Network Virtualization

Similar documents
Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Virtualized Access Layer. Petr Grygárek

Module 5: Cisco Nexus 7000 Series Switch Administration, Management and Troubleshooting

Virtual Security Gateway Overview

Exam Name: VMware Certified Associate Network Virtualization

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Cisco Data Center Network Manager 5.1

Data Center Interconnect Solution Overview

Cisco Virtual Networking Solution for OpenStack

Datacenter Network Infrastructure

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Cisco Configuring Cisco Nexus 7000 Switches v3.1 (DCNX7K)

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13

Syllabus. Cisco Certified Design Professional. Implementing Cisco IP Routing

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Network+ Guide to Networks 7 th Edition

Multi-site Datacenter Network Infrastructures

Configuring Cisco Nexus 7000 Series Switches

Nexus 1000V in Context of SDN. Martin Divis, CSE,

Frequently Asked Questions for HP EVI and MDC

Massimiliano Sbaraglia

Table of Contents HOL-PRT-1305

Cloud Networking (VITMMA02) Server Virtualization Data Center Gear

Hypervisors networking: best practices for interconnecting with Cisco switches

Designing Cisco Data Center Unified Computing

1V0-642.exam.30q.

Cisco Exam Questions & Answers

Cisco Nexus 1000V on HP BladeSystem

Agenda Registration & Coffee

Exam Questions

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

Vendor: Cisco. Exam Code: Exam Name: Designing Cisco Data Center Unified Fabric (DCUFD) Version: Demo

ANALYSIS OF VIRTUAL NETWORKS IN DATA CENTERS.

vcenter Operations Management Pack for NSX-vSphere

Q&As DCID Designing Cisco Data Center Infrastructure

Cisco HyperFlex Systems

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

vsphere Networking for the Network Admin Jason Nash, Varrow CTO

ARISTA DESIGN GUIDE Data Center Interconnection with VXLAN

CCIE Data Center Written Exam ( ) version 1.0

Lecture 7 Advanced Networking Virtual LAN. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

CCNA Routing & Switching

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Chapter 5. Enterprise Data Center Design

Cisco ACI and Cisco AVS

Cisco Certdumps Questions & Answers - Testing Engine

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

VMWARE SOLUTIONS AND THE DATACENTER. Fredric Linder

Lecture 8 Advanced Networking Virtual LAN. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS

VXLAN Overview: Cisco Nexus 9000 Series Switches

Data Center 3.0 Technology Evolution. Session ID 20PT

Provisioning Overlay Networks

Security and Virtualization in the Data Center. BRKSEC Cisco Systems, Inc. All rights reserved. Cisco Public

Cisco Nexus 1000V Switch for Microsoft Hyper-V

vrealize Operations Management Pack for NSX for vsphere 2.0

Session objectives and takeaways

vnetwork Future Direction Howie Xu, VMware R&D November 4, 2008

Question No : 1 Which three items must be configured in the port profile client in Cisco UCS Manager? (Choose three.)

Cisco HyperFlex Systems

Hochverfügbarkeit in Campusnetzen

Network Design Considerations for VMware Deployments. Koo Juan Huat

Cisco ACI Virtual Machine Networking

Data Center Networks: Virtual Bridging

"Charting the Course... TSHOOT Troubleshooting and Maintaining Cisco IP Networks Course Summary

WCCP Network Integration with Cisco Catalyst 6500: Best Practice Recommendations for Successful Deployments

Networking in Virtual Infrastructure and Future Internet. NCHC Jen-Wei Hu

vsphere Networking Update 1 ESXi 5.1 vcenter Server 5.1 vsphere 5.1 EN

ASM Educational Center (ASM) Est. 1992

Virtualization Design

"Charting the Course... Troubleshooting Cisco Data Center Infrastructure v6.0 (DCIT) Course Summary

Windows Server System Center Azure Pack

VMware vsphere with ESX 4.1 and vcenter 4.1

Interconnecting Cisco Networking Devices Part 2 (ICND2) Course Overview

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Cisco Nexus 1000V InterCloud

vsphere Networking Update 2 VMware vsphere 5.5 VMware ESXi 5.5 vcenter Server 5.5 EN

Get the skills to maintain your networks and to diagnose and resolve network problems quickly and effectively.

