Nexus 7000 Mpls

2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1

DCSTG Product Management

MPLS on Nexus 7000


Session Objectives

At the end of this session, the participants should be able to:

Understand positioning of Nexus 7000 in Borderless Core

Have a good understanding of MPLS features supported on Nexus 7000.

Articulate how MPLS on Nexus 7000 can enable consolidation virtualization segmentation in the Data Center


Agenda

Nexus 7000 and Borderless Core Positioning

Data Center Trends

Virtualization Drivers

Virtualization in Nexus 7000

MPLS on Nexus 7000 Features

Deployment options

Guidelines & Limitations

2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4

Broad Range of Deployment Options

Nexus 7000 and NX-OS

9, 10 & 18 Slot versions 15+ Terabit System Unified Fabric Ready Modern, Modular OS Device Virtualization Cisco TrustSec Continuous Operations

Nexus 7009 Nexus 7010 Nexus 7018

1HCY11 Shipping Shipping

Slots 7 I/O + 2 sup 8 I/O + 2 sup 16 I/O + 2 sup

Height 14 RU 21 RU 25 RU

BW / Slot Fab 1 N/A 230 Gig / slot 230 Gig / slot

BW / Slot Fab 2

550 Gig / Slot

(1H 2011)

550 Gig / slot (2H 2011)

550 Gig / slot (2H 2011)

Nexus 7000 Platform


Agenda


Data Center Trends




Deployment options



Data Center: New Business Models and Revenue Examples

HD Streaming

TelePresence

Session Shifting

Home Monitoring

Bottomless DVR and Titles

Video and Rich Media

Enterprise Apps

Corporate Comms

Video Production

Storage Replication

Scalable Branch Apps

Application Acceleration

Software-as-a-Service

Cloud Interconnects

Enterprise Clouds

Partnering Models

Cloud Computing for the masses

Cloud Computing

Next-Gen Hosting

Data Center Services

Capacity-on-Demand

Verticalization

Infrastructure-as- a-Service

Virtual Infrastructure

FILE.DOC

FILE.DOC DRE

CACHE

LZ

WAN

LZ

Personal

Social Interactive

MediaAware

NetworkAware

End PointAware

Evolution of

Convergence

Network of

Networks

Technologies

& new devices

Personal

Social Interactive

Personal

Social Interactive

MediaAwareMediaAware

NetworkAware

NetworkAware

End PointAware

End PointAware

Evolution of

Convergence

Network of

Networks

Technologies

& new devices

Evolution of

Convergence

Network of

Networks

Technologies

& new devices

MuxMuxCMSCMS

ServiceProcessor

ServiceProcessor

IOHIOH

AdapterAdapter

MuxMux CMSCMS

SwitchSwitchSwitchSwitch

OOB Mgmt10/100/1000OOB Mgmt10/100/1000

OOB Mgmt10/100/1000OOB Mgmt10/100/1000

CPUCPUCPUCPU

Fabric

Extender

Fabric

Extender

Fabric Switch Fabric Switch

LAN MgmtSAN A SAN B

Compute

Blade

Unified Computing Enclosure

Cisco medianet

2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 7 September 16,

2008

Cisco Inc., Company Confidential -

NDA Required

Virtualization Applications

Increased network security User groups segmentation with VPNs New applications readiness Converged multiservice network Service and policy centralization Security policies and appliances at a central location Network segmentation By user groups or business function Network Consolidation Merging Multiple parallel network into a shared infrastructure


