Cisco Nexus 1000V for Microsoft Hyper-V: Expanding the Virtual Edge

Cisco Nexus 1000V for Microsoft Hyper-V: Expanding the Virtual Edge Appaji Malla Sr. Product Manager Cisco Cloud Networking Services Division

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Overview Cisco Nexus 1000V for Hyper-V Cisco Nexus 1000V for K Resources VSM VSM Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 3

Legal Disclaimer Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document. 4

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Overview Cisco Nexus 1000V for Hyper-V Cisco Nexus 1000V for K VSM VSM Resources Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 5

Physical Virtual Cloud Journey Consistency reduces operational risk and complexity PHYSICAL WORKLOAD One app per Server Static Manual provisioning VIRTUAL WORKLOAD Many apps per Server Mobile Dynamic provisioning CLOUD WORKLOAD Multi-tenant per Server Elastic Automated Scaling HYPERVISOR VDC-1 VDC-2 CONSISTENCY: Policy, Features, Security, Management, Separation of Duties Switching Routing Services Nexus 7K/5K/3K/2K Nexus 1000V, -FEX ASR, ISR Cloud Services Router (CSR 1000V) WAAS, ASA, NAM 2014 Cisco and/or its affiliates. vwaas, All rights reserved. VSG, ASA 1000V, Cisco vnam* Public ** 1H CY 2013 6

Cisco Virtual Networking Vision Any workload, any hypervisor, any cloud Nexus 1000V Multi-Cloud Multi-Services Multi-Hypervisor 7

Cloud technology stacks Multi-Hypervisor and Multi-Orchestration Strategy Cloud Portal and Orchestration vcloud Director/ DynamicOps System Center Open Source CIAC/UCSD OpenStack/ Partners Virtual Network Infrastructure vpath Cloud Networking Services Nexus 1000V VXLAN Hypervisor vsphere Hyper-V Open Source (Xen, K) vsphere, Hyper-V, K Computing Platform UCS Physical Network Nexus 2K-7K + ASR 9K (Edge) Storage Platform 8

Cisco Cloud Networking Services Hypervisor agnostic multi-services platform Zone A Cisco Virtual Security Gateway (VSG) ASA 1000V Cloud Firewall Tenant A vwaas Cloud Services Router 1000V Citrix NetScaler VPX Imperva SecureSphere WAF Nexus 1000V Distributed switch NX-OS consistency 8000+ Customers Zone B VXLAN Nexus 1000V Multi-Hypervisor (ware, Microsoft*, RedHat*, Citrix*) Physical Infrastructure (Compute, Network, Storage) vpath VSG -level controls Zone-based FW Shipping ASA 1000V Edge firewall, VPN Protocol Inspection Shipping vwaas WAN optimization App, traffic Shipping CSR 1000V (Cloud Router) WAN L3 gateway Routing and VPN Shipping Ecosystem Services Citrix NetScaler VPX virtual ADC Imperva Web App. Firewall Shipping 9

Cisco Nexus1000V InterCloud Securely Extend Enterprise Environment into Provider Cloud Private Managed Hosted Nexus 1000V InterCloud Utility Public Community Nexus Switching IOS Routing Network Services Secure Simple Enterprise-Grade Crypto and Firewalling within & across clouds Transparent Application Migration; Centralized Management Flexible Choice of Provider Clouds and Hypervisors 10

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Overview Recent Nexus 1000V Promotions Nexus 1000V Architectural Overview Cisco Virtual Services Architecture VSM VSM Cisco Nexus 1000V for Hyper-V Cisco Nexus 1000V for K Resources Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 11

Cisco Nexus 1000V is available in two editions Essential & Advanced Editions Essential ($0) Advanced ($695/cpu) VLANs, ACL, QoS vpath VXLAN LACP Multicast Netflow, ERSPAN Management vtracker vcenter Plugin Virtual Security Gateway Cisco TrustSec SXP Support DHCP Snooping IP Source Guard Dynamic ARP Inspection 12

Easy to get started on Cisco Nexus 1000V Essential Edition No licensing or procurement needed Download Software from cisco.com Install Nexus 1000V Using new Installer App Create Port Profiles & Start Using N1KV Advanced Edition Get a 60-day free trial when you use essential Download Software from cisco.com Install Nexus 1000V Using new Installer App Change Switch mode to Advanced* & Start Using N1KV 13

Cisco Nexus 1000V Promo Overview Nexus 5K & 6K customers can get N1KV at 40% price-reduction Base Package (40% price reduction included) Optional Package (40% price reduction included) Nexus 1110-X Hosting Appliance 64 Universal Advanced Licenses Nexus 1000V License for ANY hypervisor. Migration allowed. VSG licenses included Additional 64 Universal Licenses Nexus 1000V License for ANY hypervisor. Migration allowed. VSG licenses included 14

