Cisco Nexus 1000V for Microsoft Hyper-V
Damian Flynn, MVP Cloud and Datacenter & Infrastructure Architect, Lionbridge Gunnar Anderson, Product Marketing Manager, Cloud Networking & Services, Cisco Appaji Malla, Sr. Product Marketing Manager, Cloud Networking & Services, Cisco Sai Chaitanya, Technical Marketing Engineer, Cloud Networking & Services, Cisco
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Register and view recordings/presentations here: www.cisco.com/go/1000vcommunity
Date/Time Topic
Thur, Feb 21st at 0900 PST Cisco Open Network Environment (Cisco ONE) – Next Phase of Network Programmability and SDN
Thur, Feb 28th at 0900 PST Cisco One Platform Kit (onePK): Technical Deep Dive and key use cases
Wed, Mar 6th at 0900 PST Nexus 1000V for Hyper-V with Microsoft SCVMM integration
Wed, Mar 13th at 0900 PST Cisco ONE controller: Technical Deep Dive and key use cases
Wed, Mar 20th at 0900 PST 5000 Seat VDI Reference Architecture: Cisco UCS & Nexus 1000V, Citrix XenDesktop, and EMC VNX
Wed, Mar 27th at 0900 PST Nexus 1000V v2.2 for vSphere: More scale, Multicast-less VXLAN, VXLAN Gateway
Wed, April 3rd at 0900 PST Cloud Services Router (CSR 1000V): Technical deep dive and key use cases
Wed, April 10th at 0900 PST Cloud Security with ASA 1000V and Virtual Security Gateway v2.1 (VSG)
Wed, April 17th at 0900 PST Secure Hybrid Cloud solution with Nexus 1000V InterCloud & VNMC InterCloud
Wed, April 24th at 0900 PST Nexus 1100 for Cloud Network Services: New Services & Ecosystem
Wed, May 1st at 0900 PST Cloud Networking Services: vNAM and vWAAS
Wed, May 8th at 0900 PST Virtualized Multiservice Data Center (VMDC) solution with Cloud Networking Services
Wed, May 15th at 0900 PST Nexus 1000V for KVM (with OpenStack and VXLAN)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Cisco Virtual Networking Solutions
• WS2012 & SCVMM 2012 Networking Overview
• Nexus 1000V architecture
• N1KV Integration with SCVMM
• Virtual Services
• How to participate in Public Beta
• Live Demo
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Overlay Technology
Support
Operational Complexity
Managing
networks
across
physical &
virtual
environments
Maturing Hypervisor
market
Economics
Use-cases
requiring
different
hypervisors
Public Cloud
Security
concerns for
public cloud
Mobility
concerns
Resource
Utilization
VM Mobility
across DC
Mobility
across DCs
Mobility
across clouds
Virtual Services
Secure virtual
environment
Rich network
services
Diverse Virtualization Requirements for DataCenter Customers
Multi-services support with
vPath
Multi-hypervisor
Support
Consistent Operational
Model
Multi-cloud support
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
PHYSICAL
WORKLOAD
VIRTUAL
WORKLOAD
CLOUD
WORKLOAD
• One app per Server
• Static
• Manual provisioning
• Many apps per Server
• Mobile
• Dynamic provisioning
• Multi-tenant per Server
• Elastic
• Automated Scaling
HYPERVISOR VDC-1 VDC-2
CONSISTENCY: Policy, Features, Security, Management
Nexus 1000V, VM-FEX
Virtual WAAS, VSG, ASA 1000V, vNAM*
UCS for Virtualized Workloads
Nexus 7K/5K/3K/2K
WAAS, ASA, NAM
UCS for Bare Metal
Cloud Services Router (CSR 1000V) ASR
Switching
Routing
Services
Compute
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Multi-Hypervisor
Multi-Services
Multi-Cloud
Nexus 1000V
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Cisco Nexus 1000V
Cisco UCS VM-FEX
Cisco UCS Manager
Cisco UCS PowerTool
Cisco Unified Computing
(UCS)
Manageability Compute Networking
Certified for various Microsoft applications
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
• What is the pricing associated with Nexus 1000V for Hyper-V?
