BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

1

Advanced Data Center Virtualization

BRKDCT-3831

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

1

Before We Get Started
Intermediate level session focused on data center virtualization technologies and solutions, including both front-end and back-end networks as well as server virtualization Prerequisites: being familiar with the basic LAN and SAN design models as well as server virtualization technologies Other recommended sessions
BRKDCT-2866: Data Center Architecture Strategy and Planning BRKDCT-2840: Data Center Networking: Taking Risk Away from Layer 2 Interconnects BRKDCT-1898: FCoE: The First 30 Feet of FC
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

3

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

4

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

2

Virtualization—Definition (Well, One of Them)

Virtualization
Is the Pooling and Abstraction of Resources and Services in a Way That Masks the Physical Nature and Boundaries of Those Resources and Services from Their Users

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

5

What Is Network Virtualization?
Virtualization: One to many One network supports many virtual networks

Data Center Front-End Network/LAN
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

6

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

3

What Is Network Virtualization?
Virtualization: One to many One network supports many virtual networks
Outsourced IT Department Merged New Company Segregated Department (Regulatory Compliance)

Virtual

Virtual

Virtual

Data Center Front-End Network/LAN
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

7

What Is Network Virtualization?
Virtualization: Many to one One network consolidates many physical networks

Security Network

Guest/Partner Network

Backup Network Out-of-Band Management Network Data Center Network
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

8

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

4

What Is Network Virtualization?
Virtualization: Many to 1 One network consolidates many physical networks

Data Center Network
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

9

“Network Virtualization” in the Data Center
One Term, Many Contexts
Service Modules

Virtual connectivity services
IP/MPLS, L3 VPN, VRFs L2 VPNs, VFIs, PW

Consolidated Data Center

Virtualized front-end
VLANs, PVLANs, VRF lite, VDC Virtual intelligent services (Firewall, SLB, SSL, L4–7, etc.)

Network

FrontEnd

Compute virtualization Servers
Storage Area Network Service Modules

Clustering, GRID, virtualization software (hypervisor-based)

Virtualized storage
Virtual HBAs, CNAs Virtual SANs (VSANs) Network-hosted storage virtualization software
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Storage

10

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

5

Virtualized Data Center Infrastructure
DC Core
Nexus 7000 10GbE Core IP+MPLS WAN Agg Router

WAN

Gigabit Ethernet 10 Gigabit Ethernet 10 Gigabit DCE 4/8Gb Fiber Channel 10 Gigabit FCoE/DCE

DC Aggregation
Cisco Catalyst 6500 10GbE VSS Agg DC Services Nexus 7000 10GbE Agg Cisco Catalyst 6500 DC Services

SAN A/B
MDS 9500 Storage Core

DC Access

FC

Cisco Catalyst 6500 End-of-Row
BRKDCT-3831 14488_04_2008_c2

Cisco Catalyst 49xx Rack

CBS 3100 Blade

Nexus 7000 End-of-Row

Nexus 5000 Rack

CBS 3100 MDS 9124e Blade

MDS 9500 Storage

1GbE Server Access
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

10GbE and 4Gb 10GbE and 4/8Gb FC Server Access Server Access 10Gb FCoE Server Access

Storage
11

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

12

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

6

VRF Overview
What Is a VRF (Virtual Routing and Forwarding)?
Typically all route processes and static routes are populating one routing table All interfaces are part of the global routing table
router eigrp 1 network 10.1.1.0 0.0.0.255 ! router ospf 1 network 10.2.1.0 0.0.0.255 area 0 ! router bgp 65000 neighbor 192.168.1.1 remote-as 65000 ! ip route 0.0.0.0 0.0.0.0 140.75.138.114

Global Routing Table

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

13

VRF Overview
What Is a VRF (Virtual Routing and Forwarding)?
VRFs allow dividing up your routing table into multiple virtual tables Routing protocol extensions allow binding a process/address family to a VRF Interfaces are bound to a VRF using
ip vrf forwarding <vrf-name>
router eigrp 1 network 10.1.1.0 0.0.0.255 ! router ospf 1 vrf orange network 10.2.1.0 0.0.0.255 area 0 ! router bgp 65000 address-family ipv4 vrf blue … ! ip route vrf green 0.0.0.0 0.0.0.0 …

Global Routing Table

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

14

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

7

VRF Overview
Route Targets

VRF VRF

Export 3:3 Import 3:3 Export 2:2 Import 1:1

Export 3:3 Import 3:3 Import 2:2 Export 1:1 VRF VRF

Export 3:3 Import 3:3 Export 2:2 Import 1:1

VRF VRF

Red: Any-to-Any Blue: Hub-and-Spoke

Import/export routes to/from MP-BGP updates Globally significant—creates the VPN Allows hub and spoke connectivity (central services)
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

15

Shared Services Extranet VPN
Multiple-Box Extranet Implementation
Export 3:3 Import 1:1 Export 2:2 Import 1:1 VRF VRF VRF VRF Export 3:3 Import 1:1 Export 2:2 Import 1:1

Bidirectional Communication Between All VRFs and Central Services VRF
Central services routes imported into both VRF red and blue (1:1) Central VRF imports routes for blue and red subnets (3:3, 2:2)
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

VRF Import 3:3 Import 2:2 Export 1:1 Shared Services

No routes exchanged between blue/red No transitivity: imported routes are not “reexported”
Blue and red remain isolated
16

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

8

Data Center as a Shared Service on an Extranet VRF
Red VPN Blue VPN Red VPN Blue VPN

Internet Module
ISP1
DNS, CAC

WAN/Branch Virtualized Campus/MAN
MAN

ISP2

Blue VRF Red VRF Shared Services

DC Core

L3 interface Without VRF-Enabled .1Q with VRF-enabled VLANs L3 Interface with VRF-Enabled
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

17

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

18

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

9

Virtual Device Contexts at Nexus 7000
VDC Architecture
Virtual Device Contexts Provides Virtualization at the Device Level Allowing Multiple Instances of the Device to Operate on the Same Physical Switch at the Same Time

L2 Protocols
VLAN Mgr VLAN Mgr LACP IGMP UDLD UDLD CTS 802.1x

L3 Protocols
OSPF BGP EIGRP PIM GLBP HSRP VRRP SNMP

L2 Protocols
VLAN Mgr VLAN Mgr UDLD UDLD CTS 802.1x

L3 Protocols
OSPF BGP EIGRP PIM GLBP HSRP VRRP SNMP

LACP IGMP

RIB

RIB

RIB

RIB

Protocol Stack (IPv4/IPv6/L2)
VDC1

Protocol Stack (IPv4/IPv6/L2)
VDCn

Infrastructure Kernel Nexus 7000 Physical Switch
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

