TWIPD – Cloud Computing Part II : Virtualization Technology Orson Yang (楊瑾瑜) 台灣思科網路學會議評會 March-22-2013

Virtualization VMware vSphere Cisco Nexus 1000V Cisco CloudLab Agenda

Virtualization

雲端運算服務特徵 根據美國國家標準和技術研究院的定義, 雲端運算服務應該具備以下特 徵： 雲端運算服務怎麼達成這些目標？ 隨需自助服務。 隨時隨地用任何網路裝置存取。 多人共享資源池。 快速重新佈署靈活度。 可被監控與量測的服務。 一般認為還有如下特徵： 基於虛擬化技術快速部署資源或獲得服務。 減少使用者終端的處理負擔。 降低了使用者對於IT專業知識的依賴。 雲端運算服務怎麼達成這些目標？ 為什麼在雲端計算中, 虛擬化是關鍵的基礎?

Cisco Domain Ten Cisco 為了簡化資料中心和雲端轉型提出的10項領域的框架

軟體定義資料中心 (Software-Defined Data Center) 軟體定義資料中心 (SDDC) - 資料中心所有的基礎建設都能虛擬化，而 能用軟體進行自動化的佈署，提供 Data Center as a Service。 圖片來源 : Torsten Wolk 先生發表在 EMA Blog http://blogs.enterprisemanagement.com/torstenvolk/2012/08/16/softwaredefined-datacenter-part-1-4-basics/

軟體定義資料中心的核心元件 為達成自動化的目標，SDDC需要把資料中心的三項基礎建設虛擬化 伺服器虛擬化 網路虛擬化 儲存虛擬化 圖片來源 : Torsten Wolk 先生發表在 EMA Blog http://blogs.enterprisemanagement.com/torstenvolk/2012/08/22/softwaredefined-datacenter-part-2-core-components/

伺服器虛擬化 藉由虛擬機系統 (Hypervisor) 及虛擬機管理軟體 (VMM – Virtual Machine Manager)，在實體伺服器上建立虛擬機 (VM – Virtual Machine)，以達到運算資 源彈性調度的目標。 虛擬化分類 完全虛擬化：幾乎完整模擬真實硬體，允許軟體 (Guest OSs) 可以不需要修改，就能在VM上運 行。 WMware vSphere Server, Microsoft Hyper-V Server 部分虛擬化：只模擬部分硬體環境，軟體要經過修改才能在VM上運行。 準虛擬化：沒有做任何硬體模擬，而是讓軟體在個別的隔離領域執行。 Citrix Xen Server, KVM 利用CPU和晶片組特別的設計，來提昇硬體虛擬化效能的技術稱為－硬體輔助虛擬 化。

軟體虛擬化技術 由 Hypervisor 攔截轉換來自VM Guest OS的特權指令 (例如由真實模 式切換成保護模式)，敏感暫存器指令 (例如改寫中斷暫存器)，保護系 統指令 (例如改寫保護記憶體區段)，進行轉換模擬，以提供Guest OS 不需修改就能執行的VM。 限制 – VM不支援64位元Guest OS 在沒有硬體輔助虛擬化環境下，能以純軟體虛擬化運作的Hypervisor VMware Workstation Microsoft/Connectix Virtual PC Oracle/Sun VirtualBox Xen

硬體輔助虛擬化 CPU 晶片組 網路卡 提供延伸功能，讓特權指令不需經由 Hypervisor 攔截轉換，提昇效能。 記憶體管理單元提供延伸分頁表 (EPT) ，讓VM可以安裝64位元Guest OS。 AMD virtualization (AMD-V) Intel Virtualization Technology (VT) 晶片組 提供記憶體及I/O虛擬化，讓VM可以直接進行 DMA 或中斷呼叫。 AMD I/O Virtualization Technology (AMD-Vi) Intel Virtualization Technology for Directed I/O (VT-d) 網路卡 Intel 乙太網路卡提供網路連接虛擬化 (VT-c)

