How To Create A Network Environment For Cisco One (Cisco 1000V)

Cisco Nexus 1000V for Microsoft Hyper-V Damian Flynn, MVP Cloud and Datacenter & Infrastructure Architect, Lionbridge Gunnar Anderson, Product Marketing Manager, Cloud Networking & Services, Cisco Appaji Malla, Sr. Product Marketing Manager, Cloud Networking & Services, Cisco Sai Chaitanya, Technical Marketing Engineer, Cloud Networking & Services, Cisco

Date/Time Thur, Feb 21st at 0900 PST Topic Cisco Open Network Environment (Cisco ONE) Next Phase of Network Programmability and SDN Thur, Feb 28th at 0900 PST Cisco One Platform Kit (onepk): Technical Deep Dive and key use cases Wed, Mar 6th at 0900 PST Nexus 1000V for Hyper-V with Microsoft SCVMM integration Wed, Mar 13th at 0900 PST Cisco ONE controller: Technical Deep Dive and key use cases Wed, Mar 20th at 0900 PST 5000 Seat VDI Reference Architecture: Cisco UCS & Nexus 1000V, Citrix XenDesktop, and EMC VNX Wed, Mar 27th at 0900 PST Nexus 1000V v2.2 for vsphere: More scale, Multicast-less VXLAN, VXLAN Gateway Wed, April 3rd at 0900 PST Cloud Services Router (CSR 1000V): Technical deep dive and key use cases Wed, April 10th at 0900 PST Cloud Security with ASA 1000V and Virtual Security Gateway v2.1 (VSG) Wed, April 17th at 0900 PST Secure Hybrid Cloud solution with Nexus 1000V InterCloud & VNMC InterCloud Wed, April 24th at 0900 PST Nexus 1100 for Cloud Network Services: New Services & Ecosystem Wed, May 1st at 0900 PST Wed, May 8th at 0900 PST Cloud Networking Services: vnam and vwaas Virtualized Multiservice Data Center (VMDC) solution with Cloud Networking Services Wed, May 15th at 0900 PST Nexus 1000V for KVM (with OpenStack and VXLAN) Register and view recordings/presentations here: www.cisco.com/go/1000vcommunity 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Cisco Virtual Networking Solutions WS2012 & SCVMM 2012 Networking Overview Nexus 1000V architecture N1KV Integration with SCVMM Virtual Services How to participate in Public Beta Live Demo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Operational Complexity Managing networks across physical & virtual environments Maturing Hypervisor market Economics Use-cases requiring different hypervisors Virtual Services Secure virtual environment Rich network services Public Cloud Security concerns for public cloud Mobility concerns Resource Utilization VM Mobility across DC Mobility across DCs Mobility across clouds Consistent Operational Model Multihypervisor Support Multi-services support with vpath Multi-cloud support Overlay Technology Support Diverse Virtualization Requirements for DataCenter Customers 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

PHYSICAL WORKLOAD One app per Server Static Manual provisioning VIRTUAL WORKLOAD Many apps per Server Mobile Dynamic provisioning CLOUD WORKLOAD Multi-tenant per Server Elastic Automated Scaling HYPERVISOR VDC-1 VDC-2 CONSISTENCY: Policy, Features, Security, Management Switching Routing Services Nexus 7K/5K/3K/2K ASR WAAS, ASA, NAM Nexus 1000V, VM-FEX Cloud Services Router (CSR 1000V) Virtual WAAS, VSG, ASA 1000V, vnam* Compute UCS for Bare Metal UCS for Virtualized Workloads 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

Nexus 1000V Multi-Cloud Multi-Services Multi-Hypervisor 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Compute Cisco Unified Computing (UCS) Networking Cisco Nexus 1000V Cisco UCS VM-FEX Manageability Cisco UCS Manager Cisco UCS PowerTool Certified for various Microsoft applications 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

What is the pricing associated with Nexus 1000V for Hyper-V? Ans: It will be consistent with the existing product. Does the product work with all vesions of Hyper-V? Ans: the product works only with Hyper-V 3.0 that version that is shipped with WS2012. Also, you need to have SCVMM 2012 to use N1KV. Can the same N1KV manage both ESX & Hyper-V? Ans: No. Sepearate N1KV switches should be deployed for different hypervisor environments. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Damian Flynn is the Infrastructure Architect on the Corporate IT team. His current focus is on Software Defined Networks (SDN) with Azure for Window Server Services, with perspective on Orchestration of repeatable processes in Dev/Ops scenarios. He has a keen interest in Cloud Computing from both a business strategy and technical viewpoint and has presented sessions on building and managing Private/Hybrid Clouds at a number of industry events. Damian authored the Cloud chapters on two books, is active in many MS Programs, blogs at www.damianflynn.com, tweets at @damian_flynn, and and has published a number of white papers and technical articles. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Cisco Virtual Networking Solutions WS2012 & SCVMM 2012 Networking Overview Nexus 1000V architecture N1KV Integration with SCVMM Virtual Services How to participate in Public Beta Live Demo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Hyper-V extensible switch A virtual Ethernet switch that runs in the management operating system of the Hyper-V parent partition. Through the use of extensions, independent software vendors (ISVs) can extend the switch functionality. Benefits SR-IOV Dynamic VMQ Port Mirror & ACL IPsec Offload & QOS Extensibility Cisco Nexus 1000V Cisco UCS VM-FEX Manageability Windows PowerShell Unified tracing, capture & diagnostics 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