19

Virtual Device Contexts
Properties of the VDC
The Hardware Is Shared Across the VDCs but from the User, Configuration and Management Perspective, the VDC Should Appear as a Standalone Device
Each VDC treated as standalone device with limited resources Each VDC uniquely identified by ID or name Each VDC has unique MAC address assigned to identify VDC Shared processor, shared linecards, and dedicated interfaces Per VDC role-based management allows per VDC admin configuration and management Software fault isolation for protocol processes within the VDC

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

20

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

10

Virtual Device Contexts
VDC Fault Domain
A VDC Builds a Fault Domain Around All Running Processes Within That VDC—Should a Fault Occur in a Running Process, It Is Truly Isolated from Other Running Processes and They Will Not Be Impacted VDC A Process ABC Process ABC Process DEF Process XYZ VDC B Process DEF Process XYZ

Fault Domain Process “DEF” in VDC B Crashes Process DEF in VDC A Is Not Affected and Will Continue to Run Unimpeded

Protocol Stack
VDCA

Protocol Stack
VDCB

Infrastructure Kernel Physical Switch
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

21

Virtual Device Contexts
VDC Configuration
A VDC Is Created in the Following Manner—This Example Creates a VDC Called CiscoLive 2008
switch# conf t switch(config)# vdc CiscoLive2008 switch(config-vdc)# show vdc vdc_id -----1 2 vdc_name -------switch CiscoLive2008 state ----active active mac ---------00:18:ba:d8:4c:3d 00:18:ba:d8:4c:3e

switch(config-vdc)# show vdc detail vdc id: 1 vdc name: switch vdc state: active vdc mac address: 00:18:ba:d8:4c:3d vdc ha policy: RESET vdc vdc vdc vdc vdc id: 2 name: CiscoLive2008 state: active mac address: 00:18:ba:d8:4c:3e ha policy: BRINGDOWN

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

22

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

11

Virtual Device Contexts
VDC Resource Assignment
The Default Resource Allocation Can Be Changed from the CLI—An Example Follows…
switch(config)# vdc CiscoLive2008 switch(config-vdc)# limit-resource vlan minimum 32 maximum 4094 switch(config-vdc)# show run | begin vdc <snip> vdc CiscoLive2008 id 2 template default hap bringdown limit-resource vlan minimum 32 maximum 4094 limit-resource span-ssn minimum 0 maximum 2 limit-resource vrf minimum 16 maximum 8192 limit-resource port-channel minimum 0 maximum 256 limit-resource glbp_group minimum 0 maximum 4096 <snip>

This Example Shows How the Minimum Number of VLANs Allocated to the CiscoLive 2008 VDC Is Changed from 16 to 32…

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

23

Virtual Device Contexts
Resource Templates
Resource Templates Are Another Option for Assigning a Resource Allocation to Each VDC— An Example of This Is Shown Below…
switch(config)# vdc resource template N7Kswitch switch(config-vdc-template)# limit-resource vlan minimum 32 maximum 256 switch(config-vdc-template)# limit-resource vrf minimum 32 maximum 64 switch(config-vdc-template)# exit switch(config)# vdc CiscoLive2008 template N7Kswitch switch(config-vdc)# show vdc resource template template ::N7Kswitch -------Resource Min Max -----------------vrf 32 64 vlan 32 256 template ::default -------Resource ---------glbp_group port-channel span-ssn vlan vrf switch(config-vdc)#
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Min ----0 0 0 16 16

Max ----4096 256 2 4094 8192

24

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

12

Virtual Device Contexts
VDC and Interface Allocation
Ports Are Assigned on a per VDC Basis and Cannot Be Shared Across VDCs

VDC A

VDC C

32-Port 10GE Module

VDC B

Once a Port Has Been Assigned to a VDC, All Subsequent Configuration Is Done from Within That VDC…

VDC C

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

25

Virtual Device Contexts
VDC Resource Utilization (Layer 2)
Layer 2 Learning with Multiple Active VDCs Also Has an Impact on Resource Utilization—MAC Addresses Learnt in a VDC Are Only Propagated to Other Linecards When That Linecard Has a Port in That VDC Switch Fabric
X

Linecard 1
MAC Table

Linecard 2
MAC Table

Linecard 3
MAC Table

MAC “A”
1/1 1/2 1/3 1/4 2/1

MAC “A”
2/2 2/3 2/4 3/1 3/2 3/3 3/4

VDC 20

VDC 30

VDC 10

VDC 20

VDC 10

VDC 20

MAC Address A
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

MAC “A” Is Propagated to Linecard 2 and 3 but Only Linecard 2 Installs MAC Due to Local Port Being In VDC 10
Cisco Public

VDC 30

26

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

13

Virtual Device Contexts
VDC Resource Utilization (Layer 3)
When Only the Default VDC Is Active, the FIB and ACL TCAM on Each Linecard Is Primed with Forwarding Prefixes and Policies Associated with That Default VDC as Shown Below
Linecard 1
FIB TCAM

Linecard 2
FIB TCAM

Linecard 3
FIB TCAM

Linecard 4
FIB TCAM

Linecard 5
FIB TCAM

Linecard 6
FIB TCAM

Linecard 7
FIB TCAM

Linecard 8
FIB TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

64K

64K

64K

64K

64K

64K

64K

64K

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

27

Virtual Device Contexts
VDC Resource Utilization (Layer 3)
When Physical Port Resources Are Split Between Multiple VDCs, Then Only Linecards That Have Ports Associated with a Given VDC Have Local TCAMs Primed with FIB and Policy Information Let’s See How This Setup Impacts TCAM Resource Allocation on the Same Chassis Assuming the Following Breakup Shown Below

VDC Number 10 20 30

Number of Routes 100K 10K 90K

Number of ACEs 50K 10K 40K

Allocated Linecards Linecard 1 and 2 Linecard 1, 2, 3, 5 Linecard 3 and 5

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

28

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

14

Virtual Device Contexts
VDC Resource Utilization (Layer 3)
VDC 10
Linecard 1
FIB TCAM

VDC 20
Linecard 3
FIB TCAM

VDC 30
Linecard 5
FIB TCAM

FIB and ACL TCAM Resources Are More Effectively Utilized
Linecard 6
FIB TCAM

Linecard 2
FIB TCAM

Linecard 4
FIB TCAM

Linecard 7
FIB TCAM

Linecard 8
FIB TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

128K ACL TCAM

64K

64K

64K

64K

64K

64K

64K

64K

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

29

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

30

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

15

Common Data Center challenges
Traditional Data Center Designs Are Requiring Ever Increasing Layer 2 Adjacencies Between Server Nodes Due to Prevalence of Virtualization Technology. However, They Are Pushing the Limits of Layer 2 Networks, Placing More Burden on Loop-Detection Protocols Such as Spanning Tree…
FHRP, HSRP, VRRP Spanning Tree Policy Management

L2/L3 Core
Single Active Uplink per VLAN (PVST), L2 Reconvergence, Excessive BPDUs

L2 Distribution

Dual-Homed Servers to Single Switch, Single Active Uplink per VLAN (PVST), L2 Reconvergence
BRKDCT-3831 14488_04_2008_c2

L2 Access
Cisco Public

© 2008 Cisco Systems, Inc. All rights reserved.