圖片來源 : WIKIPEDIA - http://en.wikipedia.org/wiki/Hypervisor Hypervisor 分類 依是否能直接安裝在裸機上運行 Type 1 (Bare-Metal hypervisor) – 能直接安 裝在裸機上運行 VMware vSphere Server (ESXi Server)， Microsoft Hyper-V Server，Citrix Xen Server， KVM，Oracle Virtual Iron… Type 2 (Hosted hypervisor) – 要安裝在 Windows，Mac OS或Linux等系統下 VMware Workstation/Fusion/Virtual Server， Microsoft Virtual PC/Server，Oracle VirtualBox， Parallels Desktop… 圖片來源 : WIKIPEDIA - http://en.wikipedia.org/wiki/Hypervisor

網路虛擬化 Internal network virtualization – 由Hypervisor在Server內運行 虛擬網卡 虛擬交換機 (Cisco Nexus 1000V) 虛擬防火牆 虛擬負載平衡 … External network virtualization – 由網路設備提供 Virtual LAN (VLAN), Private VLAN Virtual Port-Channel (vPC) First Hop Redundant Protocol (FHRP e.g. HSRP, VRRP…) Virtualized Access Switch

Virtual Port-Channel (vPC) Before vPC STP blocks redundant uplinks VLAN based load balancing Loop Resolution relies on STP Protocol Failure   With vPC No blocked uplinks EtherChannel load balancing (hash) Loop Free Topology Lower oversubscription Primary Root Secondary Root    

FHRP HSRP active process communicates the active MAC to its neighbor Only the HSRP active process responds to ARP requests HSRP active MAC is populated into the L3 hardware forwarding tables, creating a local forwarding capability on the HSRP standby device

FEX-Link : Virtualized Access Switch Fabric Extender Cisco Nexus® 7000 Cisco Nexus® 5500 + + Distributed High Density Edge Switching System (up to 4096 virtual Ethernet interfaces) Cisco Nexus® 2000 FEX Cisco Nexus® 2000 FEX

Virtualized Access Switch De-Coupling of the Layer 1 and Layer 2 Topologies Simplified Management Model, plug and play provisioning, centralized configuration Line Card Portability (N2K supported with Multiple Parent Switches – N5K, 6100, N7K) Unified access for any server (100M1GE10GE FCoE): Scalable Ethernet, HPC, unified fabric or virtualization deployment Virtualized Switch . . . 16

資料來源 : WIKIPEDIA - http://en.wikipedia.org/wiki/Storage_virtualization 儲存虛擬化 Storage systems may use virtualization concepts as a tool to enable better functionality and more advanced features within and across storage systems. Primary types of virtualization Block virtualization used in this context refers to the abstraction (separation) of logical storage (partition) from physical storage so that it may be accessed without regard to physical storage or heterogeneous structure. This separation allows the administrators of the storage system greater flexibility in how they manage storage for end users. File virtualization addresses the NAS challenges by eliminating the dependencies between the data accessed at the file level and the location where the files are physically stored. This provides opportunities to optimize storage use and server consolidation and to perform non-disruptive file migrations. 資料來源 : WIKIPEDIA - http://en.wikipedia.org/wiki/Storage_virtualization

Block virtualization Key Benefits Mobility — Achieve transparent mobility and access in and across a data center. Scalability — Start small and grow larger with predictable service levels. Performance — Improve IO performance and reduce storage array contention with advanced data caching. Automation — Automate sharing, balancing, and failover of I/O across data centers. Resiliency — Mirror across arrays without host impact and increase high availability for critical applications. 資料來源 : EMC - http://www.emc.com/solutions/business-need/virtualizing-information-infrastructure/block-storage-virtualization.htm

File virtualization Key Benefits Capacity management - Find and resolve capacity issues, and balance storage utilization. File management - Automatically identify and archive static files based on policies - to reduce TCO and streamline backup and recovery. Global namespace management - Centralize management and synchronization of namespace services across distributed Windows and Unix environments — enabling multiple file systems to appear as a single virtual file system. Migration and consolidation - Enable administrators to move files transparently without affecting end users or applications. Performance management - Identify and address bottlenecks and hotspots. Tiered storage management - Use frequency-of-access data to identify unstructured data for relocation to lower-cost, near-line storage. 資料來源 : EMC - http://www.emc.com/solutions/business-need/virtualizing-information-infrastructure/file-virtualizations.htm