Ans: It will be consistent with the existing product.
• Does the product work with all vesions of Hyper-V?
Ans: the product works only with Hyper-V 3.0 – that version that is shipped with WS2012. Also, you need to have SCVMM 2012 to use N1KV.
• Can the same N1KV manage both ESX & Hyper-V?
Ans: No. Sepearate N1KV switches should be deployed for different hypervisor environments.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 11
Damian Flynn is the Infrastructure Architect on the Corporate IT team.
His current focus is on Software Defined Networks (SDN) with “Azure
for Window Server Services”, with perspective on Orchestration of
repeatable processes in “Dev/Ops” scenarios.
He has a keen interest in Cloud Computing from both a business strategy
and technical viewpoint and has presented sessions on building and
managing Private/Hybrid Clouds at a number of industry events. Damian
authored the Cloud chapters on two books, is active in many MS
Programs, blogs at www.damianflynn.com, tweets at @damian_flynn, and
and has published a number of white papers and technical articles.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
• Cisco Virtual Networking Solutions
• WS2012 & SCVMM 2012 Networking Overview
• Nexus 1000V architecture
• N1KV Integration with SCVMM
• Virtual Services
• How to participate in Public Beta
• Live Demo
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
• Hyper-V extensible switch
“A virtual Ethernet switch that runs in the management operating system of the Hyper-V parent partition. Through the use of extensions, independent software vendors (ISVs) can extend the switch functionality.”
Cisco Nexus 1000V
Cisco UCS VM-FEX
Windows PowerShell
Unified tracing, capture &
diagnostics
SR-IOV
Dynamic VMQ
Port Mirror & ACL
IPsec Offload & QOS
Manageability Benefits Extensibility
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• VHDX support
• Storage Enhancements
Windows Standards-Based Storage Management
Thin provisioning of logical units, and for the discovery of SAS storage
• Hyper-V Host Provisioning
Deep discovery with detailed information about physical network adapters
• VMM Console Add-Ins
Enable new actions or additional configuration for VMM objects
Embed custom WPF UI or Web Portals
• Enhanced Networking Architecture
Network Virtualization
Extensible Switch, Extension Support
• ·.
• ·.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
VLAN 5
10.0.1.0/24
VLAN 15
10.0.1.0/24
LOGICAL PLAN
Virtu
al M
ach
ine
Netw
ork
s
Lo
gic
al
Netw
ork
s
Logical
Network
Network
Site
(Logical
Network
Definition)
Hyper-V Network Virtualization Filter
A
10.0.1.0/24
B
10.0.1.0/24
Tenant 2
10.0.1.0/24
Tenant 1
10.0.1.0/24
Internet All Tenants
Various SubnetsTenant 3
10.0.1.0/24
Tenant 4
10.0.1.0/24Tenant 5
10.0.1.0/24
Internet
VLAN 0 VLAN 25 VLAN 30 VLAN 35
Provider Network External NetworkVLAN Isolated Storage
External
VLAN-based configuration - You can continue to use familiar
virtual local area network (VLAN) technology for network isolation.
No isolation – You can get direct
access to the logical network with a
VM network. Appropriate for a host
management or shared Internet
networks.
Network virtualization – You can support multiple tenants
(also called clients or customers) with their own networks,
isolated from the networks of others.
Use external networks – You can use a vendor
network-management console that allows you
to configure settings on your forwarding
extension. VMM will import those settings.
Virtual Machine Networking
No VM networking –
Networks that don t
require access by VMs
do not use VM
networks. For example,
storage networks.