31

Virtual Switch System at Data Center
A Virtual Switch-Enabled Data Center Allows for Maximum Scalability so Bandwidth Can Be Added When Required, but Still Providing a Larger Layer 2 Hierarchical Architecture Free of Reliance on Spanning Tree…
Single Router Node, Fast L2 Convergence, Scalable Architecture

L2/L3 Core

Dual Active Uplinks, Fast L2 Convergence, Minimized L2 Control Plane, Scalable

L2 Distribution

Dual-Homed Servers, Single Active Uplink per VLAN (PVST), Fast L2 Convergence

L2 Access

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

32

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

16

Introduction to Virtual Switch
Concepts
Virtual Switch System Is a New Technology Break Through for the Cisco Catalyst 6500 Family

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

33

Virtual Switch Architecture
Forwarding Operation
In Virtual Switch Mode, While Only One Control Plane Is Active, Both Data Planes (Switch Fabrics) Are Active, and as Such, Each Can Actively Participate in the Forwarding of Data
Switch 1—Control Plane Active Switch 2—Control Plane Hot Standby

Virtual Switch Domain

Switch 1—Data Plane Active

Switch 2—Data Plane Active

Virtual Switch Domain
BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

34

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

17

Virtual Switch Architecture
Virtual Switch Link
The Virtual Switch Link Is a Special Link Joining Each Physical Switch Together—It Extends the Out of Band Channel Allowing the Active Control Plane to Manage the Hardware in the Second Chassis

The Distance of VSL Link Is Limited Only by the Chosen 10 Gigabit Ethernet Optics. VSLs Can Carry Regular Data Traffic in Addition to the Control Plane Communication.
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

35

EtherChannel Concepts
Multichassis EtherChannel (MEC)
Prior to Virtual Switch, EtherChannels Were Restricted to Reside Within the Same Physical Switch. In a Virtual Switch Environment, the Two Physical Switches Form a Single Logical Network Entity—Therefore EtherChannels Can Now Also Be Extended Across the Two Physical Chassis
Virtual Switch Virtual Switch

LACP, PAGP, or ON EtherChannel Modes Are Supported…

Regular EtherChannel on Single Chassis
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Multichassis EtherChannel Across Two VSL-Enabled Chassis
36

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

18

EtherChannel Concepts
EtherChannel Hash for MEC
Deciding on Which Link of a Multichassis EtherChannel to Use in a Virtual Switch Is Skewed in Favor Towards Local Links in the Bundle— This Is Done to Avoid Overloading the Virtual Switch Link (VSL) with Unnecessary Traffic Loads
Blue Traffic Destined for the Server Will Result in Link A1 in the MEC Link Bundle Being Chosen as the Destination Path…
Link A1 Link B2

Orange Traffic Destined for the Server Will Result in Link B2 in the MEC Link Bundle Being Chosen as the Destination Path…

Server
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

37

MEC—Layer 3 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

U1

U2

U3

U4

U5

Po1

Po2

Switch 1 Port 1

Po1 and Po2 Are Layer3 MECs Po1 Members—U1, U3 Po2 Members—U2,U4,U5 Switch 1 Forwards an IP Packet Through Po1. Virtual Switch Learns the IP Route Through Po2.
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

B
38

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

19

MEC—Layer 3 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

U1

U2

U3

U4

U5

Po1

Po2

Switch 1 Port 1 Core1 Receives the Packet Through U1 Based on the RBH Chosen on Switch 1. Core1 Does an IP Lookup and Selects the Port-Channel Po2.
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

B
39

MEC—Layer 3 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

U1

U2

U3

U4

U5

Po1

Po2

Switch 1 Port 1 Lookup for Po2 Selects the Member U2 for All the RBH Values. Packet Exits via U2.
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Switch 2 Port 2

A

B
40

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

20

MEC—Layer 3 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

U1

U2

U3

U4

U5

Po1

Po2

Switch 1 Port 1 Lets SHUTDOWN the Port U2, Turning MEC into a Regular PortChannel with Members U4 and U5. Lookup for Po2 on Core 1 Selects the VSL Port-Channel as Exit Point.
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

B
41

MEC—Layer 3 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

U1

U2

U3

U4

U5

Po1

Po2

Switch 1 Port 1 Lookup for Po2 on Core 2 Selects U4 (or) U5 as Exit Point Based Upon the RBH Value for the Flow.
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

B
42

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

21

MEC—Layer 3 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

U1

U2

U3

U4

U5

Po1

Po2

Switch 1 Port 1 Now, “no shut” U2 and Shut Down U1. Po2 Is a MEC Again. Traffic Enters Core2 Through U3. Lookup for Po2 on Core 2 Selects U4 (or) U5 as Exit Point Based Upon the RBH Value for the Flow.
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

B
43

MEC—Layer 2 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A
3rd

port1

U1 2nd Po1

U2

U3

U4

Po2

Switch 1 Port 1 1st 1st) A Transmits Packet to B. 2nd) Switch 1 Forwards Packets Out of Po1. 3rd) Core1 Receives the Packet. Core1 Learns A Is on Port 1.
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

B
44

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

22

MEC—Layer 2 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1
4th U3

U1

U2

U4

Po1

Po2

Switch 1 Port 1 4th) Core1 Performs Lookup on B Core1 Floods Packet Due to Miss Flood Index Selects Port 2 and VSL MEC LTL Index Selects U2
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2

B
45

© 2008 Cisco Systems, Inc. All rights reserved.

MEC—Layer 2 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

5th U1 U2 U3 U4

Po1

Po2

Switch 1 Port 1 Port 2

Switch 2

A
BRKDCT-3831 14488_04_2008_c2

5th) S2 Receives Packet from U2 S2 Transmits Packet Out Port2 to B
Cisco Public

B
46

© 2008 Cisco Systems, Inc. All rights reserved.

