brkdct-3831
TRANSCRIPT
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1BRKDCT-383114488_04_2008_c2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2BRKDCT-383114488_04_2008_c2
Advanced Data Center Virtualization
BRKDCT-3831
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKDCT-383114488_04_2008_c2
Before We Get Started
Intermediate level session focused on data center virtualization technologies and solutions, including both front-end and back-end networks as well as server virtualization
Prerequisites: being familiar with the basic LAN and SAN design models as well as server virtualization technologies
Other recommended sessionsBRKDCT-2866: Data Center Architecture Strategy and Planning
BRKDCT-2840: Data Center Networking: Taking Risk Away from Layer 2 Interconnects
BRKDCT-1898: FCoE: The First 30 Feet of FC
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
3
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKDCT-383114488_04_2008_c2
Virtualization—Definition (Well, One of Them)
VirtualizationIs the Pooling and Abstraction of
Resources and Services in a Way That Masks the Physical Nature and Boundaries of Those Resources and
Services from Their Users
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKDCT-383114488_04_2008_c2
What Is Network Virtualization?
Virtualization: One to many
One network supports many virtual networks
Data Center Front-End Network/LAN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
4
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKDCT-383114488_04_2008_c2
Virtual
Merged NewCompany
What Is Network Virtualization?
Virtualization: One to many
One network supports many virtual networks
Data Center Front-End Network/LAN
OutsourcedIT Department
Virtual Virtual
Segregated Department(Regulatory Compliance)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKDCT-383114488_04_2008_c2
Data Center Network
Out-of-Band Management Network
Backup Network
Guest/Partner Network
Security Network
What Is Network Virtualization?
Virtualization: Many to one One network consolidates many physical networks
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
5
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9BRKDCT-383114488_04_2008_c2
Data Center Network
What Is Network Virtualization?
Virtualization: Many to 1 One network consolidates many physical networks
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKDCT-383114488_04_2008_c2
Consolidated Data Center
“Network Virtualization” in the Data CenterOne Term, Many Contexts
Virtual connectivity servicesIP/MPLS, L3 VPN, VRFsL2 VPNs, VFIs, PW
Virtualized front-endVLANs, PVLANs, VRF lite, VDCVirtual intelligent services (Firewall, SLB, SSL, L4–7, etc.)
Compute virtualizationClustering, GRID, virtualization software (hypervisor-based)
Virtualized storageVirtual HBAs, CNAsVirtual SANs (VSANs)Network-hosted storage virtualization software
Storage Area
Network
Storage
Servers
Front-End
Network Serv
ice
Mod
ules
Serv
ice
Mod
ules
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
6
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11BRKDCT-383114488_04_2008_c2
DC Core
CBS 3100 Blade
Cisco Catalyst 49xxRack
Nexus 7000End-of-Row
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
Nexus 5000Rack
DC Access
Nexus 700010GbE AggCisco Catalyst 6500DC Services
MDS 9500Storage
Cisco Catalyst 6500End-of-Row
Storage
IP+MPLS WAN Agg Router
10GbE and 4Gb FC Server Access
CBS 3100MDS 9124eBlade
10GbE and 4/8Gb FC Server Access10Gb FCoE Server Access
10 Gigabit FCoE/DCE
1GbE Server Access
Nexus 700010GbE Core
Cisco Catalyst 650010GbE VSS AggDC Services
DC Aggregation
Virtualized Data Center Infrastructure
FC
WAN
SAN A/BMDS 9500Storage Core
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
7
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13BRKDCT-383114488_04_2008_c2
VRF OverviewWhat Is a VRF (Virtual Routing and Forwarding)?
Typically all route processes and static routes are populating one routing table
All interfaces are part of the global routing table
router eigrp 1network 10.1.1.0 0.0.0.255!router ospf 1network 10.2.1.0 0.0.0.255 area 0!router bgp 65000neighbor 192.168.1.1 remote-as 65000!ip route 0.0.0.0 0.0.0.0 140.75.138.114
Global Routing Table
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKDCT-383114488_04_2008_c2
VRF OverviewWhat Is a VRF (Virtual Routing and Forwarding)?
VRFs allow dividing up your routing table into multiple virtual tables
Routing protocol extensions allow binding a process/address family to a VRF
Interfaces are bound to a VRF usingip vrf forwarding <vrf-name>
router eigrp 1network 10.1.1.0 0.0.0.255!router ospf 1 vrf orangenetwork 10.2.1.0 0.0.0.255 area 0!router bgp 65000address-family ipv4 vrf blue…!ip route vrf green 0.0.0.0 0.0.0.0 …
Global Routing Table
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
8
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKDCT-383114488_04_2008_c2
VRF OverviewRoute Targets
Import/export routes to/from MP-BGP updates
Globally significant—creates the VPN
Allows hub and spoke connectivity (central services)
VRF Export 3:3 Import 3:3Export 2:2 Import 1:1
Export 3:3 Import 3:3Export 2:2Import 1:1VRF
VRF
VRFExport 3:3Import 3:3Import 2:2 Export 1:1
VRF VRF Red: Any-to-AnyBlue: Hub-and-Spoke
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16BRKDCT-383114488_04_2008_c2
Shared Services Extranet VPNMultiple-Box Extranet Implementation
Central services routes imported into both VRF red and blue (1:1)Central VRF imports routes for blue and red subnets (3:3, 2:2)
No routes exchanged between blue/redNo transitivity: imported routes are not “reexported”
Blue and red remain isolated
VRFExport 3:3Import 1:1 Export 2:2Import 1:1
Export 3:3Import 1:1Export 2:2Import 1:1VRF
VRF
VRF
Import 3:3 Import 2:2Export 1:1
VRF
Shared ServicesBidirectional Communication
Between All VRFs and Central Services VRF
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
9
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKDCT-383114488_04_2008_c2
Data Center as a Shared Service on an Extranet VRF
DNS,CAC
L3 interface Without VRF-Enabled.1Q with VRF-enabled VLANsL3 Interface with VRF-Enabled
DC Core
Internet Module
ISP1
ISP2
MAN
Shared Services
Red VRF
Blue VRF
Virtualized Campus/MAN
Red VPNBlue VPN
WAN/Branch
Red VPN Blue VPN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
10
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKDCT-383114488_04_2008_c2
Virtual Device Contexts at Nexus 7000 VDC Architecture
Virtual Device Contexts Provides Virtualization at the Device Level Allowing Multiple Instances of the Device to Operate on the Same Physical Switch at the Same Time
