Upload
erik-kelley
View
255
Download
0
Embed Size (px)
Citation preview
统一网络服务( UNS )
Cisco Data Center
Data Center Data Center BusinessBusiness
AdvantageAdvantage
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 2
Agenda
UNS summary
Cisco ACE and vACE
Cisco WAAS and vWAAS
Cisco Firewall and vFirewall
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 3
数据中心和云计算的演进Consolidation Virtualization Automation = Utility/Cloud model
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 4
HypervisorHypervisor
基于软件的虚拟机交换机
Switch
VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM
VETHVETH
VNICVNIC
UCS Server UCS Server
Virtual Switching Need to switch between VMs on same host
vNetwork Distributed Switch: Nexus 1000v
Collection of vSwitches or vNetwork Distributed Switch
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 5
HypervisorHypervisor
VM-FEX: Cisco UCS 独一无二的整合能力增强 VM 的 I/O 能力
UCS 6100
VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVMVNICVNIC
VN-Link in HW: One Network Unify virtual and physical switching layers
Fabric extender for VMs: Reduce network management points
Reduce broadcast domain
Host CPU Cycles Relief Host CPU cycles relieved from VM switching
I/O Throughput improvements
UC
S V
IC
UC
S V
IC
VETHVETH
UCS Server UCS Server
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 6
ANY SERVICE
Cisco 统一网络服务的整体视图
在任意部署模型下都提供了足够的灵活性和丰富的选择
ANY ENVIRONMENT
ANY FORM FACTOR
ANY DELIVERY MECHANISM
Network Compute
Appliance Module VirtualIntegrated
Dedicated(Hardware coupled)
Dynamic “On-demand”
ApplicationDelivery
Others
…..
Policyframework
Workloadmobility
FeatureConsistency
Cloud
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 7
统一网络服务同时为物理和虚拟环境提供统一的服务框架
Hypervisor
App
OSApp
OSApp
OS
Physical Network Services
WAN Opt
• Virtual appliance form factor
• Elastic Instantiation/Provisioning
• Service transparent to VM mobility
• Support scale-out
• Large scale multi-tenant operation
• Application-specific service nodes
• Form factors:• Appliance• Switch module• Router-integrated
Private Cloud
Firewall SLB/ADC
Public Cloud
VirtualFirewall
VirtualWAN Opt
VDC-1
VDC-2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 8
统一网络服务架构的创新和优势
FY11
FLEXIBILITYFLEXIBILITY
RESPONSIVENESSRESPONSIVENESS
CONSISTENCYCONSISTENCY
Cloud optimization
Secure multi-tenant cloud experience
Seamless Integration and automationOpen APIs
Policy-aware VMs Workload Portability and Mobility
Fabric Integration
Rapid Service Enablement
Operational simplicityPolicy-based provisioning
Virtual services Agility and on-demand delivery
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 9
Cisco UNS 架构下的虚拟池调配
Nexus 1000VNexus 1000V
vCentervCenter
VSGVSG
Port Profile
LBContext
Security Profile和物理防火墙保持一致
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
ServerTeam
NetworkTeam
SecurityTeam
Load Balance ANM-ACE
快速调整
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 10
应用服务器的自动化部署与调解
ACE
VMVM VMVM VMVM
vCentervCenter Nexus 1000v VSM
VMVM VMVM VMVM
ANM (GS)
ESX Host
ESX Host
3rd party Workflow
Automation Software API
API
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 11
业务系统的应用级可视化展现
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 12
统一网络服务产品层面的更新
ESX ESXi Hypervisor w/ Nexus 1000V
UCS /x86 Servers
Virtual ANS
Nexus 1000VNexus 1000V
vPath
vPath: Fabric Intelligence for Virtual services• Traffic interception/redirection, Fast-path off-load
Virtual Security Gateway (VSG)
On Nexus 1000V
Virtual NetworkManagement Center (VNMC)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 15
Cisco vACE ( 虚拟应用控制引擎 )
vACE vACE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 17
Hypervisor
Traditional Service Nodes
Virtual Contexts
服务虚拟化部署的多种选择
VLANs
Hypervisor
Redirect VM traffic via VLANs to external (physical) firewall
1
AppServer
DatabaseServer
WebServer
Apply hypervisor-based Virtual Firewall2
AppServer
DatabaseServer
WebServer
VSNVSN
Virtual Service Nodes
VSNVSN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 18
ACEACEACEACEACEACE
ACE Demand
VIP Mobility & Scale
VIP Mobility & Scale
应用控制随需而动For Public, Private, and Hybrid Clouds