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

23

MEC—Layer 2 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

A

port1

U1

U2

U3

U4

Po1

Po2

Switch 1 Port 1 C2 Receives Packet from VSL C2 Learns A Is on Port 1 C2 Performs Lookup for B C2 Floods Due to Miss Flood Excludes U4 Since It Is a Multichassis Bundle and Packet Came from VSL
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2

B
47

© 2008 Cisco Systems, Inc. All rights reserved.

MEC—Layer 2 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1

A B

port1 port2
3rd

U1

U2

U3

U4 2nd

Po1

Po2

Switch 1 Port 1 1st) B Transmits a Packet to A. 2nd) Virtual Switch Receives the Packet Through U4. 3rd) C2 Receives the Packet. C2 Learns B Is on Port 2.
Cisco Public

Switch 2 Port 2 1st

A
BRKDCT-3831 14488_04_2008_c2

B
48

© 2008 Cisco Systems, Inc. All rights reserved.

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

24

MEC—Layer 2 Packet Flow
Virtual Switch
Core 1 (C1) VSL Core 2 (C2)

A

port1
4th

A B

port1 port2

U1

U2

U3

U4

5th

Po1

Po2

Switch 1 Port 1 4th) C2 Performs Lookup for A and Selects Port1 Port1 LTL Index Selects U3 C2 Transmits the Packet 5th) S1 Receives the Packet and Transmits It to A on Port 1
Cisco Public

Switch 2 Port 2

A
BRKDCT-3831 14488_04_2008_c2

B
49

© 2008 Cisco Systems, Inc. All rights reserved.

Hardware Requirements
VSL Hardware Requirements
The Virtual Switch Link Requires Special Hardware as Noted Below…

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

50

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

25

Hardware Requirements
Other Hardware Considerations

12.2 (33) SXH

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

51

Virtual Switch System at Data Center
Benefits

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

52

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

26

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

53

Aggregation Services Design Options
DC Core
Nexus 7000 10GbE Core IP+MPLS WAN Agg Router

WAN

Gigabit Ethernet 10 Gigabit Ethernet 10 Gigabit DCE 4/8Gb Fiber Channel 10 Gigabit FCoE/DCE

DC Aggregation
Cisco Catalyst 6500 10GbE VSS Agg DC Services Nexus 7000 10GbE Agg Cisco Catalyst 6500 DC Services

SAN A/B
MDS 9500 Storage Core

DC Access Embedded Service Modules

One-Arm Service Switches

FC

Cisco Catalyst 6500 End-of-Row
BRKDCT-3831 14488_04_2008_c2

Cisco Catalyst 49xx Rack

CBS 3100 Blade

Nexus 7000 End-of-Row

Nexus 5000 Rack

CBS 3100 MDS 9124e Blade

MDS 9500 Storage

1GbE Server Access
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

10GbE and 4Gb 10GbE and 4/8Gb FC Server Access Server Access 10Gb FCoE Server Access

Storage
54

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

27

ACE Virtual Partitioning
System Separation for Server Load Balancing and SSL
One Physical Device
100%

Multiple Virtual Systems (Dedicated Control and Data Path)
25% 25% 15% 15% 20%

Traditional Device

Cisco Application Infrastructure Control

Single configuration file Single routing table Limited RBAC Limited resource allocation

Distinct context configuration files Separate routing tables RBAC with contexts, roles, domains Management and data resource control Independent application rule sets Global administration and monitoring

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

55

ACE Virtual Partitions
Resource Control
Guaranteed resource levels for each context with support for oversubscription

Guaranteed Rates

Guaranteed Memory

Bandwidth Data connections/sec Management connections/sec SSL bandwidth Syslogs/sec

Access lists Regular expressions # Data connections # Management connections #SSL connections # Xlates # Sticky entries

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

56

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

28

Firewall Service Module (FWSM)
Virtual Firewalls
Core/Internet
Cisco Catalyst 6500 VLAN 10 Cisco Catalyst 6500 VLAN 30 VLAN 10

Core/Internet

MSFC VLAN 20
VFW

MSFC

VFW

VFW

VFW

VFW

VFW

FW SM VLAN 11
A

FW SM VLAN 31
C

VLAN 21
B

VLAN11
A

VLAN 21
B

VLAN 31
C

e.g., Three customers

three security contexts—scales up to 250

VLANs can be shared if needed (VLAN 10 on the right-hand side example) Each context has its own policies (NAT, access-lists, fixups, etc.) FWSM supports routed (Layer 3) or transparent (Layer 2) virtual firewalls at the same time
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

57

FWSM—Virtual Firewall Resource Limiter
In system mode, classes can be defined Individual contexts are then mapped to classes Within a class, limits can be applied to specific resources such as: (use “show resource types” for up-to-date list)
Conns Fixups Syslogs CPS Fixups/sec Syslogs/sec Conns Hosts IPSec SSH Telnet Connections Hosts IPSec Mgmt Tunnels SSH Sessions Telnet Sessions Absolute Limits Xlates MAC-entries ALL

Rate Limited

Limits specified as integer or %; 0 means no limit Resources can be oversubscribed: e.g., class assigns max 10% of resources, but 50 contexts are mapped to it
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

58

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

29

Data Center Virtualized Services
Combination Example
VRF v5 VRF v6 VRF v7 VRF v8

“Front-End” VRFs (MSFC)

1
v105 v107

3
v108

4

Firewall Module Contexts

2
v206 v207

3
v208

4 ACE Module Contexts

VRF

“Back-End” VRFs (MSFC)

BU-1

BU-2
v206

BU-3
v207

BU-4
v2081 v2082 v2083

Server Side VLANs

v105

...