Cisco Nexus 1000V Promo Overview 2 PIDs: N5K-FEX-N1K-PROMO & N6K-FEX-N1K-PROMO N6K-FEX-N1K-PROMO N5K-FEX-N1K-PROMO Base Package: N1110-X+64 licenses Optional Package: Add. 64-licenses N6004EF-6FEX-1G N6004EF-8FEX-1G N6004EF-4FEX-10G N6004EF-6FEX-10G N6004EF-4FEX-10GT N6004EF-6FEX-10GT N6001P-6FEX-1G N6001P-8FEX-1G N6001P-4FEX-10G N6001P-6FEX-10G N6001P-4FEX-10GT N6001P-6FEX-10GT N6004EF-12FEX-1G N6004EF-8FEX-10G Base Package: N1110-X+64 licenses Optional Package: Add. 64-licenses N5596UP-4N2232PF N5596UP-4FEX N5596UPMM-8FEX N5596UPM-8N2248TF N5548UP-4N2248TP N5596UP-6N2248TP N5548UP-4N2248TF N5548UPL3-2N2248TF N5548UPM-4FEX N5596UPM-6FEX N5596UP-6N2248TF N5596UPMM-12N2248T N5548UPM-6N2248TP N6004EF-4FEX-1G N6004EF-8FEX-10GT N5548UP-4N2248TR N5596UPM-8N2248TP N6001P-2FEX-10G N6001P-4FEX-1G N5596UP-6N2248TR N5548UPM-6N2248TR 15

Other promotional bundles with Nexus 1000V Up to 30% discount when you buy N1KV with UCS or ASA 1000V N1KV/UCS Promo Description List Price N1K-VSG-UCS-BUN Nexus 1000V Advanced Edition with the purchase of UCS B/C series configurable SKUs (not available with fixed SmartPlay Bundles) $495/cpu N1KV/ASA1000V Description List Price L-N1K-ASA1K-01-PR 1 Promo N1KV Advanced licenses & ASA1000V L-N1K-ASA1K-04-PR 4 Promo N1KV Advanced licenses & ASA1000V incremental licenses $2,495/cpu $9,945/cpu L-N1K-ASA1K-16-PR 16 Promo N1KV Advanced licenses &, ASA1000V incremental licenses $39,445/cpu L-N1K-ASA1K-32-PR 32 Promo N1KV Advanced licenses & ASA1000V incremental licenses $78,645/cpu 16

Server Virtualization Issues Policy Mobility, Lack of Traffic Visibility, Operational Complexity Port Group 1. Migration moves s across physical ports the network policy must follow this Motion (across racks, PODS, DCs) 2. Must view or apply network/security policy to locally switched traffic Security Admin Server Admin 3. Need to maintain segregation of duties while ensuring nondisruptive operations Network Admin 18

Customer Issues in virtualized environments Operational Complexity Choice of Hypervisors Complex Workloads Cloud Use-cases Resource Utilization Managing networks across physical & virtual environments Different types of workloads require different hypervisors Requirement for a secure virtual environment with rich network services Security concerns, and hybrid cloud use-cases Mobility within the DC, across DCs and across clouds. Consistent Operational Model Multi-hypervisor Support Multi-services support Multi-cloud support Overlay Technology Support Diverse Virtualization Requirements for DataCenter Customers 19

Fast Changing DC environments Require platform-agnostic design & future-proof architectures Fast Changing Technology Cycles Future-proof Architectures Emerging choices for hypervisors & cloudstacks Pressure to reduce risk, TTM & protect investment New virtualization use-cases Cisco Nexus 1000V Any Service, Any hypervisor, any cloud Built on highly reliable NX-OS platform Validated designs for new use-cases Consistency across hypervisors & cloudstacks Evolutionary approach to operational processes Proven, tested foundation Reduced Risk Reduced Time to deploy Investment Protection 20

Back Plane Cisco Nexus 1000V Overview Architecture consistent with other modular switches Network Admin Virtual Appliance VSM1 Modular Switch VSM2 Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 Linecard-N VEM-1 VEM-2 VEM-N VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module Server Admin Hypervisor Hypervisor Hypervisor 21

Cisco Nexus 1000V Overview Integrated Switching & Services NS1000V ASA1000V Virtual Appliance Physical Appliance: Nexus 1100 vwaas VSG VSM Primary Secondary VSM VSM NAM NAM VSG VSG NS1000V NS1000V Scale-out architecture for cloud Built for multi-tenancy Hosting platform for N1KV s Simplifies network operations vpath Service Binding (Traffic Steering) Fast-Path Offload VXLAN-Aware VEM-1 VEM-2 vpath VXLAN vpath VXLAN VXLAN* Hypervisor Hypervisor 16mil. L2 segments Mobility across DC Friendly to services 22

Cisco Nexus 1000V Overview Cloud Services Platform aka Cisco Nexus 1100 Dedicated NX-OS appliance for hosting virtual services Two form factors: 1110-S, 1110-X Up to 10 virtual services can be hosted on the 1110-X platform Simplifies lifecycle management of virtual services Network/security team can deploy, upgrade, manage Virtual services currently supported Nexus 1000V virtual supervisor modules (VSMs), Network Analysis Module (NAM) Virtual Security Gateway (VSG), Data Center Network Manager (DCNM) Citrix NetScaler 1000V*, Imperva WAF** 23