Common Physical Infrastructure Orchestration and Management Software Cloud Building Blocks Common Physical Infrastructure Network Services Data Centre Fabric Pod Virtualized Resources Compute Network Storage Virtualization Manager Compute Network Orchestration and Management Software Orchestration Engine User Portal & Service Catalog Server Provisioner 當資源虛擬化後，才能用完全用軟體達成資源統一管理和終端使用者自助的目標

WMware vSphere

VMware vCloud Suite Components Product Function vSphere Virtualized infrastructure with policy-based automation vCloud Director Virtualized datacenters with multi-tenancy and public cloud extensibility vCloud Connector Integrated viewing and dynamic transfer of workloads between private and public clouds. vCloud Networking and Security Software defined networking, security, and ecosystem integration vCenter Site Recovery Manager Automated disaster recovery planning, testing, and execution vCenter Operations Management Suite Integrated, proactive performance, capacity, and configuration management for dynamic cloud environments. vFabric Application Director Multi-tier application service catalog publishing and provisioning vCloud Automation Center Self-service and policy-enabled cloud service provisioning. VMware vSphere 是 VMware Cloud Computing 產品線, infrastructure virtualization 的基礎平台

VMware vSphere Architecture Vmware vSphere 平台由安裝於主機的 – VMware vSphere Hypervisor - ESXi 加 上 VMware vCenter Server 中控平台以及管理者端的 VMware vSphere Client 組 合而成。

VMware vSphere 功能 運算 - 將 x86 伺服器資源虛擬化並集結成邏輯集區，分配給多重工作負載。 vSphere ESXi - 提供健全、通過生產測試的高效能虛擬層，能夠擷取伺服器硬體資源並讓多部 虛擬機共用這些資源。 DRS -自動平衡主機間的負載，依據業務優先順序分配運算資源。 在低負載期間關閉主機，藉 此達到電源消耗最佳化。 vMotion -在主機間移轉執行中的虛擬機，可以在預計伺服器維護期間內免除應用程式停機時間。 網路 - vSphere 虛擬網路連線提供虛擬環境所需的網路服務，並可以簡化控制與管 理作業。 網路 I/O 控制 - 依據已建立的企業規則制訂網路資源存取的優先權。 分散式交換器 - 透過資料中心廣泛的網路彙整功能集中化網路佈建、管理和監控網路。

VMware vSphere 功能 儲存 - 儲存服務從複雜的後端儲存系統抽離，因此可以讓虛擬環境獲得最高的儲存 利用率。 。 Storage DRS - Storage DRS 會依據 I/O 延遲時間和儲存容量，智慧分配虛擬機並採用負載平 衡機制。 設定檔導向儲存 - 依據使用者定義的原則將儲存裝置分組，藉此減少選擇儲存資源時的步驟。 Storage vMotion - 執行主動卻不停止作業的儲存移轉，消除虛擬機儲存 I/O 的瓶頸並釋放寶 貴的儲存容量。 儲存 I/O 控制 - 持續監控儲存磁區的 I/O 負載，安排儲存裝置的存取優先權，並依據業務需求 動態分配可用的 I/O 資源給虛擬機。 VMFS - 運用專為虛擬機最佳化的高效能叢集檔案系統，簡化虛擬機佈建與管理作業。 儲存 Thin Provisioning - 透過實體儲存容量的動態配置及智慧佈建，大幅提升虛擬機儲存利用 率。 儲存 API - 強化儲存感知能力、資料保護以及陣列整合，並享有協力儲存廠商的多重路徑功能。

VMware vSphere 功能 安全性 - VMware 提供目前最健全且最安全的虛擬化平台。 vShield Endpoint - 將防毒 (AV) 功能的負載移轉至更強化的安全性虛擬機，以便在虛擬機中消 除 AV 佔用記憶體並提升 AV 掃描效能。 可用性 - 提升基礎架構整體的可用性，包括應用程式、儲存資源、基礎架構和管理。 High Availability - 為整個虛擬化 IT 環境提供高可用性，完全沒有傳統叢集解決方案所衍生的 成本或複雜性。 Fault Tolerance - 提供應用程式持續可用性，且在伺服器故障時不會造成任何資料遺失。 Data Protection - 透過快速的無代理程式備份至磁碟，搭配重複資料刪除功能，將備份資料所 佔用的磁碟空間降至最低。 Replication - 使用內建的 vSphere Replication，省去協力廠商複寫方案的成本。 零停機時間升級 VMware Tools - 升級至 5.1 版本所提供的VMware Tools 後，不需要重新開機 就可以進行後續的 VMwareTools 升級作業。

