1 / 35

统一网络服务( UNS ) Cisco Data Center

统一网络服务( UNS ) Cisco Data Center. Data Center Business Advantage. Agenda. UNS summary Cisco ACE and vACE Cisco WAAS and vWAAS Cisco Firewall and vFirewall. 数据中心和云计算的演进. Consolidation Virtualization Automation = Utility/Cloud model. 基于软件的虚拟机交换机.

abner
Download Presentation

统一网络服务( UNS ) Cisco Data Center

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 统一网络服务(UNS) Cisco Data Center Data Center Business Advantage

  2. Agenda UNS summary Cisco ACE and vACE Cisco WAAS and vWAAS Cisco Firewall and vFirewall

  3. 数据中心和云计算的演进 ConsolidationVirtualizationAutomation = Utility/Cloud model

  4. 基于软件的虚拟机交换机 Collection of vSwitches or vNetwork Distributed Switch VM VM VM VM VM VM VM VM VNIC Hypervisor Hypervisor VETH UCS Server UCS Server Virtual Switching • Need to switch between VMs on same host • vNetwork Distributed Switch: Nexus 1000v Switch

  5. VM-FEX: Cisco UCS 独一无二的整合能力增强VM的I/O能力 VM VM VM VM VM VM VM VM VNIC Hypervisor Hypervisor VETH UCS VIC UCS VIC UCS Server UCS Server VN-Link in HW: One Network • Unify virtual and physical switching layers • Fabric extender for VMs: Reduce network management points • Reduce broadcast domain Host CPU Cycles Relief • Host CPU cycles relieved from VM switching • I/O Throughput improvements UCS 6100

  6. Cisco 统一网络服务的整体视图 Application Delivery Others 在任意部署模型下都提供了足够的灵活性和丰富的选择 Policy framework ANY SERVICE ….. ANY DELIVERY MECHANISM Dynamic “On-demand” Dedicated(Hardware coupled) Feature Consistency ANY FORM FACTOR Appliance Module Integrated Virtual ANY ENVIRONMENT Compute Cloud Network Workload mobility

  7. 统一网络服务同时为物理和虚拟环境提供统一的服务框架统一网络服务同时为物理和虚拟环境提供统一的服务框架 VDC-1 App App App OS OS OS VDC-2 Physical Network Services Private Cloud Public Cloud Virtual Firewall Virtual WAN Opt SLB/ADC WAN Opt Firewall Hypervisor • Application-specific service nodes • Form factors: • Appliance • Switch module • Router-integrated • Virtual appliance form factor • Elastic Instantiation/Provisioning • Service transparent to VM mobility • Support scale-out • Large scale multi-tenant operation

  8. 统一网络服务架构的创新和优势 FY11 FLEXIBILITY Virtual services Agility and on-demand delivery Policy-aware VMs Workload Portability and Mobility Cloud optimization RESPONSIVENESS Secure multi-tenant cloud experience Fabric Integration Rapid Service Enablement CONSISTENCY Policy-based provisioning Operational simplicity Open APIs Seamless Integration and automation

  9. Cisco UNS架构下的虚拟池调配 Load Balance ANM-ACE VM VM VM VM VM VM LB Context VM VM VM Security Team Server Team vCenter VSG 快速调整 Port Profile Nexus 1000V Security Profile 和物理防火墙保持一致 Network Team

  10. 应用服务器的自动化部署与调解 3rd party Workflow Automation Software API API VM VM VM VM VM VM ANM (GS) vCenter Nexus 1000v VSM ACE ESX Host ESX Host

  11. 业务系统的应用级可视化展现

  12. 统一网络服务产品层面的更新 Virtual ANS Virtual Security Gateway (VSG) On Nexus 1000V Virtual NetworkManagement Center (VNMC) UCS /x86 Servers ESX ESXi Hypervisor w/ Nexus 1000V Nexus 1000V vPath vPath: Fabric Intelligence for Virtual services • Traffic interception/redirection, Fast-path off-load

  13. Cisco vACE (虚拟应用控制引擎) vACE vACE

  14. 服务虚拟化部署的多种选择 Apply hypervisor-based Virtual Firewall Redirect VM traffic via VLANs to external (physical) firewall 2 1 Web Server App Server Database Server Web Server App Server Database Server Hypervisor Hypervisor VLANs VSN VSN Virtual Contexts Virtual Service Nodes Traditional Service Nodes

