Professional Documents
Culture Documents
Cisco Public 1
Logotip
sponzora
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2
After Session Goal:
For Us to Avoid the Virtualization …
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3
The Journey in a Nutshell:
… from the Network Core Up to the Disks …
Front-End
Aggregation Layer Virtual Network Services
vPC, VSS and EHV Virtual
Virtual
Virtual Virtual Virtual
Virtual
Virtual
Firewall
Firewall
Firewall SLB SSL
SSL
SSL
Application Services Context
Context
Context Context Context
Context
Context
11 1 29 33 175
Access Layer
vmware
Q&A Virtual SANs/Unified IO
Back-End
Virtual Storage
VM
VM Mobility
Mobility is
is capable
capable of
of
moving Virtual Machines
moving Virtual Machines
Virtual SANs Virtual SANs Virtual
across
across SANs
Physical
Physical Server
Server
VM
VM Mobility
Mobility The
The Application
Application Services
Services
provided by the Network
provided by the Network
need
need to
to respond
respond and
and be
be
aligned to meet the
aligned to meet the newnew
geometry
geometry of of the
the VMs
VMs
VM
VM Mobility
Mobility
Close
Close interaction
interaction required
required
between the assets
between the assets
Virtual LANs Virtual LANs Virtual LANs
provisioning
provisioning virtualized
virtualized
Virtual Svc’s Virtual Svc’s Virtual Svc’s
infrastructure
infrastructure and
and the
the
Application Services
Application Services
supporting
supporting thethe Virtual
Virtual
Machines.
Machines.
Information
Access Layer Logic Layer Layer
Service Chain Service Chain Service Chain
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 5
Moving to a Unified Fabric
Moving
Moving to
to aa fully
fully Virtualized
Virtualized Data
Data Center,
Center, with
with Any
Any To
To Any
Any Connectivity
Connectivity
Unified Unified Unified
Fabric Fabric Fabric
Networking Networking Networking
Fully
Fully unified
unified I/O
I/O delivers
delivers the
the
following
following characteristics:
characteristics:
Ultra
Ultra High
High Capacity
Capacity 10Gbps+
10Gbps+
Low
Low latency
latency
Loss
Loss Free
Free (FCoE)
(FCoE)
True
True “Any
“Any to
to Any”
Any”
Connectivity
Connectivity isis possible
possible as
as
all
all devices
devices are
are connected
connected to
to
Virtual SANs Virtual SANs Virtual
all SANs
other devices.
all other devices.
Virtual LANs Virtual LANs Virtual LANs
Unified Unified
Virtual Svc’s Fabric Virtual Svc’s Fabric Virtual Svc’s
Networking Networking We
We can
can now
now simplify
simplify
management,
management, operations
operations
and
and enhance
enhance power
power and
and
cooling
cooling efficiencies
efficiencies
Management
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 6
Virtualized Data Center Infrastructure
Gigabit Ethernet
SAN A SAN B
10 Gigabit Ethernet
10 Gigabit DCE vPC Nexus 7000 MDS 9500
Core Layer 4/8Gb Fiber Channel
10GbE Core Storage
10 Gigabit FCoE/DCE
Nexus 7000
Cisco Catalyst 6500 10GbE Agg
DC Services
vPC
Aggregation Layer
Catalyst 6500 Nexus 5000 & CBS 31xx Nexus 7000 Nexus 5000 & CBS 31xx
Nexus 2000 Blade End-of-Row FCoE MDS 9124e
End-of-Row Nexus blade (*) Cisco UCS
Top-of-Rack Top-of-Rack
1GbE Server Access 10GbE and 4/8Gb FC Server Access
Access Layer 10Gb DCE / FCoE Server Access
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public (*) future 7
Virtualized Data Center Infrastructure
Gigabit Ethernet
SAN A SAN B
10 Gigabit Ethernet
10 Gigabit DCE vPC Nexus 7000 MDS 9500
Core Layer 4/8Gb Fiber Channel
10GbE Core Storage
10 Gigabit FCoE/DCE
Nexus 7000
Cisco Catalyst 6500 10GbE Agg
DC Services
vPC
Aggregation Layer
Catalyst 6500 Nexus 5000 & CBS 31xx Nexus 7000 Nexus 5000 & CBS 31xx
Nexus 2000 Blade End-of-Row FCoE MDS 9124e