Kernel
Infrastructure
Protocol Stack (IPv4/IPv6/L2)
L2 Protocols
VDC1
VLAN Mgr
Nexus 7000 Physical Switch
VDCn
Protocol Stack (IPv4/IPv6/L2)
L3 Protocols
UDLD
VLAN Mgr UDLD
LACP CTS
IGMP 802.1x
RIB
OSPF GLBP
BGP HSRP
EIGRP VRRP
PIM SNMP
RIB
L2 Protocols
VLAN Mgr
L3 Protocols
UDLD
VLAN Mgr UDLD
LACP CTS
IGMP 802.1x
RIB
OSPF GLBP
BGP HSRP
EIGRP VRRP
PIM SNMP
RIB
…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKDCT-383114488_04_2008_c2
Virtual Device Contexts Properties of the VDC
Each VDC treated as standalone device with limited resourcesEach VDC uniquely identified by ID or nameEach VDC has unique MAC address assigned to identify VDCShared processor, shared linecards, and dedicated interfaces Per VDC role-based management allows per VDC admin configuration and managementSoftware fault isolation for protocol processes within the VDC
The Hardware Is Shared Across the VDCs but from the User, Configuration and Management Perspective, the VDC Should Appear as a Standalone Device
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
11
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21BRKDCT-383114488_04_2008_c2
Virtual Device Contexts VDC Fault Domain
Kernel
Infrastructure
Protocol StackVDCA
Physical Switch
VDC A
Pro
cess
AB
C
Pro
cess
DE
F
Pro
cess
XY
Z…
Protocol StackVDCB
VDC B
Pro
cess
AB
C
Pro
cess
DE
F
Pro
cess
XY
Z
…
Fault Domain
Process “DEF” in VDC B Crashes
Process DEF in VDC A Is Not Affected and Will Continue to Run Unimpeded
A VDC Builds a Fault Domain Around All Running Processes Within That VDC—Should a Fault Occur in a Running Process, It Is Truly Isolated from Other Running Processes and They Will Not Be Impacted
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKDCT-383114488_04_2008_c2
Virtual Device Contexts VDC Configuration
A VDC Is Created in the Following Manner—This Example Creates a VDC Called CiscoLive 2008
switch# conf tswitch(config)# vdc CiscoLive2008switch(config-vdc)# show vdc
vdc_id vdc_name state mac ------ -------- ----- ----------1 switch active 00:18:ba:d8:4c:3d2 CiscoLive2008 active 00:18:ba:d8:4c:3e
switch(config-vdc)# show vdc detail vdc id: 1vdc name: switchvdc state: activevdc mac address: 00:18:ba:d8:4c:3dvdc ha policy: RESET
vdc id: 2vdc name: CiscoLive2008vdc state: activevdc mac address: 00:18:ba:d8:4c:3evdc ha policy: BRINGDOWN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
12
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKDCT-383114488_04_2008_c2
Virtual Device Contexts VDC Resource Assignment
The Default Resource Allocation Can Be Changed from the CLI—An Example Follows…
This Example Shows How the Minimum Number of VLANs Allocated to the CiscoLive 2008 VDC Is Changed from 16 to 32…
switch(config)# vdc CiscoLive2008switch(config-vdc)# limit-resource vlan minimum 32 maximum 4094switch(config-vdc)# show run | begin vdc<snip>vdc CiscoLive2008 id 2template defaulthap bringdownlimit-resource vlan minimum 32 maximum 4094limit-resource span-ssn minimum 0 maximum 2limit-resource vrf minimum 16 maximum 8192limit-resource port-channel minimum 0 maximum 256limit-resource glbp_group minimum 0 maximum 4096
<snip>
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24BRKDCT-383114488_04_2008_c2
Virtual Device Contexts Resource Templates
Resource Templates Are Another Option for Assigning a Resource Allocation to Each VDC—An Example of This Is Shown Below…
switch(config)# vdc resource template N7Kswitchswitch(config-vdc-template)# limit-resource vlan minimum 32 maximum 256switch(config-vdc-template)# limit-resource vrf minimum 32 maximum 64switch(config-vdc-template)# exitswitch(config)# vdc CiscoLive2008 template N7Kswitchswitch(config-vdc)# show vdc resource templatetemplate ::N7Kswitch--------
Resource Min Max---------- ----- -----vrf 32 64vlan 32 256
template ::default--------
Resource Min Max---------- ----- -----glbp_group 0 4096port-channel 0 256span-ssn 0 2vlan 16 4094vrf 16 8192
switch(config-vdc)#
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
13
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25BRKDCT-383114488_04_2008_c2
Virtual Device Contexts VDC and Interface Allocation
32-Port10GE
Module
VDCA
VDCB
VDCC
VDCC
Ports Are Assigned on a per VDC Basis and Cannot Be Shared
Across VDCs
Once a Port Has Been Assigned to a VDC, All Subsequent Configuration Is
Done from Within That VDC…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26BRKDCT-383114488_04_2008_c2
Linecard 1 Linecard 2 Linecard 3
VDC
30VD
C
20VDC
20VD
C
20
Virtual Device Contexts VDC Resource Utilization (Layer 2)
Switch Fabric
MAC Table MAC Table MAC Table
VDC
10 VD
C
10 VDC
30
1/1 1/2 1/3 1/4 2/1 2/2 2/3 2/4 3/1 3/2 3/3 3/4
MAC Address A
MAC “A” MAC “A”
X
MAC “A” Is Propagated to Linecard 2 and 3 but Only Linecard 2 Installs MAC Due to Local Port Being In VDC 10
Layer 2 Learning with Multiple Active VDCs Also Has an Impact on Resource Utilization—MAC Addresses Learnt in a VDC Are Only Propagated to Other Linecards When That Linecard Has a Port in That VDC
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
14
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27BRKDCT-383114488_04_2008_c2
Virtual Device Contexts VDC Resource Utilization (Layer 3)
Linecard 1 Linecard 2 Linecard 3 Linecard 4 Linecard 5 Linecard 6 Linecard 7 Linecard 8
64K 64K 64K 64K 64K 64K 64K 64K
128K 128K 128K 128K 128K 128K 128K 128K
FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM
ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM
When Only the Default VDC Is Active, the FIB and ACL TCAM on Each Linecard Is Primed with Forwarding Prefixes and Policies Associated with That Default VDC as Shown Below
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKDCT-383114488_04_2008_c2
Virtual Device Contexts VDC Resource Utilization (Layer 3)
VDC Number Number of Routes Number of ACEs Allocated Linecards
10 100K 50K Linecard 1 and 2
20 10K 10K Linecard 1, 2, 3, 5
30 90K 40K Linecard 3 and 5
When Physical Port Resources Are Split Between Multiple VDCs, Then Only Linecards That Have Ports Associated with a Given VDC Have Local TCAMs Primed with FIB and Policy Information
Let’s See How This Setup Impacts TCAM Resource Allocation on the Same Chassis Assuming the Following Breakup Shown Below
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
15
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKDCT-383114488_04_2008_c2
Virtual Device Contexts VDC Resource Utilization (Layer 3)
Linecard 1 Linecard 2 Linecard 3 Linecard 4 Linecard 5 Linecard 6 Linecard 7 Linecard 8
64K 64K 64K 64K 64K 64K 64K 64K
