Cisco Virtual Networking Portfolio Update

Cisco Confidential 1© 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Virtual NetworkingPortfolio UpdateBalaji Sivasubramanian, Gunnar Anderson, Appaji Malla Cisco Cloud Networking & Services Group

12/04/2013

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Agenda• Cisco’s Virtual Networking Vision

• Cisco Networking Portfolio UpdateCitrix NetScaler 1000V (NS1000V)Cisco Nexus 1000V for Hyper-VRecent Promotions

• Resources


Business Models

Service Models

Operational Models

Management Models

Consumption Models

IT’S ALL ABOUT THE APPLICATIONSHIFTS THAT ARE RE-DEFINING IT—AT ALL LEVELS

APP ECONOMY

CLOUD BASED SERVICES

APPLICATION AS A SERVICE

DEV OPS INTEGRATION

APPLICATION-CENTRIC

FUTURE

Any application any where Velocity and Visibility

Virtual, Physical, Cloud Common Policy

Scale with Security

Open, Automation

Systems Approach

WEB ECONOMY

ON PREMISE IT SERVICES

INFRASTRUCTURE AS A SERVICE

DEVELOPMENT VS. OPERATIONS

BOX-CENTRIC

TODAY


Hybrid Cloud

• Seamless Secure extension of private cloud to public cloud

• Single pane of management of local/remote resources

• Consistent servers and policies regardless of location of workloads

• Choice in Cloud Providers and Multi-Cloud Models

Data Center Transformation - Requirements

Private Cloud

• Automation through Cloud Management Platforms

• Flexibility with Application placement on any hypervisor

• Automated service insertion, policy management and chaining

• Increased Resource Utilization

Virtualized Data Center

Consistent operational model of physical and virtual resources

Flexibility to select any hypervisor for Applications

Consistency across physical and virtual service nodes

Consistent Application Policy Enforcement


Nexus 1000V for Traditional FabricsSeamless Interaction Across Physical and Virtual Workloads & Services

WAN Op

Zone FWFW

Physical WorkloadsASA 55xx

TraditionalPhysicalFabric

L3

Nexus 1000VvPath VXLAN

Physical Service Nodes

Physical Fabric Infrastructure• VXLAN HW Gateway

Virtual Fabric Infrastructure

• Multi-Hypervisor• vPath L4-L7 Services• VXLAN

Orchestrationand FabricAutomation

NVGRE VXLAN 802.1Q


Cisco Portfolio UpdateCisco Nexus 100V for Hyper-VCitrix NetScaler 1000VRecent Promotions


Citrix NetScaler 1000V


Citrix NetScaler 1000V on Cloud Services Portfolio

Nexus 1000V

vPath

Any Hypervisor

VM VM VM

• Citrix Best-in-Class virtual application delivery controller (vADC)

• Sold and supported exclusively Cisco • Tightly integrated via vPath (policy based traffic

steering)• Integrated with Nexus 1100 Series Cloud Services

Platform (CSP)• Part of Cisco Validated Design – VMDC 4.0 VSACisco Cloud Services Platform (CSP)

CitrixNetScaler

1000V

Prime virtualNAM

VirtualSecurityGateway

Nexus 1100 Series Cloud Services Platform

CitrixNetScaler

1000V

DCNM*

Data Center Mgt. Center

Module 03 – Slide 9 – Copyright © 1999-2013 Citrix Systems, Inc. All Rights Reserved – Do Not Redistribute

Standard Edition

Enterprise Edition

Platinum Edition

Web application delivery solution

providing advanced traffic management

and powerful application acceleration

Web application delivery solution designed to

deliver mission-critical applications with web application firewall

security, fastest performance, and lowest

cost

Comprehensive L4-7 load balancing and

optimizes expensive server and network resources to reduce

cost

NetScaler 1000V Editions

Citrix NetScaler 1000V SKUs

Editions

Throughput Standard Enterprise Platinum

500 Mbps L-NS-1KV-500S= L-NS-1KV-500E= L-NS-1KV-500P=

1 Gbps L-NS-1KV-1KS= L-NS-1KV-1KE= L-NS-1KV-1KP=

2 Gbps L-NS-1KV-2KS= L-NS-1KV-2KE= L-NS-1KV-2KP=

Licenses applicable for Nexus 1110/1010 or ESXi

• You define which L4-7 Virtual Services through policy, NOT network topology

• Transparent Services Insertion

• Dynamic Service chains enabled per VM/Application/Tenant

Virtual Service A

Web VM Container #1 (Policy 2)