Uniform Management Interface across hypervisors NTP TACACS+ RADIUS Netflow SPAN & ERSPAN NX-OS CLI SNMP Support NetConf/XML CDP Syslog Cisco Nexus 1000V vm-network-definition (id, vlan, ip-pool) for network segments logical-network-definition (name, id, connected-ports) fabric n/w virtual-port-profile (type, id, maxports, switch-id) for veth uplink-port-profile (state, type, id, maxports, switch-id) for PNIC ip-address-pool (name, dhcp-server, range etc.) for ip-pools REST-APIs for manageability 24

Strong Management Ecosystem Cisco NMS Support Cisco Prime Infra. Cisco Prime DCNM Cisco PNSC Cisco UCSD & CIAC Systems Management Vendors Other ISVs Virtualization Vendors Consistent management interfaces across physical & virtual NX-OS CLI, SNMP, NetConf/XML, REST* CDP, NTP, Telnet/SSH Syslog, ACL- Logging, TACACS+, RADIUS Netflow, SPAN, ERSPAN, REST-ful APIs *Available in H2CY13 Your existing Mgmt tools work well with Nexus 1000V 25

Proven Architecture for virtualization use-cases DC to DC Migration (Disaster Recovery) Private & Public Cloud Deployments (Multi-tenancy & Scalability) Virtual Desktop Infrastructure (User Identity & Security) PCI (Security & Compliance) Vblock (Converged Virtualization Infrastructure) Nexus 1000V Portfolio Hosted Collaboration (Quality of Service & Availabiity) 26

Cisco Nexus 1000V Overview Simplified Operations for network & server admins Consistent feature-set across physical & virtual Consistent feature-set, operational model & consistent mgmt tools Reduces operational complexity For Network Admins Visibility into -to- Traffic SPAN, ERSPAN, Netflow, level Traffic Statistics Simplifies troubleshooting and allows better network design Cisco Validated Design Guides Well-tested, well-documented designs for new use-cases Reduces risk, and time-to-deploy new technologies Improves app security, mobility & availability For Server Admins Simplifies operational processes Future-proofs application architecture Additional NX-OS security features, strong services portfolio, VXLAN & DCI etc. Fewer security, availability & utilization issues Integration with -mgmt tools, Simplified installation process, visibility into network Reduced operational burden on server admins Consistent feature-set across any hypervisor, and any cloud Flexibility to choose any hypervisor platform 27

New Services Requirements in Data Center Traditional Data Center Virtual/Cloud Data Center APP VDC-1 OS FW WAN Opt ADC/ SLB Hypervisor VDC-2 Application-specific services Form factors: Appliance Switch module Virtual Service Node (VSN) Virtual appliance form factor Dynamic instantiation/provisioning Service transparent to mobility Support scale-out Large scale multitenant operation 29

Services deployment in Virtualized DC Redirect traffic via VLANs to external (physical) firewall Apply hypervisor-based virtual network services Web Server App Server Database Server Web Server App Server Database Server Hypervisor Hypervisor VLANs Virtual Contexts VSN VSN Traditional Service Nodes Virtual Service Nodes 30

Intelligent Traffic Steering with vpath 4 Virtual Service Node (VSN) Nexus 1000V Distributed Virtual Switch vpath Decision Caching 3 2 1 Initial Packet Flow Access Control Flow (policy evaluation) Log/Audit 31

Performance Acceleration with vpath Nexus 1000V Distributed Virtual Switch vpath Virtual Service Node (VSN) ACL offloaded to Nexus 1000V (policy enforcement) Remaining packets from flow Log/Audit 32

Service chaining with vpath VSN1 Cisco Nexus 1000V Distributed Virtual Switch 5 Cisco vpath 4 3 VSN2 1 2 33

Multi-tenancy with vpath Tenant1 s Tenant2 s Tenant1 VSN Nexus 1000V Distributed Virtual Switch vpath ACL offloaded to Nexus 1000V (policy enforcement) Tenant2 VSN Tenant1 Client Tenant2 Client 34

vpath Extends services to s on VXLANs VXLAN 101 VXLAN 5001 Extending firewalling & other network services to to traffic on VXLAN Nexus 1000V Distributed Virtual Switch vpath VSN1 VSN2 35

vpath Benefits Without vpath Complex deployment- per host service nodes Capacity planning made difficult No Fast path acceleration Manual service chaining Services tightly coupled with network topology With vpath Distributed Service Insertion Better capacity planning (service at tenant-level) Application based dynamic service chains Non-disruptive operations Fast-Path acceleration Decouple Network and Services 36

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Overview Cisco Nexus 1000V for Hyper-V Nexus 1000V/Hyper-V architecture Overview Design Consistency across hypervisors VSM VSM SCM Networking Concepts Nexus 1000V Integration with SCM Deploying Nexus 1000V for Hyper-V Demo Cisco Nexus 1000V for K Resources Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 37

Hyper-V: Comparison with ESX Terminology ware ESX Virtual Distributed Switch (VDS) Port Group vmknic Folder/Data Center vmotion Distributed Resource Scheduling (DRS) Distributed Power Mgmt (DPM) vcenter, vcloud Director Site Recovery Manager Virtual Machine Disk (DK) Microsoft Hyper-V Logical Switch Virtual Port Profiles + networks Host VNIC Host Group Live Migration Dynamic Optimization Power Management SCM, SCO Hyper-V Replica Virtual Hard Disk (VHDX) 38