VLAN 10
Isolation method for
external networks is not
visible to VMM.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
1
8
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Port-Classifications
• Provide a level of indirection to Virtual Port Profiles
• Provide a way to group Port Profiles from different Hyper-V switch extensions
Bundling of profiles
from each extension is
the port-classification
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• Cisco Virtual Networking Solutions
• WS2012 & SCVMM 2012 Networking Overview
• Nexus 1000V architecture
• N1KV Integration with SCVMM
• Virtual Services
• How to participate in Public Beta
• Live Demo
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Nexus
1000V VSM
Extensible vSwitch
Nexus 1000V VEM
VM VM VM VM
VNICs
Advanced NX-OS feature-set
SCVMM Integration
vPath Services architecture
Consistent operational model PNICs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
WS 2012 Hyper-V
Modular Switch
…
Linecard-N
Supervisor-1 (Active)
Supervisor-2 (StandBy)
Linecard-1
Linecard-2
Ba
ck P
lan
e
VEM-N VEM-1 VEM-2
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
VSM-1 (active)
VSM-2 (standby)
Virtual Appliance
Network
Admin
Server
Admin
NX-OS
Control Plane
NX-OS
Data Plane
WS 2012 Hyper-V WS 2012 Hyper-V
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 23
System Center Virtual Machine Manager
Cisco
Nexus
1000V
VEM
Cisco
Nexus
1000V
VEM
Cisco
Nexus
1000V
VEM
VM VM VM VM VM VM VM VM VM VM VM VM
Cisco Nexus 1000V VSM
Virtual Supervisor Module (VSM)
• Virtual or Physical appliance running Cisco NXOS (supports Hi-availability)
• Performs management, monitoring, and configuration
• Tight integration with management platforms
Virtual Ethernet Module (VEM)
• Enables advanced networking capability on the hypervisor
• Provides each virtual machine with dedicated “switch port”
• Collection of VEMs : 1 virtual network Distributed Switch
WS 2012 Hyper-V WS 2012 Hyper-V WS 2012 Hyper-V
Server Server Server
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 24
Switching L2 Switching, 802.1Q Tagging, Rate Limiting (TX)
IGMP Snooping, QoS Marking (COS & DSCP)
Security Policy Mobility, Private VLANs w/ local PVLAN Enforcement
Access Control Lists (L2–4 w/ Redirect), Port Security
Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping*
Provisioning
Visibility Live Migration Tracking, NetFlow v.9 w/ NDE, CDP v.2
VM-Level Interface Statistics
SPAN & ERSPAN (policy-based)
Management VM Network Provisioning (port-profiles), CiscoWorks, Cisco DCNM
Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)
Hitless upgrade, SW Installer
Network Services Virtual Services Datapath (vPath) support for traffic steering & fast-path
off-load [leveraged by Virtual Security Gateway (VSG) and other services]
Full integration with System Center – VM Manager (SCVMM)
Faster network policy provisioning through port profiles
* Only with Advanced Edition
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Networks & policies
synced to SCVMM
Adds hosts to N1KV
Connects VMs (VNICs) to
VM Networks
Nexus
1000V
VEM
Server
Nexus 1000V
VSM
Win 8 Hyper-V
SCVMM
Network
Admin
Create networks and
policies (logical
networks, network
sites, VMnetworks)
SCVMM manages the placement and
live-migration of the VMs based on
the constraints between VM
networks and the network sites. VM VM VM VM
Server
Admin
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Provide SCVMM Credentials Provide Host info for Primary & Secondary VSM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• Why the Nexus 1000V, and my WS2012 experience?
• Alpha
New concepts for the Server Administrator (Let it go!)
What VSM, VEM, VFEX…
Tricky Installation, and lots of NX-OS CLI
• Beta
NX-OS maturing commands
Familiar environment for the Network Engineer
Unification with Microsoft WS/SC terminology, and VMM concepts
• Public Beta
Unified management for Physical and Virtual Infrastructure
Reduced time to resolution, via NX-OS access to the Virtual NIC
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
• Return the Status Quo Hyper-V Administrator are not Network Engineers (Honestly!)
