Webinar Logistics
Participate in the webinar: Ask questions, share
feedback via the survey, and access the Information
panel.
Personalize your experience: Click the buttons at
the bottom of your screen to open supporting content
and user tools at your own convenience.
Technical Issues: Ask the support team for live
assistance in the ask-a-question window.
Enjoy the webinar and thank you for viewing!
Today’s Presenters
Caroline Chappell Senior Analyst
Heavy Reading
Satish Iyer Campaign Lead, Cisco Cloud MegaTest
Carsten Rossenhoevel Managing Director
European Advanced Networking Testing Center
(EANTC)
Agenda
• Data Center Evolution and the Cloud
• Putting Cisco’s CloudVerse to the Test
• Test Bed
• Validation of Cisco’s Cloud Data Center Infrastructure solution
• Q&A
Drivers for Data Center Transformation Improve Business
Operations
• Reduce cost
• Increase business agility
• Accelerate innovation
Support New Services
• IaaS
• PaaS
• SaaS
Evolving Data Center Requirements • Low Opex
– Simplified and Unified Management of Resources
– Automated Provisioning
– Low cost scalability
• High Security – Multi-tenant isolation
– Configuration accuracy
– VM policy management
• User Experience – Rapid Response
– High-level UI
Benchmarking Cloud Technology
• Will It Work?
– Over 40% of telcos say reliable cloud delivery is their
greatest challenge
• Can You Prove It?
– 66% of operators want to see proofs of concept and
cloud working in technology labs
• Can My Cloud Service Provider Deliver?
– Enterprises say due diligence effort is a barrier to
cloud service uptake
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Cloud
Intelligent
Network
Unified
Data
Center
Cloud
Applications
Cloud
Enablement
Services
Enabling Cloud Applications/Services by Uniquely Combining the Unified Data Center and Cloud Intelligent Network
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
independent public test complete Cloud
infrastructure Cisco was the first
vendor to accept the
challenge
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Cloud
Intelligent
Network
Unified
Data
Center
Cloud
Applications
Collaboration IaaS
Video CRM
Using Comprehensive End to End Infrastructure
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
A Facts-based Reality Check for Cloud Delivery
6 Months of Planning
8 Weeks of On-Site Testing
25 Test Suites Across DC, Network
and Applications
$75 Million Equipment Involved in Test
80 Engineers Supporting Testing
Quality Assurance of Cloud Solutions
In-Situ Cloud service tests
Quality audit of live cloud services
Well-suited to evaluate public cloud offerings
Can only monitor functionality and performance of single service
„Friendly“ tests only, to avoid harming the platform
In-Vitro Cloud solution tests
Functional, performance and availability test of solutions in the lab
Best for proof of concept testing (prior to purchasing)
Unlimited testing of scale, failure situations, security breaches, management actions and new applications
Deriving Metrics Developing Tests per Metric
What do customers care about? • Uninterrupted
availability • Security • Quick uptimes
What are Service Providers interested in? • Simplified
Operations • Flexibility • Security • Replacing legacy IT
EANTC Test Plan Development Guidelines
Cloud Intelligent Network - IPv6 Core • CRS-1, CRS-3 Edge • ASR 9000 Branch Router • ASR 1000 Management • Prime Register Mobile Core • ASR 5000
System Under Test per Test Area
Cloud Data Center Infrastructure Servers • UCS Network Infrastructure • Nexus 7000 • Nexus 5000 • Nexus 2000 • Nexus 1000 • Catalyst 6500 • MDS Management • UCS Manager • BMC Cloud Lifecycle Manager • Network Services Manager
Cloud Video Services: Videoscape Transcode Manager, Cisco Media Processor (CMP) Cisco Transcode Manager (CTM) Cisco Mediasuite Content Delivery System Internet Streamer (CDS-IS)
Today April 04
May 16
Test Bed Design
We created a single test bed
Realistic setup of integrated solution
Used for almost all tests (few exceptions: Mobile Video, HCS, and PCRF setup)
Six weeks of lab testing
EANTC conducted the test and documented all results
Ixia Communications supported EANTC’s test extensively
XM12 with Xcellon-Ultra NP modules Video testing (stateful) capacity of 40 Gbit/s
XM12 with Xcellon-Flex modules Network Load Testing capacity of 800 Gbit/s
ImpairNet to emulate delay in the network
Virtual Test Appliances IxNetworkVM (network emulation)
IxLoadVM (application emultion)
Test Equipment
Testing the Virtual Environment
Testing in a virtual environment requires embedded test tools
Virtual test ports (IxNetwork-VM and IxLoad-VM) act as VMs to: Generate network and application traffic,
measure performance
Test security within the virtual space emulated 3 tier web installation
Identify impact of VM mobility
Software Test Ports
Function as VMs
Required for tests of Tenant Isolation, Virtual Securtiy Gateway, VM-FEX
Test Cases
• Tenant Isolation
• VSG
• LISP Security
• BMC CLM
• UCS Manager
• Cisco Network Services Manager Manageability
• FabricPath
• QoS
• VMFex Performance
• HCS: Call Manager
• Siebel CRM Applications
Multi-Tenancy Isolation
Validate security – isolate tenants from each other
Procedure:
1. Send “background traffic” (allowed)
2. Send full mesh in parallel (not allowed), look for cross-talk
1 of 2
Security Manageability Performance
Tenant Isolation: Results
Results:
No loss for North-South profile
Little loss for East-West profile (0.0001 % of 24 Gbit/s)
100% Loss for Isolation profile (full meshed tenants)
100% End to End Tenant Isolation Verified
2 of 2
Security Manageability Performance
Virtual Security Gateway (VSG)
How can firewall rules be enforced on virtual servers?