Hyper-V Extensible Switch Architecture Extensions process all network traffic including -to- traffic Forwarding Extensions can capture and Filter Traffic as well Nexus 1000V will work with other 3 rd party Capture and Filtering Extensions as well Live Migration and NIC Offloads continue to work even when the extensions are present 39

System Center Virtual Machine Manager Manages Hyper-V Virtualization environment Similar in function to ware vcenter Server But includes some functionality similar to ware vcloud Director What SCM Manages Hyper-V hosts Virtual Machines Logical Switches Logical Networks and Network Sites Networks and Subnets IP Addressing Port Profiles and Classifications 40

SCM Management of Switch Extensions SCM Virtualization Root Partition 3 rd Party components SCM Service Vendor SCM Plugin Vendor network mgmt console Policy database 41

Cisco Nexus 1000V for Hyper-V Award Winning Networking Platform for Hyper-V Advanced NX-OS feature-set VNICs Nexus 1000V VEM Nexus 1000V VSM Innovative Services architecture (vpath) Extensible vswitch Consistent operational model PNICs SCM Integration 42

Cisco Nexus 1000V for Hyper-V A simple Deployment Scenario Cisco Nexus 1000V VEM WS 2012 Hyper-V Cisco Nexus 1000V VEM WS 2012 Hyper-V Cisco Nexus 1000V VEM WS 2012 Hyper-V Server Server Server Virtual Supervisor Module (VSM) Performs management, monitoring, and configuration Tight integration with management platforms Virtual Ethernet Module (VEM) Enables advanced networking capability on the hypervisor Provides each virtual machine with dedicated switch port Collection of VEMs : 1 virtual switch Cisco Nexus 1000V VSM System Center Virtual Machine Manager 43

Cisco Nexus 1000V for Hyper-V Features Switching Security Network Services Provisioning Visibility Management L2 Switching, 802.1Q Tagging, VLAN, Rate Limiting (TX) IGMP Snooping, QoS Marking (COS & DSCP) Policy Mobility, Private VLANs w/ local PVLAN Enforcement Access Control Lists, Port Security, Cisco TrustSec Support* Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping* Virtual Services Datapath (vpath) support for traffic steering & fast-path off-load [leveraged by Virtual Security Gateway (VSG)* and other services] Port Profiles, Integration with virtualization & cloud mgmt. tools Optimized NIC Teaming with Virtual Port Channel Host Mode Migration Tracking, NetFlow v.9 w/ NDE, CDP v.2 -Level Interface Statistics, SPAN & ERSPAN (policy-based) Integrated Provisioning with SCM, Cisco LMS, Cisco DCNM, Cisco VNMC Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3) Hitless upgrade, SW Installer * Available only with Advanced Edition 44

Cisco Nexus 1000V for Hyper-V Consistent Architecture across hypervisors Nexus 1000V VSM Nexus 1000V VEM ware vsphere Nexus 1000V VSM Nexus 1000V VEM WS 2012 Hyper-V ware vcenter SCM 46

Port Profiles Port Profiles vpath and Cloud Network Services Consistent Services Infrastructure across Hypervisors ware vcenter Virtual Machine Attributes Cisco PNSC MSFT SC M Virtual Machine Attributes Cisco PNSC Cisco Nexus 1000V vpath VSNs Cisco Nexus 1000V vpath VSNs 47

Cloud Services Appliance Nexus 1110 Consistent Hosting Platform across Hypervisors Nexus 1110 VSM VSG NAM VSG* VSM VEM-1 vpath VXLAN ware ESX VEM-2 vpath VXLAN ware ESX VEM-1 vpath VXLAN? WS 2012 Hyper-V VEM-2 vpath VXLAN? WS 2012 Hyper-V Existing Nexus 1010 virtual blades support EITHER hypervisor environment 48

Microsoft SCM Networking Concepts Multiple user-defined constructs Logical Networks Network Sites Networks Port Classifications Logical Switch 50

Microsoft SCM Networking Concepts Logical Networks & Network Sites Host1 San Jose Host2 Host3 Host4 Host5 Seattle Host6 Network Site1 Network Site2 Logical Network Network Site3 Logical Network = { Network Sites }; Network Sites = {(Hosts, VLAN/IP-Subnets) } 51

Microsoft SCM Networking Concepts Logical Networks & Network Sites 52

Microsoft SCM Networking Concepts s are bound to Networks 53

Microsoft SCM Networking Concepts Port-Classifications Port-Classification = {Forwarding Profile, Filtering Profile, Capture Profile} per VNIC Extensible vswitch VNICs Bundling of profiles from each extension is port-classification PNICs 54

Microsoft SCM Networking Concepts Logical Switch Switch Template created on SCM - allows consistent configuration on all HyperV Hosts where Logical Switch is instantiated Logical Switch = {Switch extensions, Uplink Profiles, Port-classifications} VNICs Extensible vswitch PNICs Choose the port-classifications allowed by this logical switch Choose the extensions supported by this logical switch Choose the uplink profiles (VLANs and network policies to be applied to this logical switch 55

