1. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Nexus 1000V Ralf Eberhardt reberhar@cisco.com

2. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 2 Legal Disclaimer Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

3. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 3 Agenda Networking Challenges of Server Virtualization Cisco VN-Link Introduction Cisco Nexus 1000V Overview & Architecture Deployment Scenarios Advanced Features Additional Information

4. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 4 With virtualization, VMs have a transparent view of their resources… Transparency in the Eye of the Beholder

5. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 5 …but its difficult to correlate network and storage back to virtual machines Transparency in the Eye of the Beholder

6. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 6 Scaling globally depends on maintaining transparency while also providing operational consistency Transparency in the Eye of the Beholder

7. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 7 Networking Challenges to Scaling Server Virtualization Applied at physical servernot the individual VM Impossible to enforce policy for VMs in motion Security and Policy Enforcement Lack of VM visibility, accountability, and consistency Inefficient management model and inability to effectively troubleshoot Operations and Management Muddled ownership as server admin must configure virtual network Organizational redundancy creates compliance challenges Organizational Structure

8. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 8 Virtual machine aware network and storage services Abstract physical and logical infrastructure Virtual machines are the new data center building block Cisco Virtual Network Link – VN-Link Virtualizing the Network Domain

9. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 9 VN-Link Brings VM Level Granularity Problems: VN-Link: Extends network to the VM Consistent services Coordinated, coherent management VMotion vSwitch VMotion may move VMs across physical portspolicy must follow Impossible to view or apply policy to locally switched traffic Cannot correlate traffic on physical linksfrom multiple VMs VLAN 101

10. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 10 Cisco Nexus 1000V Industry First 3 rd Party Virtual Distributed Switch Nexus 1000V provides enhanced VM switching for VMW ESX environments Features VN-Link capabilities: Policy-based VM connectivity Mobility of network and security properties Non-disruptive operational model Ensures visibility and continued connectivity during VMotion Enabling Acceleration of Server Virtualization Benefits VMW ESX Server 1 VMware vSwitch Nexus 1000V VMW ESX VMware vSwitch Nexus 1000V Server 2 Nexus 1000V VM #4 VM #3 VM #2 VM #1 VM #8 VM #7 VM #5 VM #5 VM #2 VM #3 VM #4 VM #5 VM #6 VM #7 VM #8 VM #1 VM #1

11. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 11 What is a Virtual Distributed Switch? A Virtual Distributed Switch, is a concept developed by VMware and Cisco to allow a single vSwitch to span multiple hosts. VMW calls this a vNetwork Distributed Switch. The Cisco Nexus 1000V, a 3 rd party virtual distributed switch, will be supported in VMware ESX and Virtual Infrastructure in the 1 st half of 2009

12. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 12 Cisco Nexus 1000V Architecture Virtual Supervisor Module (VSM) Virtual or Physical appliance running Cisco OS (supports HA) Performs management, monitoring, & configuration Tight integration with VMware Virtual Center Virtual Ethernet Module (VEM) Enables advanced networking capability on the hypervisor Provides each VM with dedicated switch port Collection of VEMs = 1 Distributed Switch Cisco Nexus 1000V Enables: Policy Based VM Connectivity Mobility of Network & Security Properties Non-Disruptive Operational Model Virtual Center VMW ESX Server 1 VMware vSwitch VMW ESX Server 2 VMware vSwitch VMW ESX Server 3 VMware vSwitch VM #1 VM #4 VM #3 VM #2 VM #5 VM #8 VM #7 VM #6 VM #9 VM #12 VM #11 VM #10 VEM Nexus 1000V VSM

13. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 13 Cisco Nexus 1000V Faster VM Deployment VMW ESX Server VMW ESX Server Cisco Nexus 1000V VM #1 VM #4 VM #3 VM #2 VM #5 VM #8 VM #7 VM #6 VM Connection Policy Defined in the network Applied in Virtual Center Linked to VM UUID Defined Policies WEB Apps HR DB Compliance Cisco VN-LinkVirtual Network Link Policy-Based VM Connectivity Non-Disruptive Operational Model Mobility of Network & Security Properties Virtual Center

14. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 14 Cisco Nexus 1000V Richer Network Services VMW ESX Server VMW ESX Server Cisco Nexus 1000V VM #5 VM #8 VM #7 VM #6 VM #4 VM #3 VM #2 VM #1 VM #4 VM #3 VM #2 VM #1 VN-Link Property Mobility VMotion for the network Ensures VM security Maintains connection state Virtual Center VMs Need to Move VMotion DRS SW Upgrade/Patch Hardware Failure Policy-Based VM Connectivity Non-Disruptive Operational Model Mobility of Network & Security Properties VN-Link: Virtualizing the Network Domain

15. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 15 Cisco Nexus 1000V Increase Operational Efficiency VMW ESX Server VMW ESX Server Cisco Nexus 1000V VM #5 VM #8 VM #7 VM #6 VM #4 VM #3 VM #2 VM #1 Network Benefits Unifies network mgmt and ops Improves operational security Enhances VM network features Ensures policy persistence Enables VM-level visibility Policy-Based VM Connectivity Non-Disruptive Operational Model Mobility of Network & Security Properties VN-Link: Virtualizing the Network Domain Virtual Center Server Benefits Maintains existing VM mgmt Reduces deployment time Improves scalability Reduces operational workload Enables VM-level visibility

16. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 16 How Does It Work? Deploying the Nexus 1000V

17. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 17 Deploying the Cisco Nexus 1000V Collaborative Deployment Model 1.VMW Virtual Center & Cisco Nexus 1000V relationship established 2.Network Admin configures Nexus 1000V to support new ESX hosts 3.Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center 1. 2. VMW ESX Server 1 Nexus 1000VVEM 3. Nexus 1000V VSM Virtual Center

18. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 18 Deploying the Cisco Nexus 1000V Collaborative Deployment Model 1.VMW Virtual Center & Cisco Nexus 1000V relationship established 2.Network Admin configures Nexus 1000V to support new ESX hosts 3.Server Admin plugs new ESX host into network & adds host to Cisco switch in Virtual Center 4.Repeat step three to add another host and extend switch configuration VMW ESX Server 1 Nexus 1000VVEM VMW ESX Server N Nexus 1000VVEM 4. Nexus 1000V VSM Virtual Center

19. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 19 Policy Based VM Connectivity Enabling Policy 1.Nexus 1000V automatically enables port groups in Virtual Center 2.Server Admin uses Virtual Center to assign vnic policy from available port groups 3.Nexus 1000V automatically enables VM connectivity at VM power-on 1. VMW ESX Server 1 Nexus 1000V - VEM VM #1 VM #4 VM #3 VM #2 Available Port Groups WEB AppsHR DBCompliance 2. Nexus 1000V VSM Virtual Center 3. WEB Apps: PVLAN 108, Isolated Security Policy = Port 80 and 443 Rate Limit = 100 Mbps QoS Priority = Medium Remote Port Mirror = Yes

20. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 20 Virtual Center VMW ESX Server Nexus 1000V - VEM VM #1 VM #4 VM #3 VM #2 Policy Based VM Connectivity What Can a Policy Do? Policy definition supports: VLAN, PVLAN settings ACL, Port Security, ACL Redirect Cisco TrustSec (SGT) NetFlow Collection Rate Limiting QoS Marking (COS/DSCP) ) Remote Port Mirror (ERSPAN) Nexus 1000V VSM

21. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 21 Mobility of Security and Network Properties Following Your VMs Around 1.Virtual Center kicks off a Vmotion (manual/DRS) and notifies Nexus 1000V 2.During VM replication, Nexus 1000V copies VM port state to new host VMW ESX Server 2 Nexus 1000 -VEM VMW ESX Server 1 Nexus 1000VVEM Nexus 1000V VM #5 VM #8 VM #7 VM #6 VM #1 VM #4 VM #3 VM #2 Mobile Properties Include: Port policy Interface state and counters Flow statistics Remote port mirror session Nexus 1000V VSM Virtual Center VM #1 Network Persistence VM port config, state VM monitoring statistics 2. VMotion Notification Current: VM1 on Server 1 New: VM1 on Server 2 1.

22. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 22 Mobility of Security and Network Properties Following Your VMs Around 1.Virtual Center kicks off a Vmotion (manual/DRS) & notifies Nexus 1000V 2.During VM replication, Nexus 1000V copies VM port state to new host 3.Once VMotion completes, port on new ESX host is brought up & VMs MAC address is announced to the network VMW ESX Server 2 Nexus 1000 -VEM VMW ESX Server 1 Nexus 1000VVEM Nexus 1000V VM #5 VM #8 VM #7 VM #6 VM #1 VM #4 VM #3 VM #2 Virtual Center VM #1 Nexus 1000V VSM Network Update ARP for VM1 sent to network Flows to VM1 MAC redirected to Server 2 3. VM #1

23. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 23 Increase Operational Efficiency What stays the same? What gets better?

24. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 24 Cisco Nexus 1000V Three New Features that Make a Difference Encapsulated Remote SPAN (ERSPAN) Mirror VM interface traffic to a remote sniffer Identify root cause for connectivity issues No host-based sniffer virtual appliance to maintain Follows your VM with VMotion or DRS NetFlow v.9 with Data Export View flow-based stats for individual VMs Captures multi-tiered app traffic inside a single ESX host Export aggregate stats to dedicated collector for DC-wide VM view Follows your VM with VMotion or DRS Private VLANs (PVLANs) Great for mixed use ESX clusters Segment VMs w/o burning IP addresses Supports isolated, community and promiscuous trunk ports Follows your VM with VMotion or DRS

25. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 25 Cisco Nexus 1000V – VM Security Server Private VLAN Promiscuous portPromiscuous port Isolated portIsolated port Community portCommunity port Server I Server I Cisco Nexus 1000V VM#1VM#1VM#4VM#4VM#3VM#3VM#2VM#2 VM#4VM#4VM#3VM#3VM#2VM#2VM#1VM#1 VM#4VM#4VM#3VM#3VM#2VM#2VM#1VM#1 VMW ESX I I Security Features Access Control ListAccess Control List Port SecurityPort Security DHCP SnoopingDHCP Snooping IP Source GuardIP Source Guard Dynamic ARP InspectionDynamic ARP Inspection P C C Cisco TrustSec Admission control: 802.1XAdmission control: 802.1X Hop-by-hop crypto: 802.1AEHop-by-hop crypto: 802.1AE Security Group TagSecurity Group Tag SGACL Matrix Destination Group Source Group -+ +-

26. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 26 Key Features of the Nexus 1000V Switching L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX) IGMP Snooping, QoS Marking/Queuing Security Policy Mobility, PVLAN, ACL (L2–4 w/ Redirect), Port Security Cisco TrustSecAuthentication, Admission, Access Control Provisioning Automated vSwitch Config, Port Profiles, Virtual Center Integration Optimized NIC Teaming Visibility Historical VMotion Tracking, ERSPAN, NetFlow v.9 w/ NDE, CDP v.2 VM-Level Interface Statistics, Wireshark Management Virtual Center VM Provisioning, Cisco Network Provisioning Cisco CLI, XML API, SNMP (v.1, 2, 3)

27. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 27 Virtual Center Nexus 1000V Deployment Scenarios Pick Your Flavor 1.Works with all types of servers (rack optimized, blade servers, etc.) 2.Works with any type of upstream switch (Blade, Top or Rack, Modular) 3.Works at any speed (1G or 10G) 4.Nexus 1000V VSM can be deployed as a VM or a physical appliance Blade Servers Rack Optimized Servers Nexus 1000V VSM

28. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 28 Accelerate Server Virtualization Enable, Simplify, Scale Security and Policy Enforcement Enable VM-level security and policy Scale the use of VMotion and DRS Operation & Management Simplify management and troubleshooting with VM-level visibility Scale with automated server & network provisioning Organizational Structure Enable flexible collaboration with individual team autonomy Simplify and maintain existing VM mgmt model

29. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 29 Cisco Nexus 1000: More Information… http://www.cisco.com/go/datacenter

30. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 30

31. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 31 Policy-Based VM Connectivity Virtualizing the Network Domain Two Complementary Models to Address Evolving Customer Requirements Cisco switch for VMW ESX Compatible with any switching platform Leverages Virtual Center for server admin; Cisco CLI for network admin Scalable, hardware based, high performance solution Standards driven approach to delivering hardware based VM networking Combines VM & physical network operations into 1 managed node VMW ESX VM #4 VM #3 Server VM #2 VM #1 Initiator Nexus 5000 Nexus 5000 with VN-Link (Hardware Based) VMW ESX VM #1 VM #4 VM #3 Server VM #2 NIC LAN Nexus 1000V Nexus 1000V Cisco Nexus 1000V (Software Based) Cisco Virtual Network Link – VN-Link Mobility of Network & Security Properties Non-Disruptive Operational Model

32. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 32 VN-Link With the Cisco Nexus 1000V Cisco Nexus 1000V Software Based VMW ESX VM #1 VM #4 VM #3 Server VM #2 Nexus 1000V NIC LAN Nexus 1000V Industrys first third-party ESX switch Built on Cisco NX-OS Compatible with switching platforms Maintain Virtual Center provisioning model unmodified for server administration; allow network administration of Nexus 1000V via familiar Cisco NX-OS CLI Policy-Based VM Connectivity Non-Disruptive Operational Model Mobility of Network and Security Properties

33. © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 33 Policy-Based VM Connectivity Non-Disruptive Operational Model Mobility of Network and Security Properties VMW ESX VM #4 VM #3 Server VM #2 VM #1 VN-Link Nexus Nexus Switch with VN-Link Hardware Based Allows scalable hardware-based implementations through hardware switches Standards-based initiative: Cisco & VMware proposal in IEEE 802 to specify Network Interface Virtualization Combines VM and physical network operations into one managed node VN-Link with Network Interface Virtualization