Data Center
Business
Advantage
统一网络服务（UNS）
Cisco Data Center
Agenda
 UNS summary
 Cisco ACE and vACE
 Cisco WAAS and vWAAS
 Cisco Firewall and vFirewall
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
数据中心和云计算的演进
Consolidation
Presentation_ID
Virtualization
Automation = Utility/Cloud model
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
基于软件的虚拟机交换机
Collection of vSwitches or vNetwork Distributed Switch
VNIC
VM
VM
VM
VM
VM
VM
VM
VM
VETH
Hypervisor
Hypervisor
UCS Server
UCS Server
Virtual Switching

Need to switch between VMs on same host

vNetwork Distributed Switch: Nexus 1000v
Switch
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
VM-FEX: Cisco UCS 独一无二的整合能力
增强VM的I/O能力
VM
VNIC
VM
VM
VM
VM
VM
VM
VM
VETH
Hypervisor
UCS VIC
UCS VIC
Hypervisor
UCS Server
UCS Server
VN-Link in HW: One Network

Unify virtual and physical switching layers

Fabric extender for VMs: Reduce network
management points

Reduce broadcast domain
Host CPU Cycles Relief
UCS 6100

Host CPU cycles relieved from VM switching

I/O Throughput improvements
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
Cisco 统一网络服务的整体视图
Policy
framework
Application
Delivery
Others
ANY
SERVICE
…..
Dedicated
(Hardware coupled)
Dynamic
“On-demand”
Feature
Consistency
Appliance
Workload
mobility
Network
Module
Integrated
Compute
Virtual
Cloud
ANY
DELIVERY MECHANISM
ANY
FORM FACTOR
ANY
ENVIRONMENT
在任意部署模型下都提供了足够的灵活性和丰富的选择
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
统一网络服务同时为物理和虚拟环境提供统一的服
务框架
Physical
Network
Services
Private Cloud
Public Cloud
Virtual
Virtual
Firewall WAN Opt
VDC-1
App
App
App
OS
OS
OS
WAN Opt
Firewall SLB/ADC
Hypervisor
VDC-2
• Application-specific
service nodes
• Virtual appliance form factor
• Form factors:
• Service transparent to VM mobility
• Appliance
• Switch module
• Router-integrated
Presentation_ID
• Elastic Instantiation/Provisioning
• Support scale-out
• Large scale multi-tenant operation
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
统一网络服务架构的创新和优势
FY11
FLEXIBILITY
RESPONSIVENESS
CONSISTENCY
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Virtual services
Agility and on-demand delivery
Policy-aware VMs
Workload Portability and Mobility
Cloud
optimization
Secure multi-tenant cloud experience
Fabric Integration
Rapid Service Enablement
Policy-based
provisioning
Operational simplicity
Open APIs
Seamless Integration and automation
Cisco Confidential
8
Cisco UNS 架构下的虚拟池调配
Load Balance ANM-ACE
VM
VM
VM
VM
Server
Team
VM
VM
VM
VM
VM
LB
Context
Security
Team
vCenter
VSG
快速调整
Port Profile
Nexus 1000V
Security
Profile
和物理防
火墙保持
一致
Network
Team
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
应用服务器的自动化部署与调解
3rd party Workflow
Automation
Software
ANM (GS)
API
API
vCenter
ACE
VM
VM
VM
VM
VM
© 2010 Cisco and/or its affiliates. All rights reserved.
VM
ESX
Host
ESX
Host
Presentation_ID
Nexus
1000v VSM
Cisco Confidential
10
业务系统的应用级可视化展现
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
统一网络服务产品层面的更新
Virtual ANS
Virtual Security
Gateway (VSG)
On Nexus 1000V
ESX ESXi Hypervisor
w/ Nexus 1000V
Virtual Network
Management
Center (VNMC)
UCS /x86 Servers
vPath
Nexus 1000V
vPath: Fabric Intelligence for Virtual services
• Traffic interception/redirection, Fast-path off-load
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
12
Cisco vACE
vACE
vACE
(虚拟应用控制引擎)
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
服务虚拟化部署的多种选择
1
Redirect VM traffic via VLANs
to external (physical) firewall
Web
Server
App
Server
Database
Server
Apply hypervisor-based
Virtual Firewall
2
Web
Server
Hypervisor
App
Server
Database
Server
Hypervisor
VLANs
Virtual Contexts
VSN
VSN
Virtual Service Nodes
Traditional Service Nodes
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
应用控制随需而动
For Public, Private, and Hybrid Clouds
 What?
• Demand based scaling of ACE application
delivery system
• Demand based scaling of applications
serviced by ACE
• Scale across ACE form factors