* vX = VLAN X **BU = Business Unit
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

59

Virtualized Services
Example: Modules and VLANs Association
cse-6509a# show module 7 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------WS-SVC-FWM-1 SAD0930052K 7 6 Firewall Module Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------7 0014.a90c.987a to 0014.a90c.9881 3.0 7.2(1) 3.2(0)67 Ok Mod Online Diag Status ---- ------------------7 Pass cse-6509a# cse-6509a# show module 4 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------4 1 Application Control Engine Module ACE10-6500-K9 SAD102905V2 Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------4 000a.b870.e43a to 000a.b870.e441 1.1 8.6(0.252-En 3.0(0)A1(4a) Ok Mod Online Diag Status ---- ------------------4 Pass cse-6509a# ACE/Admin# show vlans Vlans configured on SUP for this module vlan1301-1310 vlan1401-1410 ACE/Admin#

FWSM# show vlan 1201-1210, 1301-1310 FWSM#

MSFC

vlan-group1

svclc multiple-vlan-interfaces firewall multiple-vlan-interfaces svclc vlan-group 1 1201-1210 svclc vlan-group 2 1301-1310 svclc vlan-group 3 1401-1410 firewall module 7 vlan-group 1,2 svclc module 4 vlan-group 2,3

FWSM vlan-group2 ACE

vlan-group3
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

60

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

30

Virtualized Services
Example: Modules and VLANs Association (Cont.)
svclc multiple-vlan-interfaces firewall multiple-vlan-interfaces svclc vlan-group 1 1201-1210 svclc vlan-group 2 1301-1310 svclc vlan-group 3 1401-1410 firewall module 7 vlan-group 1,2 svclc module 4 vlan-group 2,3
FWSM# admin-context admin ! context admin allocate-interface Vlan1210 allocate-interface Vlan1310 config-url disk:/admin.cfg ! context INTERNET allocate-interface Vlan1201 allocate-interface Vlan1301 allocate-interface Vlan1302 config-url disk:/INTERNET.cfg ! context INTRANET allocate-interface Vlan1205 allocate-interface Vlan1305 config-url disk:/INTRANET.cfg FWSM/admin# show run | i Vlan interface Vlan1210 interface Vlan1310 FWSM/INTERNET# show run | i Vlan interface Vlan1201 interface Vlan1301 interface Vlan1302 FWSM/INTRANET# show run | i Vlan interface Vlan1205 interface Vlan1305

ACE/Admin# context INTERNET1 description *** INTERNET (WEB TIER) allocate-interface vlan 1301 allocate-interface vlan 1401 ! context INTERNET2 description *** INTERNET (APPLICATION TIER) allocate-interface vlan 1302 allocate-interface vlan 1402 ! context INTRANET description *** INTRANET allocate-interface vlan 1305 allocate-interface vlan 1405
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

ACE/INTERNET1# show run | i vlan Generating configuration.... interface vlan 1301 interface vlan 1401 ACE/INTERNET2# show run | i vlan Generating configuration.... interface vlan 1302 interface vlan 1402 ACE/INTRANET# show run | i vlan Generating configuration.... interface vlan 1305 interface vlan 1405

61

Virtualized Services
Cisco ACE and FWSM Virtualized
Online Bank Application (SSL Offloading Required)

App Has Capacity Available Ideal Isolation
Cisco ACE and Cisco FWSM
Virtual Machines

Microsoft Outlook

Virtual Machines

Bank Apps

Oracle
ESX Server

Micro soft

Bank Apps

Oracle

Micro soft

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

62

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

31

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

63

Increasing HA in the Data Center
Common NIC Teaming Configurations
AFT—Adapter Fault Tolerance SFT—Switch Fault Tolerance ALB—Adaptive Load Balancing

Heartbeats

Heartbeats

Eth0: Active IP=10.2.1.14 MAC =0007.e910.ce0f

Eth1: Standby

Eth0: Active IP=10.2.1.14 MAC =0007.e910.ce0f

Eth1: Standby

Eth0: Active IP=10.2.1.14 MAC =0007.e910.ce0f

Heartbeats

Default GW 10.2.1.1 HSRP

Default GW 10.2.1.1 HSRP

Default GW 10.2.1.1 HSRP

Eth1-X: Active IP=10.2.1.14 MAC =0007.e910.ce0e

On Failover, Src MAC Eth1 = Src MAC Eth0 IP Address Eth1 = IP Address Eth0

On Failover, Src MAC Eth1 = Src MAC Eth0 IP Address Eth1 = IP Address Eth0

One Port Receives, All Ports Transmit Incorporates Fault Tolerance One IP Address and Multiple MAC Addresses

Note: NIC manufacturer drivers are changing and may operate differently. Also, server OS have started integrating NIC teaming drivers which may operate differently. Note: You can bundle multiple links to allow generating higher throughputs between servers and clients.
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

64

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

32

Virtual Switch System
Deployment Scenario at Data Center Access Layer

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

65

Enhanced Ethernet: PFC and DCBCXP
Priority Flow Control
Transmit Queues One Two Three Four Five Six Seven Eight
STOP

Data Center Bridging Capability eXchange Protocol

Ethernet Link

Receive Buffers One Two Three Four Five Eight Virtual Lanes

Nexus Nuova 5000 Switch

PAUSE

Six Seven Eight

Handshaking Negotiation for: Enables lossless fabrics for each class of service PAUSE sent per virtual lane when buffers limit exceeded CoS BW management Priority Flow Control (PFC) Congestion management (BCN/QCN) Application (user_priority usage) Logical link down
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

66

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

33

Nexus 5000 Ethernet Host Virtualizer
Eliminates need for spanning tree protocol on uplink bridge ports
Reduces CPU load on upstream switches Ethernet Host Virtualizer

LAN

Allows multiple active uplinks from nexus 5000 switch to network
Doubles effective bandwidth vs. STP
MAC A

MAC A

MAC B Active-Active

Nexus 5000
MAC B

Prevents loops by pinning a MAC address to only one port Completely transparent to next hop switch
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

67

Pinning
Border interface

Server interface

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

68

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

34

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

69

Server Virtualization Scenarios
Hardware-based virtualization Software-based virtualization
Hosted (application virtualization) Hypervisor Full virtualization (binary translation) Para-virtualization (OS assisted) Hardware-assisted virtualization (Intel VT-x/AMD-V)
App Guest OS App Guest OS Mgmt Partition App Guest OS App Guest OS

Virtualization Software Host Operating System X86 Hardware

Hypervisor X86 Hardware
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

70

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

35

Software-Based Virtualization (Examples)

Hypervisor

Hypervisor

Full Virtualization

Para-Virtualization

Application Virtualization

Examples
VMware ESX server Microsoft HyperV Xen (with AMD-SVM or Intel VM-T) Virtuallron (hardware-assisted)
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

Examples
Xen (with traditional hardware) Oracle VM server

Examples
VMware server VMware workstation

Cisco Public

71

VMware ESX Architecture in a Nutshell
Mgmt Network
App. App. App. Console OS

Production Network VM Kernel Network

OS

OS

OS

VM Virtualization Layer Physical Hardware
CPU
M y or em

Virtual Machines

… ESX Server Host
Cisco Public

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

72

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

36

VMware Networking Components
Per ESX Server Configuration VMs vSwitch VMNICS = Uplinks

vNIC VM_LUN_0007

vSwitch0 vmnic0

VM_LUN_0005

vNIC Virtual Ports

vmnic1
73

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

VMware Networking Components (Cont.)