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems

Cisco Nexus 1000V Getting Started Guide, Release 4.2(1) SV1(4a)

BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK

CISCO EXAM QUESTIONS & ANSWERS

Architecture and Design of VMware NSX-T for Workload Domains. Modified on 20 NOV 2018 VMware Validated Design 4.3 VMware NSX-T 2.3

Implementing VXLAN in DataCenter

Cisco Exam Questions & Answers

Interconnecting Cisco Network Devices: Accelerated

Cisco ACI with Cisco AVS

Building Cisco Multilayer Switched Networks (BCMSN)

Cisco Virtual Security Gateway Deployment Guide VSG 1.4

IPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX. Jeremy Duncan Tachyon Dynamics

lecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00

UCS - the computing vision that boosts your business

Pluribus Data Center Interconnect Validated

Cisco Nexus 1100 Series Virtual Services Appliances

Networking for Enterprise Private Clouds

Implementing Cisco IP Routing ( )

Cisco ACI Virtual Machine Networking

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cisco ACI Virtual Machine Networking

Transcription:

Network Virtualization Petr Grygárek 1

Traditional Virtualization Techniques

Network Virtualization Implementation of separate logical network environments (Virtual Networks, VNs) for multiple groups on shared physical infrastructure Total separation between groups have to be guaranteed assignment of user to VN may depend on authentication Independent address spaces and routing domains Well-defined and controllable ingress/egress points for data transport Methods of controlled collaboration between VNs or between VN and shared resources (e.g. Internet connection) may be defined May be potentially extended over (virtualized) WAN 3

What can/have to be Virtualized? Network devices Control plane, data plane, management plane Including virtual devices in capacity hosts Network transport (links) L2/L3 VPN technologies Network services DHCP, AAA, including handling of security policies Servers (workload) Virtualized access links 4

Policies in Traditional Networks Security (and other) policies implied by physical location location in the (logical) network topology with regard to physical firewall interfaces applicable only if user groups are physically separated or using widespread VLANs 5

Today s Policy Requirements (1) Users from different groups coexists on the same physical location employees + in-house consultants in employee premises employees+guests+3rd party staff in physical meeting room isolated intelligent building subsystem User s policies independent on user s current location network attachment policy roams with user Operation of virtual teams shared (temporary) virtual networking environment accessible to virtual team members only 6

Today s Policy Requirements (2) The same (shared) physical device may get different privileges depending on actual user that logged in and OS status Policy assignment/configuration based on result of authentication process (authorization) Quarantine subnet for infected/non-patched/policy-noncompliant computers Restriction of network resources access to fulfill legal regulations Health and insurance data, financial data, Service centralization (for multiple customers) Firewall, anti-spam, anti-virus, IDS/IPS, load-balencer, 7

Traditional Transport Separation Methods Traffic filtering (access lists) Have to be implemented (consistently) in all network parts Non-uniform locally significant information (addresses) used as filtering criterion Policy-based routing Static routing with additional constraints Source interface, source address etc. 8

Transport Virtualization 802.1q, QinQ Colored routed packets (DSCP, etc.) MPLS, MPLS VPN L2TPv3 PseudoWires, VPLS GRE IPSec 9

Device Virtualization (1) Management plane virtualization Multiple logical partitions separated from administration perspective Common data plane (HW) Common/separated control plane (if any) 10

Device Virtualization (2) Control plane structures/forwarding table virtualization VRFs virtual routers + VRF-aware routing protocols / multi-topology routing VLANs/VFIs virtual switches 11

Device Virtualization (3) Virtual device contexts (VDCs) Process-level (para)virtualization often Linux-kernel-based virtual device contexts (VDCs) acts as failure domain Process crash cannot influence other VDCs Resource virtualization (hypervisor level) CPU, memory, TCAMs, peripherials, VDC resource consumption limits should be defined for shared resources (e.g. memory) Dedicated resources (e.g. physical ports) have to be assigned to particular VDC Global resources (e.g. HW-assisted broadcast storm control) 12

