14759443

Multi-Hypervisor Networking
- Compare and Contrast

BRKVIR-2044
Alejandra Sanchez Garcia

Customer Support Engineer, CCIE DC
#clmel
Agenda
• Evolution of the Workloads in
the Data Centre
• Achieving Virtualisation in
Multiple Hypervisor Options
• Various Hypervisor Networking
Options at the Host
• Normalising the Complexity of
• Summary / Q&A
BRKVIR-2044 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Changing Traffic Patterns:
Siloed
SiloedData
DataCenter
Centre Dynamic Data Centre
Tenant
Elasticity
• Mostly North-South traffic flows • Mix of North-South and East-West traffic flows
• Over-subscription acceptable for client-server type of • Virtualisation increases L2 Domains
applications
• Spanning Tree blocking affects scalability
• Poor link utilisation. Spanning Tree blocks ports
Physical  Virtual  Cloud Journey
Consistency reduces operational risk and complexity
PHYSICAL VIRTUAL CLOUD

WORKLOAD WORKLOAD WORKLOAD
• One app per Server • Many apps per Server • Multi-tenant per Server
• Static • Mobile • Elastic
• Manual provisioning • Dynamic provisioning • Automated Scaling
HYPERVISOR VDC-1 VDC-2
CONSISTENCY: Policy, Features, Security, Management, Separation of Duties
Switching Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX

Routing ASR, ISR Cloud Services Router (CSR 1000V)
Services
5 WAAS, ASA, NAM vWAAS, VSG, ASA 1000V, vNAM, NS 1000V
Physical  Virtual  Cloud Journey
Consistency reduces operational risk and complexity
PHYSICAL VIRTUAL CLOUD

WORKLOAD WORKLOAD WORKLOAD
• One app per Server • Many apps per Server • Multi-tenant per Server
• Static
HYPERVISOR
• Mobile • Elastic
• Manual provisioning • Dynamic provisioning • Automated Scaling
Hyper-V
vSphere
OpenStack(KVM)
HYPERVISOR VDC-1 VDC-2
CONSISTENCY: Policy, Features, Security, Management, Separation of Duties
Switching Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX

Routing ASR, ISR Cloud Services Router (CSR 1000V)
Services
6 WAAS, ASA, NAM vWAAS, VSG, ASA 1000V, vNAM, NS 1000V
Virtual Workload on Physical Data Centre
VM VM VM VM VM VM VM VM VM
Layer 2
Layer 2
Layer 3
Agenda
the Data Centre
Options at the Host
• Summary / Q&A
Multi-Hypervisor Encapsulations
• Encapsulations:
• VLAN for Bare-Metal
Fabric
• VLAN/VXLAN for ESXi
Network
• VLAN/VXLAN for KVM Admin
• VLAN/NVGRE for Hyper-V VLAN

VXLAN
VLAN
NVGRE
VLAN
VXLAN
VLAN
ESX Hyper-V KVM
PHYSICAL
SERVER
Virtualisation Hypervisor
Admin Management
Virtual Extensible Local Area Network (VXLAN)
• Ethernet in IP overlay network • Tunnel between VEMs
– Entire L2 frame encapsulated in UDP – VMs do NOT see VXLAN ID
– 50 bytes of overhead • IP multicast used for L2
• Include 24 bit VXLAN Identifier broadcast/multicast, unknown
unicast
– 16 M logical networks
– Mapped into local bridge domains • Technology submitted to IETF for
standardisation
• VXLAN can cross Layer 3
– With VMware, Citrix, Red Hat and
Others
Outer Outer Inner Inner Optional Original
Outer Outer Outer Outer VXLAN ID CRC
MAC MAC MAC MAC Inner Ethernet
802.1Q IP DA IP SA UDP (24 bits)
DA SA DA SA 802.1Q Payload
VXLAN Encapsulation Original Ethernet Frame

Network Virtualisation over GRE (NVGRE)
• MAC over GRE Tunnelling • GRE Tunnel between endpoints
– Entire L2 frame encapsulated in GRE – VMs do NOT see VSID
– 50 bytes of overhead • Technology submitted to IETF for
• Include 24 bit VSID Identifier standardisation
– 16 M logical networks – With Microsoft, Arista, Intel, Dell, HP,
Broadcom and Emulex
• NVGRE can cross Layer 3
Outer IP Hdr Inner IP Packet
(Provider Addr) Outer GRE Hdr Inner Eth Hdr (Customer Addr)
Outer Ethernet Hdr
Outer Outer Inner Inner Inner Inner Original