Virtual Service B

Virtual Service C

Client

VOD VM Container #2 (Policy 1)

(Admin User Policy 1 & Policy 2 defined for each tenant)

vPath Service Chaining Benefits

N1KV Virtual Distributed Architecture

NetScaler 1000VvPath Integrated

Expanded vPath Ecosystem: VSG, ASA 1000V, vWAAS, & NetScaler 1000V


Cloud Network Services (CNS)

Any Hypervisor

Nexus 1000V VEM vPath

vPath is Nexus 1000V dataplane component:

1. Distributed Service insertion architecture, with Intelligent traffic intercept and redirection mechanism

2. Intelligent Service insertion at hypervisor level

3. Topology agnostic service insertion model

4. Service Chaining across multiple virtual services

5. Performance acceleration with vPath e.g. VSG flow offload

6. Efficient and Scalable Architecture

7. VM Policy mobility with VM mobility

vPATHPolicy Based Service Enablement


Without vPath With vPath

Evolve the Network for the next wave of application requirements

• Complex deployment- per host service nodes

• Service chaining is static

• No Fast path acceleration

• Services tightly coupled with network topology

• Distributed policy-driven Service Insertion & chaining

• Non-disruptive operations• Fast-Path acceleration• Decouple services from

network topology

vPath Benefits


Hypervisor Hypervisor Hypervisor

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2Bac

k P

lane

VEM-NVEM-1 VEM-2

VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module

VSM1

VSM2

Virtual Appliance

NetworkAdmin

L2 C

onne

ctiv

ityL3

Con

nect

ivity

vPath vPathvPath

Nexus 1000V Architecturewith vPath


vPath Services enabled per VNIC • vPath enables service insertion based on policies

created for Application VM’s vPATH Interception is configured

on Server VM’s Port Profile in both directions to redirect packets to a Service Node

Server traffic is intercepted by vPATH interception in VEM and redirected to a Virtual Service Node

Both ingress and egress traffic for a VM is intercepted by vPath Upstream

SwitchVSM

Server VM

VEM

vPATHInterception

: In/Out


Application Requirements for Network Services

• Current generation network capabilities are driven by physical network topology. Example, If the firewall is plugged into the Internet connection and then the load balancer into firewall, the path of traffic must always flow in that order.

• Application driven requirements that change the relationship (load balancing, then firewall) cannot be supported without physically changing the layout of the network.

Core Router/Switch

Firewall

Load Balancer

Proxy Server

Application


SLB : Challenges today• Source NAT (SNAT) is primarily for its simplicity, however client

source is obscured often preventing SNAT deployment

• Policy Based Routing (PBR) is a partial solution to preserve the client source, but increases deployment complexity and operation cost

• Inline ADC’s become performance bottleneck high-performance and scalable datacenters

• Despite this performance limitation, the most deployments (> 70%) are inline due to their relative simplicity in configuration

• Only necessary traffic needs to be sent to ADC for optimal capacity usage


SLB : with vPathvPath is the solution :

• No SNAT needs to be configured on NetScaler 1000V; vPath redirects return traffic to SLB

• Application workload and East-West services (eg. Firewall) have full visibility into source and destination VM

• ADC is not required to be deployed as a gateway or inline mode for application VM’s. vPath redirection will handle traffic flows to SLB

• Enables policy-based service chaining for applications; decouple services from underlying network

• Enables new use-cases for SLB in east-west flows

© 2012 Cisco and/or its affiliates. All rights reserved. 19

vPath Service Chaining


• Decouples network services from underlying network topology with vPath Overlays