VMware vSphere 功能 自動化 - 自動化提供精確、一致且可重複的解決方案，節省 IT 管理員的時間和付 出。 Auto Deploy - 在數分鐘內完成 vSphere 主機的部署和修補。 主機設定檔 - 只需要建立設定檔一次，即可用來設定多部 vSphere 主機。 Update Manager - 透過 vSphere 主機以及應用程式和作業系統的自動追蹤、修補以及更新作 業，減少例行修繕所花費的時間。 管理 (搭載 vCenter Server) - vSphere Web Client - vSphere Web Client 全新的彈性健全介面簡化了 vSphere 的控制，包 括捷徑瀏覽、自訂標記、強化延展性，並可以透過內建 Internet Explorer 或 Firefox 的裝置，從 任何地方進行管理。 vCenter 單一登入 - 使用者只需要登入一次就可以存取 vCenter 的全部執行個體或層級，大幅 簡化 vSphere 的管理。 vCenter Orchestrator - Orchestrator 可以簡化 vCenter Server 工作流程引擎的安裝及設定作 業。

VMware vSphere Editions Standard Enterprise Enterprise Plus vCPU Entitlement 8-way 32-way 64-way Virtual Serial Port Concentrator  Storage APIs for Array Integration, Multipathing Distributed Resources Scheduler (DRS), Distributed Power Management (DPM) Storage I/O Control and Network I/O Control Distributed Switch Host Profiles and Auto Deploy   Storage DRS and Profile-Driven Storage Single Root I/O Virtualization (SR-IOV) Support Price (for 1 Processor) US$995 US$2,875 US$3,495

VMware vSphere Hypervisor - ESXi

VMware vSphere Client connect ESXi Host

VMware vCenter Server 功能

VMware vCenter Server 功能 部署選項 vCenter Server Appliance (vCSA) - 使用以 Linux 為基礎的虛擬應用裝置，迅速地部署 vCenter Server 與管理 vSphere。 集中式控制與能見度 vSphere Web Client 可以從世界各地的任何瀏覽器啟用管理 vSphere 的基礎功能。 監視清單搜尋功能可讓您在 vCenter 的任何位置輕鬆掌控完整的 vCenter 監視清單，包括虛擬 機、主機、資料儲存區以及網路等項目。 透過 CIM SMASH 進行 硬體監控的功能，可以在主要硬體元件 (例如風扇、主機板和電源供應 器) 發生故障時發出警報，提供您整合的實體和虛擬伺服器運作狀況檢視能力。 儲存對應和報告功能，可以傳達儲存裝置使用、連線與組態的狀態資訊。可自訂的拓撲檢視能 讓您深入透視儲存基礎架構，同時協助您診斷並排解儲存方面的問題。

VMware vCenter Server 功能 主動管理 機設定檔能夠標準化並簡化 ESXi 主機組態的設定與管理。擷取已知、經驗證認可的組態藍圖 - 包括網路、儲存與安全設定 - 並部署到多部主機，簡化設定。 vCenter 單一登入 虛擬機資源管理。為同一部實體伺服器上執行的虛擬機配置處理器和記憶體資源。為 CPU、記 憶體、磁碟和網路頻寬建立最小、最大以及按比例分配的資源共用。當虛擬機正在執行時修改配 置。讓應用程式能夠動態取得更多資源，以符合尖峰效能。 動態資源配置。 vSphere DRS能夠持續監控各個資源集區的使用率，並依據能夠反映商務需求 以及不斷改變之優先順序的預先定義規則，在虛擬機之間明智地配置可用資源。 高效率的能源資源最佳化。vSphere Distributed Power Management持續監控 DRS 叢集中的 資源需求和耗電量。當叢集需要的資源較少時，它能整合工作負載，並讓主機進入待命狀態以減 少能源使用。當工作負載的資源需求增加時，DPM 便會將電力中斷的主機恢復為線上狀態，確保 符合服務層級。