MAC MAC Outer Outer Outer Outer VSID MAC MAC IP IP IP
DA SA 802.1Q IP SA IP DA GRE (24 bits) DA SA SA DA Payload
NVGRE Encapsulation Original Ethernet Frame

VXLAN Gateway Nexus 1000V with OpenStack
OpenStack
Nexus 1000V Neutron Plug-in
REST API
Nexus 1000V Physical

VXLAN – VLAN
Gateway (VLAN)
ASA 1KV VSG
Network
ASA 55xx
KVM
vWAAS
Virtual Services
Tenant 1 Tenant 2 Tenant 3
Virtual Workloads Physical Workloads
Multi-Hypervisor Managers
• Each Hypervisor within the Data Network
Admin
centre use different points of
Management: DC Fabric
• System Centre Virtual

Machine Manager
VLAN VLAN VLAN VLAN
(SCVMM) for Hyper-V VXLAN NVGRE VXLAN
• vCenter for ESXi ESX Hyper-V KVM
• Horizon for OpenStack PHYSICAL

SERVER
Virtualisation Hypervisor
Admin Management
System Centre Virtual Machine Manager
• What SCVMM Manages
– Hyper-V hosts
– Virtual Machines
– Logical Switches
– Logical Networks and Network Sites
– VM Networks and Subnets
– IP Addressing
– Port Profiles and Classifications
SCVMM Management of Switch Extensions
VM VM VM
SCVMM
Service
Hyper-V Networking in SCVMM
Logical Network
Hosts
Network Sites
Vlan, Subnets
OpenStack Horizon
• Manages OpenStack Virtualisation environment
• Highly customisable based on different plug-in offerings/capabilities
• Easily Integrated based on published API’s
• What OpenStack Controller Manages
– OpenStack hosts
– Logical Switches
– Virtual Routers
– IP Addressing
– Port Profiles and Classifications
Networking in Horizon
Virtual Centre
• What vCenter Manages
– ESXi hosts
– Standard Switches (Host-based)
– Distributed Virtual Switch (Multi-Host)
– Port Profiles
vCenter Networking for ESXi
Virtual Overlay Network
Physical
Firewall
Gateway
Gateway
WAN
VM Data Centre Router
Network
Gateway
Overlay
Bare Metal Servers
What Does All This Mean?
• Complexity in Networking
– Which encapsulations to use for mixed Hypervisor environment?
• VLAN scalability
• No VXLAN for Hyper-V or Bare-Metal
• VXLAN-VLAN Gateways
• Complexity in Management
– How do I configure networks in Hyper-V, KVM/OpenStack and ESXi?
• Different tools
• Different uplinks
• Who does what?
Hypervisor Technology Comparison
VMware ESX Microsoft Hyper-V Openstack
Virtual Distributed Switch (VDS) Logical Switch Open vSwitch

Virtual Port Profiles + VM Logical Networks
Port Group
networks (Internal/External)
vmknic Host VNIC Virtual Adapter
Folder/Data Centre Host Group Tenant
vMotion Live Migration Live Migration

Distributed Resource Scheduling
Dynamic Optimisation Nova Scheduler
(DRS)
Distributed Power Mgmt (DPM) Power Management Nova Scheduler
vCenter, vCloud Director SCVMM, SCO Dashboard Horizon
Site Recovery Manager Hyper-V Replica Gluster

QuickEMUlator Copy on Write
Virtual Machine Disk (VMDK) Virtual Hard Disk (VHDX)
BRKVIR-2044 © 2015 Cisco and/or its affiliates. All rights reserved. 23
Cisco Public (QCOW2) or VMDK
Agenda
the Data Centre
Options at the Host
– Hyper-V, KVM/OpenStack, ESXi
• Summary / Q&A
SCVMM Networking Concepts
• Logical Networks
• Network Sites
• VM Networks
• VM Subnets
• Port Classifications
• IP Pools
Logical Networks and Network Sites
Logical Networks Network Sites
 Helps model different types of networks in an  Is a collection of (IP Subnet, VLAN) pairs.
Enterprise. e.g. Internal, DMZ, Branch etc.
 Provisioned by VMM Admin during initial Fabric  Flexibility with usage
Provisioning - All IP Subnets in a DC can be in one Site
 Named Networks hide details from the users of the - Each Subnet/POD/RACK can be a site
Network – Server Admin, Tenant Admin, Self Service
User.
 Is a group of one or more “Network Sites”
Avatar Corp The Network team supports two types of Networks –

