Beruflich Dokumente
Kultur Dokumente
http://tools.cisco.com/gems/cust/custome
rSite.do?METHOD=E&LANGUAGE_ID=
E&SEMINAR_CODE=S22085
Ever wonder what VFC, VETH, VIF and HIF are in UCS
and which path your packets are taking?
UCS infrastructure has several virtual components and
this makes it challenging to troubleshoot but it is critical
to understand. Cisco Expert, Niles Pyelshak will discuss
UCS interfaces and how packets travels from the UCS
server.
https://supportforums.cisco.com/event/12413
926/expert-webcast-demystifying-unifiedcomputing-system-ucs-interfacestroubleshooting
Rate Content
https://supportforums.cisco.com/expert-corner/top-contributors
Vishal Mehta
Technical Marketing Engineer
Topic: Part 2:
Meet the 1000v Family: The Secret of Unity
Technical Expert Question Manager
Gunjan Patel
If you would like a copy of the presentation slides, click the PDF file link in
the chat box on the right or go to:
https://supportforums.cisco.com/document/12427796/expert-depth-seriescisco-nexus-1000v-series-switches-part-2-slides
Or, https://supportforums.cisco.com/expert-corner/knowledge-sharing
Polling
Question 1
a.
b.
c.
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
14
14
VXLAN Strategy
1.5.1
3.0
VXLAN 1.0
VXLAN 1.5
VXLAN 2.0
Multicast based
Mac-distribution
VTEP distribution
VXLAN
1.5.1
N/A
VXLAN GATEWAY
2.2
2.2
Nexus 1110
Strategy
3.0
GW as a VM
Strategy
Minimize investment in
softw are VLXAN GW since
Nexus hardw are w ill have
GW functionality at a
cheaper price-point
Develop GW as a VM for
Proof of Concepts and
cloud use cases
16
16
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
18
18
vPath Explanation
19
19
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
21
21
PNSC
22
22
Description
A central registry of endpoints - VSM, VSG, ASA 1000v, ICS, ICX, CVSM and providers RM, PM,
VMM, MC
Org Repository for multi-tenancy
Policy Manager
Resource Manager
Management of VSG, ASA 1000v, VSM, VMware vCenter, InterCloud Link and Cloud VM
Image Management for endpoints and Cloud VM
Configures endpoints, Discovers Port Profiles and VM attributes from VSMs
Create ICX VM on vCenter
Assign mac address and port id for cloud VM overlay interfaces
VM Manager
Management
Controller
Cloud Provider
Manager
Service Registry
Description
Policy Agent on
VSG/ASA 1000v
Policy Agent on
Nexus 1000v
Policy Agent on
ICS/ICX
GUI
API
PMON
VNMC
REST-XML API
VC
VM
Attributes
VM
Manager
Resource
Manager
Service
Registry
Policy
Manager
VM IP Learning
VM Attach
Port Profiles
Policy
Agent
VSM
VSM
VSG
Port Profiles
and Security
Profiles
VEM
VM Management Hypervisor
Hypervisor
Hypervisor
Hypervisor
Policy
Resolution
Policy
Agent
VSG
Packets
Via Overlay Tunnel
SDP
27
27
Family Photo
28
28
Family Photo
29
29
Family Photo
30
30
Family Photo
31
31
Family Photo
32
32
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
VSG Deployments
34
34
VSG HA Setup
35
35
VM
VM
VM
VM
VM
VM
VM
VM
PNSC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
VSG
Decision 3
Caching
1 Initial Packet
Flow
(policy evaluation)
Log/Audit
VM
VM
VM
VM
VM
VM
VM
VM
PNSC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
VSG
ACL offloaded to
Nexus 1000V
(policy enforcement)
Remaining
packets from flow
Log/Audit
vCenter
Virtual Network Management Center (VNMC)
TENANT A
TENANT B
VDC
VDC
vApp
VSG
VSG
VSG
vApp
VSG
ASA 1000V
Hypervisor Nexus1000V
ASA 1000V
vPath
40