VMware vCenter Server 功能 主動管理 透過 vSphere HA 自動重新啟動虛擬機 。提供容易使用且具成本效益的容錯移轉解決方案。 精密的存取控制。利用可設定的分層式群組定義和精密的權限來確保環境的安全性。 與 Microsoft Active Directory 整合。 以現有的 Microsoft Active Directory 驗證機制做為存取 控制的基礎。 自訂角色和權限。 以使用者定義的角色來提升安全性和彈性。VMware vCenter Server 可以建 立自訂角色，例如夜班操作人員或備份管理員等等。只要為使用者指定這些自訂角色，即可限制 虛擬機、資源集區和伺服器的完整監視清單存取權限。 稽核記錄。 維護一份記錄，記載重要的組態變更以及實施這些變更的系統管理員。將報告匯出， 以進行事件追蹤。 工作階段管理。搜索並於必要時終止 VMware vCenter Server 使用者工作階段。

VMware vCenter Server 功能 主動管理 修補程式管理。使用 VMware vSphere Update Manager，自動針對線上的 VMware ESXi 主 機和選定的 Microsoft 及 Linux 虛擬機進行掃描及修補作業，以確實遵循修補標準的規定。為離 線虛擬機進行安全修補作業，以減少環境中的安全性弱點，並在修補作業和復原前進行自動化快 照，縮短停機時間。將 VMware vSphere Update Manager 及 vSphere DRS 整合後，可以在零 停機時間的前提下完成 VMware ESXi 主機修補作業。 VMware vCenter Orchestrator(包含在內) 是功能強大的協調作業引擎，能簡化管理作業。您可 以利用其中立即可用的工作流程，或是透過簡單的拖放介面組合這些工作流程，來自動化 800 件 以上的工作。 VMware vCenter Operations Manager Foundation (包含在內) 提供深入的營運見解與能見度， 以達到 vSphere 基礎架構的效能與健康。 vCenter Server Heartbeat (分開銷售) 能夠延伸 vCenter Server 的可用性，以及透過 LAN 或 WAN 將管理伺服器和資料庫容錯移轉至待命伺服器之上。vCenter Server Heartbeat 能深入感 知所有 vCenter Server 元件，設定與部署也極為簡便。

VMware vCenter Server 功能 可延展並具擴充彈性的虛擬化管理平台 使用 vCenter Server 能夠 改善大規模管理作業，因為它的設計目標就是要處理最大型的 IT 環 境。vCenter Server 是 64 位元 Windows 應用程式，在延展性方面已有大幅改進。一個 vCenter Server 執行個體，便可管理多達 1,000 部主機和 10,000 部執行中的虛擬機。如果搭配連結模式， 您就能管理分佈於 10 個 vCenter Server 執行個體上多達 30,000 部的虛擬機。VMware HA 與 DRS 叢集最多可支援 32 部主機和 3,000 部虛擬機。 連結模式提供能夠橫跨多個 vCenter Server 執行個體的可延展架構與透明度，而角色、權限和 授權也會複製到整個基礎架構中，因此您可以同時登入、檢視並搜尋所有 vCenter Server 的監視 清單。 透過 Web 服務 API 整合系統管理產品，能夠保護您的投資並讓您自由選擇管理環境的方式。

VMware vCenter Server Editions Storage (Optional) PRODUCT TITLE WHAT’S INCLUDED LICENSE PRICE VMware vCenter Server Foundation VMware vCenter Server 5 Foundation for vSphere up to 3 hosts (Per Instance) US$ 1,495.00 VMware vCenter Server Standard VMware vCenter Server 5 Standard for vSphere 5 (Per Instance) US$ 4,995.00 PRODUCT TITLE WHAT’S INCLUDED LICENSE PRICE VMware vSphere Storage Appliance vSphere Storage Appliance US$ 3,495.00