Agenda


Data Center Trends




Deployment options



Virtualization Virtual Device Contexts

Virtualization

Carve a single Nexus 7000

switch into four network

entities

Flexible separation of hardware and software

resources

Isolate software faults and reduce fate sharing

Securely delineate administrative domains

Virtual Device Contexts

System Infrastructure

Linux Kernel

Default VDC

VDC 3

VDC 2

VDC 4

Layer 2 Protocols

VLAN STP

Layer 3 Protocols

OSPF HSRP

CDP PIM

Layer 2 Protocols

UDLD STP

Layer 3 Protocols

BGP MSDP

LACP PIM

Layer 2 Protocols

CDP STP

Layer 3 Protocols

BGP VRRP

LACP EIGRP

Layer 2 Protocols

STP SPAN

Layer 3 Protocols

OSPF GLBP

CTS PIM


Virtualization VRF

Virtualization

Logical network segmentation

using Virtual Routing and

Forwarding

All features VRF aware

Each VRF learns routes and makes forwarding decisions

independently

VRF membership of each interface dictates which

forwarding table to use

1000 VRFs/system supported on

N7K from NX-OS 5.0 release

VRF


Agenda


Data Center Trends




Deployment options


2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 12 S

erv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

MPLS on Nexus 7000 Layer-3 VPNS

Customer Requirement

Secure Segmentation of application/ Departmental traffic

Shared Services

Route-Leaking Export Import of routes between VPNs

Key L3VPN features

MPLS Label Switching (RFC 3031/3032)

LDP (RFC 3036), LDP-IGP sync, session protection, MD5 auth

Per-prefix and per-VRF label allocation

Layer-3 VPNs (RFC4364)

PE-CE protocols (BGP, OSPF, IS-IS, Static)

Load balancing (Label, IP Src/Dst)

PE

P P

PE PE

PE

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Agg

/Access (L2/L3

boundary)

DC Core

DC Edge

VR

F A

VR

F B

VR

F C

VR

F D

MPLS

Layer-3 VPNs


MPLS on Nexus 7000 Traffic Engineering


Provide on-demand bandwidth for applications

Utilize all paths and bandwidth

Link, Node and Bandwidth protection

Fast Convergence

Capacity Planning

Key MPLS-TE Features

MPLS TE (OSPF, IS-IS), RSVP-TE

Forwarding Adjacency

Autobandwidth

Class Based Tunnel Selection

TE-FRR (BFD, RSVP-GR)

Path, Node and link protection

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

PE

P P

PE PE

PE

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Agg

/Access (L2/L3

boundary)

DC Core

DC Edge

MPLS TE Tunnel

MPLS

Traffic Engineering


MPLS on Nexus 7000 Multicast VPN (mVPN)

Customer Requirements

Virtualization of multicast service delivery

Traffic separation

Provide many-to-1 content distribution

Support emerging cloud applications: Audio-video, Chat, Announcements, Collaboration/conferencing, Monitoring

Key mVPN Features mVRF aware PIM

Data and Default MDT

BGP mdt send/receive

IGMP v1, v2 & v3

SSM, BiDir, PIM MSDP

mVRF aware mtrace S

erv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

PE

P P

PE PE

PE

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Agg

/Access (L2/L3

boundary)

DC Core

DC Edge

VR

F A

VR

F B

VR

F C

VR

F D

MPLS

Multicast VPN


MPLS on Nexus 7000 6PE/6VPE


Seamless IPv4 to IPv6 migration

Traffic separation

Minimal operational overhead No impact on existing IPv4 and MPLS services

Ready for production services with IPv6

Key 6PE/6VPE Features

6PE & 6VPE

Static route and BGPv6 for PE-CE

6PE & 6VPE Multipath

6VPE PIC Core

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

PE

P P

PE PE

PE

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Agg

/Access (L2/L3

boundary)

DC Core

DC Edge

VR

F A

VR

F B

VR

F C

VR

F D

MPLS

6VPE/PE


MPLS on Nexus 7000 Management


MPLS LSP Troubleshooting

MPLS VPN, TE Health Check

Key OAM Features

MPLS LSP Ping

MPLS LSP Trace

TE Tunnel Ping (RSVP IPv4 FECs )

TE Tunnel Traceroute (RSVP IPv4 FECs)