How does VM migration affect security? Virtual firewall, integrated with Cisco Nexus 1000V
1 of 2
Realistic policies consistently enforced in the virtual space, even as virtual machines were migrated.
Security Manageability Performance
Locator/ID Separation Protocol (LISP)
Allowing for routing exceptions
Move VM between Data Centers, check client’s session
No need for client or web server IP address reconfiguration.
Automatic service restoration during workload mobility across cloud (LISP)
Security Manageability Performance
BMC Cloud Lifecycle Management Integration
Walkthrough:
Provisioned one tenant (less than 25 minutes)
Provisioned one VM
Provisioned five tenants (over 1 hour) One Gold, one Silver and three Bronze
Provisioned 50 windows VMs (under 1 hour) 10 VMs per tenant
Provisioning software: Tenants & VMs
Security Manageability Performance
United Computing System Manager
Typically, server outages => configuration on the spot => long maintenance windows
Question: How does Cisco’s UCS service profiles help?
1 of 2
Preconfigure profiles and measure:
1. Outage for card failure and restoration
“Stateless Compute”
2. Time required to bring up 8 new blades
Security Manageability Performance
9,9
1,7
10,8 11,7
13,1
0,0
2,0
4,0
6,0
8,0
10,0
12,0
14,0
Blade VM First blade Last Blade VM
1 Blade Failed 8 Blades Booted
Out
of
Serv
ice T
ime [
Min
ute
s]
Time Taken to Respond [Minutes]
Measured load time with pings
Measured out of Service Time Reduced admin cost with UCS automated
service profiles
United Computing System Manager: Results 2 of 2
Security Manageability Performance
Cisco Network Services Manager
Provisioning tool
Configuration of multiple tenants
Formerly known as OverDrive Network Hypervisor
Demo represented
Provision of 10 tenants
Took 8:26 minutes
Security Manageability Performance
Data Center Scalability and Performance
Problem: spanning tree and LAG present issues in massive, fluid (virtual) environments
1 of 3
Cisco’s answer: FabricPath
Based on TRILL
Security Manageability Performance
Fabric Path – Results
A total of 292.8 Gbit/s with no frame loss
2 of 3
Security Manageability Performance
Fabric Path Resiliency Results
No loss during restoration.
Maximum delay of 200 microseconds, Out of service time for link failures under 200 milliseconds
3 of 3
Security Manageability Performance
Tiered Services (QoS): Goals
What happens when the cloud overruns its uplink capacity?
Goal: verify prioritization by the edge router (ASR 9010) of Gold, Silver, and Bronze traffic
Procedure: Slowly decrease upstream bandwidth, check loss.
1 of 4
Security Manageability Performance
Tiered Cloud Services (QoS): Test Procedure
Tested in 5 steps: Step 1 – Full bandwidth, four links, no loss
Step 2 – Three links, expect bronze loss only
Step 3 – Two links, expect bronze loss only
Step 4 – Single link, expect bronze loss only
Step 5 – Single link, decrease bronze traffic and increase silver traffic, bronze and silver loss
2 of 4
Security Manageability Performance
Tiered Cloud Services: Results
No loss observed for prioritized customers
6,8 6,8 6,8 6,8 6,8 6,8 6,8 6,8 6,8 6,8
2,1 2,1 2,1 2,1 2,1 2,1 2,1 2,1
3,2 2,2
25,2 25,2 25,2
21,0 25,2
11,1 25,2
1,1 3,0
1,0
TransmittedReceived
TransmittedReceived
TransmittedReceived
TransmittedReceived
TransmittedReceived
Run1
Run2
Run3
Run4
Run5
Bitrate [Gbit/s]
Tiered Cloud Services - Downstream Frame Loss
Gold Tenants Silver Tenants Bronze Tenants
Higher priority SLAs for Gold and Silver tenants confirmed
3 of 4
Security Manageability Performance
Tiered Cloud Services: Results
No latency increase for prioritized customers
1
10
100
1.000
10.000
100.000
1.000.000
Gold Tenant Silver Tenant Bronze Tenant
Late
ncy
- L
ogari
thm
ic S
cale
[µs]
Tiered Cloud Services - Latency in Logarithmic Scale [µs]
Run1 Run2 Run3 Run4 Run5
4 of 4
Security Manageability Performance
Virtual Machine Fabric Extender (VM-FEX) Performance
VM-FEX performance versus Distributed Virtual Switching
1 of 2
Security Manageability Performance
Virtual Machine Fabric Extender (VM-FEX) Performance: Results
140
69.9
30.7
107
53.5 41.0
Disc Read Performance
VM-FEX Nexus 1000v
Input/Output Operations Data Transmission Rate Average Response Time
9,78 9,87
8,38 8,06
0
2
4
6
8
10
L2/L3 Traffic HTTP Traffic
Thro
ughput
[Gbit/s]
Emulated Traffic
Throughput Performance
VM-FEX Host
Nexus 1000v Host
2 of 2
VM-FEX increased performance for all four applications: Layer 3 traffic, HTTP traffic, iSCSI traffic, and video encoding
Security Manageability Performance