Microsoft SCM Networking Concepts Associating VNICs to Networks & Port-classifications Choose network Network Subnet is tied to the Network (1:1) Choose IP address type Can be dynamic (DHCP) or statically assigned Choose IP pool for static IPs Choose Port Profile Classification Policy (QoS, Security, Monitoring) A Classification refers to a Port Profile Network Profile Policy Profile 56

Microsoft SCM Networking Concepts Putting everything together Clients Guests Servers IP-Pool1 DMZ_Pod1_Subnet1 DMZ_Podz2_Subnet4 IP-Pool4 IP-Pool2 DMZ_Pod1_Subnet2 DMZ_Pod2_Subnet5 IP-Pool5 IP-Pool3 DMZ_Pod1_Subnet3 DMZ_Pod2_Subnet6 IP-Pool6 Network-site DMZ_POD1 Network-site DMZ_POD2 Logical Network DMZ 57

Cisco Nexus 1000V Terminology SCM Terminology Logical Networks Network Sites Networks IP-Pools Port-Classifications Cisco Nexus 1000V Terminology Logical Networks Network Segment Pools Network Segments IP-Pools & IP-Pool Templates Port-profiles 59

Cisco Nexus 1000V for Hyper-V Defining Network sites and Networks nsm logical network DMZ # nsm network segment pool DMZ_POD1 # member-of logical network DMZ # nsm network segment DMZ_POD1_SUBNET1 member-of network segment pool DMZ_POD1 switchport mode access switchport access vlan 20 ip pool import template DMZ_POD1_Pool1 # nsm network segment DMZ_POD1_SUBNET2 member-of network segment pool DMZ_POD1 switchport mode access switchport access vlan 21 ip pool import template DMZ_POD1_Pool2 Logical network DMZ Network Site DMZ_POD1 Network DMZ_POD1_SUBNET1 Network DMZ_POD1_SUBNET2 Network DMZ_POD1_SUBNET3 # nsm network segment DMZ_POD1_SUBNET3 member-of network segment pool DMZ_POD1 switchport mode access switchport access vlan 22 ip pool import template DMZ_POD1_Pool3 60

Network Segments and Port Profiles Splitting the port-profile into Network Connectivity and Policy Data Base Clients Data Base Servers Data Base Network (VLAN 10) Current N1KV/ESX Version N1KV/Hyper-V Version # port-profile db-client switchport mode access switchport access vlan 10 ip port access-group dbclient in no shut state enabled # port-profile db-server switchport mode access switchport access vlan 10 ip port access-group dbserver in no shut state enabled #nsm network segment db-network switchport mode access switchport access vlan 10 # port-profile db-client ip port access-group dbclient in no shut state enabled # port-profile db-server ip port access-group dbserver in no shut state enabled 61

Cisco Nexus 1000V for Hyper-V Operational Model with SCM Nexus 1000V VEM WS 2012 Hyper-V Server SCM manages the placement and live-migration of the s based on the constraints between networks and 4 the network sites. 5 SCM 2 3 Server Admin Adds hosts to N1KV Connects s (VNICs) to Networks Networks & policies synced to SCM Nexus 1000V VSM 1 Create networks and policies (logical networks, network sites, networks) Network Admin 62

Cisco Nexus 1000V PowerShell Cmdlets Available from http://developer.cisco.com/web/n1k/hyperv PowerShell CmdLet: <Action>-N1k<Object> Action Verbs Examples Create an object* New Create a Logical Network* New-N1kLogicalNetwork() Read an object Get Read port-profile info Get-N1kPortProfile() Update an object Set Update an IP-Pool Set-N1kPoolTemplate() Delete an object Remove Remove network segment Remove-N1kNetworkSegment() *Objects can be Logical Networks, networks, Port-profiles, IP-Pools, Port-profiles etc. Write/Update Operations are only supported on limited set of objects Open a connection to VSM from PowerShell using the credentials Identify the required PowerShell CmdLets Run the Cmdlet directly from the PowerShell Prompt Parse the response for the required information 63

Cisco Nexus 1000V for Hyper-V Accessing N1KV with PowerShell CmdLets Set-N1kIpPoolTemplate Set-N1kLogicalNetwork Set-N1kNetworkSegment Set-N1kNetworkSegmentPool Get-N1kPortProfile Get-N1kUplinkPortProfile Get-N1kUplinkPorts Get-N1kVirtualPortProfile Get-N1kVirtualPorts Get-N1kVsemSystemInfo New-N1kIpPoolTemplate New-N1kLogicalNetwork New-N1kNetworkSegment New-N1kNetworkSegmentPool New-N1kNetwork Remove-N1kIpPoolTemplate Remove-N1kLogicalNetwork Remove-N1kNetworkSegment Remove-N1kNetworkSegmentPool Remove-N1kNetwork 64

