统一网络服务（ UNS ） Cisco Data Center

统一网络服务（ UNS ） Cisco Data Center

Data Center Data Center BusinessBusiness

AdvantageAdvantage

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 2

Agenda

UNS summary Cisco ACE and vACE Cisco WAAS and vWAAS Cisco Firewall and vFirewall


数据中心和云计算的演进Consolidation Virtualization Automation = Utility/Cloud model


HypervisorHypervisor

基于软件的虚拟机交换机

Switch

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM

VETHVETH

VNICVNIC

UCS Server UCS Server

Virtual Switching Need to switch between VMs on same host vNetwork Distributed Switch: Nexus 1000v

Collection of vSwitches or vNetwork Distributed Switch


HypervisorHypervisor

VM-FEX: Cisco UCS 独一无二的整合能力增强 VM 的 I/O 能力

UCS 6100

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVMVNICVNIC

VN-Link in HW: One Network Unify virtual and physical switching layers Fabric extender for VMs: Reduce network

management points Reduce broadcast domain

Host CPU Cycles Relief Host CPU cycles relieved from VM switching I/O Throughput improvements

UC

S VI

C

UC

S VI

C

VETHVETH

UCS Server UCS Server


ANY SERVICE

Cisco 统一网络服务的整体视图

在任意部署模型下都提供了足够的灵活性和丰富的选择

ANY ENVIRONMENT

ANY FORM FACTOR

ANY DELIVERY MECHANISM

Network Compute

Appliance Module VirtualIntegrated

Dedicated(Hardware coupled)

Dynamic “On-demand”

ApplicationDelivery Others

…..

Policyframework

Workloadmobility

FeatureConsistency

Cloud


统一网络服务同时为物理和虚拟环境提供统一的服务框架

Hypervisor

AppOS

AppOS

AppOS

Physical Network Services

WAN Opt

• Virtual appliance form factor• Elastic Instantiation/Provisioning• Service transparent to VM mobility• Support scale-out• Large scale multi-tenant operation

• Application-specific service nodes• Form factors:

• Appliance• Switch module• Router-integrated

Private Cloud

Firewall SLB/ADC

Public Cloud

VirtualFirewall

VirtualWAN Opt

VDC-1

VDC-2


统一网络服务架构的创新和优势FY11

FLEXIBILITY

RESPONSIVENESS

CONSISTENCY

Cloud optimization Secure multi-tenant cloud experience

Seamless Integration and automationOpen APIs

Policy-aware VMs Workload Portability and Mobility

Fabric Integration Rapid Service Enablement

Operational simplicityPolicy-based provisioning

Virtual services Agility and on-demand delivery


Cisco UNS 架构下的虚拟池调配

Nexus 1000V

vCenter

VSG

Port Profile

LBContext

Security Profile和物理防火墙保持一致

VM

VM

VM

VM

VM

VM

VM

VM

VM

ServerTeam

NetworkTeam

SecurityTeam

Load Balance ANM-ACE

快速调整


应用服务器的自动化部署与调解

ACE

VMVM VMVM VMVM

vCentervCenter Nexus 1000v VSM

VMVM VMVM VMVM

ANM (GS)

ESX Host

ESX Host

3rd party Workflow

Automation Software API

API


业务系统的应用级可视化展现


统一网络服务产品层面的更新

ESX ESXi Hypervisor w/ Nexus 1000V

UCS /x86 Servers

Virtual ANS

Nexus 1000VvPath

vPath: Fabric Intelligence for Virtual services• Traffic interception/redirection, Fast-path off-load

Virtual Security Gateway (VSG) On Nexus 1000V

Virtual NetworkManagement Center (VNMC)


Cisco vACE ( 虚拟应用控制引擎 )

vACE vACE


Hypervisor

Traditional Service Nodes

Virtual Contexts

服务虚拟化部署的多种选择

VLANs

Hypervisor

Redirect VM traffic via VLANs to external (physical) firewall

1

AppServer

DatabaseServer

WebServer

Apply hypervisor-based Virtual Firewall2

AppServer

DatabaseServer

WebServer

VSN

Virtual Service Nodes

VSN


ACEACEACE

ACE Demand

VIP Mobility & Scale

应用控制随需而动For Public, Private, and Hybrid Clouds

What?• Demand based scaling of ACE application

delivery system• Demand based scaling of applications

serviced by ACE• Scale across ACE form factors• Hitless VIP mobility from ACE to ACE and