• Dynamic Service chains enabled per VM port

• Programmability

• Transparent Services Insertion

• Multi-Tenancy

• VxLAN

vPath Service Chaining BenefitsIntelligent policy-based traffic steering through multiple network services

Expanded vPath Ecosystem: VSG, ASA 1000V, vWAAS, & NetScaler 1000V


Services Chaining with vPathIntelligent Policy-based Traffic Steering Through Multiple Network Services

DB Tier

VM

VM VM

Web Tier

OS

OS OS

APP

APP APP

1

Cisco vPath

Cisco vPath

1Client Initiates Flow to Web Server (VIP as Server IP)

Client › LB-VIP1



DB Tier

VM

VM VM

Web Tier

OS

OS OS

APP

APP APP

NS1000V load balance web request, selects Web Server 1 (Client › S1)2

Cisco vPath

Cisco vPath

2



DB Tier

VM

VM VM

Web Tier

OS

OS OS

APP

APP APP

Cisco vPath

Cisco vPath

3

Based on policy, vPath redirect traffic to service chain, starting with zone-based firewall, VSG3



DB Tier

VM

VM VM

Web Tier

OS

OS OS

APP

APP APP

4

Cisco vPath

Cisco vPath

Traffic returns to Virtual Ethernet Module ready for next network service4



DB Tier

VM

VM VM

Web Tier

OS

OS OS

APP

APP APP

Cisco vPath

5

Cisco vPath

Web to DB Tier Connection 5



DB Tier

VM

VM VM

Web Tier

OS

OS OS

APP

APP APP

Cisco vPath

Cisco vPath

Web to DB Tier Connection : Database tier security policy6

6



DB Tier

VM

VM VM

Web Tier

OS

OS OS

APP

APP APP

Cisco vPath 7

Cisco vPath

Apply VSG policy and forward packet to database7


Key take aways for NetScaler 1000V with vPath

• Preserve Client IP; No Source NAT or PBR required to send server return traffic to NetScaler1000V

• Dynamic SLB (NS1000V) deployments in Multi-Tenant environment

• NetScaler 1000V gets rich benefits of intelligent service chaining with no worrying about VLAN stitching in dynamic virtual environments

• No disruption to east-west / distributed services, that would normally happen with source NAT

vPath

Web


Cisco Nexus 1000V for Microsoft Hyper-V


Cisco Nexus 1000VAward Winning Networking Platform for Hyper-V

Nexus 1000V VSM

Extensible vSwitch

CaptureFiltering

ForwardingNexus 1000V VEM

VM VM VM VM

VNICs

Advanced NX-OS feature-set

Innovative Services architecture (vPath)

Consistent operational model

SCVMM IntegrationPNICs

Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 31

System Center Virtual Machine Manager

CiscoNexus1000V VEM

CiscoNexus1000V VEM

Cisco Nexus1000V VEM

VM VM VM VMVM VM VM VMVM VM VM VM

Cisco Nexus 1000V VSM

Virtual Supervisor Module (VSM)• Virtual or Physical appliance running

Cisco NXOS (supports Hi-availability)• Performs management, monitoring,

and configuration• Tight integration with management

platforms

Virtual Ethernet Module (VEM)• Enables advanced networking

capability on the hypervisor• Provides each virtual machine with

dedicated “switch port”• Collection of VEMs : 1 virtual network

Distributed Switch

WS 2012 Hyper-V WS 2012 Hyper-VWS 2012 Hyper-V

Server Server Server

Cisco Nexus 1000V Architecture A simple Deployment Scenario


VM VM VM VM

Nexus1000V VEM

VM VM VM VM

Nexus1000V VEM

Nexus 1000VVSM

WS 2012 Hyper-VNexus 1000VVSM

VMware vSphere

VMware vCenter SCVMM

Cisco Nexus 1000V for Hyper-VConsistent Architecture across hypervisors


vPath and Cloud Network ServicesConsistent Services Infrastructure across Hypervisors