LSP Multipath (ECMP) Tree discovery & trace

(RFC4379)

MIBs

MPLS LSR MIB - RFC3813

MPLS LSR MIB traps

MPLS LDP MIB - RFC3815

MPLS LDP MIB traps

MPLS L3VPN MIB - RFC4382

MPLS L3VPN MIB traps

MPLS Traffic Engineering MIB -RFC 3812

MPLS Traffic Engineering MIB Traps

MPLS FRR STD MIB (IETF draft version)

MPLS FRR MIB

MPLS

OAM and MIBs


MPLS on Nexus 7000 High Availability

Protocol Process

Restart

Stateful

(NSF)

BFD Graceful

Restart

ISSU

LDP - -

MP-BGP

RSVP -

Service Stateful

(NSF)

ISSU

Layer-3 VPN

Traffic Engineering

mVPN

6PE/6VPE

Graceful

Restart

timers

Stateful HA

Graceful

Restart

timers

Stateful HA

IS-IS

IS-IS SUP Switchover

Process Restart

MPLS implementation delivers the breadth

and depth of NX-OS HA Capabilities

MPLS

High Availability

BGP NSR in NX-OS on Roadmap


MPLS on Nexus 7000 Management


MPLS LSP Troubleshooting

MPLS VPN, TE Health Check

Key OAM Features

MPLS LSP Ping

MPLS LSP Trace

TE Tunnel Ping (RSVP IPv4 FECs )

TE Tunnel Traceroute (RSVP IPv4 FECs)

LSP Multipath (ECMP) Tree discovery & trace

(RFC4379)

MIBs

MPLS LSR MIB - RFC3813

MPLS LSR MIB traps

MPLS LDP MIB - RFC3815

MPLS LDP MIB traps

MPLS L3VPN MIB - RFC4382

MPLS L3VPN MIB traps

MPLS Traffic Engineering MIB -RFC 3812

MPLS Traffic Engineering MIB Traps

MPLS FRR STD MIB (IETF draft version)

MPLS FRR MIB

MPLS

OAM and MIBs


MPLS on Nexus 7000 High Availability

Protocol Process

Restart

Stateful

(NSF)

BFD Graceful

Restart

ISSU

LDP - -

MP-BGP

RSVP -

Service Stateful

(NSF)

ISSU

Layer-3 VPN

Traffic Engineering

mVPN

6PE/6VPE

Graceful

Restart

timers

Stateful HA

Graceful

Restart

timers

Stateful HA

IS-IS

IS-IS SUP Switchover

Process Restart

MPLS implementation delivers the breadth

and depth of NX-OS HA Capabilities

MPLS

High Availability

BGP NSR in NX-OS on Roadmap


MPLS on Nexus 7000 QoS

P

PE

PE

Ingress (Classificaiton,

Marking, Policing)

Core DiffServ


Classify and prioritize traffic flows

Ability to preserve or remark traffic flows

Ability to police to conform to SLA

MPLS QoS Features

Classification, Policing, Marking on MPLS EXP

bits

QoS Management Pipe, short pipe and uniform mode

No Shaping support

MPLS

QoS

Sh

ort

Pip

e M

ode

Pip

e M

ode

Un

ifo

rm M

ode

CE

CE


VRF Aware Services in NX-OS

Service NX-OS

Support

VRF Specific Static ARP

GRE tunnel to VRF mapping

PBR-set VRF

VRF Aware AAA (RADIUS)

VRF Aware AAA

(TACACS+)

VRF Aware BGP dampening

VRF Aware DHCP

VRF Aware DHCP-relay

(Option 82 with VPN ID)

VRF Aware DNS

VRF Aware FTP

VRF Aware GLBP

VRF Aware HSRP

VRF Aware NDE

in NX-OS, everything is VRF aware NX-OS delivers a rich set of VRF aware services