40
Interface security-profile 2
Interface security-profile
security-profile
db-server 1
Port Profile 2
Edge Security Profile:
db-server
Port Profile 1
Edge Security Profile:
web-server
Port Group 2
Port Group 1
VM
VM
VM Nexus
VM 1000
VM
VM
security-profile
web-server
nameif
db
nameif
web
no ip
address
no ip address
security-level 100
Interface GigabitEthernet0/0
nameif inside
inside
ip address 192.168.0.1
security-level 100
Nexus 1000V
ASA
1000V
VM
outside
Port Group 3
Port Profile 3
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
VPC Challenges
VPC
Internet
Customer 1
Data Center
192.168.1.0/16
Customer 1
10.0.1.0/24
Branch B
VPC
VRF
Customer 2
QoS
Acceleration
Visibility
Cloud
Provider
MPLS
VPC
Customer 4094
Branch A
Cisco CSR1000v
Internet
CSR
1000v
Branch B
LISP
Router
vWAAS
QoS
Customer 1
Data Center
LISP for
VM Mobility
VPC
Customer 1
VPC
Customer 2
Cloud
Provider
MPLS
VPC
Customer N
Branch A
Branch B
Cloud Provider
CSR
1000v
Internet
Data Center
VPC
Enterprise VPNs
S2S (IPSec) VPN
DMVPN
EZVPN
FlexVPN
SSLVPN (future)
Routing
Addressing
Static
NAT/PAT
EIGRP
OSPF
DHCP
Firewall & ACLs
BGP
AAA
MPLS VPN 1
MPLS VPN 2
CSR
1000v
VPC
Customer 1
MPLS
VPC
Customer 2
MPLS
MPLS
MPLS
Routing
Traffic Management
Traditional
EIGRP, OSPF
QoS
Secure (GETVPN)
BGP, Static
IP SLAs
CSR
1000v
Internet
VPC
Data Center
Enterprise
LISP Tunnel
Router
Cloud Provider
LISP VM
Mobility
Multicast
Branch B
WAAS
Cloud Provider
WAAS
vWAAS
Internet or
MPLS
CSR 1000v
VPC
WAAS
Data Center
Optimized TCP
QoS
Resiliency HSRP
WCCP
AppNav
AVC
NetFlow
NBAR
52
52
Polling
Question 2
Yes
b.
No
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
vPath 3.0
Product
VPX
MPX
SDX
Platform
x86
HW
Appliance
HW
Appliance
NetScaler
1000V
X86
N1110
58
58
59
59
60
60
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
62
62
63
63
vPath
Virtual WAAS
on Nexus 1000V with vPath
vWAAS
66
66
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
Multi-tenant
68
68
Within tenant
69
69
VSM-VSG-NetScaler topology
71
71
VSM-VSG-NetScaler Chaining
72
72
Polling
Question 3
Yes
b.
No
Agenda
Netscaler Load-Balancer
Common Deployments
VACS - Containers
Design
- QoS
- Security
Complianc
e
Identify
Resources
Capacity
On-Demand
License
Secure
Test
Automated
Self-Service
Provisioning
Manual
Policy-Based
Provisioning
Flexible, Agile
Resource
Utilization
Lack of
Visibility
Manually
Provisioned
VMs talking to
each other
Troubleshooting is
a nightmare
Weeks to onboard
customer/app
DC Edge Security
Enterprise
Apps
DC Edge Security
Enterprise
Apps
RoutingCSR 1000V
Enforced by Best in
Class Services
Built on flag ship Cisco NXOS & IOS SW
Zone Based FW
Virtual Security Gateway
Virtual FabricNexus 1000V
Platform for Distribute FW
APP
DB
CONTAINER
WEB
APP
DB
Virtual Application
Container Services
Provision Regulatory
Compliant Containers in
minutes
Multi Hypervisor support
Provisioning and Virtual
Services included in single
SKU
1.
Container A
Container B
No CLI experience
2.
vPath
3.
VMware
vSphere
Microsoft
HyperV
4.
VACS Architecture
UCSD
PNSC
CSR
VSG
Container
CSR
N1000V
vCenter
VSG
Container
CSR
VSG
Container
CSR
VSG
Container
VACS hierarchy
N1000V
UCSD
vCenter
PNSC
N1000V
N1000V
vCenter
PNSC
N1000V
Three types
3 tier internal
3 tier external
Custom
Both three tier container types contain a single network (can be vlan or vxlan)
with three pre-defined zones and zone policies.
Internal and external container types differ in which zones are allowed
access to/from outside the container
Custom containers can contain multiple networks, zones and custom firewall
policies
1.
2.
3.
4.
VLAN 1/
VXLAN 101
VSG
Web Tier
NAT (Optional)
L3 Routing EIGRP
Edge FW
Monitoring Features
Zone based FW
App Tier
DB Tier
1.
2.
3.
4.
VLAN 1/
VXLAN 101
VSG
Web Tier
NAT (Optional)
L3 Routing EIGRP
Edge FW
Monitoring Features
Zone based FW
App Tier
DB Tier
VLAN 1/
VXLAN 101
1.
2.
3.
4.
VSG
NAT (Optional)
L3 Routing EIGRP
Edge FW
Monitoring Features
VLAN 2/
VXLAN 202
Zone based FW
Tier 1
Tier 2
Tier 3
. .
Salient features
HA/HSRP
ERSPAN
CSR1000V
Gig2.31(1) - 31.0.0.10
Gig2.31(2) 31.0.0.11
Gig1(1) - 30.0.0.103
Gig1(2) 30.0.0.105
VIP 192.168.1.1
Management VLAN id 30
VSG
10.2.2.2 (SNAT)
WEB Server VM
APP VM
DB VM
192.168.1.5
192.168.1.6
First packet from Web VM enters the VEM and is re-directed to VSG.
VSG ACL rule (permit Web to Any) is hit, & vPATH on the VEM is programmed with the flow
Packet sent to the gateway, which is CSRs downlink interface
Packet src IP changed to NATed Public IP and sent outside via the Uplink interface
Subsequent packets are sent directly to CSRs downlink interface (skipping step 1-2)
10.1.1.30
Gig2.31- 31.0.0.10
CSR1000V
Mgmt Gig1
30.0.0.103
Gig3.2 192.168.1.1
Management VLAN id 30
VSG
10.2.2.2 (SNAT)
WEB Server VM
10.2.2.3 (SNAT)
APP VM
DB VM
192.168.1.5
192.168.1.6
Physical
to
Virtual
to
Cloud
Journey
Inter
Cloud
Hybrid
Cloud
Public
Cloud
Virtualization
Private
Cloud
Collaborate
within our
Social Media
Facebook- http://bit.ly/csc-facebook
Twitter- http://bit.ly/csc-twitter
You Tube http://bit.ly/csc-youtube
Google+ http://bit.ly/csc-googleplus
LinkedIn http://bit.ly/csc-linked-in
Instgram http://bit.ly/csc-instagram
Learn About
Upcoming Events
Newsletter Subscription
http://bit.ly/csc-newsletter
Spanish
https://supportforums.cisco.com/community/spanish
Portuguese
https://supportforums.cisco.com/community/portuguese
Japanese
https://supportforums.cisco.com/community/csc-japan
Russian
https://supportforums.cisco.com/community/russian
Chinese
http://www.csc-china.com.cn
VACS Container
Topology Configuration
Install UCSD
* Licenses:
UCSD.lic
VACS.lic
From stopping and restarting services and the GUI come back to a
login prompt is ~ 10 minutes
~4-5 minutes
Install PNSC
Container template
Template types
Policies
Routing protocol
Virtual machines
VACS Summary
Custom-Security zones
Custom-ALG options
VIP
VIP
VIP - Gateway
VIP - Summary
Gateway policy
CSR configuration
PNSC policy
PNSC zones
PNSC-VSG config
Publishing catalog
Policies ->Catalogs
Add catalog
Catalog - Summary
Catalog published
Description
This workflow is executed when a VACS user requests addition of VMs to an existing
VACS container.
This workflow is executed when a VACS user requests deletion of VMs from an existing
VACS container.
This workflow is executed when a VACS user requests Static NAT configuration for
workload VMs in a VACS Container
VACS ERSPAN
This workflow is executed when a VACS user requests monitoring of VM traffic for one or
more VMS