End-of-Row Nexus blade (*) Cisco UCS
Top-of-Rack Top-of-Rack
1GbE Server Access 10GbE and 4/8Gb FC Server Access
Access Layer 10Gb DCE / FCoE Server Access
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public (*) future 8
Core layer:
Virtual Device Contexts @ Nexus 7000
A VDC Builds a Fault Domain Around All Running Processes Within That
VDC—Should a Fault Occur in a Running Process, It Is Truly Isolated from
Other Running Processes and They Will Not Be Impacted
Process “DEF” in
VDC A VDC B VDC B Crashes
Process ABC
Process ABC
Process DEF
Process DEF
Process XYZ
Process XYZ
A
Protocol Stack Protocol Stack B
VDCA VDCB
C B D
Infrastructure
D C A
Kernel
Nexus 7000 Physical Switch
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Virtual Device Contexts 1:N
VDC-1
IP routes: 20K
ACL entries: 10K
Linecard 4 Linecard 3
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Going Beyond Spanning Tree
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Aggregation layer: N:1
Virtual Switch System (VSS)
Virtual Switch System Is a Technology Break Through for the
Cisco Catalyst 6500 Family
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 12
EtherChannel Concepts
Multichassis EtherChannel (MEC)
LACP, PAGP, or ON
EtherChannel Modes
Are Supported
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 13
Virtual Port-Channel (vPC) N:1
Feature Overview
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 15
EHV (Ethernet Host Virtualizer)
EHV is implemented in the
Access switches
Distribution switches are
unmodified
Pinning
Each server is associated with a
particular uplink
Static and Dynamic pinning are
supported
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 16
Agenda
Data Center Virtualization Front-End Virtualization
Overview
VLAN VRF VDC VSS VPNs
Front-End Data Center
Virtualization
Front-End
Core Layer Virtual Network Services
VDC Virtual
Virtual
Virtual
Firewall
Firewall
Firewall
Virtual
SLB
Virtual
Virtual
SSL
Virtual
SSL
SSL
Aggregation Layer Context
Context
11 1
Context Context
29
Context
Context
Context
33 175
vPC & VSS
Application Services Virtual Machines
Access Layer
Server Virtualization
vSphere, VN-Link & Nexus 1000v
Unified Computing System (UCS) Virtual SANs/Unified IO
vmware
Back-End
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Virtualized Data Center Infrastructure
Gigabit Ethernet
SAN A SAN B
10 Gigabit Ethernet
10 Gigabit DCE vPC Nexus 7000 MDS 9500
Core Layer 4/8Gb Fiber Channel
10GbE Core Storage
10 Gigabit FCoE/DCE
Nexus 7000
Cisco Catalyst 6500 10GbE Agg
DC Services
vPC
Aggregation Layer
One-Arm Service Switches
Catalyst 6500 Nexus 5000 & CBS 31xx Nexus 7000 Nexus 5000 & CBS 31xx
Nexus 2000 Blade End-of-Row FCoE MDS 9124e
End-of-Row Nexus blade (*) Cisco UCS
Top-of-Rack Top-of-Rack
1GbE Server Access 10GbE and 4/8Gb FC Server Access
Access Layer 10Gb DCE / FCoE Server Access
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public (*) future 18
Data Center Access Layer Options
Top of Rack (ToR)
• Typically 1-RU servers
• 1-2 GE LOMs
• Mostly 1, sometimes 2 ToR switches
• Copper cabling stays within rack
• Low copper density in ToR
• Higher chance of East-West traffic hitting
aggregation layer
• Drives higher STP logical port count for
aggregation layer
• Denser server count
Nexus
2000
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 20
ToR Nexus 2K Deployment with EoR
Nexus 5020 Core
Layer
Aggregation vPC/
Layer
MCEC L3
L2
4x10G
FE
uplinks Central Point
from each rack of Management
Servers
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 22
Data Center Architecture
N5K/N2K - Logical Topology
VPC pair
Cisco Nexus 2148T Fabric
Extender (N2K) and