Internal – for VMs/Hosts behind the DMZ
DMZ – for VMs/Hosts in the DMZ
Madrid
WAN
Barcelona
Logical Networks and Network Sites
Logical Network – “Internal” Logical Network – “DMZ”
• Network Site “Internal-Madrid” • Network Site “DMZ-Madrid”
- 10.0.0.0/8, VLAN 100 - 20.0.0.0/8, VLAN 200
• Network Site “Internal-Barcelona” • Network Site “DMZ-Barcelona”

- 30.0.0.0/8, VLAN 300 - 40.0.0.0/8, VLAN 400
WAN
Internal Pod DMZ Pod Internal Pod

10.0.0.0/8, 20.0.0.0/8, 30.0.0.0/8, DMZ Pod
VLAN 100 VLAN 200 VLAN 300 40.0.0.0/8,
VLAN 400
Madrid Barcelona
Hyper-V VM Networks and VM Subnets
VM Network
Logical Network – “Internal”
 Defines a Layer 3 domain identified by a Routing
Domain ID
 Contains one or more VM Subnets.

VM Network -1
VM Network -1
VM Network -1
 Tenant Admin uses provisioned Logical Networks to
define VM Networks.
VM Subnet-1
- 192.168.1.0/24
VM Subnet
 Defines a Layer 2 / broadcast domain. VM Subnet-2
 VMs connect to a VM Subnet in a VM Network in
- 192.168.8.0/24
SCVMM
 VM Subnet ID is unique across VM Subnets
Hyper-V VM Network Options
• Network virtualisation
– NVGRE encapsulation
• VLAN-based configuration
– VM network for each network site and VLAN
• No isolation
– VM network is the same as the logical network
• External network service
– Nexus 1000v VXLAN encapsulation
VLAN based VM Networks
VM Network1 VM Network2 VM Network3 VM Network4
VLAN100 VLAN 300 VLAN 200 VLAN 400
Tenant Admin
Logical Network – “Internal” Logical Network – “DMZ”

• Network Site “Internal-Madrid” • Network Site “DMZ-Madrid”
- 10.0.0.0/8, VLAN 100 - 20.0.0.0/8, VLAN 200
• Network Site “Internal-Barcelona” • Network Site “DMZ-Barcelona”
- 30.0.0.0/8, VLAN 300 - 40.0.0.0/8, VLAN 400 Fabric Admin
WAN
Internal Pod DMZ Pod Internal Pod DMZ Pod

10.0.0.0/8, 20.0.0.0/8, 30.0.0.0/8, 40.0.0.0/8,
VLAN 100 VLAN 200 VLAN 300 VLAN 400
Madrid Barcelona
NVGRE Based VM Networks
Logical Network – “Internal”
10.1.1.11 10.1.1.12
VM-1 192.168.5.55 VM-2

192.168.2.22
HyperV
HyperV VM-4
VM-3
10.1.1.11 10.1.1.12
NVGRE Encapsulation Original Ethernet Frame
192.168.2.22->192.168.5.55 GRE Key=5001 10.1.1.11->10.1.1.12
192.168.2.22->192.168.5.55 GRE Key=6001 10.1.1.11->10.1.1.12

BRKVIR-2044 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
SCVMM Logical Switch
Overview
 Switch Template created on SCVMM
SCVMM Host
 Allows VMM Admin to define Network Policy
on Virtual Ethernet and Uplink Interfaces
 Allows consistent configuration on all HyperV

Hosts where Logical Switch is instantiated.
Limitations
Ext Switch Ext Switch Ext Switch  Not a Distributed Virtual Switch
HyperV Host HyperV Host HyperV Host
 Many HyperV Switch Features can’t be
defined on the Switch template. (e.g. ACL,
SPAN) leading to Host Level Management.
SCVMM Logical Switch
Select Switch Extensions
1 - Capture
- Monitor
- Forwarding
Define Uplink Profiles
2
- Mode – Team / No Team
- Uplink Profile 1
- Uplink Profile n
3 Define Port Classifications