  15. 应用控制随需而动For Public, Private, and Hybrid Clouds • What? • Demand based scaling of ACE application delivery system • Demand based scaling of applications serviced by ACE • Scale across ACE form factors • Hitless VIP mobility from ACE to ACE and Cloud to Cloud • ADC metering and chargeback. Demand based billing • Why? • Eliminate ADC as bottleneck to elastic applications • Enable application scaling beyond the borders of a single cloud + Nexus 7K ACE ACE ACE ACE ACE Demand ACE ACE Unified Compute + + ACE Demand Application Demand VIP Mobility & Scale ACE Appliance ACE Virtual Appliance ACE Switch Module ACE UCS Blade

  16. Virtual ACE (vACE)随云而动 Enabler For Cloud On Demand What Virtual ACE & GSS for UCS and Generic compute Target Segment: Cloud SP; Enterprise Bundled with UCS for Commercial Segment Performance vACE Small – 1 to 4 Gbps vACE Large – 1- 8 Gbps Competitive Functionality On-demand App Scaling via vPath (N1Kv / Sereno) Ease of network insertion (with N1Kv) Integration with vBlock UCS C-series UCS B-series vACE vACE vACE vACE vACE vACE

  17. Cisco vWAAS (虚拟广域网络应用加速服务)

  18. WAAS 经典部署模式和私有云 Private Cloud Secondary DC WAN Cisco WAAS: Challenges • LAN-like App Performance • Up to 4X increase in VDI users • Efficient data transfer & Bulk vMotion • Poor response times • Slow file transfers • Limited user sessions WAAS Branch Office Virtual Desktops Enterprise Apps Virtualized Infra WAN Challenges Mobile Users

  19. 云模型下的广域网优化:Cisco Virtual WAAS AvailableQ4 CY10 Virtual WAAS “Appliances” UCS /x86 Servers FEATURES • Allows Agile, Elastic, & Multi Tenant Deployment • Supports DRE Cache in SAN • Policy-based Provisioning w/ Nexus 1000V • Extends WAAS Solution Portfolio ESX ESXi Hypervisor w/Nexus 1000 vPath BUSINESS BENEFITS • Business Agility with on-demand orchestration • Lower operational cost, reduced migration risk • Fault-tolerance with VM mobility awareness Virtual WAAS on Nexus 1000V with vPath

  20. Cisco vWAAS: 云模型下的广域网优化WAAS解决方案整体视图 Cisco vWAAS Cisco vWAAS WAN Internet WAAS Mobile Server Private Cloud Public Cloud Mobile Users WAAS Mobile Client WAAS Branch Key Requirements Benefits Differentiator • 广域网络优化的随需调度 • 基于虚拟机Vmotion技术的容错部署 • 降低云迁移的运营成本 • 弹性部署随需而动 • 最简单的网络配置 • 支持虚拟机的动态部署 • 支持多租户模型 • 和 Cisco Nexus 1000V紧密集成 • 快速部署广域网加速服务 • 通过WCCP实现透明部署

  21. Cisco VSG (虚拟安全网关)

  22. 虚拟安全网关的介绍 VM context aware rules Context aware Security Virtual Security Gateway (VSG) Zone based Controls Establish zones of trust Dynamic, Agile Policies follow vMotion Best-in-class Architecture Efficient, Fast, Scale-out SW Non-Disruptive Operations Security team manages security Virtual NetworkManagement Center(VNMC) Policy Based Administration Designed for Automation XML API, security profiles Central mgmt, scalable deployment, multi-tenancy

  23. 实现多层次安全 vSphere Tenant A Tenant B VDC vApp vApp vPath Nexus 1000V • Specify zoning policy with the appropriate granularity • Tenant • VDC • vApp

  24. VSG同物理设备的部署逻辑保持一致 VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG Secure Segmentation (VLAN agnostic) Efficient Deployment (secure multiple hosts) Dynamic policy-based provisioning Log/Audit Transparent Insertion (topology agnostic) High Availability Mobility aware (policies follow vMotion)