Cloud to Cloud• ADC metering and chargeback. Demand

based billing

Why?• Eliminate ADC as bottleneck to elastic

applications• Enable application scaling beyond the borders

of a single cloudACE Demand Application Demand

ACEAppliance

ACEVirtual

Appliance

ACESwitch Module

ACEUCS

Blade

UnifiedCompute

Nexus 7K

ACEACEACE


Virtual ACE (vACE) 随云而动 Enabler For Cloud On Demand

What• Virtual ACE & GSS for UCS and Generic compute• Target Segment: Cloud SP; Enterprise • Bundled with UCS for Commercial Segment

Performance• vACE Small – 1 to 4 Gbps• vACE Large – 1- 8 Gbps

Competitive Functionality• On-demand App Scaling via vPath (N1Kv / Sereno)• Ease of network insertion (with N1Kv)• Integration with vBlock

vACE

vACE vACE

vACE

vACEvACE

UCS C-series

UCS B-series


Cisco vWAAS ( 虚拟广域网络应用加速服务 )


Branch Office

WAAS

Private Cloud

WAAS 经典部署模式和私有云

Virtual Desktops

Poor response times

Slow file transfers Limited user

sessions

ChallengesChallenges

Secondary DC

Enterprise Apps

Cisco WAAS: LAN-like App

Performance Up to 4X increase

in VDI users Efficient data

transfer & Bulk vMotion

WAN

Virtualized Infra

WAN

Mobile Users


云模型下的广域网优化：Cisco Virtual WAAS

ESX ESXi Hypervisor w/Nexus 1000

UCS /x86 Servers

Virtual WAAS “Appliances”

AvailableQ4 CY10

vPath

Virtual WAAS on Nexus 1000V with vPath

FEATURES Allows Agile, Elastic, & Multi Tenant

Deployment Supports DRE Cache in SAN Policy-based Provisioning w/ Nexus

1000V Extends WAAS Solution Portfolio

BUSINESS BENEFITS Business Agility with on-demand

orchestration Lower operational cost, reduced

migration risk Fault-tolerance with VM mobility

awareness


Cisco vWAAS: 云模型下的广域网优化WAAS 解决方案整体视图

Benefits DifferentiatorKey Requirements 广域网络优化的随需调度基于虚拟机 Vmotion 技术的容错部署降低云迁移的运营成本

弹性部署随需而动最简单的网络配置支持虚拟机的动态部署支持多租户模型

和 Cisco Nexus 1000V紧密集成快速部署广域网加速服务通过 WCCP 实现透明部署

Mobile Users

Cisco vWAAS Cisco vWAAS

Private CloudPublic Cloud

WAN

Internet

WAAS Mobile Client

WAAS Mobile Server

BranchWAAS


Cisco VSG ( 虚拟安全网关 )


Virtual NetworkManagement

Center(VNMC)

虚拟安全网关的介绍VM context aware rulesContext aware

Security

Establish zones of trustZone based Controls

Policies follow vMotionDynamic, Agile

Efficient, Fast, Scale-out SWBest-in-class Architecture

Security team manages securityNon-Disruptive Operations

Central mgmt, scalable deployment, multi-tenancy

Policy Based Administration

Virtual Security

Gateway (VSG)

XML API, security profilesDesigned for Automation


实现多层次安全

Specify zoning policy with the appropriate granularity Tenant VDC vApp

Tenant A Tenant B

VDC vApp

vApp

vSphereNexus 1000V

vPath


VSG同物理设备的部署逻辑保持一致

Nexus 1000VDistributed Virtual Switch

VM VM VM

VM VM

VM

VM VM VM

VM

VM

VM VM VM

VM VM VMVM

VM

vPath

VNMC

Log/Audit

VSG

Secure Segmentation(VLAN agnostic)

Efficient Deployment(secure multiple hosts)

Transparent Insertion(topology agnostic) High Availability

Dynamic policy-based provisioning

Mobility aware(policies follow vMotion)


VSG 虚拟机到虚拟机的通信流程 1st packet

For the 1st packet within a network session, although the traffic redirection scheme is different, but the packet flow is similar.