VHDX support Storage Enhancements Windows Standards-Based Storage Management Thin provisioning of logical units, and for the discovery of SAS storage Hyper-V Host Provisioning Deep discovery with detailed information about physical network adapters VMM Console Add-Ins Enable new actions or additional configuration for VMM objects Embed custom WPF UI or Web Portals Enhanced Networking Architecture Network Virtualization Extensible Switch, Extension Support 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Logical Networks Virtual Machine Networks LOGICAL PLAN Virtual Machine Networking VLAN-based configuration - You can continue to use familiar virtual local area network (VLAN) technology for network isolation. No VM networking Networks that don t require access by VMs do not use VM networks. For example, storage networks. No isolation You can get direct access to the logical network with a VM network. Appropriate for a host management or shared Internet networks. Network virtualization You can support multiple tenants (also called clients or customers) with their own networks, isolated from the networks of others. Use external networks You can use a vendor network-management console that allows you to configure settings on your forwarding extension. VMM will import those settings. Tenant 1 10.0.1.0/24 Tenant 2 10.0.1.0/24 Internet All Tenants Various Subnets Tenant 3 10.0.1.0/24 Tenant 4 10.0.1.0/24 Tenant 5 10.0.1.0/24 Hyper-V Network Virtualization Filter External Isolation method for external networks is not visible to VMM. Logical Network VLAN Isolated Storage Internet Provider Network External Network Network Site (Logical Network Definition) VLAN 5 10.0.1.0/24 VLAN 15 10.0.1.0/24 VLAN 10 VLAN 0 VLAN 25 VLAN 30 VLAN 35 A 10.0.1.0/24 B 10.0.1.0/24 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 1

Port-Classifications Provide a level of indirection to Virtual Port Profiles Bundling of profiles from each extension is the port-classification Provide a way to group Port Profiles from different Hyper-V switch extensions 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

Cisco Virtual Networking Solutions WS2012 & SCVMM 2012 Networking Overview Nexus 1000V architecture N1KV Integration with SCVMM Virtual Services How to participate in Public Beta Live Demo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

VM VM VM VM VNICs Nexus 1000V VEM Nexus 1000V VSM Advanced NX-OS feature-set SCVMM Integration Extensible vswitch vpath Services architecture PNICs Consistent operational model 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

Back Plane Network Admin Virtual Appliance VSM-1 (active) VSM-2 (standby) NX-OS Control Plane Supervisor-1 (Active) Supervisor-2 (StandBy) Linecard-1 Linecard-2 Linecard-N NX-OS Data Plane Modular Switch VEM-1 VEM-2 VEM-N WS 2012 Hyper-V WS 2012 Hyper-V WS 2012 Hyper-V VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module Server Admin 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

VM VM VM VM VM VM VM VM VM VM VM VM Cisco Nexus 1000V VEM WS 2012 Hyper-V Cisco Nexus 1000V VEM WS 2012 Hyper-V Cisco Nexus 1000V VEM WS 2012 Hyper-V Server Server Server Virtual Supervisor Module (VSM) Virtual or Physical appliance running Cisco NXOS (supports Hi-availability) Performs management, monitoring, and configuration Tight integration with management platforms Virtual Ethernet Module (VEM) Enables advanced networking capability on the hypervisor Provides each virtual machine with dedicated switch port Collection of VEMs : 1 virtual network Distributed Switch Cisco Nexus 1000V VSM System Center Virtual Machine Manager 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

Switching Security Network Services Provisioning Visibility Management L2 Switching, 802.1Q Tagging, Rate Limiting (TX) IGMP Snooping, QoS Marking (COS & DSCP) Policy Mobility, Private VLANs w/ local PVLAN Enforcement Access Control Lists (L2 4 w/ Redirect), Port Security Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping* Virtual Services Datapath (vpath) support for traffic steering & fast-path off-load [leveraged by Virtual Security Gateway (VSG) and other services] Full integration with System Center VM Manager (SCVMM) Faster network policy provisioning through port profiles Live Migration Tracking, NetFlow v.9 w/ NDE, CDP v.2 VM-Level Interface Statistics SPAN & ERSPAN (policy-based) VM Network Provisioning (port-profiles), CiscoWorks, Cisco DCNM Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3) Hitless upgrade, SW Installer * Only with Advanced Edition 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