Cisco Virtual Security Gateway System Architecture Microsoft SCM /Network Attributes Cisco Prime Network Services Controller (PNSC) -to-ip Binding VSM VSM VSN VSG Security Profiles Device Profiles attributes Port Profiles Interactions Packets (Slow-Path) Packets (Fast-Path) vpath Nexus 1000V VEM Hyper-V Servers Packets (Fast-Path) 65

Cisco Virtual Security Gateway Defining Security Policies Security Profile Policy Set Policy 1 Rule 1 Rule 2 Rule N Policy 2 Rule 1 Rule 2 Rule N Policy N Rule 1 Rule 2 Rule N Rule is analogous to an Access Control Entry; Policy is analogous to an ACL 66

Cisco Nexus 1000V for Hyper-V SCOM Management Plugin from Jalasoft Xian SCOM Plugin for Nexus 1000V Monitors Availability (ICMP and SNMP) TCP Connections Uptime Traffic, total, error etc. Bandwidth 67

Cisco Nexus 1000V Installation Prerequisites & System Requirements Prerequisites System Requirements VSM Configuration WS2012 or later SCM 2012 SP1 UR2 v. 3.1.6020.0 or later Windows Active Directory Service Enable Hyper-V Cmdlets in PowerShell on Hyper-V hosts (with VEM) Hardware Requirements: none other than those imposed by Hyper-V role VSM Requirements: 4GB hard disk, 4GB RAM, 4 NICs Need VSM IP-address VSM Domain ID (1 to 1023) Layer 3 connectivity between VSM and the VEMs TCP Port 80 open between SCM and VSM 69

Cisco Nexus 1000V Installation Installation Package Contents Virtual Supervisor Module ISO (n1000vh-dk9.5.2.1.sm1.5.1.iso) Virtual Ethernet Module MSI package (Nexus1000V-VEM-5.2.1.SM1.5.1.msi) Cisco VSEM Provider MSI package (Nexus1000V-VSEMProvider- 5.2.1.SM1.5.1.msi) Cisco SCM Template (Cisco Nexus1000V VSM Template) 70

Cisco Nexus 1000V Installation Simple 4-step deployment process Download Nexus 1000V image Install N1KV Components into SCM Install and Configure VSM Configure SCM Fabric Go to http://www.cisco.com/go/1000v/hyper-v Click on the Download link Install Cisco Nexus 1000V VSEM Provider MSI Install Cisco VSM Template File Copy VEM to SCM Switch Extension Location Copy VSM ISO to SCM Library Create Microsoft switch for VSM Connectivity Install VSM using SCM template Configure VSM Add N1KV Switch Extension manager to SCM Create Logical Switch Create Networks 71

Cisco Nexus 1000V Installation Virtual Switch Extension Manager (VSEM) & Logical Switch VSEM Port-classifications defines network policy for virtual machine interfaces Logical Switch Uplink Profiles defines VLANs and network policy to be applied to the server uplink 72

Cisco Nexus 1000V Installation Associate VNICs to Networks & Port-classifications Choose network Network Subnet is tied to the Network (1:1) Choose IP address type Can be dynamic (DHCP) or statically assigned Choose IP pool for static IPs Choose Port Profile Classification Policy (QoS, Security, Monitoring) A Classification refers to a Port Profile 73

Publishing Logical Networks Nexus 1000V VSM publishes Logical Networks to SCM 74

Add a host (VEM) to Nexus 1000V Configure Logical switch & Uplink on one or more Physical adapters Select Fabric tab Select the host Right-Click for Properties Select Virtual Switches For each uplink, select N1KV as the logical switch & the uplink port-profile 75

Add a Veth to a host (N1KV VEM) Configure Logical switch & Uplink on one or more Physical adapters Select & Services tab Select the host Select the Right-Click for Properties Select Hardware Configuration Select Network Adapters Select Network and Logical Switch 76

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Update Cisco Nexus 1000V for Hyper-V Nexus 1000V/Hyper-V architecture Overview Design Consistency across hypervisors VSM VSM SCM Networking Concepts Nexus 1000V Integration with SCM Deploying Nexus 1000V for Hyper-V Demo Cisco Nexus 1000V for K Resources Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 77

Demo Topology Employee Win 2012 Hyper-V Contractor Nexus 1000V VEM Web Server Win 2012 Hyper-V Nexus 1000V VEM Configure the port-profiles so that web-server access is restricted: Employee can access Contractor is restricted NAM (or any other monitoring tool) can be configured to analyze the -to- traffic using ERSPAN on N1KV. Nexus 1000V VSM NAM 78

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Update Cisco Nexus 1000V for Hyper-V Nexus 1000V/Hyper-V architecture Overview Design Consistency across hypervisors SCM Networking Concepts Nexus 1000V Integration with SCM Deploying Nexus 1000V for Hyper-V Demo What is new with v1.5.2? Cisco Nexus 1000V for K Resources VSM VSM Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 80

What is new with N1KV/Hyper-V v1.5.2? R2 support, VSG with -attributes, multi-hypervisor licensing Support for Windows Server 2012 R2 Additional PowerShell Commands Multi-hypervisor Licensing VSG/PNSC support for and Custom attributes 81

