Fabric Management in
VM environment
Marina Lipshteyn, Voltaire
© 2009 Voltaire Inc.
1
Existing approach is to have port profile
manager
External
Switch
Port Profile
Manager
OS/Hypervisor
Manager
IEEE 802.1x /
EAPOL
© 2009 Voltaire Inc.
RADIUS
2
Active Fabric Manager role
►
Discovery
• Discovery of virtual/physical switches, VEPA elements and their capabilities
• Discovery of physical and/or logical topology
►
Policy/Configuration repository (eg. maintain port profile and
states, endpoint authentication)
►
Resource Management:
• Distribute policy across resources to meet the requirements specified in high
level and drive security, QoS configurations in individual elements.
For example: if there is a rate limiter both in the NIC and on the switches,
determine the appropriate place for configuration.
• Resource allocation and validation
 Resource management: eg. total number of ACLs supported by each device.
 Verification that the CIR traffic can be committed.
►
Monitoring
• Distributed monitoring of physical/virtual elements
• Notifications and reporting of various fabric events (eg. migration )
© 2009 Voltaire Inc.
3
Example: VM migration
►
VM migrates to a different physical machine.
►
VM has a port profile which now is used to register at the
new machine.
►
ACLs should be configured at the new ingress point and
should be removed from the old ingress point.
►
However, the number of supported ACLs on the new ingress
point now exceeds the limit (ACL compiler implementation
dependent).
►
The migration can not be done - invalid status must be
propagated.
►
Validation should be done by fabric manager.
© 2009 Voltaire Inc.
4
Actors and Interactions
Storage, license, ..
managers
Service Automation
& Orchestration, Admins
Set server/app policy
Reporting & monitoring
Server/VM
Manager
Push/get policy
Set/get (vm-nic) group
policy, associations
Set vep/fabric policy
,placement validation
Port/Fabric
Manager
Deploy, migrate, ..
Get policy,
Notifications
Discovery* (LLDP),
State change requests
Hypervisors
State notifications,
associations
Discovery* (LLDP/SNMP)
push (switch) policy
Change requests
Monitoring* (SNMP,..)
switches
* Current MIBs and mechanisms are associated
with physical interfaces, may need to be extended
© 2009 Voltaire Inc.
5
VM is registered at the new location –
current passive Fabric Manager
Service Automation
& Orchestration, Admins
1
Register VM
2
Server/VM
Manager
4
Register VM
with the policy
NO validation of
Fabric resources
is done.
Get vm-nic side
policy by profile id
Port/Fabric
Manager
Configuration
3
6
policy
7
Get switch
configuration
5
associate
switches
8
Ack/ nack
Hypervisors
© 2009 Voltaire Inc.
6
VM is registered at the new location –
active Fabric Manager with validation
Validate/
placement filter
of VM
connectivity
requirements
Port/Fabric
Manager
Service Automation
& Orchestration, Admins
INVALID!
2
Server/VM
Manager
1
switches
Hypervisors
© 2009 Voltaire Inc.
7
VM is registered at the new location –
active Fabric Manager
Service Automation
& Orchestration, Admins
3
VALID 2
Register VM
Server/VM
Manager
7
1
Validate VM
connectivity
requirements
Get vm-nic policy
Port/Fabric
by profile id
Manager
Configuration
6
policy
4
5
Register VM
with the policy
8
Push
switch
policy
associate
switches
9
Ack/nack
Hypervisors
© 2009 Voltaire Inc.
8
Vport admin status down –
can be Fabric Manager action
Service Automation
& Orchestration, Admins
1
Vport down
Server/VM
Manager
3
Find the
relevant
elements
Port/Fabric
Manager
Vport down
2
Vport down
switches
Hypervisors
© 2009 Voltaire Inc.
9
Mirroring of a Vport –
active Fabric Manager role
Service Automation
& Orchestration, Admins
1
Server/VM
Manager
Mirror Vport
Find the
relevant
elements
Port/Fabric
Manager
2
Hypervisors
© 2009 Voltaire Inc.
Configure
mirrorring
switches
10
Conclusion
►
Previous examples show why Fabric Manager can not be
static repository but requires dynamic behavior.
►
Define API to Fabric Manager that enables set/get/validate of
the policy, topology and capability discovery,
state/configuration propagation.
© 2009 Voltaire Inc.
11