Device Pooling/Clustering Multiple routers with FHRP VRRP, HSRP, GLBP Normally on user side only Sometimes also for returning traffic Datacenter ladder Device Stacking Solution like Cisco VSS, vpc etc. Uses Multichassis EtherChannel No special config on subordinate device side Reduces STP complexity Limits number of routing adjacencies 13

An example: Fully overlaid VNs using VLANs and VRFs Pros and cons from configuration & operation perspectives 14

Advantages of Network Virtualization Lower number of physical devices Lower cost, less space consumption, lower power/cooling requirements Multiple (virtualized) devices with separate roles and simpler configurations Possibility to keep known good scalable, stable and secure designs (e.g. 3-tier model) Better predictable data paths Limits security concerns Less risk of unexpected software behaviour because of unusual or too complicated config Easier to manage 15

Virtualizing complete network infrastructures

Virtualizing network infrastructures - one kind of SDN Instant deployment Operation flexibility, easy upgradeability Same advantages as apply for generic workload VMs Server and application admins are not dependent on stupid networking guys anymore ;-)) and may start to create their own uncontrolled and very inefficient mess...

Interconnection with Virtualized Hosts VMWare servers hosting multiple virtual machines Servers often act as capacities for VMs that may migrate between hosting servers VM migration based on human command or automatic load-balancing and power-saving mechanisms Manual operation: capacity server maintenance, disaster recovery,... Network connectivity and security policies have to be moved with VM as needed Results in requirement to span all (user) VLANs over the whole datacenter access/aggregation layer ALS/DLS platforms have to have reasonable limits on numbers of supported VLANs and STP instances 18

Virtualized Switches on VM-Hosting Platforms Associate VMs virtual NICs with VLANs Accomplishes local switching + provides external connectivity (trunk) Multiple trunk lines may act separately by pinpointing each virtual NIC to one particular line or link aggregation may be used Virtualized SW resides between VM and physical uplink One or multiple vswitch instances per hypervisor also 3rd party vswitches implemented using VMWare vswitch API may also implement vendor-specific function which is useful for consistent capabilities over all network devices Additional tier in traditional tiered DC model Managed either by server management personnel or NOC (need to be in cooperation) May support EtherChannel (LACP), (R)STP, CDP, Configured from hosting server console or externally Using various vendor s CLI (e.g. Cisco Nexus 1000V virtual switch) 19

Distributed Virtual Switch (e.g. Nexus1000V by VMWare + Cisco) Avoids a need to configure dozens of separate vswitches Separate data planes (virtual switch modules), common control plane (virtual switch controller + VMWare VCenter) Network connectivity managed on ESX cluster level Support for datapaths shortcut and diverting traffic to virtualized services vpath technology 20

Cisco Virtual Network Link (VN-Link) Logical link between vnic on VM and VN-Link enabled physical switch Logical equivalent to cable between NIC and ALS port ALS Virtual Ethernet (veth) interfaces that corresponds to connections to individual vnics are dynamically created veth maintain network configuration and state for a given virtual interface even if VM moves between servers port statistics, 802.1x state, ACLs, NetFlow, SPAN sessions, 21

Network Interface Virtualization Extends vnics to external hardware switch No local switching Virtual hosts handled the same way as physical ones vswitch replaced by interface virtualizer Attached VNTag uniquely identifies individual vnic NIV standard proposal: http://www.ieee802.org/1/files/public/docs2008/newdcb-pelissier-nic-virtualization-0908.pdf. 22

VxLANs 4k of traditional VLANs is not sufficient for multitenant DC implementations VxLANs = virtualization of VLANs using L3 overlay UDP tunnels between VxLAN-capable hypervisors Extended VLAN ID VxLAN GW to traditional network translated to legacy VLANs Some solution use some sort of GRE instead 23

Virtualization Cons Maintaining separate networks may increase availability in some cases, if there are no other production-processoriented dependencies Tighter coordination between server and network teams have to be set up More complex system operation more difficult to troubleshoot 24

Virtualization and Network Resiliency Virtualization is NOT a method to increase network resiliency although having redundant virtualized device context on different physical devices can be a way to do it Care must be taken not to compose redundant solutions from (virtual) components virtualized on the same physical resource network processor, cable, 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback