Beruflich Dokumente
Kultur Dokumente
Business
Sessions
Nexus
1000V
Family
Overview
and
Update
Virtual Network Services (vPath, NAM, vWAAS) Virtual Security Gateway Introduction Journey
to
the
Cloud
w/
N1KV:
vCloud
Director
&
Long
Distance
vMoNon
Secure
VDI
with
Nexus1000V
&
VSG
Date
29-Mar
12-Apr
26-Apr
10-May
24-May
Technical
Sessions
Nexus
1000V
New
Features
and
InstallaNon
Overview
Nexus1010
InstallaNon
&
Upgrade
Virtual
Security
Gateway
InstallaNon
and
Basic
ConguraNon
Nexus
1000V
Advanced
ConguraNon
Nexus
1000V
TroubleshooNng
N1K
Cisco Confidential
N1K
Cisco Confidential
N1K
Cisco Confidential
N1K
Cisco Confidential
N1K
Cisco Confidential
N1K
Cisco Confidential
Cisco Confidential
Modular Switch
Supervisor-1 Back Plane Supervisor-2 Linecard-1 Linecard-2
Linecard-N
Server 1
N1K
Server 2
Server 3
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Modular Switch
Supervisor-1 Back Plane Supervisor-2 Linecard-1 Linecard-2
Linecard-N
ESX
ESX
ESX
N1K
Cisco Confidential
10
VSM2
Modular Switch
Supervisor-1 Back Plane Supervisor-2 Linecard-1 Linecard-2
Linecard-N
ESX
ESX
ESX
N1K
Cisco Confidential
11
VSM2
Modular Switch
Supervisor-1 Back Plane Supervisor-2 Linecard-1 Linecard-2
Linecard-N
VEM-1 VEM-2 VEM-N
ESX
ESX
ESX
N1K
Cisco Confidential
12
VSM2
(connected by L2 or L3)
L2 Mode
VEM-1
VEM-2
L3 Mode
VEM-N
ESX
VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module
ESX
ESX
N1K
Cisco Confidential
13
Physical Appliance?
VSM2
L2 Mode
200+ vEth ports per VEM 64 VEMs per 1000V 2K vEths per 1000V Multiple 1000Vs can be created per vCenter
VEM-1
VEM-2
L3 Mode
VEM-N
ESX
ESX
ESX
N1K
Cisco Confidential
14
VSM-A4
VSM-B4
VSM-B1
redundant pair
200+ vEth ports per VEM 64 VEMs per 1000V 2K vEths per 1000V Multiple 1000Vs can be created per vCenter
VEM-1
VEM-2
VEM-N
ESX
ESX
ESX
N1K
Cisco Confidential
15
vPath L2 Mode
VSG Virtual Security Gateway for 1000v vWAAS Virtual WAAS
L3 Mode
vPath
Traffic Steering
VEM-2
vPath
VEM-1
vPath
ESX
ESX
& above
N1K
Cisco Confidential
16
Nexus 1010
VSM-A4 NAM
VSM-B1
VSM-B4
NAM
vPath L2 Mode
VEM-1
vPath
L3 Mode
VEM-2
vPath
ESX
*VSG on 1010 target: 2Q CY11
ESX
N1K
Cisco Confidential
17
Agenda
Nexus 1010 Hardware and Software Nexus 1000V VSM connectivity on Nexus 1010 Nexus 1010 Network Integration and Data Center Design Nexus 1010 Virtual Service Blade Configuration and Verification Nexus 1010 Upgrade Process
N1K
Cisco Confidential
19
N1K
Cisco Confidential
20
N1K
Cisco Confidential
21
1 3 5 7
Power supply (one) USB 2.0 connectors (two) Video connector (15-pin VGA) Gigabit Ethernet ports (3 to 6)
2 4 6 8
CIMC port (RJ-45) 10/100 Mbps Serial connector (DB9) Gigabit Ethernet Ports (1 and 2) Standard-profile PCIe card slot (not used)
N1K
Cisco Confidential
22
23
24
Feature Comparison
VSM as VM Nexus 1000V features and scalability VEM running on vSphere 4 Enterprise Plus NX-OS high availability of VSM Software-only deployment Installation like a standard Cisco switch Network Team owns/manages the VSM VSM Isolation from production VM environment in case of outage Least number of steps to deploy VSM
N1K
Cisco Confidential
25
N1K
Cisco Confidential
26
N1K
Cisco Confidential
27
N1K
Cisco Confidential
28
L2 Network
Control VLAN Packet VLAN
Control VLAN Extend the usual backplane of the switch over the network Carries low level messages to ensure proper configuration of the VEM. Maintains a 1 sec heartbeat with the VSM to the VEM (timeout of 6 seconds) Maintains syncronization between primary and secondary VSMs Packet VLAN For control plane processing like CDP, IGMP snooping, or stat collections like SNMP, Netflow