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

74

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

37

vSwitch Overview
VM1 VM2
Service Console ESX Server

Software implementation of an Ethernet switch How is it like a switch: -MAC addr forwarding VLAN segmentation How is it different: -No need to learn MAC addresses – it knows the address of the connecting vNIC’s -No participation in spanning tree

Virtual NIC’s

VMkernel NIC

VSwitch A

X

VSwitch B

No Trunk Btwn vSwitch VMkernel No Loop

X

Physical NIC’s No Loop Physical In ESX Switches Without a bridging VM
Cisco Public

X

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

75

vSwitch Forwarding Characteristics
Forwarding based on MAC address (no learning): If traffic doesn’t match a VM MAC is sent out to vmnic VM-to-VM traffic stays local Vswitches TAG traffic with 802.1q VLAN ID vSwitches are 802.1q-capable vSwitches can create EtherChannels

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

76

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

38

VMware Best Practices: VST is Preferred

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

77

Meaning of NIC Teaming in VMware
ESX Server NIC Cards vSwitch Uplinks vmnic0 NIC Teaming vmnic1 vmnic2 vmnic3 NIC Teaming

This Is Not NIC Teaming vNIC vNIC vNIC vNIC vNIC

ESX Server Host

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

78

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

39

Meaning of NIC Teaming in VMware (2)
Teaming is Configured at The vmnic Level

BRKDCT-3831 14488_04_2008_c2

This is NOT Teaming

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

79

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

80

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

40

Virtual Storage Area Network Deployment
Consolidation of SAN islands
Increased utilization of fabric ports with just-in-time provisioning
Department A

SAN Islands

Deployment of large fabrics
Dividing a large fabric in smaller VSANs Disruptive events isolated per VSAN RBAC for administrative tasks Zoning is independent per VSAN
Department B Department C

Advanced traffic management
Defining the paths for each VSAN VSANs may share the same EISL Cost effective on WAN links
Department A Department B Department C

Virtual SANs (VSANs)

Resilient SAN extension Standard solution (ANSI T11 FC-FS-2 section 10)
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

81

VSAN Advantages for Consolidation
SAN Islands
Backup OLTP

Consolidated SANs
Backup VSAN

E-Mail

Overlay Isolated Virtual Fabrics (VSANs) on Same Physical Infrastructure

E-Mail VSAN

OLTP VSAN

Attribute More No No Complex Very hard
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved.

Number of SAN Switches Share Disk/Tape Share DR Facilities SAN Management Support Virtualization and Mobility
Cisco Public

Fewer Yes Yes Simple Easy
82

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

41

VSAN Technology
The Virtual SANs Feature Consists of Two Primary Functions
Hardware-based isolation of tagged traffic belonging to different VSANs Create independent instance of fiber channel services for each newly created VSAN— services include:
VSAN Header Is Removed at Egress Point Cisco MDS 9000 Family with VSAN Service Enhanced ISL (EISL) Trunk Carries Tagged Traffic from Multiple VSANs VSAN Header Is Added at Ingress Point Indicating Membership No Special Support Required by End Nodes Trunking E_Port (TE_Port)
Fibre Channel Services for Blue VSAN Fibre Channel Services for Red VSAN Fibre Channel Services for Blue VSAN Fibre Channel Services for Red VSAN

Trunking E_Port (TE_Port)

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

83

Inter VSAN Routing
Similar to L3 interconnection between VLAN Allows sharing of centralized storage services such as tape libraries and disks across VSANs—without merging separate fabrics (VSANs) Network address translation allow interconnection of VSANs without a predefined addressing schema
Engineering VSAN_1 VSAN-Specific Disk

IVR

IVR Tape VSAN_4 (Access via IVR) HR VSAN_3

Marketing VSAN_2

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

84

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

42

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

85

N-Port ID Virtualization (NPIV)
Mechanism to assign multiple N_Port_IDs to a single N_Port Allows all the access control, zoning, port security (PSM) be implemented on application level Multiple N_Port_IDs are allocated in the same VSAN
Application Server FC Switch

E-Mail

Email I/O N_Port_ID 1 Web I/O N_Port_ID 2 File Services I/O N_Port_ID 3 F_Port

Web

File Services

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

86

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

43

NPIV Usage Examples
Virtual Machine Aggregation ‘Intelligent Pass-Thru’

FC

FC

FC

FC

FC

FC

FC

FC

NPV Edge Switch
FC

NP_Port

NPIV-Enabled HBA F_Port F_Port

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

87

NPIV Configuration Example
NPIV Is Enabled Switchwide with the Command:
npiv enable Notice that a F-port supports multiple logins

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

88

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

44

Virtual Servers Share a Physical HBA
A zone includes the physical HBA and the storage array
Virtual Servers

Access control is demanded to storage array “LUN masking and mapping”, it is based on the physical HBA pWWN and it is the same for all VMs The hypervisor is in charge of the mapping, errors may be disastrous

Hypervisor

MDS9000 Mapping

Storage Array (LUN Mapping and Masking)

FC

HW

pWWN-P

FC

pWWN-P

Zone
BRKDCT-3831 14488_04_2008_c2

Single Login on a Single Point-to-Point Connection
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

FC Name Server
89

Virtual Server Using NPIV and Storage Device Mapping
Virtual HBAs can be zoned individually
Virtual Servers

“LUN masking and mapping” is based on the virtual HBA pWWN of each VMs Very safe with respect to configuration errors Only supports RDM Available in ESX 3.5

Hypervisor

MDS9000
Mapping Mapping Mapping Mapping

Storage Array

FC

FC

FC

FC

FC

To pWWN-1
pWWN-1 pWWN-2 pWWN-3 pWWN-4

To pWWN-2 pWWN-P pWWN-1 pWWN-2 pWWN-3 pWWN-4 To pWWN-3 To pWWN-4

HW

pWWN-P

FC

Multiple Logins on a Single Point-to-Point Connection
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

FC Name Server
90

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

45

N-Port Virtualization (NPV): An Overview
NPV-Core Switch (MDS or Third-Party Switch with NPIV Support)
FC FC

Solves the Domain-id Explosion Problem

10.1.1

20.2.1

F-Port
VS
Can Have Multiple Uplinks, on Different VSANs (Port Channel and Trunking in a Later Release)

NP-Port

V

N SA

5

AN 15

VSAN 10

MDS 9124 MDS 9134

Up to 100 NPV Switches

Server Port (F)