What is new with N1KV/Hyper-V v1.5.2? New REST-APIs & PowerShell Commands CRUD Operations for User-creation To Create/Read/Update/Delete VSM user account information Get-User, New-User, Set-User, Remove-User Managing SPAN & ERSPAN sessions To Create/Read/Update/Delete SPAN/ERSPAN session information Get-Session, New-Session, Set-Session, Remove-Session CRUD operations for port-profiles To Create/Update/Delete port-profiles New-PortProfile, Set-PortProfile, Remove-PortProfile 82

What is new with N1KV/Hyper-V v1.5.2? Multi-hypervisor Licensing Before v1.5.2 Separate Advanced Licenses for each hypervisor version Licenses for one hypervisor won t work on other hypervisors After v1.5.2 Existing N1KV Licenses can be used for N1KV/Hyper-V If you already bought N1KV/Hyper-V, we will issue new universal licenses 83

What is new with N1KV/Hyper-V v1.5.2? Virtual Security Gateway with support for & Custom attributes Rule Source Destination Action Condition Condition Condition Attribute Type Network User Defined vzone Condition Match Criteria Match All (And) Match Any (Or) Attributes Name Guest OS name Port Profile Name DNS Name Network Attributes IP Address Network Port Operator eq neq gt lt Operator member Not-member Contains And (Global Level) range Or (Global Level) Not-in-range Prefix 84

Virtual Security Gateway use-case Secure zoning using attributes Database Servers Dev Servers Exchange Servers QA Servers Training Servers R&D Servers If vm-name contains TRNG, that belongs to TRNG zone Source Destination Protocol Action Zone=TRNG Zone=TRNG Any Permit Any Zone=TRNG Any Permit Zone=TRNG Any Any Drop 85

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Update Cisco Nexus 1000V for Hyper-V Cisco Nexus 1000V for K VSM VSM Resources Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 86

Cisco Nexus 1000V for K Integration with K & OpenStack Nexus 1000V VEM OpenStack Controller Nova Service Other Services Horizon Service Cloud Admin Neutron Service Server Nexus 1000V VSM Network Admin 87

Cisco Nexus 1000V for K Expand Cisco Nexus 1000V support to K Tight Integration with OpenStack Neutron Service Integration Deployment Integration REST-APIs VXLAN Support Without IP multicast Ease VXLAN deployment Highly Scalable Platform 88

Cisco Nexus 1000V for K OpenStack Nexus 1000V Neutron Plug-in REST API Nexus 1000V VXLAN VLAN Gateway Physical (VLAN) Network ASA 1KV VSG K ASA 55xx vwaas Virtual Services Tenant 1 Tenant 2 Tenant 3 Virtual Workloads Physical Workloads 89

Neutron Architecture Clients Neutron Service Backend Networks Physical and Virtual 91

Basic Neutron Abstractions & APIs Networks Create, Delete, Update List, Show Neutron Subnets Create, Delete, Update List, Show Ports Create, Delete, Update List, Show 92

What is new with N1KV/ESX? 93

Cisco Nexus 1000V for ware vsphere? What is new in v2.2? Increased Scale Simplified VXLAN Deployment VXLAN Gateway 128 hosts 300 ports per host 4000+ ports per VSM No IP-multicast requirement VSM distributes relevant VXLAN info to all VEMs Flooding avoidance through MAC distribution Head-end replication to reduce broadcast traffic Seamless integration with Physical network (VXLAN to VLAN bridging) Hosted as a on any ESX host Support for hi-availability (active/standby) 94

Citrix NetScaler 1000V in Cloud Services Portfolio vpath Nexus 1000V Any Hypervisor Citrix NetScaler 1000V Citrix Best-in-Class virtual application delivery controller (vadc) Sold and supported by Cisco Integrated with Nexus 1110/1010, vpath Cisco Cloud Network Services (CNS) Citrix NetScaler 1000V Prime virtual NAM Imperva SecureSphere WAF Virtual Security Gateway VSM VSM DCNM* VSM = Virtual Supervisor Module DCNM = Data Center Mgt. Center Nexus 1110 Cloud Services Platform 100

Citrix NetScaler 1000V with vpath 1 App Tier 6 DB Tier 5 4 Virtual Services Cisco vpath vpath Cisco Data vpath 3 Hypervisor Hypervisor 2 With vpath there is no Source NAT required on SLB to receive return traffic. NetScaler 1000V dynamically inserts flow entry in vpath Supports Use Source IP without Application changes 101

Agenda Cisco s Virtual Networking Vision Cisco Nexus 1000V Portfolio Update Cisco Nexus 1000V for Hyper-V Cisco Nexus 1000V for K VSM VSM Summary & Resources Reference Solutions Webinars Deployment Guides, Cheat Sheets Cloud Network Services NetScaler VSG ASA1000V vwaas NAM CSR 1000V vpath Cisco Nexus 1000V 102

Cisco Virtual Networking Solution Summary Multi Hypervisor Multi-Service Multi-Cloud Powered by Nexus 1000V ware vsphere WS 2012 Hyper-V K & others VSG, ASA1000V vwaas, CSR Ecosystem Partners vcloud Director SCM, Openstack InterCloud Validated Designs Converged Infrastructure Virtual Desktop DC to DC Migration DC-wide Mobility Secure Multi-tenancy Private & Public Clouds Consistent Feature-set Consistent Network Services Consistent Operational Model Reduced time to deploy Reduced Risk Investment Protection 103