Cisco Confidential
N1K
29
VM
VM
VM
VM
For L2 deployment, Control and Packet VLAN needs to be configured end to end to allow communication between the VSM and the VEM If those VLANs are not configured end to end the VEM will not show up even if it looks like it is in vCenter
L2 Network
Control VLAN Packet VLAN
Control VLAN and Packet VLAN needs to be configured as system VLAN on the uplink port-profile Can use 1 or 2 VLANs for Control/Packet traffic
Cisco Confidential
30
L3 Network
VSM uses a svs mode type layer 3 using either the control0 Interface or the mgmt0 interface
User can specify an IP address for control0 to use a separate network for VEM VSM communication svs-domain svs mode L3 interface (control0 | mgmt0)
Cisco Confidential
31
N1K
Cisco Confidential
32
There are 4 uplink options to connect the Nexus 1010 to the Network This will influence how the control, packet, management and data information will be connected to rest of the network
N1K
Cisco Confidential
33
Setup 1
Setup 2
interface ethernet 101/1/1-2 !-- multiple vlans trunked across link switchport mode trunk !--only allow mgmt, control and data vlans switchport trunk allowed vlan 170,250-251 !-- enable portfast edge spanning-tree port type edge trunk
Eth1 Eth2 Eth1 Eth2 Eth1 Eth2 Eth2 Eth1
Active VSM
HA-Standby VSM
Active VSM
HA-Standby VSM
Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Total Bandwidth per device is 1Gbps
N1K
Cisco Confidential
34
interface ethernet 101/1/2, 101/1/4 !-- multiple vlans trunked across link switchport mode trunk !-- only allow mgmt, control and data vlans switchport trunk allowed vlan 251 !-- enable portfast edge spanning-tree port type edge trunk !-- add interface to port-channel, this is a vpc channel-group 1010 mode active !-- this is a unique vpc for N1010-1 interface port-channel 1010 vpc 1010 **Config must be repeated for N1010-2 on interfaces 101/1/5-6
E1
1 6 5 1 2 3 4 2 3 4 5 6
E2 E3 E4
E5
E6
E1
E2 E3 E4
E5
E6
Active VSM
HA-Standby VSM
Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Eth3-6:forwarding in LACP bundle Total Bandwidth per device is 5Gbps
N1K 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
35
interface ethernet 101/1/2, 101/1/4 !-- multiple vlans trunked across link switchport mode trunk !-- only allow mgmt, control and data vlans switchport trunk allowed vlan 250-251 !-- enable portfast edge spanning-tree port type edge trunk !-- add interface to port-channel, this is a vpc channel-group 1010 mode active !-- this is a unique vpc for N1010-1 interface port-channel 1010 vpc 1010
**Config must be repeated for N1010-2 on interfaces 101/1/5-6
E1
1 6 5 1 2 3 4 2 3 4 5 6
E2 E3 E4
E5
E6
E1
E2 E3 E4
E5
E6
Active VSM
HA-Standby VSM
Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Eth3-6:forwarding in LACP bundle Total Bandwidth per device is 5Gbps
N1K 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
36
Sample Topology: Common L2 Network with upstream switch N5K/N2K Upstream Switch Access Ports: interface ethernet 101/1/1 !-- multiple vlans trunked across link switchport mode trunk !-- only allow mgmt, control and data vlans switchport trunk allowed vlan 170 !-- enable portfast edge spanning-tree port type edge trunk
E1 E2 E3 E4 E5 E6 E1 E2 E3 E4 E5 E6
Nexus 1010 Eth1: active (forwarding) Eth2: standby (not forwarding) Eth3: active (forwarding) Eth4: standby (not forwarding) Eth5: active (forwarding) Eth6: standby (not forwarding) Total Bandwidth per device is 3Gbps
N1K 2011 Cisco and/or its affiliates. All rights reserved.