• Deliver Consistency Physical and Virtual Networks implement consistent policies
Network Engineers manage both the Physical and Virtual Networks
Server Engineers manage the Compute and Storage
• Elasticity Vastly simplified host networking configuration
Faster, repeatable and consistent host provisioning
Clear segregation of ownership, accelerated problem resolution
• Business Process Improvements VMs and Physical devices are first class end points on the network
Standardized Policies for Tracing, Monitoring, Management, Debugging
Consistent Network visibility in the hybrid environment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
• Cisco Virtual Networking Solutions
• WS2012 & SCVMM 2012 Networking Overview
• Nexus 1000V architecture
• N1KV Integration with SCVMM
• Virtual Services (N1KV)
• How to participate in Public Beta
• Live Demo
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
# network-segment-poool Intranet_POD1
# network-segment Intranet_POD1_SUBNET1
switchport mode access
switchport access vlan 20
ip-pool Intranet_POD1_Pool1
network-definition Intranet_POD1
# network-segment Intranet_POD1_SUBNET2
switchport mode access
switchport access vlan 21
ip-pool Intranet_POD1_Pool2
network-definition Intranet_POD1
# network-segment Intranet_POD1_SUBNET3
switchport mode access
switchport access vlan 22
ip-pool Intranet_POD1_Pool2
network-definition Intranet_POD1
Network Site “Intranet_POD1”
VM Network Intranet_POD1_SUBNET1
VM Network Intranet_POD1_SUBNET2
VM Network Intranet_POD1_SUBNET3
• A Network Site is a
grouping of VM Networks that
are always available together
on the same host
simultaneously
• A host uplink can be
configured to carry one or
more Network Sites
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 31
Port Profiles
Defined Policies
WEB Apps
HR
DB
DMZ
Policy-Based VM Connectivity
Mobility of Network and Security Properties
Non-Disruptive Operational Model
Cisco Virtual Networking
Nexus
1000V
VEM
Nexus
1000V
VEM
VM Connection Policy
• Defined in the network
• Applied in SCVMM
VM VM VM VM VM VM VM VM
VM Mgmt Station Nexus 1000V VSM
Server Server
Hypervisor Hypervisor
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 32
VMs Need to Move
• VM Migration
• Resource Scheduling
• SW upgrade/patch
• Hardware failure
Policy-Based VM Connectivity
Mobility of Network and Security Properties
Non-Disruptive Operational Model
Cisco Virtual Networking
VM VM VM VM
VM VM VM VM
VM Mgmt Station Nexus 1000V VSM
VM VM VM VM
VM Networking
Mobility
• Live Migration
• Ensures VM security
• Maintains connection state
Nexus
1000V
VEM
Nexus
1000V
VEM
Server Server
Hypervisor Hypervisor
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Current N1KV/ESX Version N1KV/Hyper-V Version
# port-profile db-client
ip port access-group dbclient in
no shut
state enabled
# port-profile db-server
ip port access-group dbserver in
no shut
state enabled
# network-segment db-network
switchport mode access
switchport access vlan 10
DB Clients DB Servers
DB Network
VM VM VM VM
# port-profile db-client
switchport mode access
switchport access vlan 10
ip port access-group dbclient in
no shut
state enabled
# port-profile db-server
switchport mode access
switchport access vlan 10
ip port access-group dbserver in
no shut
state enabled
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
$User = "admin"
$Password = ConvertTo-SecureString –String
"Secret123" –AsPlainText -Force
$VSMIPaddress = "10.105.228.108"
$URI = "http://"+ $VSMIPaddress + “/api/”
$Credentials = New-Object –TypeName
System.Management.Automation.PSCredential –
ArgumentList $User, $Password
Basic Parameters Required for API Calls
#Update IP-Pool Information - HTTP POST
$IPPURI=$URI +"hyper-v/ip-address-pool/pool1"
$IPPArg = '{"name":"pool1",
"addressRangeStart":"192.168.0.2",
"addressRangeEnd":"192.168.0.16"}‘
ConvertFrom-Json -InputObject $IPPArg
Invoke-RestMethod -Uri $IPPURI -Credential
$Credential -Method Post -Body $IPPArg
Read/Write Object (IP Pool)
#$VMNURI = $URI +"hyper-v/vm-network-definition/vmn4"
$VMNArg = '{"name":"VMN4"}‘
ConvertFrom-Json -InputObject $VMNArg
Invoke-RestMethod -Uri $VMNURI -Credential $Credential
-Method Delete -Body $VMNArg
DELETE Object (VM network)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
• Xian SCOM Plugin for Nexus 1000V
• Monitors various metrics:
Availability (ICMP and SNMP)
TCP Connections
Uptime
Traffic, total, error etc.