VM VM VM VM SCVMM manages the placement and live-migration of the VMs based on the constraints between VM networks and the network sites. Nexus 1000V VEM Win 8 Hyper-V SCVMM Server Admin Adds hosts to N1KV Connects VMs (VNICs) to VM Networks Server Networks & policies synced to SCVMM Nexus 1000V VSM Create networks and policies (logical networks, network sites, VMnetworks) Network Admin 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Provide SCVMM Credentials Provide Host info for Primary & Secondary VSM 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

Why the Nexus 1000V, and my WS2012 experience? Alpha New concepts for the Server Administrator (Let it go!) What VSM, VEM, VFEX Tricky Installation, and lots of NX-OS CLI Beta NX-OS maturing commands Familiar environment for the Network Engineer Unification with Microsoft WS/SC terminology, and VMM concepts Public Beta Unified management for Physical and Virtual Infrastructure Reduced time to resolution, via NX-OS access to the Virtual NIC 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

Return the Status Quo Hyper-V Administrator are not Network Engineers (Honestly!) Deliver Consistency Physical and Virtual Networks implement consistent policies Network Engineers manage both the Physical and Virtual Networks Server Engineers manage the Compute and Storage Elasticity Vastly simplified host networking configuration Faster, repeatable and consistent host provisioning Clear segregation of ownership, accelerated problem resolution Business Process Improvements VMs and Physical devices are first class end points on the network Standardized Policies for Tracing, Monitoring, Management, Debugging Consistent Network visibility in the hybrid environment 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

Cisco Virtual Networking Solutions WS2012 & SCVMM 2012 Networking Overview Nexus 1000V architecture N1KV Integration with SCVMM Virtual Services (N1KV) How to participate in Public Beta Live Demo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

# network-segment-poool Intranet_POD1 # network-segment Intranet_POD1_SUBNET1 switchport mode access switchport access vlan 20 ip-pool Intranet_POD1_Pool1 network-definition Intranet_POD1 # network-segment Intranet_POD1_SUBNET2 switchport mode access switchport access vlan 21 ip-pool Intranet_POD1_Pool2 network-definition Intranet_POD1 # network-segment Intranet_POD1_SUBNET3 switchport mode access switchport access vlan 22 ip-pool Intranet_POD1_Pool2 network-definition Intranet_POD1 VM Network Intranet_POD1_SUBNET1 VM Network Intranet_POD1_SUBNET2 VM Network Intranet_POD1_SUBNET3 Network Site Intranet_POD1 A Network Site is a grouping of VM Networks that are always available together on the same host simultaneously A host uplink can be configured to carry one or more Network Sites 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

Cisco Virtual Networking Policy-Based VM Connectivity Mobility of Network and Security Properties Non-Disruptive Operational Model Port Profiles VM VM VM VM VM VM VM VM Defined Policies WEB Apps HR DB DMZ Hypervisor Nexus 1000V VEM Hypervisor Nexus 1000V VEM VM Connection Policy Defined in the network Server Server Applied in SCVMM VM Mgmt Station Nexus 1000V VSM 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

Policy-Based VM Connectivity Cisco Virtual Networking Mobility of Network and Security Properties Non-Disruptive Operational Model VM VM VM VM VM VM VM VM VM VM VM VM VMs Need to Move VM Migration Resource Scheduling SW upgrade/patch Hardware failure Hypervisor Nexus 1000V VEM Hypervisor Nexus 1000V VEM VM Networking Mobility Live Migration Ensures VM security Maintains connection state Server Server VM Mgmt Station Nexus 1000V VSM 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

DB Clients DB Servers VM VM VM VM DB Network Current N1KV/ESX Version # port-profile db-client switchport mode access switchport access vlan 10 ip port access-group dbclient in no shut state enabled # port-profile db-server switchport mode access switchport access vlan 10 ip port access-group dbserver in no shut state enabled N1KV/Hyper-V Version # network-segment db-network switchport mode access switchport access vlan 10 # port-profile db-client ip port access-group dbclient in no shut state enabled # port-profile db-server ip port access-group dbserver in no shut state enabled 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