128K 128K 128K 128K 128K 128K 128K 128K
FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM FIB TCAM
ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM ACL TCAM
VDC 10 VDC 20 VDC 30FIB and ACL TCAM Resources Are More Effectively Utilized
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
16
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31BRKDCT-383114488_04_2008_c2
Common Data Center challenges
Traditional Data Center Designs Are Requiring Ever Increasing Layer 2 Adjacencies Between Server Nodes Due to Prevalence of Virtualization Technology. However, They Are Pushing the Limits of Layer 2 Networks, Placing More Burden on Loop-Detection Protocols Such as Spanning Tree…
L2/L3 Core
L2 Distribution
L2 Access
Dual-Homed Servers to Single Switch, Single Active Uplink per VLAN (PVST), L2 Reconvergence
Single Active Uplink per VLAN (PVST), L2 Reconvergence, Excessive BPDUs
FHRP, HSRP, VRRPSpanning TreePolicy Management
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32BRKDCT-383114488_04_2008_c2
Virtual Switch System at Data Center
A Virtual Switch-Enabled Data Center Allows for Maximum Scalability so Bandwidth Can Be Added When Required, but Still Providing a Larger Layer 2 Hierarchical Architecture Free of Reliance on Spanning Tree…
L2/L3 Core
L2 Distribution
L2 Access
Dual-Homed Servers, Single Active Uplink per VLAN (PVST), Fast L2 Convergence
Dual Active Uplinks, Fast L2 Convergence, Minimized L2 Control Plane, Scalable
Single Router Node, Fast L2 Convergence, Scalable Architecture
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
17
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKDCT-383114488_04_2008_c2
Introduction to Virtual SwitchConcepts
Virtual Switch System Is a New Technology Break Through for the Cisco Catalyst 6500 Family
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34BRKDCT-383114488_04_2008_c2
Virtual Switch ArchitectureForwarding Operation
Virtual Switch Domain
Switch 1—Control Plane Active Switch 2—Control Plane Hot Standby
Virtual Switch Domain
Switch 1—Data Plane Active Switch 2—Data Plane Active
In Virtual Switch Mode, While Only One Control Plane Is Active, Both Data Planes (Switch Fabrics) Are Active, and as Such, Each Can Actively Participate in the Forwarding of Data
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
18
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35BRKDCT-383114488_04_2008_c2
Virtual Switch ArchitectureVirtual Switch Link
The Distance of VSL Link Is Limited Only by the Chosen 10 Gigabit Ethernet Optics. VSLs Can Carry Regular Data Traffic in Addition to the Control Plane Communication.
The Virtual Switch Link Is a Special Link Joining Each Physical Switch Together—It Extends the Out of Band Channel Allowing the Active Control Plane to Manage the Hardware in the Second Chassis
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKDCT-383114488_04_2008_c2
EtherChannel ConceptsMultichassis EtherChannel (MEC)
Regular EtherChannel on Single Chassis
Multichassis EtherChannel Across Two VSL-Enabled Chassis
Virtual Switch Virtual Switch
LACP, PAGP, or ON EtherChannel Modes Are Supported…
Prior to Virtual Switch, EtherChannels Were Restricted to Reside Within the Same Physical Switch. In a Virtual Switch Environment, the Two Physical Switches Form a Single Logical Network Entity—Therefore EtherChannels Can Now Also Be Extended Across the Two Physical Chassis
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
19
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37BRKDCT-383114488_04_2008_c2
EtherChannel ConceptsEtherChannel Hash for MEC
Link A1 Link B2
Blue Traffic Destined for the Server Will Result in Link A1 in the MEC Link Bundle Being Chosen as the Destination Path…
Orange TrafficDestined for the Server Will Result in Link B2 in the MEC Link Bundle Being Chosen as the Destination Path…
Server
Deciding on Which Link of a Multichassis EtherChannel to Use in a Virtual Switch Is Skewed in Favor Towards Local Links in the Bundle—This Is Done to Avoid Overloading the Virtual Switch Link (VSL) with Unnecessary Traffic Loads
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38BRKDCT-383114488_04_2008_c2
MEC—Layer 3 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Forwards an IP Packet Through Po1. Virtual Switch Learns
the IP Route Through Po2.
Switch 1 Switch 2
Core 1(C1)
Core 2(C2)
Port 1 Port 2
U1 U2 U3 U5
Po1 and Po2 Are Layer3 MECs
Po1 Members—U1, U3 Po2 Members—U2,U4,U5
U4
Virtual Switch
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
20
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39BRKDCT-383114488_04_2008_c2
MEC—Layer 3 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U5U4
A port1
Core1 Receives the Packet Through U1 Based on the RBH Chosen on
Switch 1.
Core1 Does an IP Lookup andSelects the Port-Channel Po2.
Virtual Switch
Core 1(C1)
Core 2(C2)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40BRKDCT-383114488_04_2008_c2
MEC—Layer 3 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U5U4
A port1
Virtual Switch
Core 1(C1)
Core 2(C2)
Lookup for Po2 Selects the Member U2 for All the RBH Values.
Packet Exits via U2.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
21
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41BRKDCT-383114488_04_2008_c2
MEC—Layer 3 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U5U4
A port1
Virtual Switch
Core 1(C1)
Core 2(C2)
Lets SHUTDOWN the Port U2, Turning MEC into a Regular Port-Channel with Members U4 and U5.
Lookup for Po2 on Core 1 Selects the VSL Port-Channel as Exit Point.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42BRKDCT-383114488_04_2008_c2
MEC—Layer 3 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U5U4
A port1
Virtual Switch
Lookup for Po2 on Core 2 Selects U4 (or) U5 as Exit Point Based Upon
the RBH Value for the Flow.
Core 1(C1)
Core 2(C2)
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
22
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43BRKDCT-383114488_04_2008_c2
MEC—Layer 3 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U5U4
A port1
Virtual Switch
Core 1(C1)
Core 2(C2)
Now, “no shut” U2 and Shut Down U1. Po2 Is a MEC Again. Traffic
Enters Core2 Through U3. Lookup for Po2 on Core 2 Selects U4 (or) U5 as Exit Point Based Upon the
RBH Value for the Flow.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44BRKDCT-383114488_04_2008_c2
MEC—Layer 2 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U4
1st
2nd
A port13rd
Virtual Switch
Core 1(C1)
Core 2(C2)
1st) A Transmits Packet to B.2nd) Switch 1 Forwards Packets Out
of Po1.3rd) Core1 Receives the Packet.