Bandwidth
3
5
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
• Cisco Virtual Networking Solutions
• WS2012 & SCVMM 2012 Networking Overview
• Nexus 1000V architecture
• N1KV Integration with SCVMM
• Virtual Services (N1KV)
• How to participate in Public Beta
• Live Demo
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Nexus 1000V
Distributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VM VM
VM
vPath
Log/Audit
Initial Packet
Flow
Virtual Security
Gateway (VSG)*
1 Flow Access Control
(policy evaluation)
2
Decision
Caching 3
4
* First version only supports network attributes
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Nexus 1000V
Distributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VM VM
VM
vPath
Remaining
packets from flow
ACL offloaded to
Nexus 1000V
(policy enforcement)
Log/Audit
Virtual Security
Gateway (VSG)*
* First version only supports network attributes
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
• Cisco Virtual Networking Solutions
• WS2012 & SCVMM 2012 Networking Overview
• Nexus 1000V architecture
• N1KV Integration with SCVMM
• Virtual Services (N1KV)
• How to participate in Public Beta
• Live Demo
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
High Touch Beta
• Over-subscribed.
• We have quite a number of participants that wanted to be part of the hi-touch beta
Public Beta
• Available to all participants that have a valid email-id, company name, and contact adress
• That are willing to test the product and provide constructive feedback
• Participate in the discussion forums, and contribute to the N1KV communitt
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
• Cisco Nexus 1000V software
Virtual Supervisor Module (VSM) ISO (n1000vh-dk9.5.2.1.SM1.5.0.1.iso)
Virtual Ethernet Module (VEM) MSI package (Nexus1000V.msi)
VSEM Provider MSI Package (CiscoProviderInstaller.msi)
N1KV Installer App (Cisco Nexus 1000V Installer)
• Installation Document & Screencast
Getting Started Guide for Cisco Nexus 1000V for Microsoft Hyper-V
• Beta Test-cases Document
Outlines sample test cases and configurations for the alpha features
• Cisco Nexus 1000V Beta Process Overview Presentation
• Documentation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
• Cisco Virtual Networking Solutions
• WS2012 & SCVMM 2012 Networking Overview
• Nexus 1000V architecture
• N1KV Integration with SCVMM
• Virtual Services (N1KV)
• How to participate in Public Beta
• Live Demo
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
SCVMM
VM
Nexus
1000V
VSM
HOST01
Employee
VM Contractor
VM
WebServer
VM
HOST02 HOST03
Nexus 1000V
VEM -1
Nexus 1000V
VEM -2 HyperV
Switch
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Win 2012 Hyper-V Win 2012 Hyper-V
Use Case 1 – Security using Access Control Lists
Nexus 1000V VSM
Nexus
1000V
VEM
Nexus
1000V
VEM
Configure the port-profiles so that web-server access is restricted: • Employee can access • Contractor is restricted
Contractor Employee Web
Server
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Use Case 2 – Traffic Monitoring using Encapsulated Route Span (ERSPAN)
Win 2012 Hyper-V Win 2012 Hyper-V
Nexus 1000V VSM
Nexus
1000V
VEM
Nexus
1000V
VEM
Configure a ERSPAN session on WebServer VM interface
Monitor the traffic the vNAM running on Nexus 1110
Contractor Employee Web
Server
VNAM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Win 2012 Hyper-V Win 2012 Hyper-V
Nexus 1000V VSM
Nexus
1000V
VEM
Nexus
1000V
VEM
Live Migrate the VM
Demonstrate that SPAN session is maintained.
Contractor Employee Web
Server
Use Case 3 – Policy (SPAN) maintained across Live Migration
VNAM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
• Cisco-Microsoft Partnership: http://www.cisco.com/go/microsoft
• Cisco Nexus 1000V: http://www.cisco.com/go/nexus1000v
• Cisco UCS VM-FEX: http://www.cisco.com/go/vmfex
• Solution Overview: http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/solution_overview_c22-687087.html
• Q&A Doc: http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/faq_c67_687090_ns1154_Networking_Solutions_Q_and_A.html
Thank you.