Cisco MDS in a Blade Chassis
Blade Server 1 Blade Server 2 Blade Server n

10.5.2
FC

10.5.7 20.5.1
Initiator (No FL Ports)

NPV Device
Uses the Same Domain(s) as the NPV-Core Switch(es)

Target

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

91

Domain ID Scalability: NPV Solves the Issue
Blade Chassis
Server 1 Server 2 FC Blade Switch 1
… …

SAN Fabric

FC Blade Switch 2

Server N

N-Ports

Eliminates Domain ID for MDS FC switch in blade enclosures—HBA model Server ports automatically assigned to NP ports (load balancing algorithm) Need to configure the same VSAN between NP ports and core F-ports When F-trunking will be available, the limitation of single VSAN per link will go away
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr


F-Port F-Port

F-Ports

NPIV-Enabled Switch e.g., MDS Switch
NP Ports

F-Ports

92

46

VMware Support
Nested NPIV FLOGI/FDISC Login Process
When NP port comes up on a NPV edge switch, it first FLOGI and PLOGI into the core to register into the FC name server End devices connected on NPV edge switch does FLOGI but NPV switch converts FLOGI to FDISC command, creating a virtual PWWN for the end device and allowing to login using the physical NP port NPIV capable devices connected on NPV switch will continue FDISC login process for all virtual PWWN which will go through same NP port as physical end device
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

NPV-Core Switch

FCNS pWWN1, pWWN2 pWWN3,pWWN4

F

F

NP

NP NPV Edge Switch

F

F

FC FC FC FC FC

FC FC FC FC FC

93

FlexAttach
Flexibility for Adds, Moves, and Changes
Blade Server

FlexAttach (based on WWN NAT)
Each blade switch F-Port assigned a virtual WWN
FlexAttach
Blade N

….
NPV

No Blade Switch Config Change

Blade 1

New Blade

Blade switch performs NAT operations on real WWN of attached server

Benefits
No SAN reconfiguration required when new blade server attaches to blade switch port Provides flexibility for server administrator, by eliminating need for coordinating change management with networking team
Storage

No Switch Zoning Change

SAN

No Array Configuration Change

Reduces downtime when replacing failed blade servers
Cisco Public

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

94

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

47

FlexAttach—Since SANOS 3.2(2)
FlexAttach Point (Virtual PWWN)
Creation of virtual PWWN on NPV switch F-port Zone vPWWN to storage LUN masking is done on vPWWN Can swap blade server or replace physical HBA
No need for zoning modification No LUN masking change required

Automatic link to new PWWN
No manual relinking to new PWWN is needed

Before
FC1/1 vPWWN1 FC1/1

After
vPWWN1

PWWN 1

Server 1
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Server 1 95

VMotion and Virtual HBAs
VM Migration with Emulex HBA
Dynamic migration relocates VMs to available resources
By operator Automatic load balancing HA and DR
Server 1 Out of Resources Move Selected Apps, FC Access to Server 2

PWWN 2

A

B

C

D

E

B

Enhanced VMotion in ESX 3.5
Tear down initial virtual port Reregisters same address on another server

Hypervisor NPIV HBAs

Hypervisor NPIV HBAs

Enhanced VMotion preserves access configuration
Zoning LUN masking VSAN selective routing Fabric QoS priority level
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

VSANs

96

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

48

Validated Solution from Cisco, Emulex, and VMware
Cisco MDS directors and switches with NPIV (SAN OS 3.0 and later) Emulex 4G HBAs VMware ESX 3.5 Jointly tested and validated by three companies

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

97

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

98

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

49

Unified I/O (FCoE)
Fewer HBA/NICs per Server

FC HBA FC HBA NIC

SAN (FC) LAN (Ethernet) SAN (FC) LAN (Ethernet) SAN (FCoE)

CNA

CNA NIC
LAN (Ethernet)

CNA = Converged Network Adapter
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

99

Fiber Channel over Ethernet: How It Works
Direct mapping of fiber channel over Ethernet
FC-4 FC-3 FC-2 FC-1 FC-0 FC-4
CRC
SOF

FC-3 FC-2
FCoE Mapping MAC PHY

FC Frame
Ethernet Payload

EOF

Ethernet Header

Ethernet FCS

(a) Protocol Layers

(b) Frame Encapsulation

Leverages standards-based extensions to Ethernet to provide reliable I/O delivery
Priority flow control Data Center Bridging Capability eXchange Protocol (DCBCXP)
BRKDCT-3831 14488_04_2008_c2

10GE Lossless Ethernet Link

FCoE Traffic Other Networking Traffic

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

100

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

50

FCoE Enablers
10 Gbps Ethernet Lossless Ethernet
Matches the lossless behavior guaranteed in FC by B2B credits

Ethernet jumbo frames
Max FC frame payload = 2112 bytes
Normal Ethernet Frame, Ethertype = FCoE Same as a Physical FC Frame
Ethernet Header FCoE Header FC Header CRC EOF

FC Payload

Control Information: Version, Ordered Sets (SOF, EOF)
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

FCS
101 102

Encapsulation Technologies

Operating System/Applications SCSI Layer FCP iSCSI FCP FCIP TCP IP FC
1, 2, 4, (8), 10 Gbps

FCP iFCP TCP IP

FCP

SRP

TCP IP

FCoE IB
10, 20 Gbps

Ethernet
1, 10 . . . Gbps

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

51

Encapsulation Technologies
FCP layer is untouched
OS/Applications SCSI Layer FCP

Allows same management tools for fiber channel Allows same fiber channel drivers Allows same multipathing software Simplifies certifications Evolution rather than revolution
Cisco Public

FCoE E. Ethernet
1, 10 . . . Gbps

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

103

Unified I/O Use Case
Today LAN
Management

SAN A

SAN B

FCoE Ethernet FC
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

104

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

52

Unified I/O Use Case
Unified I/O LAN
Management

Unified I/O
SAN B
Reduction of server adapters Fewer cables Simplification of access layer and cabling Gateway-free implementation— fits in installed base of existing LAN and SAN

SAN A

FCoE Switch

L2 multipathing access— distribution Lower TCO Investment protection (LANs and SANs) Consistent operational model

FCoE Ethernet FC
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

One set of ToR switches
105

CNA: I/O Consolidation Adapter
10 GbE/FCoE

Off the shelf NIC and HBA ASICs from: Qlogic, Emulex
Dual 10 GbE/FCoE ports

Support for native drivers and utilities
Customer certified stacks

Replaces multiple adapters per server
10 GbE FC

Consolidates 10 GbE and FC on a single interface Minimum disruption in existing customer environments

PCIe Bus

Designed Multiplexer and FCoE Offload Protocol Engine
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