Nexus 5000 (N5K) Pod Each Virtualized
Access Switch Pod
N2K + N5K Pod configured to support
represents networking up to 576 1GE server
Access layer ports
Nexus 7000 at
Aggregation Layer
NO STP
Nexus 5000/2000
Virtualized Access
Switch Pods ... NO STP
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 23
Cisco Catalyst Virtual Blade Switch (VBS)
With Nexus vPC Aggregation
Access Layer (Virtual Blade Switch) Aggregation Layer
Nexus vPC
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 25
Agenda
Data Center Virtualization Front-End Virtualization
Overview
VLAN VRF VDC VSS VPNs
Front-End Data Center
Virtualization
Front-End
Core Layer Virtual Network Services
VDC Virtual
Virtual
Virtual
Firewall
Firewall
Firewall
Virtual
SLB
Virtual
Virtual
SSL
Virtual
SSL
SSL
Aggregation Layer Context
Context
11 1
Context Context
29
Context
Context
Context
33 175
vPC & VSS
Application Services Virtual Machines
Access Layer
Server Virtualization
vSphere, HyperV and Xen
VN-Link & Nexus 1000v Virtual SANs/Unified IO
Unified Computing System (UCS)
Back-End
VMNICS =
Uplinks
vNIC vSwitch0
VM_LUN_0007
vmnic0
VM_LUN_0005
vNIC
vmnic1
Virtual Ports
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Current View of the Access Layer
with VMs
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 28
Server Virtualization and VN-Link
VN-Link Brings VM Level Granularity
VMotion
Problems:
VMotion may move VMs across
physical ports—policy must
follow
Impossible to view or apply
policy to locally switched traffic
Cannot correlate traffic on
physical links—from multiple
VMs
VLAN
101
VN-Link:
Extends network to the VM
Consistent services
Coordinated, coherent
management
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 29
VN-Link View of the Access Layer
Boundary of network visibility
Nexus 1000V and VN-Link
provide visibility to the
individual VMs
Policy can be configured
per-VM
Policy is mobile within the
ESX cluster
Nexus 1000V
Distributed Virtual Switch
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 30
Cisco Nexus 1000V Architecture
VMware
VEMvSwitch
VEM VMware
Nexus vSwitch
Nexus VEM
VEM
1000V
1000V DVS
DVS VMware vSwitch
VEM
VEM
VMW ESX
VMW ESX VMW ESX
VMW ESX VMW ESX
VMW ESX
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 31
Example: Port Profile (Nexus 1000v
VSM View)
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 32
Example: Port Profile (vCenter View)
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 33
Cisco Unified Computing System
(UCS) – Physical
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 34
UCS Service Profiles
Hardware “State” Abstraction
LAN Connectivity OS & Application SAN Connectivity
State abstracted
MAC
MAC Address
Address Drive
DriveController
ControllerF/W
F/W UUID
UUID BMC
BMCFirmware
Firmware WWN
WWNAddress
Address from hardware
NIC
NICFirmware
Firmware Drive
DriveFirmware
Firmware BIOS
BIOS Firmware
Firmware HBA
HBAFirmware
Firmware
NIC
NICSettings
Settings BIOS
BIOS Settings
Settings HBA
HBASettings
Settings
Boot
BootOrder
Order
Separate
Separatefirmware,
firmware,addresses,
addresses,and
andparameter
parametersettings
settingsfrom
fromserver
serverhardware
hardware
Separate
Separateaccess
accessport
portsettings
settingsfrom
fromphysical
physicalports
ports
Physical
Physicalservers
serversbecome
becomeinterchangeable
interchangeablehardware
hardwarecomponents
components
Easy
Easyto
tomove
moveOS
OS&&applications
applicationsacross
acrossserver
serverhardware
hardware
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 35
What Is SR-IOV About?
Single Root IO Virtualization (SR-IOV) allows “virtualizing” the 10 GigE link
(via the PCI-Express bus) into multiple “virtual links”.
