSG ASA1000V vWAAS NAM vPath Nexus 1000V • Cisco’s Virtual Networking Vision • Cisco Nexus 1000V Portfolio Overview • Cisco Nexus 1000V for Microsoft Hyper-V • Product Overview • Port-profiles & network segments • SCVMM Networking Concetps • Powershell & SCOM • Deploying N1KV • Demo • Q&A

  42. Why Not Configure Virtual Ports? Too many ports, and they move too fast Network admin needs sanity Server admin needs freedom • To deploy and move virtual machines • To deploy and move physical hosts switch # int gi1/0/35 switchport mode access switchport access vlan 23 etc… switch # int gi1/0/47 switchport mode access switchport access vlan 23 etc… switch # int gi1/0/21 switchport mode access switchport access vlan 23 etc… switch # int gi1/0/17 switchport mode access switchport access vlan 23 etc… Source: http://images.webmagic.com/klov.com/screens/S/wSpace_Invaders.png

  43. Port Profiles – Current Nexus 1000V • Instead of configuring individual Ports, create a Port Profile • Set up ahead of time: • VLANs • ACLs • NetFlow • QoS • Private VLANs • and all other port config! # port-profile database switchport mode access switchport access vlan10 ip port access-group myacl in no shut state enabled Re-use it multiple times!

  44. Port Profiles – Current Nexus 1000V Setting Port Policies Ahead of Time # port-profile database switchport mode access switchport access vlan 10 no shut # port-profile webserver switchport mode access switchport access vlan 243 access list, etc. commands no shut Port Profiles are “Live”: Network Admin can change them any time! # port-profile webserver switchport mode access switchport access vlan752 access list, etc. commands no shut

  45. Network Segments and Port Profiles • Networks and Profiles are Two Different Things • Different ports need different protection on the same network Clients Guests Servers Intranet Port Profiles Guest access Intranet client Privileged intranet client Application server Network Segment One network, multiple profiles for access

  46. Network Segments and Port Profiles • And many networks can share the same protection requirements Port Profiles Servers Servers Clients Clients Guests Guests Guest access Intranet client Privileged intranet client Application server Tenant C Intranet Tenant A Intranet Tenant B Intranet Network Segment Tenant D Intranet Multiple networks use the same profiles

  47. Network Segments and Port Profiles Splitting the port-profile into “Network Connectivity” and “Policy” DB Network DB Clients DB Servers VM VM VM VM N1KV/Hyper-V Version Current N1KV Version # port-profile db-client switchport mode access switchport access vlan 10 ip port access-group dbclient in no shut state enabled # network-segment db-network switchport mode access switchport access vlan 10 # port-profile db-client ip port access-group dbclient in no shut state enabled # port-profile db-server switchport mode access switchport access vlan 10 ip port access-group dbserver in no shut state enabled # port-profile db-server ip port access-group dbserver in no shut state enabled

  48. Port-Classifications in SCVMM Port-Classifications • Provide a level of indirection to Virtual Port Profiles • Provide a way to group Port Profiles from different Hyper-V switch extensions Forwarding Extension Capture Extension Filtering Extension Bundling of profiles from each extension is the port-classification

  49. Agenda Partners VSG DCNM VSM NAM Software Switch for VMware vSphere and vCloud Director Nexus 1110-X Cloud Network Services CSR VSG ASA1000V vWAAS NAM vPath Nexus 1000V • Cisco’s Virtual Networking Vision • Cisco Nexus 1000V Portfolio Overview • Cisco Nexus 1000V for Microsoft Hyper-V • Product Overview • Port-profiles & network segments • SCVMM Networking Concetps • Powershell & SCOM • Deploying N1KV • Demo • Q&A

More Related