What?• Demand based scaling of ACE application
delivery system• Demand based scaling of applications
serviced by ACE• Scale across ACE form factors• Hitless VIP mobility from ACE to ACE and
Cloud to Cloud• ADC metering and chargeback. Demand
based billing
Why?• Eliminate ADC as bottleneck to elastic
applications• Enable application scaling beyond the borders
of a single cloudACE Demand Application Demand
ACEAppliance
ACEVirtual
Appliance
ACESwitch Module
ACEUCS
Blade
UnifiedCompute
Nexus 7K
ACEACEACEACEACEACE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 19
Virtual ACE (vACE) 随云而动 Enabler For Cloud On Demand
What• Virtual ACE & GSS for UCS and Generic compute
• Target Segment: Cloud SP; Enterprise
• Bundled with UCS for Commercial Segment
Performance• vACE Small – 1 to 4 Gbps
• vACE Large – 1- 8 Gbps
Competitive Functionality• On-demand App Scaling via vPath (N1Kv / Sereno)
• Ease of network insertion (with N1Kv)
• Integration with vBlock
vACE
vACE vACE
vACE
vACEvACE
UCS C-series
UCS B-series
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 20
Cisco vWAAS ( 虚拟广域网络应用加速服务 )
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 21
Branch Office
WAAS
Private Cloud
WAAS 经典部署模式和私有云
Virtual Desktops
Poor response times
Slow file transfers Limited user
sessions
ChallengesChallenges
Secondary DC
Enterprise Apps
Cisco WAAS:
LAN-like App Performance
Up to 4X increase in VDI users
Efficient data transfer & Bulk vMotion
WAN
Virtualized Infra
WAN
Mobile Users
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 22
云模型下的广域网优化:Cisco Virtual WAAS
ESX ESXi Hypervisor w/Nexus 1000
UCS /x86 Servers
Virtual WAAS “Appliances”
AvailableQ4 CY10
vPath
Virtual WAAS on Nexus 1000V with vPath
FEATURES
Allows Agile, Elastic, & Multi Tenant Deployment
Supports DRE Cache in SAN Policy-based Provisioning w/ Nexus
1000V Extends WAAS Solution Portfolio
BUSINESS BENEFITS
Business Agility with on-demand orchestration
Lower operational cost, reduced migration risk
Fault-tolerance with VM mobility awareness
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 25
Cisco vWAAS: 云模型下的广域网优化WAAS 解决方案整体视图
BenefitsBenefits DifferentiatorDifferentiatorKey RequirementsKey Requirements
广域网络优化的随需调度 基于虚拟机 Vmotion 技术的容错部署 降低云迁移的运营成本
弹性部署随需而动 最简单的网络配置 支持虚拟机的动态部署 支持多租户模型
和 Cisco Nexus 1000V紧密集成
快速部署广域网加速服务
通过 WCCP 实现透明部署
Mobile Users
Cisco vWAAS Cisco vWAAS
Private CloudPublic Cloud
WAN
Internet
WAAS Mobile Client
WAAS Mobile Server
BranchWAAS
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 26
Cisco VSG
( 虚拟安全网关 )
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 27
Virtual NetworkManagement
Center(VNMC)
虚拟安全网关的介绍
VM context aware rulesContext aware SecurityContext aware Security
Establish zones of trustZone based ControlsZone based Controls
Policies follow vMotionDynamic, AgileDynamic, Agile
Efficient, Fast, Scale-out SWBest-in-class ArchitectureBest-in-class Architecture
Security team manages securityNon-Disruptive OperationsNon-Disruptive Operations
Central mgmt, scalable deployment, multi-tenancy
Policy Based AdministrationPolicy Based Administration
Virtual Security
Gateway (VSG)
XML API, security profilesDesigned for AutomationDesigned for Automation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 28
实现多层次安全
Specify zoning policy with the appropriate granularity Tenant VDC vApp
Tenant A Tenant B
VDC vApp
vApp
vSphereNexus 1000VNexus 1000V
vPath
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 29
VSG同物理设备的部署逻辑保持一致
Nexus 1000VDistributed Virtual Switch
Nexus 1000VDistributed Virtual Switch
VMVM VMVM VMVM
VMVM VMVM
VMVM
VMVM VMVM VMVM
VMVM
VMVM
VMVM VMVM VMVM
VMVM VMVM VMVMVMVM
VMVM
vPathvPath
VNMC
Log/Audit
VSG
Secure Segmentation(VLAN agnostic)
Efficient Deployment(secure multiple hosts)
Transparent Insertion(topology agnostic)
High Availability
Dynamic policy-based provisioning
Mobility aware(policies follow vMotion)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 30
VSG 虚拟机到虚拟机的通信流程 1st packet
For the 1st packet within a network session, although the traffic redirection scheme is different, but the packet flow is similar.