Core1 Learns A Is on Port 1.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
23
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45BRKDCT-383114488_04_2008_c2
MEC—Layer 2 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U4
4th
A port1
Virtual Switch
Core 1(C1)
Core 2(C2)
4th) Core1 Performs Lookup on BCore1 Floods Packet Due to Miss Flood Index Selects Port 2 and VSLMEC LTL Index Selects U2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46BRKDCT-383114488_04_2008_c2
MEC—Layer 2 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U4
5th
A port1
Virtual Switch
Core 1(C1)
Core 2(C2)
5th) S2 Receives Packet from U2S2 Transmits Packet Out Port2 to B
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
24
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47BRKDCT-383114488_04_2008_c2
MEC—Layer 2 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U4
A port1
C2 Receives Packet from VSLC2 Learns A Is on Port 1C2 Performs Lookup for BC2 Floods Due to MissFlood Excludes U4 Since It Is a MultichassisBundle and Packet Came from VSL
A port1
Virtual Switch
Core 1(C1)
Core 2(C2)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48BRKDCT-383114488_04_2008_c2
MEC—Layer 2 Packet Flow
A B
VSL
Po1 Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U4
1st
2nd
A port1
3rd
A port1B port2
Virtual Switch
Core 1(C1)
Core 2(C2)
1st) B Transmits a Packet to A.2nd) Virtual Switch Receives the Packet
Through U4. 3rd) C2 Receives the Packet. C2 Learns B
Is on Port 2.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
25
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49BRKDCT-383114488_04_2008_c2
MEC—Layer 2 Packet Flow
A B
VSL
Po2
Switch 1 Switch 2
Port 1 Port 2
U1 U2 U3 U4
A port1 A port1B port2
4th
Virtual Switch
Core 1(C1)
Core 2(C2)
Po15th
4th) C2 Performs Lookup for A andSelects Port1Port1 LTL Index Selects U3C2 Transmits the Packet
5th) S1 Receives the Packet andTransmits It to A on Port 1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50BRKDCT-383114488_04_2008_c2
Hardware RequirementsVSL Hardware RequirementsThe Virtual Switch Link Requires Special Hardware as Noted Below…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
26
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51BRKDCT-383114488_04_2008_c2
Hardware RequirementsOther Hardware Considerations
12.2 (33) SXH
BRKDCT-383114488_04_2008_c2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52BRKDCT-383114488_04_2008_c2
Virtual Switch System at Data CenterBenefits
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
27
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54BRKDCT-383114488_04_2008_c2
Storage10GbE and 4Gb FC Server Access10GbE and 4/8Gb FC Server Access10Gb FCoE Server Access
1GbE Server Access
CBS 3100 Blade
Cisco Catalyst 49xxRack
Nexus 7000End-of-Row
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
Nexus 5000Rack
DC Access
Nexus 700010GbE AggCisco Catalyst 6500DC Services
MDS 9500Storage
Cisco Catalyst 6500End-of-Row
IP+MPLS WAN Agg Router
CBS 3100MDS 9124eBlade
10 Gigabit FCoE/DCE
Nexus 700010GbE Core
Cisco Catalyst 650010GbE VSS AggDC Services
DC Aggregation
FC
WAN
SAN A/BMDS 9500Storage Core
DC Core
One-Arm Service SwitchesEmbedded Service Modules
Aggregation Services Design Options
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
28
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55BRKDCT-383114488_04_2008_c2
One Physical DeviceMultiple Virtual Systems
(Dedicated Control and Data Path)
ACE Virtual Partitioning System Separation for Server Load Balancing and SSL
Single configuration file
Single routing table
Limited RBAC
Limited resource allocation
Distinct context configuration filesSeparate routing tablesRBAC with contexts, roles, domainsManagement and data resource controlIndependent application rule setsGlobal administration and monitoring
25% 25% 20%15%15%100%
Cisco Application Infrastructure ControlTraditional Device
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56BRKDCT-383114488_04_2008_c2
GuaranteedRates
GuaranteedMemory
ACE Virtual PartitionsResource Control
BandwidthData connections/secManagement connections/secSSL bandwidthSyslogs/sec
Access listsRegular expressions# Data connections# Management connections#SSL connections# Xlates# Sticky entries
Guaranteed resource levels for each context with support for oversubscription
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
29
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57BRKDCT-383114488_04_2008_c2
Firewall Service Module (FWSM)Virtual Firewalls
e.g., Three customers three security contexts—scales up to 250
VLANs can be shared if needed (VLAN 10 on the right-hand side example)
Each context has its own policies (NAT, access-lists, fixups, etc.)
FWSM supports routed (Layer 3) or transparent (Layer 2) virtual firewalls at the same time
Core/Internet
Cisco Catalyst 6500
FW SMVFW VFW VFW
MSFC
Core/Internet
Cisco Catalyst 6500
FW SMVFW VFW VFW
MSFC
VLAN 10 VLAN 20 VLAN 30
VLAN 11 VLAN 21 VLAN 31
VLAN 10
VLAN11 VLAN 21 VLAN 31
A B C A B C
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58BRKDCT-383114488_04_2008_c2
FWSM—Virtual Firewall Resource Limiter
In system mode, classes can be defined
Individual contexts are then mapped to classes
Within a class, limits can be applied to specific resources such as: (use “show resource types” for up-to-date list)
Rate Limited
Absolute Limits
Limits specified as integer or %; 0 means no limit
Resources can be oversubscribed: e.g., class assigns max 10% of resources, but 50 contexts are mapped to it
Conns CPSFixups Fixups/secSyslogs Syslogs/sec
Conns Connections XlatesHosts Hosts MAC-entriesIPSec IPSec Mgmt Tunnels ALLSSH SSH SessionsTelnet Telnet Sessions
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
30
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59BRKDCT-383114488_04_2008_c2
Data Center Virtualized ServicesCombination Example
v5
v105
v6 v7
v107
v2081v2082v2083
...v206 v207
v206
BU-4BU-2 BU-3
v105
v108
BU-1
1
2
3
4
* vX = VLAN X**BU = Business Unit
VRF
VRF
VRFVRFVRF
v208
“Front-End” VRFs (MSFC)
Firewall Module Contexts
ACE Module Contexts
“Back-End” VRFs (MSFC)
Server Side VLANs
v207
3
4v8
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60BRKDCT-383114488_04_2008_c2
Virtualized ServicesExample: Modules and VLANs Association
ACE/Admin# show vlansVlans configured on SUP for this modulevlan1301-1310 vlan1401-1410ACE/Admin#
FWSM# show vlan1201-1210, 1301-1310FWSM#
svclc multiple-vlan-interfacesfirewall multiple-vlan-interfaces
svclc vlan-group 1 1201-1210svclc vlan-group 2 1301-1310svclc vlan-group 3 1401-1410
firewall module 7 vlan-group 1,2svclc module 4 vlan-group 2,3
MSFC
FWSM
vlan-group1
vlan-group2
vlan-group3
cse-6509a# show module 7Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ -----------7 6 Firewall Module WS-SVC-FWM-1 SAD0930052K
Mod MAC addresses Hw Fw Sw Status--- ---------------------------------- ------ ------------ ------------ -------7 0014.a90c.987a to 0014.a90c.9881 3.0 7.2(1) 3.2(0)67 Ok