Service NX-OS

Support

VRF Aware NTP

VRF Aware Ping

VRF Aware SCP

VRF Aware SNMP agent

VRF Aware SSH

VRF Aware SSH Client

VRF Aware Syslog

VRF Aware Telnet

VRF Aware TFTP

VRF Aware Traceroute

VRF Aware uRPF

VRF Aware VRRP

VRF Aware WCCP Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er

Serv

er


NX-OS MPLS (Target Q2CY11)

NEXUS 7000 Hardware Forwarding

Layer-3 VPNs, mVPNv4, 6PE/VPE Layer-2 VPNs

Scope of MPLS Phase 1 End-to-end Services


Agenda


Data Center Trends




Deployment options



Enterprise & Hosting Data Centers Consolidation & Secure Segmentation

Secure Segmentation via MPLS VPNs

One network Infrastructure for Hosted Services

Provide XaaS services for customers (IaaS, PaaS, SaaS etc)

Meet strict regulatory requirement of separation of customer traffic

Provide for central control for policy management

Ability to scale customers

Collapsed

Aggregation/

Access

Core

Global Interconnect

MP

LS B

ou

nd

ary

ToR ToR

Consolidation

Collapsed Architecture

Acc

ess

Lay

er

(Lay

er-

2)

UCS V

RF

A

VR

F B

VR

F C

VR

F D


MPLS/VPN: Supporting Shared Services

Shared Services for all VPNs

ERP Video Server

Hosted Content

Requirement Services need to be replicated per

VPN Poor efficiency High Traffic Load Management nightmare

Solution

IP Services become sharable across VPNs Increases Enterprise outsourcing

flexibility

Creates New Service Provider revenue opportunities

Aggregation

Core

Edge

VPN A

VPN B VPN C

VPN D

Consolidation

Shared Services

VR

F A

VR

F B

VR

F C

VR

F D

Service VRF


Enterprise & Hosting Data Centers Consolidation & Secure Segmentation

Secure Segmentation via MPLS VPNs

One network Infrastructure for Hosted Services

Provide XaaS services for customers (IaaS, PaaS, SaaS etc)

Meet strict regulatory requirement of separation of customer traffic

Provide for central control for policy management

Ability to scale customers

Collapsed

Aggregation/

Access

Core

Global Interconnect

MP

LS B

ou

nd

ary

ToR ToR

Consolidation

Collapsed Architecture

Acc

ess

Lay

er

(Lay

er-

2)