Active VSM
HA-Standby VSM
Cisco Confidential
37
Option 2
Option 3
Option 4
N1K
38
L3 L2
Access
L3 Control for VSM possible HA pair can be dedicated per POD or customer
More VSBs available per POD or customer
Compute/Virtual Access
ESXi
N1K
Cisco Confidential
39
Aggregation
L3 L2
L2 Control for VSM possible HA pair can be shared among PODs or customers
If using L3, there should be IP connectivity to VSM VSB from each POD
Access
Compute/Virtual Access
ESXi
N1K
Cisco Confidential
40
N1K
Cisco Confidential
41
N1K
Cisco Confidential
42
N1K
Cisco Confidential
44
tme-1010-1(config-vsb-config)# virtual-service-blade-type new nexus-1000v.4.0.4.SV1.3a.iso tme-1010-1(config-vsb-config)# interface control vlan 251 tme-1010-1(config-vsb-config)# interface packet vlan 252 tme-1010-1(config-vsb-config)# enable Enter vsb image: [nexus-1000v.4.0.4.SV1.3.iso] Enter domain id[1-4095]: 203 Management IP version [V4/V6]: [V4] Enter Management IP address: 10.29.170.84 Enter Management subnet mask: 255.255.255.0 IPv4 address of the default gateway: 10.29.170.1 Enter HostName: VSM-1010-1 Enter the password for 'admin': P@ssw0rd1 tme-1010-1(config-vsb-config)#no shut
N1K 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
One command deploys both Primary and Secondary VSM This is done only for HA aware VSBs
45
HA Admin role: Primary HA Oper role: ACTIVE Status: Location: SW version: VSB POWERED ON PRIMARY 4.0(4)SV1(3a)
HA Admin role: Secondary HA Oper role: STANDBY Status: Location: SW version: VSB Info: Domain ID : 401
N1K 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
46
----------------------------------------------------------------------GigabitEthernet1 GigabitEthernet2 GigabitEthernet3 GigabitEthernet4 GigabitEthernet5 GigabitEthernet6 PortChannel1 PortChannel2 VbEthernet1/1 VbEthernet1/2 VbEthernet1/3
N1K
up up up up up up up up up up up
1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000
1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 1500
Cisco Confidential
Po1 represents active/standby bundle between E1 and E2 Po2 represents the LACP bundle between E3-E6
47
Applications, Host, Conversations, VLAN, QoS, etc. Per-application, per-user traffic analysis
View VM-level Interface Statistics Packet Capture and Decodes Historical Reporting and Trending
ERSPAN
NAM Virtual Blade on Nexus 1010
vCenter
NetFlow
N1K
Cisco Confidential
48
N1K
Cisco Confidential
49
N1K
Cisco Confidential
50
N1K
Cisco Confidential
51
Save configuration Log into VSM VSB Switch over HA active VSM VSBs to active N1010
N1K
Cisco Confidential
52
From N1010 CLI, reload standby when all active VSM VSBs are switched over to active
ie. reload module 2 if Secondary is standby
From withing VSM VSB CLI, switchover HA active VSBs to newly upgraded N1010 (originally standby from above) Reload the original active N1010
Non HA VSBs may experience disruption (NAM)
N1K
Cisco Confidential
53
N1K
Cisco Confidential
54
Business
Sessions
Nexus
1000V
Family
Overview
and
Update
Virtual Network Services (vPath, vWAAS, NAM) Virtual Security Gateway Introduction Journey
to
the
Cloud
w/
N1KV:
vCloud
Director
&
Long
Distance
vMoNon
Secure
VDI
with
Nexus1000V
&
VSG
Date
29-Mar
12-Apr
26-Apr
10-May
24-May
Web Sites
Technical
Sessions
Nexus
1000V
New
Features
and
InstallaNon
Overview
Nexus1010
InstallaNon
&
Upgrade
Virtual
Security
Gateway
InstallaNon
and
Basic
ConguraNon
Overview
Nexus
1000V
Advanced
ConguraNon
Nexus
1000V
TroubleshooNng
www.cisco.com/go/1000v www.cisco.com/go/nexus1010 www.cisco.com/go/vsg www.cisco.com/go/vnmc www.cisco.com/go/1000vcommunity (Preso and Q&A posted here)
N1K 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
55
Thank you.