Mod Online Diag Status---- -------------------7 Pass
cse-6509a#cse-6509a# show module 4Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ -----------4 1 Application Control Engine Module ACE10-6500-K9
SAD102905V2Mod MAC addresses Hw Fw Sw Status--- ---------------------------------- ------ ------------ ------------ -------4 000a.b870.e43a to 000a.b870.e441 1.1 8.6(0.252-En 3.0(0)A1(4a) Ok
Mod Online Diag Status---- -------------------4 Pass
cse-6509a#
ACE
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
31
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61BRKDCT-383114488_04_2008_c2
svclc multiple-vlan-interfacesfirewall multiple-vlan-interfaces
svclc vlan-group 1 1201-1210svclc vlan-group 2 1301-1310svclc vlan-group 3 1401-1410
firewall module 7 vlan-group 1,2svclc module 4 vlan-group 2,3
FWSM#admin-context admin!context adminallocate-interface Vlan1210allocate-interface Vlan1310config-url disk:/admin.cfg
!context INTERNETallocate-interface Vlan1201allocate-interface Vlan1301allocate-interface Vlan1302config-url disk:/INTERNET.cfg
!context INTRANETallocate-interface Vlan1205allocate-interface Vlan1305config-url disk:/INTRANET.cfg
ACE/Admin#
context INTERNET1description *** INTERNET (WEB TIER)allocate-interface vlan 1301allocate-interface vlan 1401
!context INTERNET2description *** INTERNET (APPLICATION TIER)allocate-interface vlan 1302allocate-interface vlan 1402
!context INTRANETdescription *** INTRANETallocate-interface vlan 1305allocate-interface vlan 1405
ACE/INTERNET1# show run | i vlanGenerating configuration....interface vlan 1301interface vlan 1401
ACE/INTERNET2# show run | i vlanGenerating configuration....interface vlan 1302interface vlan 1402
ACE/INTRANET# show run | i vlanGenerating configuration....interface vlan 1305interface vlan 1405
FWSM/admin# show run | i Vlaninterface Vlan1210interface Vlan1310
FWSM/INTERNET# show run | i Vlaninterface Vlan1201interface Vlan1301interface Vlan1302
FWSM/INTRANET# show run | i Vlaninterface Vlan1205interface Vlan1305
Virtualized ServicesExample: Modules and VLANs Association (Cont.)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62BRKDCT-383114488_04_2008_c2
Cisco ACEand
Cisco FWSM
ESX Server
Virtual Machines
Bank Apps
MicrosoftOracle
MicrosoftOutlook
Virtual Machines
Bank Apps
MicrosoftOracle
App Has Capacity Available
Ideal Isolation
Online BankApplication
(SSL Offloading Required)
Virtualized ServicesCisco ACE and FWSM Virtualized
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
32
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64BRKDCT-383114488_04_2008_c2
On Failover, Src MAC Eth1 = Src MAC Eth0IP Address Eth1 = IP Address Eth0
Eth1: StandbyEth0: Active
SFT—Switch Fault Tolerance
IP=10.2.1.14MAC =0007.e910.ce0f
On Failover, Src MAC Eth1 = Src MAC Eth0IP Address Eth1 = IP Address Eth0
Eth1: StandbyEth0: Active
AFT—Adapter Fault Tolerance
Hea
rtbe
ats
Hea
rtbe
ats
One Port Receives, All Ports TransmitIncorporates Fault Tolerance
One IP Address and Multiple MAC Addresses
Eth1-X: ActiveEth0: Active
ALB—Adaptive Load Balancing
Hea
rtbe
ats
IP=10.2.1.14MAC =0007.e910.ce0f
IP=10.2.1.14MAC =0007.e910.ce0f
IP=10.2.1.14MAC =0007.e910.ce0e
Default GW 10.2.1.1 HSRP
Default GW 10.2.1.1 HSRP
Default GW 10.2.1.1 HSRP
Increasing HA in the Data Center Common NIC Teaming Configurations
Note: NIC manufacturer drivers are changing and may operate differently. Also, server OS have started integrating NIC teaming drivers which may operate differently.
Note: You can bundle multiple links to allow generating higher throughputs between servers and clients.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
33
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKDCT-383114488_04_2008_c2
Virtual Switch System Deployment Scenario at Data Center Access Layer
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKDCT-383114488_04_2008_c2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66BRKDCT-383114488_04_2008_c2
Enhanced Ethernet: PFC and DCBCXP
Enables lossless fabrics for each class of service
PAUSE sent per virtual lane when buffers limit exceeded
CoS BW managementPriority Flow Control (PFC)Congestion management (BCN/QCN)Application (user_priority usage)Logical link down
Transmit QueuesEthernet Link
Receive Buffers
EightVirtualLanes
OneOne OneOne
TwoTwo TwoTwo
ThreeThree ThreeThree
FourFour FourFour
FiveFive FiveFive
SevenSeven SevenSeven
EightEight EightEight
SixSix SixSixSTOP PAUSE
NuovaSwitchNuovaSwitchNexus 5000
Data Center Bridging Capability eXchange Protocol
Handshaking Negotiation for:
Priority Flow Control
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
34
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67BRKDCT-383114488_04_2008_c2
LAN
Nexus 5000 Ethernet Host Virtualizer
Eliminates need for spanning tree protocol on uplink bridge ports
Reduces CPU load on upstream switches
Allows multiple active uplinks from nexus 5000 switch to network
Doubles effective bandwidth vs. STP
Prevents loops by pinning a MAC address to only one port
Completely transparent to next hop switch
Ethernet Host Virtualizer
Nexus 5000
Active-Active
MACB
MACA
MACB
MACA
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68BRKDCT-383114488_04_2008_c2
Pinning
Border interface
Server interface
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
35
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70BRKDCT-383114488_04_2008_c2
Server Virtualization Scenarios
Hardware-based virtualization
Software-based virtualizationHosted (application virtualization)
Hypervisor
Full virtualization (binary translation)
Para-virtualization (OS assisted)
Hardware-assisted virtualization (Intel VT-x/AMD-V)
X86 Hardware
GuestOS
App
Guest OS
App
Host Operating System
VirtualizationSoftware
MgmtPartition
Guest OS
Guest OS
X86 Hardware
Hypervisor
App App
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
36
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71BRKDCT-383114488_04_2008_c2
Hypervisor Hypervisor
Full Virtualization
Software-Based Virtualization (Examples)
VMware ESX server
Microsoft HyperV
Xen (with AMD-SVM or Intel VM-T)
Virtuallron (hardware-assisted)
Para-Virtualization Application Virtualization
ExamplesXen (with traditional hardware)
Oracle VM server
ExamplesVMware server
VMware workstation
Examples
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72BRKDCT-383114488_04_2008_c2
VMware ESX Architecture in a Nutshell
ESX Server Host
VirtualMachines
…
ProductionNetwork
MgmtNetwork
VM KernelNetwork
OS OS OS
ConsoleOS
App. App. App.
VM Virtualization Layer
Physical Hardware
CPUMemory
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
37
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73BRKDCT-383114488_04_2008_c2
VMware Networking ComponentsVMs
vmnic0
vmnic1
vNIC
vNIC
Virtual Ports
VM_LUN_0007
VM_LUN_0005
vSwitch0
vSwitch
VMNICS =Uplinks
Per ESX Server Configuration
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74BRKDCT-383114488_04_2008_c2
VMware Networking Components (Cont.)
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
38
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75BRKDCT-383114488_04_2008_c2
vSwitch Overview
VM1 VM2 ServiceConsole
VMkernel
VMkernelNIC VSwitch A VSwitch B
ESXServer
PhysicalSwitches
Physical NIC’s
Virtual NIC’s
XNo Loop
XNo LoopIn ESXWithout a bridging VM
XNo Trunk
Btwn vSwitch
Software implementation of an Ethernet switch
How is it like a switch:-MAC addr forwardingVLAN segmentation
How is it different:-No need to learn MAC addresses – it knows the address of the connecting vNIC’s-No participation in spanning tree
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76BRKDCT-383114488_04_2008_c2
vSwitch Forwarding Characteristics
Forwarding based on MAC address (no learning): If traffic doesn’t match a VM MAC is sent out to vmnic
VM-to-VM traffic stays local
Vswitches TAG traffic with 802.1q VLAN ID
vSwitches are 802.1q-capable
vSwitches can create EtherChannels
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
39
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77BRKDCT-383114488_04_2008_c2
VMware Best Practices:VST is Preferred
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78BRKDCT-383114488_04_2008_c2
Meaning of NIC Teaming in VMware
ESX Server Host
vSwitch Uplinks
vmnic0 vmnic1 vmnic2 vmnic3
vNIC vNICvNIC vNIC
vNIC
ESX Server NIC Cards
NIC Teaming NIC Teaming
This Is Not NIC Teaming
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
40
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79BRKDCT-383114488_04_2008_c2
Meaning of NIC Teaming in VMware (2)Th
is is
NO
T Te
amin
gTeaming is Configured at
The vmnic Level
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
41
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81BRKDCT-383114488_04_2008_c2
Virtual Storage Area Network Deployment
Consolidation of SAN islandsIncreased utilization of fabric ports with just-in-time provisioning
Deployment of large fabricsDividing a large fabric in smaller VSANsDisruptive events isolated per VSANRBAC for administrative tasksZoning is independent per VSAN
Advanced traffic managementDefining the paths for each VSANVSANs may share the same EISLCost effective on WAN links
Resilient SAN extensionStandard solution (ANSI T11 FC-FS-2 section 10)
SAN Islands
Department A
Department B Department C
Virtual SANs (VSANs)
Department A
Department B
Department C
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82BRKDCT-383114488_04_2008_c2
VSAN Advantages for Consolidation
OLTP
SAN Islands
Overlay Isolated Virtual Fabrics (VSANs) on Same Physical Infrastructure
Backup Backup VSAN
E-Mail VSANOLTP VSAN
Consolidated SANs
YesShare DR FacilitiesNo SimpleSAN ManagementComplex
EasySupport Virtualization and MobilityVery hard
YesShare Disk/TapeNoFewerNumber of SAN SwitchesMore
Attribute
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
42
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83BRKDCT-383114488_04_2008_c2
VSAN Technology
Hardware-based isolation of tagged traffic belonging to different VSANs
Create independent instance of fiber channel services for each newly created VSAN—services include:
Fibre ChannelServices for Blue VSAN
Fibre ChannelServices for Red VSAN
Fibre ChannelServices for Blue VSAN
Fibre ChannelServices for Red VSAN
Cisco MDS 9000Family with VSAN
Service
VSAN Header Is Added at Ingress Point Indicating
Membership
No Special Support Required
by End Nodes
Trunking E_Port
(TE_Port)
Trunking E_Port
(TE_Port)
Enhanced ISL (EISL) Trunk Carries
Tagged Traffic from Multiple VSANs
VSAN Header Is Removed at Egress Point
The Virtual SANs Feature Consists of Two Primary Functions
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84BRKDCT-383114488_04_2008_c2
Inter VSAN Routing
Similar to L3 interconnection between VLAN
Allows sharing of centralized storage services such as tape libraries and disks across VSANs—without merging separate fabrics (VSANs)
Network address translation allow interconnection of VSANs without a predefined addressing schema
TapeVSAN_4(Access via IVR)
VSAN-SpecificDisk
EngineeringVSAN_1
MarketingVSAN_2
HRVSAN_3
IVR
IVR
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
43
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 86BRKDCT-383114488_04_2008_c2
N-Port ID Virtualization (NPIV)
Mechanism to assign multiple N_Port_IDs to a single N_Port
Allows all the access control, zoning, port security (PSM) be implemented on application level
Multiple N_Port_IDs are allocated in the same VSAN
Application Server FC Switch
Web
File Services
Email I/ON_Port_ID 1
Web I/ON_Port_ID 2
File Services I/ON_Port_ID 3
F_Port
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
44
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87BRKDCT-383114488_04_2008_c2
NPIV Usage Examples‘Intelligent Pass-Thru’Virtual Machine Aggregation
FC FC FC FC
NP_Port
F_PortF_Port
FC FC FC FC
FC
NPIV-Enabled HBA
NPV Edge Switch
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88BRKDCT-383114488_04_2008_c2
NPIV Configuration Example
npiv enable
Notice that a F-port supports multiple logins
NPIV Is Enabled Switchwide with the Command:
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
45
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 89BRKDCT-383114488_04_2008_c2
FC
Storage Array(LUN Mapping and Masking)MDS9000
Zone FC Name Server
pWWN-P
Single Login on a Single Point-to-Point Connection
Virtual Servers Share a Physical HBA
A zone includes the physical HBA and the storage arrayAccess control is demanded to storage array “LUN masking and mapping”, it is based on the physical HBA pWWN and it is the same for all VMsThe hypervisor is in charge of the mapping, errors may be disastrous
HW
Hyp
ervi
sor
Virt
ual
Serv
ers
pWWN-P
Mapping
FC
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 90BRKDCT-383114488_04_2008_c2
HW
Hyp
ervi
sor
Virt
ual
Serv
ers
pWWN-P
Mapping Mapping Mapping Mapping
FC FC FC FC
FC
Storage ArrayMDS9000
Virtual Server Using NPIV and Storage Device Mapping
Virtual HBAs can be zoned individually“LUN masking and mapping” is based on the virtual HBA pWWN of each VMsVery safe with respect to configuration errorsOnly supports RDMAvailable in ESX 3.5
pWWN-PpWWN-1pWWN-2pWWN-3pWWN-4
Multiple Logins on a Single Point-to-Point Connection FC Name Server
pWWN-1 pWWN-2 pWWN-3 pWWN-4
To pWWN-1
To pWWN-2
To pWWN-3
To pWWN-4FC
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
46
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 91BRKDCT-383114488_04_2008_c2
(No FL Ports)
Up to 100NPV Switches
VSAN 15
FC10.5.710.5.2
Server Port (F)
TargetInitiator
FC
20.2.1
VSAN
10
20.5.1
Can Have MultipleUplinks, on DifferentVSANs (Port Channel and Trunking in a Later Release)
MDS 9124MDS 9134
N-Port Virtualization (NPV): An Overview
Cisco MDS in a
Blade Chassis
NPV DeviceUses the Same Domain(s) as the NPV-Core Switch(es)
F-Port
NPV-Core Switch (MDS or Third-Party Switch with NPIV Support)
NP-Port
FC
Blade Server 1
VSAN 5
10.1.1
Blade Server 2
Blade Server n
Solves the Domain-id Explosion Problem
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 92BRKDCT-383114488_04_2008_c2
Domain ID Scalability: NPV Solves the Issue
Eliminates Domain ID for MDS FC switch in blade enclosures—HBA model
Server ports automatically assigned to NP ports (load balancing algorithm)
Need to configure the same VSAN between NP ports and core F-ports
When F-trunking will be available, the limitation of single VSAN per link will go away
Server 1
Server 2
Server N
FC BladeSwitch 1…
…
FC BladeSwitch 2…
N-Ports
Blade Chassis
F-Ports
……
NP Ports F-Ports
NPIV-Enabled Switche.g., MDS Switch
SAN Fabric
F-PortF-Port
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
47
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 93BRKDCT-383114488_04_2008_c2
NP
F
NP
F
VMware SupportNested NPIV FLOGI/FDISC Login Process
When NP port comes up on a NPV edge switch, it first FLOGI and PLOGI into the core to register into the FC name server
End devices connected on NPV edge switch does FLOGI but NPV switch converts FLOGI to FDISC command, creating a virtual PWWN for the end device and allowing to login using the physical NP port
NPIV capable devices connected on NPV switch will continue FDISC login process for all virtual PWWN which will go through same NP port as physical end device
NPV Edge Switch
NPV-Core Switch
F F
FC FC FC FC
FCFC FC FC FC
FC
FCNSpWWN1, pWWN2pWWN3,pWWN4
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 94BRKDCT-383114488_04_2008_c2
FlexAttach
FlexAttach (based on WWN NAT)Each blade switch F-Port assigned a virtual WWN
Blade switch performs NAT operations on real WWN of attached server
BenefitsNo SAN reconfiguration required when new blade server attaches to blade switch port
Provides flexibility for server administrator, by eliminating need for coordinating change management with networking team
Reduces downtime when replacing failed blade servers
Blade 1
Blade N
Blade Server
Storage
New
B
lade
….