VMware vSphere Client connect vCenter Server

Cisco Nexus 1000V

Cisco Nexus switching family Cisco Nexus 7000 Series modular datacenter switches Cisco Nexus 5000 Series Cisco Nexus 4000 Series Blade Switches Performance and Scalability Cisco Nexus 3000 Series Cisco Nexus 1000V Series Cisco Nexus 2000 Series Fabric Extenders (FEX) The Cisco Nexus Series switches are modular network switches designed for the data center. Cisco Systems introduced the Nexus Series of switches on January 28, 2008. The first chassis in the Nexus 7000 family is a 10-slot chassis with two supervisor engine slots and eight I/O module slots at the front, as well as five crossbar switch fabric modules at the rear. Beside the Nexus 7000 there are also other models in the Nexus range. All switches in the Nexus range run the modular NX-OS firmware/operating system on the fabric. NX-OS is an OS which has some high-availability features compared to the well-known Cisco IOS. This platform is optimized for high-density 10 Gigabit Ethernet. Cisco Nexus 1100 Virtual Services Appliance

Cisco Nexus 1000V for VMware vSphere

Virtual Ethernet Module (VEM) The Cisco Nexus 1000V Series VEM runs as part of the VMware ESX or ESXi kernel and replaces the VMware virtual switch (vSwitch). This level of integration helps ensure that the Cisco Nexus 1000V Series is fully aware of all server virtualization events, such as VMware vMotion and Distributed Resource Scheduler (DRS). The VEM takes configuration information from the VSM and provides advanced networking functions: quality of service (QoS) security features monitoring features.

Virtual Supervisor Module (VSM) The Cisco Nexus 1000V Series VSM controls multiple VEMs as one logical modular switch. Configuration is performed through the VSM and is automatically propagated to the VEMs. Instead of configuring soft switches inside the hypervisor on a host-by-host basis, administrators can define configurations for immediate use on all VEMs being managed by the VSM from a single interface.

Cisco Nexus 1000V Series Architecture Virtual Appliance Cisco Nexus 1100 Virtual Services Appliance Virtual ASA vWAAS VSG VSM VSM NAM VSG Primary VSM Secondary NAM VSG VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module vPath: Virtual Service Data-path VXLAN: Scalable Segmentation VSG: Virtual Security Gateway vWAAS: Virtual WAAS Virtual ASA: Tenant-edge security L3 Connectivity Virtual Supervisor Module (VSM) Network Analysis Module (NAM) Virtual Security Gateway (VSG) Data Center Network Manager (DCNM) Imperva SecureSphere Web Application Firewall (WAF) VEM-1 vPath VXLAN ESX or Hyper-V 3.0 Cisco Nexus 1000V Series Switches are virtual machine access switches that are an intelligent software switch implementation based on IEEE 802.1Q standard for VMware vSphere or Microsoft Hyper-V 3.0 environments running the Cisco® NX-OS Software operating system. Operating inside the VMware ESX or Microsoft Hyper-V 3.0 hypervisor, the Cisco Nexus 1000V Series supports Cisco VN-Link server virtualization technology to provide: Policy-based virtual machine connectivity Mobile virtual machine security and network policy Non-disruptive operational model for server virtualization and networking teams VEM-2 vPath VXLAN ESX or Hyper-V 3.0

Cisco Nexus 1000V Editions Features Essential (Free) Advanced Layer 2 switching: VLANs, private VLANs, VXLAN, loop prevention, multicast, virtual PortChannels, LACP, ACLs Yes Network management: SPAN, ERSPAN, NetFlow 9, vTracker, vCenter Server plug-in Enhanced QoS features Cisco vPath Security: DHCP Snooping, IP Source Guard, Dynamic ARP Inspection, Cisco TrustSec SGA support No Cisco Virtual Security Gateway Included Other virtual services (Cisco ASA 1000V, Cisco vWAAS, etc.) Available separately

Data Center Policy – Port Profiles Nexus 7000, 5500, 1000v Enables the application of common configuration across groups of ports A port-profile can inherit attributes from other port-profiles (nested profiles) A change to a port-profile automatically updates configuration of all member ports Any interface command available on a Nexus interface can be a part of a port-profile e.g. ACL, L3, VLAN, etc. foo Speed/Duplex 100 Mbps Full Duplex E2/1 E7/9 E11/4 port-profile foo speed 100 duplex full service-policy input xyz ip router ospf 300 area 0 ip ospf hello-interval 1 Interface e2/1,e7/9,e11/4 QoS Service Policy Input Layer 3 OSPF 300 OSPF Area 0 OSPF Hello 1s