VMware vCenter

Cisco PNSC

Cisco Nexus1000V

Virtual Machine Attributes

Por

t P

rofil

es

Service

Profiles

VSNsvPath

SCVMM Cisco PNSC

Cisco Nexus1000V

Virtual Machine Attributes

Por

t P

rofil

es

Service

Profiles

VSNsvPath


Nexus 1110

VMware ESX VMware ESX

VSMVSG*

WS 2012 Hyper-V WS 2012 Hyper-V

VSM NAMVSG

Existing Nexus 1010 virtual blades support EITHER hypervisor environment

VEM-2vPath Overlay

VEM-1vPath Overlay

VEM-2vPath Overlay

VEM-1vPath Overlay

Cloud Services Appliance – Nexus 1110Consistent Hosting Platform across Hypervisors


Cisco Nexus 1000V Tiered PricingConsistent Pricing across Hypervisors

Essential ($0) Advanced ($695/cpu)

VLANs, ACL, QoS vPath LACP Multicast Netflow, SPAN, ERSPAN Management (SNMP etc.) SCVMM Integration DHCP Snooping IP Source Guard Dynamic ARP Inspection Virtual Security Gateway**

** Only supports network-attributes


Cisco Nexus 1000V TerminologySCVMM Terminology Cisco Nexus 1000V Terminology

Logical Networks Logical Networks

Network Sites Network Segment Pools

VM Network Definitions Network Segments

IP-Pools IP-Pools & IP-Pool Templates

Port-Classifications Port-profiles


nsm logical network DMZ

# nsm network segment pool DMZ_POD1# member-of logical network DMZ

# nsm network segment DMZ_POD1_SUBNET1 member-of network segment pool DMZ_POD1 switchport mode accessswitchport access vlan 20ip-pool import template DMZ_POD1_Pool1

# nsm network segment DMZ_POD1_SUBNET2member-of network segment pool DMZ_POD1switchport mode accessswitchport access vlan 21ip-pool import template DMZ_POD1_Pool2

# nsm network segment DMZ_POD1_SUBNET3member-of network segment pool DMZ_POD1switchport mode accessswitchport access vlan 22ip-pool import template DMZ_POD1_Pool2

Cisco Nexus 1000V for Hyper-VDefining “Network sites” and “VM Networks”

Network Site “DMZ_POD1”

VM Network DMZ_POD1_SUBNET1



Logical network “DMZ”


Cisco Nexus 1000V for Hyper-VOperational Model with SCVMM

Networks & policies synced to SCVMM

Adds hosts to N1KVConnects VMs (VNICs) to VM Networks

Configuration data and

policies sent to N1KV VEM

Nexus1000V VEM

Server

Nexus 1000VVSM

WS 2012 Hyper-V

SCVMM

NetworkMgmt Create networks and

policies (logical networks, network sites, VMnetworks)

SCVMM manages the placement and live-migration of the VMs based on the constraints between VM networks and the network sites.

VM VM VM VM

ServerAdmin

1

2

3

4

5


Cisco Nexus 1000V PowerShell CmdletsAvailable from http://developer.cisco.com/web/n1k/hyperv

Open a connection to VSM from PowerShell using the credentials

Identify the required

PowerShell CmdLets

Run the Cmdlet directly from

the PowerShell Prompt

Parse the response for the required information

PowerShell CmdLet: <Action>-N1k<Object>

Action VerbsCreate an object* New

Read an object Get

Update an object Set

Delete an object Remove

*Objects can be Logical Networks, VM networks, Port-profiles, IP-Pools, Port-profiles etc.Write/Update Operations are only supported on limited set of objects

ExamplesCreate a Logical Network* New-N1kLogicalNetwork()

Read port-profile info Get-N1kPortProfile()

Update an IP-Pool Set-N1kPoolTemplate()

Remove network segment Remove-N1kNetworkSegment()

http://developer.cisco.com/web/n1k/hyperv


What is new with v1.5.2?R2 support, VSG with VM-attributes• Support for Windows Server 2012 R2

• Additional PowerShell Commands

• Universal Licensing

• VSG/PNSC support for VM and Custom attributes


What is new with v1.5.2?New REST-APIs & PowerShell Commands• CRUD Operations for User-creation