106

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

53

FCoE Software Stack
FCoE Software Stack

Supported on Intel Oplin 10 GbE Adapters
Software upgraded turns 10 GbE adapter into FCoE adapter

Software implementation
Initiator and target mode FCP, FC class 3 Fully supports Ethernet pause frames (per priority pause)

Supported OS
Linux: Red Hat and SLES Windows Hardware

“Free” access to the SAN
Website: www.Open-FCoE.org Announcement is: http://lkml.org/lkml/2007/11/27/227
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Software

L2 Ethernet NIC
107

CNAs: View from Operating System
Standard drivers Same management Operating system sees:
2 x 10 Gigabit Ethernet adapter 2 x 4 Gbps fiber channel HBAs

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

108

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

54

IO Consolidation
Connecting LAN and SAN on a Single Physical Link
virtual-ethernet interface (veth)
Paired with host’s Ethernet device Configuration point for all Ethernet features
Fiber Channel Forwarding Ethernet Forwarding
SAN A SAN B LAN

virtual-fc interface (vfc)
Paired with host’s HBA device Configuration point for all fiber channel features
vfc vig mux Ethernet veth

virtual-interface-group (vig)
Logical representation of a switch port Consists of one veth and one vfc Configured online or offline Bound to physical switch port for deployment EtherChannel post FCS
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

mux host0 SCSI eth0 IP

109

IO Consolidation: Interface Configuration
Create virtual-interface-group and bind to physical interface
switch(config)# interface vig 20 switch(config-if)# bind Ethernet 1/1

Configure virtual-ethernet and virtual-fc
switch(config-if)# interface veth 20/1 switch(config-if)# interface vfc 20/1 veth20/1 vfc20/1 vig20 Eth1/1 veth30/1 vig30 Eth1/33 vfc30/1

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

110

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

55

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

111

SAN-Based Storage (Block) Virtualization
Production

A SCSI operation from the host is mapped in one or more SCSI operation to the SAN-attached storage This mapping function is enable by a network resource Centralized management Highly scalable Works across heterogeneous arrays Example: LUN concatenation
4 GB 5 GB

Virtual Volume

9 GB

Virtualization (Volume Management)

Storage Pool
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

112

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

56

Block Level Virtualization Is Enhanced by VSANs
Volume management functionality are provided by the intelligent storage network The volume management functionality
Exposes a virtual target to the host to provide storage capacity Accesses the storage by mean of a virtual initiator

The architecture relies heavily on the VSAN underlying infrastructure to provide the desired level of isolation High performances are achieved by processing in software the SCSI control path and using application specific hardware to process the SCSI data path

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

113

Distributed Storage Virtualization on VSANs
Front-End

Front-end VSANs Virtual targets Virtual volumes Virtual initiators Back-end VSAN Zoning connects real initiator and virtual target or virtual initiator and real storage
Fabric

Host-1 VSAN10

Host-3 VSAN 20

Virtual Target1 VSAN 10 Virtual Volume1 Virtual Initiator VSAN 50

Virtual Target2 VSAN 20 Virtual Volume2 Virtual Initiator VSAN 50

Back-End Zones
Storage Array

Storage VSAN 50

Storage Array

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

114

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

57

Sample Use: Seamless Data Mobility
Works across heterogeneous arrays Nondisruptive to application host Can be utilized for “end-of-lease” storage migration Movement of data from one tier class to another tier
Tier1
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Virtualization Mobility

Tier2
115

Agenda
Front-End

Data Center Virtualization Overview Front-End Data Center Virtualization
Core Layer VDC Aggregation Layer VSS Server Load Balancing Security Services Access Layer

Front-End Virtualization
VLAN VRF VDC VSS VPNs

Virtual Network Services
Virtual Virtual Virtual Firewall Firewall Firewall Context Context Context 11 1 Virtual SLB Context 29 Virtual Virtual Virtual SSL SSL SSL Context Context Context 33 175

Virtual Machines

Back-End

Server Virtualization Back-End Virtualization
SAN HBA Unified IO (FCoE) Storage

Virtual SANs/Unified IO
VSANs vHBA CNA FCoE

Virtual Storage

End-to-End Management
VFrame Data Center
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

116

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

58

Cisco VFrame Data Center: Network-Driven Service Orchestration
Coordinated Provisioning and Reuse of Physical and Virtualized Compute, Storage, and Network Resources
Operational cost savings Faster and simpler service orchestration Robust virtualization scale-out

VFrame Data Center

VM

VM

FC FC

FC

Hypervisor

Compute Pool
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Network Pool

Storage Pool
117

Adopting VFrame DC Today
Addressing Today’s Challenges While Building SOI Foundation
1. 2. 3. 4. 5. 6. Categorize physical resources into service views Ensure design consistency with standardized infrastructure templates Automate physical provisioning for server virtualization environments Reduce break-fix server support costs with rapid recovery from shared pool Recover failed service with rapid local disaster recovery Provide policy-based dynamic capacity on-demand for applications

Policy Server Service View
V V

X X
V V V

Slow Application Performance Application Degradation or Failure Rapidly Configure New Application Environment
118

VFrame DC

Network Service View
FC FC FC FC FC FC V V V

Hypervisor
SAN

Hypervisor
NAS

Traditional silos Storage Service View
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Application Service 1

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

59

Design to Operate Workflow for SOI
Logical, Structured for Ease of Use
Design
Service Template

Discover
Resources

Firewall

LANs

L4–L7

Server I/O

Boot OS/ SAN Application Infrastructure

Deploy
Service Networks

Firewall Selection, Firewall Chaining, Firewall Rules

Switch Port Config VLANs, DHCP, Trunks, SVIs

VIPs, LB Policies

Image Mgmt, Remote Boot, VM Mappings

Zones, VSANs, LUNs, NFS Volumes

Operate
Policies
BRKDCT-3831 14488_04_2008_c2

Automated Failover

Policy-Based Resource Optimization Service Maintenance
119

Management Integration thru API

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

Data Center Virtualization via the Network
Service Orchestration

FC

End-to-End Service Provisioning
FC

Client
BRKDCT-3831 14488_04_2008_c2

Security

App Delivery
Cisco Public

LAN

Servers

SAN

Storage
120

© 2008 Cisco Systems, Inc. All rights reserved.

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

60

Q and A

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

121

Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press Check the Recommended Reading flyer for suggested books

Available Onsite at the Cisco Company Store
BRKDCT-3831 14488_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

122

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

61

Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008. Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

123

BRKDCT-3831 14488_04_2008_c2

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

124

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

62