  25. VSG 虚拟机到虚拟机的通信流程 1st packet Servers App Web servers VSG VM #8 VM #7 VM #6 VM #3 VM #4 VM #5 VM #2 VM #1 6 1 2 3 4 5 Service Data Path Nexus 1000 DVS • For the 1st packet within a network session, although the traffic redirection scheme is different, but the packet flow is similar. • Traffic redirection bases on Port-profile-to-VSG binding and flow entry lookup in the Service Data Path (SDP) • Processing of internet  VMs and Inter-VMs traffic are normalized. Different firewall policies will be applied to these traffic strictly based on source/destination attributes defined in the policy

  26. VSG 虚拟机到虚拟机的通信流程 2nd and subsequent packets App Servers Web Servers VSG VM #8 VM #7 VM #6 VM #4 VM #3 VM #5 VM #2 VM #1 4 1 2 3 Service Data Path Nexus 1000 DVS • After VSG has done the policy evaluation against the first packet of a network section, a flow-entry cache is established in SDP, which off-loads the processing of the rest of packets to SDP • The flow-lookup done in SDP would be able to identify the current state of the flow, thus SDP can process the subsequent packets based on the actions stored at the flow entry

  27. 总结 • 计算资源的虚拟化允许server做更多的工作 • 网络资源和计算资源的高度互动将大幅度提升数据中心的效率 • 统一网络服务提供了更大的弹性支撑

  28. Cisco Nexus 1000VDistributed Virtual Switch for VMware vSphere • Industry’s most advanced software switch for VMware vSphere • Standards based – interoperates with all 802.1Q switching platforms • Built on Cisco NX-OS • Feature and operational consistency across physical and virtual networks • Maintain vCenter provisioning model • No change for server administration • Network team manages virtual network VM VM VM VM vSphere Nexus 1000V VEM Nexus 1000V VSM Policy-Based VM Connectivity Mobility of Network & Security Properties Non-Disruptive Operational Model

  29. Nexus 1000V – Benefits NX-OS feature consistency Across physical and virtual networks (Nexus 7K/5K/2K/1KV) Cisco CLI experience Advanced switching features Security, QoS, Monitoring, Management Administrative consistency Network team manages virtual network, creates port profiles Server team assigns port profiles to VMs

  30. Cisco Nexus 1000V Faster VM Deployment Cisco VN-Link: Virtual Network Link Policy-Based VM Connectivity Mobility of Network & Security Properties Non-Disruptive Operational Model VM VM VM VM VM VM VM VM vSphere vSphere Nexus 1000V VEM Nexus 1000V VEM Port Profiles WEB Apps HR DB DMZ VM Connection Policy • Defined in the network • Applied in Virtual Center • Linked to VM UUID Nexus 1000V VSM vCenter

  31. Features of the Nexus 1000V • Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks • Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3) • Hitless upgrade • Policy Mobility, Private VLANs w/ local PVLAN Enforcement • Access Control Lists (L2–4 w/ Redirect), Port Security • Dynamic ARP inspection, IP Source Guard, DHCP Snooping • VMotion Tracking, NetFlow v.9 w/ NDE, CDP v.2 • VM-Level Interface Statistics • Policy-based SPAN & ERSPAN • L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX) • IGMP Snooping, QoS Marking (COS & DSCP), Class-based WFQ* • Automated vSwitch Config, Port Profiles, Virtual Center Integration • Optimized NIC Teaming with Virtual Port Channel – Host Mode Management Provisioning Switching Security Visibility *In 1.4 Release, 4Q CY2010

  32. Cisco Nexus 1010

  33. Nexus 1010: VSM on an Appliance VSM on Virtual Machine VSM on Nexus 1010 VM VM VM VM VM VM VM 1000V VSM x 1 vSphere vSphere 1000V VEM 1000V VEM Server Server 1000V VSM x 4 Cisco Nexus 1010

  34. Feature Comparison Network Team manages the switch hardware Installation like a standard Cisco switch NX-OS high availability of VSM NX-OS high availability of VSM VEM running on vSphere 4 Enterprise Plus VEM running on vSphere 4 Enterprise Plus Nexus 1000V features and scalability Nexus 1000V features and scalability VSM on Virtual Machine VSM on Nexus 1010

More Related