To Create/Read/Update/Delete VSM user account informationGet-User, New-User, Set-User, Remove-User

• Managing SPAN & ERSPAN sessionsTo Create/Read/Update/Delete SPAN/ERSPAN session informationGet-Session, New-Session, Set-Session, Remove-Session

• CRUD operations for port-profilesTo Create/Update/Delete port-profilesNew-PortProfile, Set-PortProfile, Remove-PortProfile


What is new with v1.5.2?Universal Licensing

Before v1.5.2• Separate Advanced Licenses

for each hypervisor version• Licenses for one hypervisor

won’t work on other hypervisors

After v1.5.2• Existing N1KV Licenses can

be used for N1KV/Hyper-V• If you already bought

N1KV/Hyper-V, we will issue new universal licenses


Cisco Virtual Security Gateway (VSG)Virtual Firewall for Nexus 1000V

VM context aware rulesContext Aware Security

Establish zones of trustZone-BasedControl

Policies follow Live MigrationDynamic, Agile

Efficient, fast, scale-out SW(with vPath intelligence)

Best-in-ClassArchitecture

Virtual Security

Gateway (VSG)

Security team manages securityNon-Disruptive Operations

Central mgmt, scalable deployment, multi-tenancy

Policy Based Administration

XML API, security profilesDesigned for Automation

Prime Network Services

Controller (PNSC)


Security ProfilesDevice ProfilesVM attributes

Port ProfilesInteractions

VM/NetworkAttributes

Packets(Slow-Path)

VM-to-IP Binding

Packets(Fast-Path)

Cisco Virtual Security Gateway (VSG)System Architecture

Hyper-V Servers

Nexus 1000V VEMvPath

Microsoft SCVMM

VSMVSM VSN

VSG

Packets(Fast-Path)

Cisco Prime Network Services Controller (PNSC)


Condition

Cisco Virtual Security Gateway (VSG)Defining Security Rules

VM Attributes

VM Name

Guest OS name

Port Profile Name

VM DNS Name

Network Attributes

IP Address

Network Port

Operator

eq

neq

gt

lt

range

Not-in-range

Prefix

Operator

member

Not-member

Contains

And (Global Level)

Or (Global Level)

Source

ConditionDestination Condition Action

Rule

Attribute Type

Network

VM

User Defined

vZone

Condition Match Criteria

Match All (And)

Match Any (Or)


Recent Promotions


Cisco Nexus 1000V Promotion

Physical Network

Server

VirtualSwitch

AccessSwitch

Virtual Network

Any of the Nexus 5K/2K or

Nexus 6K/2K Bundles

Nexus 1000V Promotion @ 40% price reduction

Universal License – Flexibility for Any Hypervisor

• Consistency across Physical, Virtual & Hypervisors• Investment Protection (people, process & tools)• Future-proofing network fabric architectures

ANY HYPERVISOR


Nexus 1000V Promo – What’s Included?N1110-X with 64-licenses @ 40% price-reduction• Base Package:

Nexus 1110-X Hosting Appliance For hosting Virtual Supervisor Module, Virtual Security Gateway,

VXLAN VLAN gateway and other virtual services (e.g. NetScaler 1000V, vNAM etc.)64 Universal Licenses