Reference Solutions With Nexus 1000V, Nexus 1010, VSG & vwaas vblock with Nexus 1000V; Vblock with VSG and vwaas FlexPOD with Nexus 1000V and Nexus 1010 Virtual Multi-tenant Data Center with Nexus 1000V Virtual Desktop 1000V and ware View 1000V and Citrix XenDesktop 1000V and VSG in VXI Reference Architecture Virtual Workload Mobility (aka DC-to-DC vmotion) Cisco, ware and EMC (with 1000V and VSG) Cisco, ware and NetApp (with 1000V and VSG) PCI 2.0 with Nexus 1000V and VSG 104

Additional N1KV/Hyper-V Resources Cisco Nexus 1000V for Microsoft Hyper-V: http://www.cisco.com/go/1000v/hyper-v Cisco Virtual Security Gateway: http://www.cisco.com/go/vsg Cisco Nexus 1000V Portfolio: http://www.cisco.com/go/1000v N1KV PowerShell: http://developer.cisco.com/web/n1k/hyperv N1KV Community Site: http://www.cisco.com/go/1000vcommunity Cisco-Microsoft Partnership: http://www.cisco.com/go/microsoft 105

Additional Nexus 1000V Portfolio Resources CCO Links 1000V: www.cisco.com/go/1000v 1010: www.cisco.com/go/1010 VSG: www.cisco.com/go/vsg VNMC: www.cisco.com/go/vnmc vwaas: www.cisco.com/go/waas NAM on 1010: www.cisco.com/go/nam White papers: Nexus 1000V and vcloud Director N1K on UCS Best Practices Nexus 1000V QoS White paper (draft) VSG and vcloud Director (draft) vwaas Technical Overview, vwaas for Cloud-ready WAN Optimization Cheat Sheets Nexus 1010 Configuration Cheat Sheet v.2.0 https://communities.cisco.com/docs/doc-28188 Nexus 1000V with UCS Configuration Cheat Sheet v.1.1 https://communities.cisco.com/docs/doc-28187 More on the way Deployment Guides Nexus 1000V Deployment Guide Nexus 1000V on UCS Best Practices Nexus 1010 Deployment Guide VSG Deployment Guide My Cisco Community: www.cisco.com/go/1000vcommunity 106

Cisco Cloud Lab Hands On Training & Demos Hands on labs available for Nexus 1000V and VSG in Cloud Lab https://cloudlab.cisco.com Open to all Cisco employees Customers/Partners require sponsorship from account team for access via CCO LoginID Extended duration lab licenses for 1000V and VSG are available upon request 107

Additional Nexus 1000V Public Links N1K Download and 60-day Eval: www.cisco.com/go/1000vdownload N1K Product Page: www.cisco.com/go/1000v N1K Community: www.cisco.com/go/1000vcommunity N1K Twitter www.twitter.com/official_1000v N1K Webinars: www.cisco.com/go/1000vcommunity N1K Case Studies: www.tinyurl.com/n1k-casestudy N1K Whitepapers www.tinyurl.com/n1k-whitepaper N1K Deployment Guide: www.tinyurl.com/n1k-deploy-guide VXI Reference Implementation: www.tinyurl.com/vxiconfigguide N1K on UCS Best Practices: www.tinyurl.com/n1k-on-ucs-deploy-guide 108

Call to Action Visit the World of Solutions:- Cisco Campus Walk-in Labs Technical Solutions Clinics Meet the Engineer Lunch Time Table Topics, held in the main Catering Hall Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/clmilan2014 109

Complete Your Online Session Evaluation Complete your online session evaluation Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt 110

IP Pools in SCM

Microsoft SCM Networking Concepts IP Pools Who does IP Address Management? Who decides on IP address ranges? Network admin SCM admin Who allocates IP Addresses? DHCP Server as part of network infrastructure SCM as part of creation and replication 113

Microsoft SCM Networking Concepts IP Pools - Address Ranges Chosen and Allocated by an external DHCP Server Clients Servers #nsm ip pool template name my-dhcp-pool description Pool for DHCP segments dhcp #nsm network segment mydhcpnet1 ip-pool my-dhcp-pool mydhcpnet1 DHCP Server #nsm network segment mydhcpnet2 ip-pool my-dhcp-pool 114

IP Pools Created for SCM by Nexus 1000V IP Ranges Chosen by Nwk Admin, Individual IP Addresses allocated by SCM # nsm ip pool template DMZ_POD1_Pool1 Ip address 10.10.11.2 10.10.11.254 subnet-mask 255.255.255.0 gateway 10.10.11.1 dns-servers 192.168.1.2 #nsm network segment DMZ_POD1_SUBNET1 ip pool import template DMZ_POD1_Pool1 115

IP Pools Created and Allocated by SCM IP Address Ranges Chosen and Allocated by Server Admin # network-segment mysubnet1 # <no reference to ip-pool> 116