Basic Parameters Required for API Calls $User = "admin" $Password = ConvertTo-SecureString String "Secret123" AsPlainText -Force $VSMIPaddress = "10.105.228.108" $URI = "http://"+ $VSMIPaddress + /api/ $Credentials = New-Object TypeName System.Management.Automation.PSCredential ArgumentList $User, $Password Read/Write Object (IP Pool) #Update IP-Pool Information - HTTP POST $IPPURI=$URI +"hyper-v/ip-address-pool/pool1" $IPPArg = '{"name":"pool1", "addressrangestart":"192.168.0.2", "addressrangeend":"192.168.0.16"} ConvertFrom-Json -InputObject $IPPArg Invoke-RestMethod -Uri $IPPURI -Credential $Credential -Method Post -Body $IPPArg DELETE Object (VM network) #$VMNURI = $URI +"hyper-v/vm-network-definition/vmn4" $VMNArg = '{"name":"vmn4"} ConvertFrom-Json -InputObject $VMNArg Invoke-RestMethod -Uri $VMNURI -Credential $Credential -Method Delete -Body $VMNArg 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34

Xian SCOM Plugin for Nexus 1000V Monitors various metrics: Availability (ICMP and SNMP) TCP Connections Uptime Traffic, total, error etc. Bandwidth 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 3

Cisco Virtual Networking Solutions WS2012 & SCVMM 2012 Networking Overview Nexus 1000V architecture N1KV Integration with SCVMM Virtual Services (N1KV) How to participate in Public Beta Live Demo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM 4 VM VM VM Virtual Security Gateway (VSG)* Nexus 1000V Distributed Virtual Switch vpath Decision Caching 3 1 Initial Packet Flow 2 Flow Access Control (policy evaluation) Log/Audit * First version only supports network attributes 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37

VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Virtual Security Gateway (VSG)* Nexus 1000V Distributed Virtual Switch vpath ACL offloaded to Nexus 1000V (policy enforcement) Remaining packets from flow Log/Audit * First version only supports network attributes 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38

Cisco Virtual Networking Solutions WS2012 & SCVMM 2012 Networking Overview Nexus 1000V architecture N1KV Integration with SCVMM Virtual Services (N1KV) How to participate in Public Beta Live Demo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39

High Touch Beta Over-subscribed. We have quite a number of participants that wanted to be part of the hi-touch beta Public Beta Available to all participants that have a valid email-id, company name, and contact adress That are willing to test the product and provide constructive feedback Participate in the discussion forums, and contribute to the N1KV communitt 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40

beta-n1kv-hyperv@cisco.com 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

Cisco Nexus 1000V software Virtual Supervisor Module (VSM) ISO (n1000vh-dk9.5.2.1.sm1.5.0.1.iso) Virtual Ethernet Module (VEM) MSI package (Nexus1000V.msi) VSEM Provider MSI Package (CiscoProviderInstaller.msi) N1KV Installer App (Cisco Nexus 1000V Installer) Installation Document & Screencast Getting Started Guide for Cisco Nexus 1000V for Microsoft Hyper-V Beta Test-cases Document Outlines sample test cases and configurations for the alpha features Cisco Nexus 1000V Beta Process Overview Presentation Documentation 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42

Cisco Virtual Networking Solutions WS2012 & SCVMM 2012 Networking Overview Nexus 1000V architecture N1KV Integration with SCVMM Virtual Services (N1KV) How to participate in Public Beta Live Demo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43

SCVMM VM Nexus 1000V VSM Employee VM Contractor VM WebServer VM HyperV Switch HOST01 Nexus 1000V VEM -1 HOST02 Nexus 1000V VEM -2 HOST03 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

Use Case 1 Security using Access Control Lists Employee Contractor Win 2012 Hyper-V Nexus 1000V VEM Web Server Nexus 1000V VEM Win 2012 Hyper-V Configure the port-profiles so that web-server access is restricted: Employee can access Contractor is restricted Nexus 1000V VSM 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45

Use Case 2 Traffic Monitoring using Encapsulated Route Span (ERSPAN) Employee Contractor Win 2012 Hyper-V Nexus 1000V VEM Web Server Nexus 1000V VEM Win 2012 Hyper-V Configure a ERSPAN session on WebServer VM interface Monitor the traffic the vnam running on Nexus 1110 VNAM Nexus 1000V VSM 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46

Use Case 3 Policy (SPAN) maintained across Live Migration Employee Contractor Web Server Live Migrate the VM Nexus 1000V VEM Win 2012 Hyper-V Win 2012 Hyper-V Nexus 1000V VEM Demonstrate that SPAN session is maintained. VNAM Nexus 1000V VSM 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47

Cisco-Microsoft Partnership: http://www.cisco.com/go/microsoft Cisco Nexus 1000V: http://www.cisco.com/go/nexus1000v Cisco UCS VM-FEX: http://www.cisco.com/go/vmfex Solution Overview: http://www.cisco.com/en/us/solutions/collateral/ns340/ns517/ns2 24/ns955/ns963/solution_overview_c22-687087.html Q&A Doc: http://www.cisco.com/en/us/solutions/collateral/ns340/ns517/ns2 24/ns955/ns963/faq_c67_687090_ns1154_Networking_Solutions _Q_and_A.html 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48

Thank you.