Nexus 1000V Port Profiles – Common abstraction for physical and virtual Coordinated Management State between Network and Compute Coordinated Control Plane state between Network and Compute Transition to real time coordination between fabric and compute vCentre VSM n1000v(config)# port-profile WebServers n1000v(config-port-prof)# switchport mode access n1000v(config-port-prof)# switchport access vlan 100 n1000v(config-port-prof)# no shut VM #2 VM #3 VM #4

Cisco NX-OS Cisco NX-OS provides consistency across Cisco Nexus switches, Cisco MDS storage switches, and Cisco UCS networking elements Delivering the critical features for next-generation networks, Cisco NX-OS is designed around four pillars: Resiliency - highly secure, continuous operations, failure detection, fault isolation, self- healing, and hitless In Service Software Upgrade (ISSU) that helps reduce maintenance outages. Virtualization - enhances virtual machine portability and converges multiple services, platforms, and networks to reduce TCO. Efficiency - Operational tools and clustering technologies reduce complexity and offer consistent features and operations without compromising functionality. Extensibility - Cisco NX-OS is designed to scale current and future multi-processor hardware platform.

Cisco CloudLab

Cisco CloudLab Cisco CloudLab provides a dedicated cloudbased setup to for demonstrations and hands-on labs. Access to Cisco CloudLab requires a valid Cisco.com (CCO) account which can be obtained free of charge. You must have a Cisco employee as sponsor in order to access Cisco CloudLab. URL - http://cloudlab.cisco.com

Cisco CloudLab Lab List Cisco Nexus 1000V (2.1) - General Overview Nexus 1000V (1.5.1a) with L3 Mode (Pre-Configured) Attaching Virtual Machines to the Cisco Nexus 1000V, VMotion and Visibility, Policy-based Virtual Machine connectivity. Lab: Cisco Virtual Security Gateway (VSG) – Introduction Demo: Cisco Virtual Security Gateway (VSG)(Pre-Configured) Lab: Cisco Nexus 7000 - Introduction to NX-OS Lab: Cisco Overlay Transport Virtualization (OTV) Virtual Extensible LAN (VXLAN) (Pre-Configured)

Nexus 1000V Demo Objectives The goal of this lab is to give you a chance to receive hands-on experience with a subset of the features of the Cisco Nexus 1000V Distributed Virtual Switch (DVS). The Cisco Nexus 1000V introduces many new features and capabilities. This demo environment will give an overview of these features and provide the main concepts of the Nexus 1000V.

Lab Access This virtual lab is hosted in Cisco’s cloud‐based hands‐on and demo lab. Within this cloud you are provided with your personal dedicated virtual pod (vPod). You connect via RDP to a so‐called “control center” within this host and walk through the lab steps below. All necessary tools to complete this lab can be found in the “control center”. The username and password to access the Control Center of this vPod are listed below: User Name:VPOD\administrator Password:Cisco123

Lab Topology Your pod consists of: Two physical VMware ESX servers. They are called esx01.vpod.local and esx02.vpod.local. One VMware vCenter, reachable at vcenter.vpod.local via the vSphere client. One Cisco Nexus 1000V Virtual Supervisor Module, reachable at vsm.vpod.local via SSH. One pre‐configured upstream switch to which you do not have access to.

Device Access During this lab configuration steps need to be performed on the VMware vCenter as well as the Cisco Nexus 1000V Virtual Supervisor Module (VSM) within the CloudLab Virtual Pod. The VMware vCenter is accessible through the vClient application. The VSM is accessible through a SSH connection. Use the usernames and passwords listed below for accessing your vPod’s elements.