- Port Classification 1
- Port Classification n
Network and Policy Decoupled in HyperV
VMWare ESX
 Port Group
 Network connectivity (e.g. vlan)
 Policy (e.g. SPAN, ACLs)
Microsoft HyperV
 Port Classification
 Veth policy (e.g. QoS)
 VM Network and VM Subnet
 Determine VM isolation
Cisco Nexus 1000V for Hyper-V
Operational Model with SCVMM
SCVMM manages the placement and
VM VM VM VM live-migration of the VMs based on the
constraints between VM networks and
the network sites. Server
Admin
Nexus 4 SCVMM
1000V 3 Adds hosts to N1KV
VEM Connects VMs (VNICs) to
WS 2012 Hyper-V VM Networks
5 2
Networks & policies
synced to SCVMM
Server
1
Network
Create networks and Admin
Nexus 1000V
policies (logical
VSM
networks, network
sites, VMnetworks)
Agenda
the Data Centre
Options at the Host
OpenStack Core Projects
OpenStack Compute • Software to provision virtual machines on commodity hardware
(Nova) at massive scale
OpenStack Image Service • Services for discovering, registering, and retrieving virtual
(Glance) machine images
OpenStack Object Storage • Software to reliably store billions of objects distributed across
(Swift) commodity hardware
OpenStack Dashboard • A self-service web portal to allow administrators and users to

(Horizon) manage OpenStack resources
OpenStack Network Service • Provides “network connectivity as a service” between devices

(Quantum/Neutron) managed by other OpenStack services
OpenStack Identity • Provides “unified authentication” across all OpenStack projects

(Keystone) and integrates with 3rd party authentication systems
OpenStack Element Dependencies
Horizon
Neutron
Nova Glance
Swift
Cinder
Keystone
Neutron Architecture
Backend Networks
Clients Neutron Service
Physical and Virtual
Neutron
Neutron
Basic Neutron Abstractions & APIs
Networks
• Create, Delete, Update

• List, Show
Subnets
Neutron
• List, Show
Ports

• List, Show
A Simple OpenStack Deployment
Management Network
Neutron-plugin-agent Mysql
Neutron-L3-agent RabbitMQ
Nova-compute
Neutron-dhcp-agent Nova-api
Neutron-plugin-agent
Compute
Compute Nodes
Nodes
Nova-scheduler
Network Node Compute Nodes Keystone
Neutron Server
Data Network
Control Node
External Network IPMI Network
Neutron Work Flow with Cisco Nexus1000V
Create Network Profile Type

VXLAN (TenantA) OpenStack Neutron Compute Node
(Pool created and Admin
assigned to tenant)
VXLAN 5000-5100
Create Network (net1)
(Tenant Self Create) Project/Tenant TenantA
Create Subnet (subnet1) VXLAN 5000

(Assign IP Pool)
10.5.1.0/24 for
VXLAN 5000
Create Port using network Nexus 1000V – VSM
and policy
(Created when VM
Neutron VM-Network
VM-Network
is instantiated) (PortID)
VXLAN Policy Profile Port is created in VSM
5000 (VSM)
Port Profile Configuration in KVM/OpenStack
Configuration Templates
n1000v# show port-profile name VM-Data-ClientOS

port-profile VM-Data-ClientOS Supported Commands
type: Vethernet Include:
description:
status: enabled  Port management
max-ports: 32
min-ports: 1  VLAN
inherit:
config attributes:  PVLAN
switchport mode access
switchport access vlan 110
 Port-Channel
no shutdown  ACL
evaluated config attributes:
switchport mode access  Netflow
no shutdown  Port security
assigned interfaces:
Vethernet10  QoS
Cisco Nexus 1000V for KVM
Integration with KVM & OpenStack
VM VM VM VM OpenStack Controller
Cloud
3 Create tenants, Mgmt
Nexus Nova Service Other Services Horizon
networks,
1000V
VEM subnets & VMs
Neutron Service
Policy-profiles are synced to Controller.
2 Controller in turn uses Neutron API to
Server
create networks & subnets on VSM.
Network
Nexus 1000V 1 Create policy-profiles Mgmt
VSM
Agenda
the Data Centre
Options at the Host
Cisco Nexus 1000V Architecture for ESXi
VM VM VM VM VM VM VM VM VM VM VM VM
Nexus Nexus Nexus

1000V 1000V 1000V
VEM VEM VEM
Hypervisor Hypervisor Hypervisor
Nexus 1000V VSM

Nexus 1000V VSM
Virtual Centre
Nexus 1000V on vCenter
Virtual Side Physical Side
Switch
The
Nexus 1000V on vCenter
Cisco Nexus 1000V for ESXi
Operational Model with vCenter
vCenter manages the placement and
VM VM VM VM live-migration of the VMs based on the
defined networks
Server
Admin
Nexus 4 vCenter
1000V 3 Adds hosts to N1KV
VEM Connects VMs (VNICs) to
ESXi VM Networks
5 2
Networks & policies
synced to vCenter
Server
1
Network
Create networks and Admin
Nexus 1000V
port profiles, define
VSM
network services and
service chains
Agenda
the Data Centre
Options at the Host
– Nexus 1000V (configuration
samples)
• Summary / Q&A
Unified Management Interface Across Hypervisors
• NTP • NX-OS CLI
• TACACS+ • SNMP Support
• RADIUS • NetConf/XML
• Netflow • CDP
• SPAN & ERSPAN • Syslog
vm-network-definition (id, vlan, ip-pool) – for network segments

Cisco logical-network-definition (name, id, connected-ports) – fabric n/w REST-APIs for
Nexus virtual-port-profile (type, id, maxports, switch-id) – for vEth manageability
1000V uplink-port-profile (state, type, id, maxports, switch-id) – for PNIC
ip-address-pool (name, dhcp-server, range etc.) – for ip-pools
Why Not Configure Virtual Ports?
• Too many ports, and they move too fast
• Network admin needs sanity
• Server admin needs freedom
– To deploy and move virtual machines
– To deploy and move physical hosts
switch # int gi1/0/35

switch # int gi1/0/47
switchport
switch # mode access
int gi1/0/21
switchport
switch # mode
int access
gi1/0/17
switchport access
switchport mode vlan 23
access
switchport access
switchport mode vlan 23
access
etc…
etc…switchport access vlan 23
etc…
etc…
Source: http://images.webmagic.com/klov.com/screens/S/wSpace_Invaders.png
Port Profiles – Current Nexus 1000V
• Instead of configuring individual Ports, create a Port Profile
• Set up ahead of time:
– VLANs # port-profile database
– ACLs switchport access vlan 10
– NetFlow ip port access-group myacl in
no shut
– QoS state enabled
– Private VLANs
And all other port config!
Re-use it multiple times!
Network Segments and Port Profiles
Networks and Profiles are Two Different Things
Different ports need different protection on the same network
DB
Web Servers Applications
Servers
Port Profiles
Application Server
SSL Web Server
Web Server
DB Server
Intranet Network Segment
One network, multiple profiles for access

Network Segments and Port Profiles
And many networks can share the same protection requirements
Web App DB Web App DB
Port Profiles
Application Server
SSL Web Server
Web Server
DB Server
Tenant A Intranet Tenant B Intranet
Network Segment
Multiple networks use the same profiles

Tenant C Intranet Tenant D Intranet
Cisco Nexus 1000V Overview
Consistency across multiple hypervisors
Virtual Appliance Physical Appliance: Nexus 1100
VSM NAM VSG NS1000V
VSM Primary
NS1000V ASA1000V vWAAS VSG
VSM NAM VSG NS1000V
Secondary
Hypervisor agnostic Hypervisor-agnostic hosting

technologies & feature-set platform to simplify operations
VEM VEM VEM

vPath VXLAN vPath VXLAN vPath VXLAN
ESX WS2012 Hyper-V OpenStack
Cisco Nexus 1000V for Hyper-V
VM VM VM VM
Advanced NX-OS feature-set
VNICs
Nexus 1000V VEM Nexus
1000V VSM Innovative Services
architecture (vPath)
Extensible vSwitch
Consistent operational model
SCVMM Integration
PNICs
Nexus 1000V for Hyper-V VSM Configuration
1 N1KV(config)# logical-network Intranet
N1KV(config)# network-segment-pool IntranetSFO

Nexus1000V(config-net-seg-pool)# logical-network Intranet
2
N1KV(config)# network-segment-pool IntranetNY
Nexus1000V(config-net-seg-pool)# logical-network Intranet
3 N1KV(config)# network-segment vlan173

Nexus1000V(config-net-seg)# switchport mode access
Nexus1000V(config-net-seg)# switchport access vlan 173
Nexus1000V(config-net-seg)# network-segment-pool IntranetSFO
Nexus1000V(config-net-seg)# publish network-segment
N1KV(config)# port-profile type ethernet PortChannelProfile

4
Nexus1000V(config-port-prof)# channel-group auto mode on mac-pinning
Nexus1000V(config-port-prof)# no shutdown
Nexus1000V(config-port-prof)# state enabled
Nexus 1000V for Hyper-V VSM Configuration
5 N1KV(config)# port-profile type vethernet WebServerProfile
Nexus1000V(config-port-prof)# publish port-profile
Nexus1000V(config-port-prof)# no shutdown
Nexus1000V(config-port-prof)# state enabled
6 N1KV(config)# uplink-network Nexus1000VUplinkProfile

Nexus1000V(config-uplink-net)# import port-profile PortChannelProfile
Nexus1000V(config-uplink-net)# network-segment-pool IntranetSFO
Nexus1000V(config-uplink-net)# network-segment-pool IntranetNY
Nexus1000V(config-uplink-net)# publish uplink-network
KVM/OpenStack with Nexus 1000V
Management Network
nova- nova-api
dhcp-agent nova- vPath Service Insertion/Chaining
dhcp-agent
dhcp-agent compute
nova-
compute
*-plugin-
nova- nova-scheduler
*-plugin- compute
*-plugin- *-plugin-
agent
*-plugin-
compute • CSR, VPN, Firewall, etc.
agent
*-plugin-agent agent Neutron-server
agent agent
l3-agent *-plugin-agent keystone
l3-agent Compute
l3-agent
Network Compute
Network Compute
Node mysql, rabbit...
Network
Node Compute
Node
Node Node
Node Node Consistent operational model
Cloud Controller
Data Network Node
External Network
Leverage Nexus 1000V REST API
API Network is
Internet typically routable to
enable public access
Nexus 1000V for KVM/OpenStack VSM Config
1 switch(config)# network segment manager switch
Nexus1000V(config-net-seg-pool)# dvs name vsm-kvm-440
2 vsm-kvm-440(config)# port-profile type vethernet NSM_Template_vlan

vsm-kvm-440(config-port-prof)# guid 16c55294-91a8-41e6-906a-a1b84f1db881
vsm-kvm-440(config-port-prof)# state enabled
vsm-kvm-440(config)# network segment policy default_vlan_template

3 vsm-kvm-440(config-network-segment-policy)type vlan
vsm-kvm-440(config-network-segment-policy)import port-profile
NSM_Template_vlan
vsm-kvm-440(config)# port-profile type ethernet sys-uplink

vsm-kvm-440(config-port-prof)# switchport mode trunk
4 vsm-kvm-440(config-port-prof)# switchport trunk allowed vlan 1-700
vsm-kvm-440(config-port-prof)# mtu 1550
vsm-kvm-440(config-port-prof)# state enabled
vsm-kvm-440(config-port-prof)# publish port-profile
ESXi with Nexus 1000V
VM VM VM VM
Advanced NX-OS feature-set
VSM
VEM
Innovative Services
vSphere architecture (vPath)
VXLAN Overlay Networking
vCenter
VSUM
Nexus 1000V for ESXi VSM Configuration
1 switch(config)# hostname vsm-esx
vsm-esx(config)#
2 vsm-esx(config)# port-profile type vethernet Test

vsm-esx(config-port-prof)# vmware port-group
vsm-esx(config-port-prof)# switchport mode access
vsm-esx(config-port-prof)# switchport access vlan 351
vsm-esx(config-port-prof)# no shutdown
vsm-esx(config-port-prof)# state enabled
3 vsm-esx(config)# port-profile type ethernet uplink

vsm-esx(config-port-prof)# vmware port-group
vsm-esx(config-port-prof)# switchport trunk allowed vlan 1-700
vsm-esx(config-port-prof)# channel-group auto mode on mac-pinning
vsm-esx(config-port-prof)# system vlan 351-353
vsm-esx(config-port-prof)# state enable
Consistency of Network Segments and Port Profiles
Splitting the port-profile into “Network Connectivity” and “Policy”
Application Servers Database Servers
VM VM VM VM
Database Network (VLAN 10)
ESXi Version Hyper-V & KVM Version

# port-profile app-server #nsm network segment db-network
switchport mode access switchport mode access
switchport access vlan 10 switchport access vlan 10
ip port access-group app_server in
no shut # port-profile app-server
state enabled ip port access-group app_server in
no shut
# port-profile db-server state enabled
switchport access vlan 10 # port-profile db-server
ip port access-group dbserver in ip port access-group dbserver in
no shut no shut
BRKVIR-2044 66
state enabled© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
state enabled
Cisco Nexus 1000V for Multi-Hypervisor
Consistent Architecture across hypervisors
VM VM VM VM
VM VM VM VM VM VM VM VM
VSM
VSM VSM
VEM
VEM VEM
vSphere Hyper-V KVM
vCenter SCVMM Horizon
Agenda
the Data Centre
Options at the Host
• Summary / Q&A
Key Takeaways
• Understand networking in the 3 most popular Hypervisors
• Grasp the complexity and differences between various Hypervisor networking
operations
• Understand how the Nexus1000V provides consistency to different Hypervisor
switching mechanisms
Q&A
Complete Your Online Session Evaluation
Give us your feedback and receive a
Cisco Live 2015 T-Shirt!
Complete your Overall Event Survey and 5 Session
Evaluations.
• Directly from your mobile device on the Cisco Live

Mobile App
• By visiting the Cisco Live Mobile Site
http://showcase.genie-connect.com/clmelbourne2015
• Visit any Cisco Live Internet Station located
throughout the venue Learn online with Cisco Live!
Visit us online after the conference for full
T-Shirts can be collected in the World of Solutions access to session videos and
on Friday 20 March 12:00pm - 2:00pm presentations. www.CiscoLiveAPAC.com
BRKVIR-2044 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank you.

14759443

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

14759443

Uploaded by

Copyright:

Available Formats

Multi-Hypervisor Networking

- Compare and Contrast

Alejandra Sanchez Garcia

PHYSICAL VIRTUAL CLOUD

HYPERVISOR VDC-1 VDC-2

CONSISTENCY: Policy, Features, Security, Management, Separation of Duties

Switching Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX

PHYSICAL VIRTUAL CLOUD

CONSISTENCY: Policy, Features, Security, Management, Separation of Duties

Switching Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX

• VLAN/VXLAN for KVM Admin

• VLAN/NVGRE for Hyper-V VLAN

ESX Hyper-V KVM

VXLAN Encapsulation Original Ethernet Frame

Outer Outer Inner Inner Inner Inner Original

NVGRE Encapsulation Original Ethernet Frame

Nexus 1000V Neutron Plug-in

Nexus 1000V Physical

• System Centre Virtual

(SCVMM) for Hyper-V VXLAN NVGRE VXLAN

• vCenter for ESXi ESX Hyper-V KVM

• Horizon for OpenStack PHYSICAL

Virtual Distributed Switch (VDS) Logical Switch Open vSwitch

Folder/Data Centre Host Group Tenant

vMotion Live Migration Live Migration

vCenter, vCloud Director SCVMM, SCO Dashboard Horizon

Site Recovery Manager Hyper-V Replica Gluster

Avatar Corp The Network team supports two types of Networks –

• Network Site “Internal-Barcelona” • Network Site “DMZ-Barcelona”

Internal Pod DMZ Pod Internal Pod

 Contains one or more VM Subnets.

 VM Subnet ID is unique across VM Subnets

Logical Network – “Internal” Logical Network – “DMZ”

Internal Pod DMZ Pod Internal Pod DMZ Pod

VM-1 192.168.5.55 VM-2

NVGRE Encapsulation Original Ethernet Frame

192.168.2.22->192.168.5.55 GRE Key=5001 10.1.1.11->10.1.1.12

192.168.2.22->192.168.5.55 GRE Key=6001 10.1.1.11->10.1.1.12

 Allows consistent configuration on all HyperV

3 Define Port Classifications

OpenStack Dashboard • A self-service web portal to allow administrators and users to

OpenStack Network Service • Provides “network connectivity as a service” between devices

OpenStack Identity • Provides “unified authentication” across all OpenStack projects

• Create, Delete, Update

• Create, Delete, Update

External Network IPMI Network

Create Network Profile Type

Create Subnet (subnet1) VXLAN 5000

n1000v# show port-profile name VM-Data-ClientOS

Nexus Nexus Nexus

Hypervisor Hypervisor Hypervisor

Nexus 1000V VSM

Virtual Side Physical Side

vm-network-definition (id, vlan, ip-pool) – for network segments

switch # int gi1/0/35

And all other port config!

Re-use it multiple times!

Different ports need different protection on the same network

One network, multiple profiles for access

Web App DB Web App DB

Multiple networks use the same profiles

Hypervisor agnostic Hypervisor-agnostic hosting

VEM VEM VEM

ESX WS2012 Hyper-V OpenStack