UCS V

RF

A

VR

F B

VR

F C

VR

F D


MPLS/VPN: Supporting Shared Services

Shared Services for all VPNs

ERP Video Server

Hosted Content

Requirement Services need to be replicated per

VPN Poor efficiency High Traffic Load Management nightmare

Solution

IP Services become sharable across VPNs Increases Enterprise outsourcing

flexibility

Creates New Service Provider revenue opportunities

Aggregation

Core

Edge

VPN A

VPN B VPN C

VPN D

Consolidation

Shared Services

VR

F A

VR

F B

VR

F C

VR

F D

Service VRF


Enterprise and SP Hosted Data Center Traffic Engineering

Using Tunnels to provide bandwidth for applications, on-demand

Path-Diversity: Allow different application traffic to take different

paths in the network

Utilize all paths in the network

MPLS-TE FRR provides automatic protection (


Large Data Centers Consolidation & Secure Segmentation

Secure customer segmentation via MPLS VPNs

Scale POD based architecture

One network Infrastructure for XaaS architecture, to

accommodate for growth

MPLS PE boundary in POD EoR/ToR access/aggregation

layer

Accommodate POD Scale as well as VPN scalability w/o operational

overhead

Internet

Global Interconnect Campus

/WAN Edge

Pod N

Aggregation Pod B

Aggregation

Massively Scalable Data Centers

Secure Segmentation

Core

Super Core

MP

LS B

ou

nd

ary

Acc

ess

Lay

er

(Lay

er-

2) PE

P/PE

P

Pod A

Aggregation

P


Enterprise and SP Hosted Data Center Traffic Engineering

Using Tunnels to provide bandwidth for applications, on-demand

Path-Diversity: Allow different application traffic to take different

paths in the network

Utilize all paths in the network

MPLS-TE FRR provides automatic protection (


Large Data Centers Consolidation & Secure Segmentation

Secure customer segmentation via MPLS VPNs

Scale POD based architecture

One network Infrastructure for XaaS architecture, to

accommodate for growth

MPLS PE boundary in POD EoR/ToR access/aggregation

layer

Accommodate POD Scale as well as VPN scalability w/o operational

overhead

Internet

Global Interconnect Campus

/WAN Edge

Pod N

Aggregation Pod B

Aggregation

Massively Scalable Data Centers

Secure Segmentation

Core

Super Core

MP

LS B

ou

nd

ary

Acc

ess

Lay

er

(Lay

er-

2) PE

P/PE

P

Pod A

Aggregation

P


Building Highly Scalable Data Centers

Workload Mobility Fabric Path

Aggregation

Core

Edge

Pod-A Pod-N

Scalable Multi-path Fabric

Secu

re

Segm

en

tati

on

L2

MP

LS

VR

F A

VR

F B

VR

F C

VR

F D

MPLS LSP

Secu

re

Segm

en

tati

on

Fabric Path

Aggregation

Core

Edge

Pod-A Pod-N

Scalable Multi-path Fabric

L2

MP

LS

VR

F A

VR

F B

VR

F C

VR

F D


Agenda


Data Center Trends




Design options

Guidelines


MPLS on Nexus 7000 Guidelines

Fully supported in current & future M-series I/O modules (with Earl8 ASIC)

MPLS features (L3VPNs, TE etc) can be deployed in VDCs

XL modules are required for achieve 50 ms TE-FRR switchover times

M-series Hardware supports L2VPN functionality for future support (EoMPLS, VPLS)

Supervisor N7K-SUP1 & Future

I/O

Modules

32 x 10GE (N7K-M132GS-12)

8 x 10GE (N7K-M108X2-12)

48 x 1GE (N7K-M148GS-11, N7K-

M148GT-11)

Future M-series line cards

Chassis 10-slot, 18-slot, 9-slot (Future)

Feature* EARL8

Number of VPNs 16K

MPLS Aggregate Labels 16K

MPLS over GRE Yes

Label operations in one pass Push 5, Pop 1

Number of EoMPLS Tunnels 128K

EoMPLS Multipoint to Multipoint Yes

MPLS QoS Tunnel Modes Pipe, Short Pipe, Uniform

MPLS Push 60Mpps

MPLS Pop 60Mpps

EoMPLS Push 60Mpps

EoMPLS Pop 30Mpps

VPLS (Non v6) 30Mpps

*SW support of some functionality is on roadmap


MPLS on Nexus 7000 Guidelines

The F1 modules DO NOT support MPLS.

MPLS can be deployed in a mixed mode environment (M1 + F1 cards in same chassis or VDC)

F1

VLAN 10

F1

VLAN 20

M1 M1

Fabric

F1M1 (MPLS in M1)

F1

VLAN 10

F1

VLAN 20

M1 M1

Fabric

F1M1 (MPLS in M1)

F1M1 (MPLS in M1)

F1

VLAN 10

F1

VLAN 20

Fabric

M1 M1

Fabric

802.1Q

F1 M1 F1 VDC M1 VDC


MPLS on Nexus 7000 Licensing

Licensing: MPLS will be enabled via a license, on a per chassis basis.

Licenses to Enable MPLS in NX-OS

MPLS Enterprise Base + +

Base

Enterprise Advanced Enhanced L2 Storage

MPLS XL Transport

Services LISP

5.2

5.2

5.1

Documents

Nexus 7000 Mpls