SR-IOV is a PCI-Sig standard
In other words you can create multiple “vmnics” each with its own
bandwidth allocation
This could be Nexus 1000v
Server
vmnic vmnic
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 36
Cisco UCS Virtualized Adapter
Virtualized adapter designed for both single-OS and VM-based
deployments
Provides mobility, isolation, and management from the network
Secure
10GE/FCoE
Transparent to hosts
Cut-through architecture MAC 0 MAC 1
High Performance
2x 10Gb User Eth FC SCSI FC Eth
NIV
Eth
FC FC
Eth SCSI
Eth SCSI
Eth Eth FC IPC Adapter
OS
Compute Blade
Front-End
Core Layer Virtual Network Services
VDC Virtual
Virtual
Virtual
Firewall
Firewall
Firewall
Virtual
SLB
Virtual
Virtual
SSL
Virtual
SSL
SSL
Aggregation Layer Context
Context
11 1
Context Context
29
Context
Context
Context
33 175
vPC & VSS
Application Services Virtual Machines
Access Layer
Server Virtualization
vSphere, VN-Link & Nexus 1000v
Unified Computing System (UCS) Virtual SANs/Unified IO
vmware
Back-End
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 39
First Industry Cloud Operating
System
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 40
Cloud Computing
IT as a Service
Abstract complexity in the enterprise datacenter
Achieve economies of scale
Renew focus on application services
Availability
Security
Scalability
Management
Cloud OS
Enterprise
Cloud
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 41
VMware’s Vision for Cloud Computing
Pay As You Go
Leverage external clouds as needed
Ubiquity
Choice in external cloud providers
Private Cloud
App
Management Loads Management
Cloud OS Cloud OS
Federation and Choice
Internal External
Cloud Standards Cloud
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 42
VMware ESX: Even
More Reliable than a
Mainframe!
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 43
VMware vSphere™ – The Industry’s First Cloud O
Intrusion
Dynamic
VMware Clustering Prevention
Resource
vCenter Data Protection Intrusion Sizing
Detection
Suite
Application
Services
Availability Security Scalability
Management
vSphere 4.0
Management
vCompute vStorage vNetwork
Infrastructure
Services
Hardware Assist Storage
Enhanced Live Management
Network
Migration & Replication
Management
Compatibility Storage Virtual
Appliances
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 44
vCompute
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 45
VMware vSphere 4 Dramatically Improves VM
Scalable virtual machines
Hot add of
APP CPU
Memory
OS
255
64 GBGB Hot add and remove
Storage devices
Network devices
Hot Extend virtual disks
Zero downtime scale out of
virtual machines
84 vCPUs
vCPUs
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 46
Next Generation High Availability Service L
Hardware Failure Tolerance
Continuous
VMware
Fault Tolerance
Automated
Restart
with VMware HA
Unprotected
0% 10% 100%
Application Coverage
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 47
VMware Fault Tolerance
Single identical VMs running
in lockstep on separate hosts
Zero downtime, zero data
loss failover for all virtual
machines in case of hardware
APP APP APP failures
OS OS OS
Zero downtime, zero data
VMware vSphere™ loss
No complex clustering or
specialized hardware required
Single common mechanism
for all applications and OS-es
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 48
Turning On Fault
Tolerance Primary Virtual Machine >
Summary Tab
49
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 49
vStorage
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 50
vStorage Thin Provisioning
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 51
vStorage API Categories
vStorage API Toolkit name Details
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 52
vNetwork
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 53
vNetwork Distributed Switch Benefits
VI3 Networking vSphere 4 Networking
vSwitch
vSwitch vSwitch
Distributed Virtual Switch
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 54
Third-Party Distributed Switches
Aggregated datacenter level
virtual networking
APP APP APP APP APP APP APP APP APP
OS OS OS OS OS OS OS OS OS
Simplified setup and change
vSwitch vSwitch vSwitch
vNetwork
CiscoDistributed
Nexus 1000VSwitch Easy troubleshooting,
VMware vSphere™ monitoring and debugging
Enables transparent third
party management of virtual
environments
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 55
Security
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 56
VMware vShield Zones
Self-learning, self-configuring
firewall Service
APP APP APP APP APP APP VMotion and network-configuration
OS OS OS OS OS OS
aware trust zones
APP APP APP APP APP APP
OS OS OS OS OS OS
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 57
VMware VMsafe
API that enables protection of VMs by
inspection of virtual components in
conjunction with hypervisor
Isolation of protection engine from
malware
Broad ranging coverage of virtual
machine CPU, memory, storage and
network
Application
Operating System
Protection Engine
VMware vSphere™
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 58
Current VMsafe Program Partnerships
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 59
VMsafe Partner Releases, Q4 2009
Category Partner Solution Status
VMC GA
vTrust network zoning, network IPS, virtualization mgmt
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 60
BRKVIR-2931_c2 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 61