Current Deployment In this demo, the following has been provided: Nexus 1000V plug‐in registered to vCenter VEM binaries installed on both vSphere servers (esx01 and esx02) Added esx01.vpod.local and esx02.vpod.local as a VEMs (module 3 and module 4) The VSM as a VM is behind VEM module 3 In this demo you will: Walk through Nexus 1000V L3 environment vMotion a VM from one server to another

Walk through Nexus 1000V Environment Connect to the Cisco Nexus 1000V VSM Use the SSH client software called Putty can be found on the desktop of your vCenter host. It has been pre‐configured to connect to the correct VSM module vsm.vpod.local. Show Nexus 1000V Environment VLAN Information show vlan SVS Connection show svs connection The “svs connection” name VC is the communication configuration for the VSM to talk to the vCenter Server, utilizing the VSM plug-in installed in the vCenter Server itself. SVS Domain show svs domain The “svs domain” provides the Nexus 1000V domain of communication between the VSMs and VEM. Each Nexus 1000V instance requires a unique “Domain ID”.

Walk through Nexus 1000V environment Uplink (type Ethernet) port profile vminc0: Used for ESXi management and Vmotion show running-config port-profile mgmt-uplink vmnic1: Used for iSCSI storage access show running-config port-profile iscsi-uplink vmnic2 & vmnic3: Used for VM data traffic show running-config port-profile data-uplink vNIC (type vEthernet) port profiles vsm‐control‐packet show running-config port-profile vsm-control-packet vsm‐mgmt show running-config port-profile vsm-mgmt0 n1kv‐L3 show running-config port-profile n1kv-L3

Walk through Nexus 1000V environment List of existing port‐profiles show port-profile brief Demonstrate Current Deployed VEMs show interface virtual show interface vethernet 5

Server Administrator’s Network View Navigate to the Networking view by choosing the Home -> Inventory -> Networking tab at the top of the screen. Select the “Nexus 1000V” under the Data Center “vPod” and folder “Nexus 1000V”. Select the “Hosts” tab to view the VEM(s) added under Nexus 1000V control.

Network Administrator’s Network View Navigate to the Networking view by choosing the Home -> Inventory -> Hosts and Clusters tab at the top of the screen. Select the host “esx01.vpod.local” under the Data Center “vPod” and VM “VSM”. Select the “Console” tab login to VSM and use show module command to show the VEMs.

Network Administrator’s Network View The output of the command show interface brief shows you the different interface types that are used within the Cisco Nexus 1000V: Mgmt0, Ethernet Interfaces, Port-Channels, Veths

Network Administrator’s Network View Verify on the Nexus 1000V CLI that the corresponding Virtual Ethernet interface has been created for the two virtual machines by issuing the command show interface virtual. The output of the above command gives you a mapping of the VM name to its Veth interface.

Network Administrator’s Network View On top of that the Network Administrator can see at any given time which VM is in use and which port-profile it is attached to it by using the show port-profile usage command.

Vmotion and Visibility Vmotion Configuration The VMotion VMkernel Interface has already been created for both ESXi servers. show running-config port-profile VMotion

Network Administrators view of VMotion Prior to the VMotion perform a lookup of the used Virtual Interfaces with the command show interface virtual. Make note of the associated veth port and the Module and the ESX hostname currently associated to the Virtual Machine.

Perform a VMotion (1st trial…) Go to the Home->Inventory->Hosts and Clusters tab Drag & drop the Virtual Machine “WebServer” from the first ESX (esx01) host of your setup to your second ESX (esx02) host.

Configuration the Virtual Adapters Go to the Home->Inventory->Hosts and Clusters tab Select host esx01.pod.local under data center vPod. Goto configuration->Hardware->Networking->View, select “vNetwork Distrbuted Switch”, click “Manage Virtual Adapters”

Configuration the Virtual Adapters Select Virtual Adapter “vmk2”, click “Edit”, check “Use this virtual adapter for vMotion”, click “ok” than click “close” to close the windows.

Perform a VMotion Perform the same configuration for Virtual Adapter “vmk2” of the host esx02.vpod.local. Drag & drop the Virtual Machine “WebServer” from the first ESX (esx01) host of your setup to your second ESX (esx02) host. Select “High priority” (default), click “Next”. Click “Finish” to start vMotion.

Perform a VMotion The vMotion progress is displayed in the “Status” column of the “Recent Tasks” panel.

Network Administrators view of VMotion After a successful VMotion the expected behavior is that the Virtual Machine can be seen and managed by the network administrator through the same virtual Ethernet port. Use the show interface virtual command to perform a lookup of the used Virtual Interfaces.