FlexAttachNo Blade
Switch Config Change
Flexibility for Adds, Moves, and Changes
No Array Configuration
Change
No Switch Zoning Change
SAN
NPV
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
48
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 95BRKDCT-383114488_04_2008_c2
FlexAttach—Since SANOS 3.2(2)
Creation of virtual PWWN on NPV switch F-portZone vPWWN to storageLUN masking is done on vPWWNCan swap blade server or replace physical HBA
No need for zoning modificationNo LUN masking change required
Automatic link to new PWWNNo manual relinking to new PWWN is needed
FC1/1
PWW
N 1
Server 1
vPWWN1 FC1/1
PWW
N 2
Server 1
vPWWN1
Before After
FlexAttach Point (Virtual PWWN)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 96BRKDCT-383114488_04_2008_c2
VMotion and Virtual HBAs VM Migration with Emulex HBA
Dynamic migration relocates VMs to available resources
By operatorAutomatic load balancingHA and DR
Enhanced VMotion in ESX 3.5Tear down initial virtual portReregisters same address on another server
Enhanced VMotion preserves access configuration
ZoningLUN maskingVSAN selective routingFabric QoS priority level
NPIV HBAs
A B CHypervisor
NPIV HBAs
Server 1 Out of Resources
Move Selected Apps, FC Access to Server 2
D E BHypervisor
VSANs
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
49
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 97BRKDCT-383114488_04_2008_c2
Validated Solution from Cisco, Emulex, and VMware
Cisco MDS directors and switches with NPIV (SAN OS 3.0 and later)
Emulex 4G HBAs
VMware ESX 3.5
Jointly tested and validated by three companies
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 98BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
50
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 99BRKDCT-383114488_04_2008_c2
Unified I/O (FCoE)Fewer HBA/NICs per Server
CNA
CNA
FC HBA
FC HBA
NIC
NIC
SAN (FC)
SAN (FC)
LAN (Ethernet)
LAN (Ethernet)
SAN (FCoE)
LAN (Ethernet)
CNA = Converged Network Adapter
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 100BRKDCT-383114488_04_2008_c2
Fiber Channel over Ethernet:How It Works
Direct mapping of fiber channel over Ethernet
Leverages standards-based extensions to Ethernet to provide reliable I/O delivery
Priority flow control
Data Center Bridging Capability eXchange Protocol (DCBCXP)
MACPHY
FCoE Mapping
FC-0
FC-1
FC-2
FC-3
FC-4
FC-2
FC-3
FC-4
FC Frame
Ethernet Header
Ethernet Payload
Ethernet FCS
SOF
EOF
CR
C
(a) Protocol Layers (b) Frame Encapsulation
10GE LosslessEthernet
Link
FCoE Traffic
Other NetworkingTraffic
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
51
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 101BRKDCT-383114488_04_2008_c2
FCoE Enablers
10 Gbps Ethernet
Lossless EthernetMatches the lossless behavior guaranteed in FC by B2B credits
Ethernet jumbo framesMax FC frame payload = 2112 bytes
Ethe
rnet
Hea
der
FCoE
Hea
der
FCH
eade
r
FC Payload CR
C
EOF
FCS
Same as a Physical FC Frame
Control Information: Version, Ordered Sets (SOF, EOF)
Normal Ethernet Frame, Ethertype = FCoE
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 102BRKDCT-383114488_04_2008_c2
Ethernet
IPTCP
iSCSI
IB
SRP
IPTCPFCIP
FCP
IPTCPiFCP
FCP
FCoE
FCP
FC
FCP
SCSI Layer
Operating System/Applications
1, 2, 4, (8), 10 Gbps 1, 10 . . . Gbps 10, 20 Gbps
Encapsulation Technologies
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
52
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 103BRKDCT-383114488_04_2008_c2
E. Ethernet
FCoE
FCP
SCSI Layer
OS/Applications
1, 10 . . . Gbps
Encapsulation Technologies
FCP layer is untouched
Allows samemanagement tools for fiber channel
Allows same fiber channel drivers
Allows same multipathingsoftware
Simplifies certifications
Evolution rather than revolution
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 104BRKDCT-383114488_04_2008_c2
SAN BSAN ALAN
FCoEEthernetFC
Today
Unified I/O Use Case
Management
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
53
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 105BRKDCT-383114488_04_2008_c2
SAN BSAN ALAN
FCoEEthernetFC
Unified I/O Use Case
Unified I/OReduction of server adapters
Fewer cables
Simplification of access layer and cabling
Gateway-free implementation—fits in installed base of existing LAN and SAN
L2 multipathing access—distribution
Lower TCO
Investment protection (LANs and SANs)
Consistent operational model
One set of ToR switches
Unified I/O
FCoE Switch
Management
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 106BRKDCT-383114488_04_2008_c2
CNA: I/O Consolidation Adapter
Off the shelf NIC and HBA ASICs from: Qlogic, Emulex
Dual 10 GbE/FCoE ports
Support for native drivers and utilities
Customer certified stacks
Replaces multiple adapters per server
Consolidates 10 GbE and FC on a single interface
Minimum disruption in existing customer environments
10 GbE/FCoE
PCIe Bus
Designed Multiplexer and FCoE Offload Protocol Engine
FC10 GbE
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
54
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 107BRKDCT-383114488_04_2008_c2
FCoE Software Stack
Supported on Intel Oplin 10 GbE Adapters
Software upgraded turns 10 GbE adapter into FCoE adapter
Software implementationInitiator and target mode
FCP, FC class 3
Fully supports Ethernet pause frames (per priority pause)
Supported OSLinux: Red Hat and SLES
Windows
“Free” access to the SANL2 Ethernet NIC
Sof
twar
eH
ardw
are
FCoE Software Stack
Website: www.Open-FCoE.orgAnnouncement is: http://lkml.org/lkml/2007/11/27/227
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 108BRKDCT-383114488_04_2008_c2
CNAs: View from Operating System
Standard drivers
Same management
Operating system sees:2 x 10 Gigabit Ethernet adapter
2 x 4 Gbps fiber channel HBAs
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
55
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 109BRKDCT-383114488_04_2008_c2
IO Consolidation
virtual-ethernet interface (veth)Paired with host’s Ethernet deviceConfiguration point for all Ethernet features
virtual-fc interface (vfc)Paired with host’s HBA deviceConfiguration point for all fiber channel features
virtual-interface-group (vig)Logical representation of a switch port
Consists of one veth and one vfcConfigured online or offlineBound to physical switch port for deployment
EtherChannel post FCS
vig
vethvfc
Ethernet Forwarding