Traffic redirection bases on Port-profile-to-VSG binding and flow entry lookup in the Service Data Path (SDP)

Processing of internet VMs and Inter-VMs traffic are normalized. Different firewall policies will be applied to these traffic strictly based on source/destination attributes defined in the policy

VM VM #1#1

VM VM #8#8

VM VM #7#7

VM VM #6#6

VM VM #4#4

VM VM #3#3

VM VM #2#2

VM VM #5#5

Web servers Servers App

Nexus 1000 DVS

Service Data Path12 3 4 56

VSG


VSG 虚拟机到虚拟机的通信流程 2nd and subsequent packets

After VSG has done the policy evaluation against the first packet of a network section, a flow-entry cache is established in SDP, which off-loads the processing of the rest of packets to SDP

The flow-lookup done in SDP would be able to identify the current state of the flow, thus SDP can process the subsequent packets based on the actions stored at the flow entry

VM VM #1#1

VM VM #8#8

VM VM #7#7

VM VM #6#6

VM VM #4#4

VM VM #3#3

VM VM #2#2

VM VM #5#5

Web Servers App Servers

Nexus 1000 DVS

Service Data Path1 2 34

VSG


总结• 计算资源的虚拟化允许 server 做更多的工作• 网络资源和计算资源的高度互动将大幅度提升数据中心的效率• 统一网络服务提供了更大的弹性支撑


Cisco Nexus 1000VDistributed Virtual Switch for VMware vSphere

Policy-Based Policy-Based VM ConnectivityVM Connectivity

Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Non-DisruptiveNon-Disruptive Operational Model Operational Model

vSphere

NexusNexus1000V1000VVEMVEM

Nexus 1000VNexus 1000VVSMVSM

VMVM VMVM VMVM VMVM

Industry’s most advanced software switch for VMware vSphere

Standards based – interoperates with all 802.1Q switching platforms

Built on Cisco NX-OS Feature and operational consistency

across physical and virtual networks Maintain vCenter provisioning model

No change for server administration Network team manages virtual network


Nexus 1000V – Benefits

NX-OS feature consistency–Across physical and virtual networks (Nexus 7K/5K/2K/1KV)–Cisco CLI experience

Advanced switching features–Security, QoS, Monitoring, Management

Administrative consistency–Network team manages virtual network, creates port profiles–Server team assigns port profiles to VMs


Cisco Nexus 1000V

Nexus 1000V VSMvCentervCenter

vSphere

NexusNexus1000V1000V VEMVEM

vSphere

NexusNexus1000V1000V VEMVEM

Port ProfilesPort ProfilesWEB AppsWEB AppsHRHRDBDBDMZDMZ

VM Connection PolicyVM Connection Policy• Defined in the networkDefined in the network• Applied in Virtual CenterApplied in Virtual Center• Linked to VM UUIDLinked to VM UUID

Faster VM Deployment

Policy-Based Policy-Based VM ConnectivityVM Connectivity

Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties

Non-DisruptiveNon-Disruptive Operational Model Operational Model

Cisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network Link

VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM


Features of the Nexus 1000V

Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX) IGMP Snooping, QoS Marking (COS & DSCP), Class-based WFQ*

Security Policy Mobility, Private VLANs w/ local PVLAN Enforcement Access Control Lists (L2–4 w/ Redirect), Port Security Dynamic ARP inspection, IP Source Guard, DHCP Snooping

Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration Optimized NIC Teaming with Virtual Port Channel – Host Mode

Visibility VMotion Tracking, NetFlow v.9 w/ NDE, CDP v.2 VM-Level Interface Statistics Policy-based SPAN & ERSPAN

Management Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3) Hitless upgrade

*In 1.4 Release, 4Q CY2010


Cisco Nexus 1010


VSM on Nexus 1010VSM on Virtual Machine

Nexus 1010: VSM on an Appliance

vSphere

1000VVEM

Server

VM VM VM

vSphere

Cisco Nexus 1010

Server

VM VM VM VM

1000VVEM

1000VVSM x 1

1000VVSM x 4


Feature Comparison

VSM on Virtual Machine VSM on Nexus 1010

Nexus 1000V features and scalability

VEM running on vSphere 4 Enterprise Plus

NX-OS high availability of VSM

Installation like a standard Cisco switch

Network Team manages the switch hardware

Nexus 1000V features and scalability

VEM running on vSphere 4 Enterprise Plus

NX-OS high availability of VSM

统一网络服务（ UNS ） Cisco Data Center

Documents

Transcript of 统一网络服务（ UNS ） Cisco Data Center