Traffic redirection bases on Port-profile-to-VSG binding and flow entry lookup in the Service Data Path (SDP)
Processing of internet VMs and Inter-VMs traffic are normalized. Different firewall policies will be applied to these traffic strictly based on source/destination attributes defined in the policy
VM VM #1#1VM VM #1#1
VM VM #8#8VM VM #8#8
VM VM #7#7VM VM #7#7
VM VM #6#6VM VM #6#6
VM VM #4#4VM VM #4#4
VM VM #3#3VM VM #3#3
VM VM #2#2VM VM #2#2
VM VM #5#5VM VM #5#5
Web servers Servers App
Nexus 1000 DVS
Service Data Path12 3 4 56
VSG
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 31
VSG 虚拟机到虚拟机的通信流程 2nd and subsequent packets
After VSG has done the policy evaluation against the first packet of a network section, a flow-entry cache is established in SDP, which off-loads the processing of the rest of packets to SDP
The flow-lookup done in SDP would be able to identify the current state of the flow, thus SDP can process the subsequent packets based on the actions stored at the flow entry
VM VM #1#1VM VM #1#1
VM VM #8#8VM VM #8#8
VM VM #7#7VM VM #7#7
VM VM #6#6VM VM #6#6
VM VM #4#4VM VM #4#4
VM VM #3#3VM VM #3#3
VM VM #2#2VM VM #2#2
VM VM #5#5VM VM #5#5
Web Servers App Servers
Nexus 1000 DVS
Service Data Path1 2 34
VSG
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 33
总结
• 计算资源的虚拟化允许 server 做更多的工作• 网络资源和计算资源的高度互动将大幅度提升数据中心的效率• 统一网络服务提供了更大的弹性支撑
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 34
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 35
Cisco Nexus 1000VDistributed Virtual Switch for VMware vSphere
Policy-Based Policy-Based VM ConnectivityVM ConnectivityPolicy-Based Policy-Based
VM ConnectivityVM ConnectivityMobility of Network & Mobility of Network & Security PropertiesSecurity Properties
Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties
Non-DisruptiveNon-Disruptive Operational Model Operational Model
Non-DisruptiveNon-Disruptive Operational Model Operational Model
vSphere
NexusNexus1000V1000VVEMVEM
Nexus 1000VNexus 1000VVSMVSM
VMVM VMVM VMVM VMVM
Industry’s most advanced software switch for VMware vSphere
Standards based – interoperates with all 802.1Q switching platforms
Built on Cisco NX-OS Feature and operational consistency
across physical and virtual networks Maintain vCenter provisioning model
No change for server administration Network team manages virtual network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 36
Nexus 1000V – Benefits
NX-OS feature consistency–Across physical and virtual networks (Nexus 7K/5K/2K/1KV)
–Cisco CLI experience
Advanced switching features–Security, QoS, Monitoring, Management
Administrative consistency–Network team manages virtual network, creates port profiles
–Server team assigns port profiles to VMs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 37
Cisco Nexus 1000V
Nexus 1000V VSMvCentervCenter
vSphere
NexusNexus1000V1000V VEMVEM
vSphere
NexusNexus1000V1000V VEMVEM
Port ProfilesPort Profiles
WEB AppsWEB Apps
HRHR
DBDB
DMZDMZ
Port ProfilesPort Profiles
WEB AppsWEB Apps
HRHR
DBDB
DMZDMZ
VM Connection PolicyVM Connection Policy• Defined in the networkDefined in the network
• Applied in Virtual CenterApplied in Virtual Center
• Linked to VM UUIDLinked to VM UUID
VM Connection PolicyVM Connection Policy• Defined in the networkDefined in the network
• Applied in Virtual CenterApplied in Virtual Center
• Linked to VM UUIDLinked to VM UUID
Faster VM Deployment
Policy-Based Policy-Based VM ConnectivityVM ConnectivityPolicy-Based Policy-Based
VM ConnectivityVM ConnectivityMobility of Network & Mobility of Network & Security PropertiesSecurity Properties
Mobility of Network & Mobility of Network & Security PropertiesSecurity Properties
Non-DisruptiveNon-Disruptive Operational Model Operational Model
Non-DisruptiveNon-Disruptive Operational Model Operational Model
Cisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network LinkCisco VN-Link: Virtual Network Link
VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 38
Features of the Nexus 1000V
Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)
IGMP Snooping, QoS Marking (COS & DSCP), Class-based WFQ*
Security Policy Mobility, Private VLANs w/ local PVLAN Enforcement
Access Control Lists (L2–4 w/ Redirect), Port Security
Dynamic ARP inspection, IP Source Guard, DHCP Snooping
Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration
Optimized NIC Teaming with Virtual Port Channel – Host Mode
Visibility VMotion Tracking, NetFlow v.9 w/ NDE, CDP v.2
VM-Level Interface Statistics
Policy-based SPAN & ERSPAN
Management Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks
Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)
Hitless upgrade
*In 1.4 Release, 4Q CY2010
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 39
Cisco Nexus 1010
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 40
VSM on Nexus 1010VSM on Nexus 1010VSM on Virtual MachineVSM on Virtual Machine
Nexus 1010: VSM on an Appliance
vSphere
1000VVEM
Server
VM VM VM
vSphere
Cisco Nexus 1010
Server
VM VM VM VM
1000VVEM
1000VVSM x 1
1000VVSM x 4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 41
Feature Comparison
VSM on Virtual Machine VSM on Nexus 1010
Nexus 1000V features and scalability
VEM running on vSphere 4 Enterprise Plus
NX-OS high availability of VSM
Installation like a standard Cisco switch
Network Team manages the switch hardware
Nexus 1000V features and scalability
VEM running on vSphere 4 Enterprise Plus
NX-OS high availability of VSM