Fiber Channel
Forwarding
mux
Ethernet
Connecting LAN and SAN on a Single Physical Link
SAN A SAN B LAN
SCSI IP
eth0host0
mux
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 110BRKDCT-383114488_04_2008_c2
IO Consolidation: Interface Configuration
Create virtual-interface-group and bind to physical interfaceswitch(config)# interface vig 20switch(config-if)# bind Ethernet 1/1
Configure virtual-ethernet and virtual-fcswitch(config-if)# interface veth 20/1switch(config-if)# interface vfc 20/1
vfc30/1veth30/1vfc20/1veth20/1
vig20
Eth1/1
vig30
Eth1/33
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
56
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 111BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 112BRKDCT-383114488_04_2008_c2
SAN-Based Storage (Block) Virtualization
A SCSI operation from the host is mapped in one or more SCSI operation to the SAN-attached storage
This mapping function is enable by a network resource
Centralized management
Highly scalable
Works across heterogeneous arrays
Example: LUN concatenation
Virtualization(Volume Management)
Storage Pool
Production
9 GB
4 GB 5 GB
VirtualVolume
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
57
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 113BRKDCT-383114488_04_2008_c2
Block Level Virtualization Is Enhanced by VSANs
Volume management functionality are provided by the intelligent storage network
The volume management functionalityExposes a virtual target to the host to provide storage capacity
Accesses the storage by mean of a virtual initiator
The architecture relies heavily on the VSAN underlying infrastructure to provide the desired level of isolation
High performances are achieved by processing in software the SCSI control path and using application specific hardware to process the SCSI data path
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 114BRKDCT-383114488_04_2008_c2
Virtual Target1 VSAN 10
Virtual Target2VSAN 20
Host-1 VSAN10
Host-3VSAN 20
StorageVSAN 50
Back-End
Distributed Storage Virtualization on VSANs
Front-end VSANs
Virtual targets
Virtual volumes
Virtual initiators
Back-end VSAN
Zoning connects real initiator and virtual target or virtual initiator and real storage
Virtual Initiator VSAN 50
Virtual Volume1
Virtual Volume2
Front-End
Virtual InitiatorVSAN 50
ZonesStorage
ArrayStorage
Array
Fabric
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
58
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 115BRKDCT-383114488_04_2008_c2
Sample Use: Seamless Data Mobility
Works across heterogeneous arrays
Nondisruptive to application host
Can be utilized for “end-of-lease” storage migration
Movement of data from one tier class to another tier
VirtualizationMobility
Tier1 Tier2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 116BRKDCT-383114488_04_2008_c2
Agenda
Data Center Virtualization OverviewFront-End Data Center Virtualization
Core LayerVDC
Aggregation LayerVSSServer Load BalancingSecurity Services
Access Layer
Server VirtualizationBack-End Virtualization
SANHBAUnified IO (FCoE)Storage
End-to-End ManagementVFrame Data Center
Fron
t-End
Virtual SANs/Unified IO
Virtual Storage
Virtual Network ServicesVirtual Firewall Context
1
Virtual SSL
Context 3
Virtual Machines
Front-End Virtualization
Virtual Firewall Context
1
Virtual Firewall Context
1
Virtual SLB
Context 29
Virtual SSL
Context 3
Virtual SSL
Context 175
VSSVLAN VRF VPNsVDC
vHBAVSANs FCoECNA
Bac
k-En
d
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
59
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 117BRKDCT-383114488_04_2008_c2
Cisco VFrame Data Center:Network-Driven Service Orchestration
Compute Pool
HypervisorVM VM
Storage PoolNetwork Pool
Coordinated Provisioning and Reuse of Physical and Virtualized
Compute, Storage, and Network Resources
Operational cost savings
Faster and simpler service orchestration
Robust virtualization scale-out
VFrame Data Center
FC FCFC
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 118BRKDCT-383114488_04_2008_c2
FCFCFC
Traditional silosHypervisor
1. Categorize physical resources into service views2. Ensure design consistency with standardized infrastructure templates
6. Provide policy-based dynamic capacity on-demand for applications
3. Automate physical provisioning for server virtualization environments 4. Reduce break-fix server support costs with rapid recovery from shared pool5. Recover failed service with rapid local disaster recovery
Slow Application Performance
Adopting VFrame DC TodayAddressing Today’s Challenges While Building SOI Foundation
VFrame DC
Hypervisor
PolicyPolicy
XV VV V
V VV V
Application Degradation or FailureRapidly Configure New Application Environment
X
Storage Service ViewSAN NAS
Server Service View
Network Service View
FC FCFC
Application Service 1
FC
FC
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
60
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 119BRKDCT-383114488_04_2008_c2
Design to Operate Workflow for SOILogical, Structured for Ease of Use
DesignService Template
Switch Port ConfigVLANs, DHCP, Trunks, SVIs
Zones, VSANs, LUNs,NFS Volumes
Image Mgmt,Remote Boot, VM Mappings
VIPs, LB Policies
Firewall Selection,Firewall Chaining,Firewall Rules
DeployService Networks
Automated Failover Policy-Based Resource Optimization
Service MaintenanceManagement Integration thru API
Operate
Policies
Boot OS/Application
ServerI/O
SAN Infrastructure
L4–L7LANsDiscover
Resources
Firewall
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 120BRKDCT-383114488_04_2008_c2
FC
FC
LAN SANAppDeliverySecurity
Data Center Virtualization via the Network
StorageServersClient
Service Orchestration
End-to-End Service Provisioning
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
61
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 121BRKDCT-383114488_04_2008_c2
Q and A
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 122BRKDCT-383114488_04_2008_c2
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press
Check the Recommended Reading flyer for suggested books
Available Onsite at the Cisco Company Store
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
62
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 123BRKDCT-383114488_04_2008_c2
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.
Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 124BRKDCT-383114488_04_2008_c2