Nexus 1000V License for ANY hypervisor. Migration allowed. VSG licenses included

• Optional Package:Additional 64 Universal Licenses

Nexus 1000V License for ANY hypervisor. Migration allowed. VSG licenses included


Nexus 1000V Promo Overview2 PIDs: N5K-FEX-N1K-PROMO & N6K-FEX-N1K-PROMO

N6K-FEX-N1K-PROMO

N6001P-6FEX-1G

N6001P-4FEX-10G

N6001P-6FEX-10G

N6001P-4FEX-10GT

N6001P-6FEX-10GT

N6004EF-12FEX-1G

N6004EF-8FEX-10G

N6004EF-8FEX-10GT

Base Package: N1110-X+64 licenses

Optional Package:Add. 64-licenses

N6001P-8FEX-1G

N5K-FEX-N1K-PROMO

Optional Package:Add. 64-licenses

N5548UP-4N2248TFBase Package: N1110-X+64 licenses

N5548UPL3-2N2248TF

N6001P-4FEX-1GN6001P-2FEX-10G

N6004EF-4FEX-1G

N6004EF-6FEX-1G

N6004EF-8FEX-1G

N6004EF-4FEX-10G

N6004EF-6FEX-10G

N6004EF-4FEX-10GT

N6004EF-6FEX-10GT

N5548UPM-4FEX

N5596UPM-6FEX

N5596UP-6N2248TF

N5596UPMM-12N2248T

N5548UPM-6N2248TP

N5596UPM-8N2248TP

N5548UPM-6N2248TR

N5596UP-4N2232PF

N5596UP-4FEX

N5596UPMM-8FEX

N5596UPM-8N2248TF

N5548UP-4N2248TP

N5596UP-6N2248TP

N5548UP-4N2248TR

N5596UP-6N2248TR


Nexus 1000V Promo OverviewOrdering example for N6K-FEX-N1K-PROMO


UCS Bundles with Nexus 1000V

PID Description List Price

N1K-M-VSG-UCS-BUN

Nexus 1000V Advanced Edition for Hyper-V with the purchase of UCS B/C series configurable SKUs (not available with fixed SmartPlay Bundles)

$495 per cpu

N1K-VSG-UCS-BUN

Nexus 1000V Advanced Edition for vSphere with the purchase of UCS B/C series configurable SKUs (not available with fixed SmartPlay Bundles)

$495per cpu

Upto 30% Discount on

N1KV


ASA 1000V Bundle with Nexus 1000V

Includes Nexus 1000V Advanced Edition (with VSG bundled) and ASA 1000V

PID Description List Price

L-N1K-ASA1K-01-PR (eDelivery) or

N1K-ASA1K-01-PR (Paper Delivery)

1 Promo N1KV Advanced (including VSG), ASA1000V, VNMC license[base license is needed for each VNMC instance]

$2,495


N1K-ASA1K-04-PR (Paper Delivery)4 Promo N1KV Advanced (including VSG), ASA1000V, VNMC incremental licenses $9,945





Up to 32% Discount on

N1KV


Conclusion• Cisco Virtual Networking is Hypervisor Agnostic

• Virtual Networking is integrated to physical network fabric to provide seamless virtual+physical network management

• Cisco and Citrix has collaborated to introduce Netscaler 1000V – virtual Load-Balancing solution enhanced by Nexus 1000V.

• Cisco Nexus 1000V for Hyper-V shipping now – supports WS2012-R2 and enhanced VSG

• Take advantage of the limited time Nexus 1000V promotions.


Resources• Cisco Virtual Networking: www.cisco.com/go/1000v

• Cisco N1KV/Hyper-V: www.cisco.com/go/1000v/hyper-v

• Citrix NetScaler 1000V: http://www.cisco.com/go/ns1000v

• Cisco N1KV Communities: www.cisco.com/go/n1kvcommunity

• Cisco Nexus 1100 Series: http://www.cisco.com/go/1100

• Cisco Virtual Security Gateway (VSG): http://www.cisco.com/go/vsg

• Cisco ASA 1000V Cloud Firewall: http://www.cisco.com/go/asa1000v

http://www.cisco.com/go/1000v

http://www.cisco.com/go/1000v/hyper-v

http://www.cisco.com/go/ns1000v

http://www.cisco.com/go/ns1000v

http://www.cisco.com/go/n1kvcommunity

http://www.cisco.com/go/1100

http://www.cisco.com/go/1100

http://www.cisco.com/go/vsg

http://www.cisco.com/go/vsg

http://www.cisco.com/go/asa1000v

http://www.cisco.com/go/asa1000v

Thank you.

Date post:	25-Feb-2016
Category:	Documents
Upload:	lexi
View:	108 times
Download:	9 times

Cisco Virtual Networking Portfolio Update

Documents