• Hitless VIP mobility from ACE to ACE and
Cloud to Cloud
• ADC metering and chargeback. Demand
based billing
ACE
ACE
ACE
Nexus 7K
ACE Demand
Unified
Compute
 Why?
• Eliminate ADC as bottleneck to elastic
applications
• Enable application scaling beyond the borders
of a single cloud
ACE
ACE
ACE
ACE Demand
ACE
Appliance
Application Demand
ACE
Virtual
Appliance
Presentation_ID
ACE
Switch
Module
ACE
UCS
Blade
© 2010 Cisco and/or its affiliates. All rights reserved.
VIP
Mobility
& Scale
Cisco Confidential
18
Virtual ACE (vACE)随云而动
Enabler For Cloud On Demand
 What
• Virtual ACE & GSS for UCS and Generic compute
vACE
vACE
• Target Segment: Cloud SP; Enterprise
• Bundled with UCS for Commercial Segment
UCS C-series
 Performance
vACE
vACE
vACE
vACE
UCS B-series
• vACE Small – 1 to 4 Gbps
• vACE Large – 1- 8 Gbps
 Competitive Functionality
• On-demand App Scaling via vPath (N1Kv /
Sereno)
• Ease of network insertion (with N1Kv)
• Integration with vBlock
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
19
Cisco vWAAS
(虚拟广域网络应用加速服务)
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
20
WAAS 经典部署模式和私有云
Private Cloud
Virtual Desktops
Secondary DC
Enterprise Apps
Virtualized Infra
WAN
WAN
Cisco WAAS:
Challenges
Challenges
 Poor response
times
 Slow file transfers
 Limited user
sessions
Presentation_ID
WAAS
Branch Office
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Mobile
Users
 LAN-like App
Performance
 Up to 4X increase
in VDI users
 Efficient data
transfer & Bulk
vMotion
21
云模型下的广域网优化：
Cisco Virtual WAAS
Available
Q4 CY10
FEATURES
Virtual WAAS “Appliances”
 Allows Agile, Elastic, & Multi Tenant
Deployment
 Supports DRE Cache in SAN
ESX ESXi Hypervisor
w/Nexus 1000
vPath
 Policy-based Provisioning w/ Nexus
1000V
 Extends WAAS Solution Portfolio
BUSINESS BENEFITS
UCS /x86 Servers
 Business Agility with on-demand
orchestration
 Lower operational cost, reduced
migration risk
Virtual WAAS
on Nexus 1000V with vPath
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
 Fault-tolerance with VM mobility
awareness
Cisco Confidential
22
Cisco vWAAS: 云模型下的广域网优化
WAAS解决方案整体视图
Cisco vWAAS
Cisco vWAAS
WAN
WAAS Mobile Server
Internet
Private Cloud
Public Cloud
Mobile
Users
WAAS Mobile
Client
Key Requirements
WAAS
Benefits
 弹性部署随需而动
 广域网络优化的随需调度
 最简单的网络配置
 基于虚拟机Vmotion技术
的容错部署
 支持虚拟机的动态部署
 支持多租户模型
Presentation_ID
 降低云迁移的运营成本
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Branch
Differentiator
 和 Cisco Nexus 1000V
紧密集成
 快速部署广域网加速服
务
 通过WCCP实现透明部
署
25
Cisco VSG
(虚拟安全网关)
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
虚拟安全网关的介绍
Virtual
Security
Gateway
(VSG)
Virtual Network
Management
Center
(VNMC)
Presentation_ID
Context aware
Security
VM context aware rules
Zone based
Controls
Establish zones of trust
Dynamic, Agile
Policies follow vMotion
Best-in-class
Architecture
Efficient, Fast, Scale-out SW
Non-Disruptive
Operations
Security team manages security
Policy Based
Administration
Central mgmt, scalable deployment,
multi-tenancy
Designed for
Automation
XML API, security profiles
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
实现多层次安全
Tenant A
VDC
Tenant B
vApp
vApp
vPath
Nexus 1000V
vSphere
Specify zoning policy with the appropriate granularity
 Tenant
 VDC
 vApp
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
28
VSG
同物理设备的部署逻辑保持一致
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
VSG
Secure Segmentation
(VLAN agnostic)
Efficient Deployment
(secure multiple hosts)
Dynamic policy-based
provisioning
Transparent Insertion
(topology agnostic)
High Availability
Mobility aware
(policies follow vMotion)
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Log/Audit
29
VSG 虚拟机到虚拟机的通信流程
1st packet
VSG
VM
#1
2
Servers App
Web servers
3
VM
#2
VM
#3
VM
#4
1 6
Service Data Path
VM
#5
VM
#8
VM
#7
VM
#6
4
5
Nexus 1000 DVS
 For the 1st packet within a network session, although the traffic
redirection scheme is different, but the packet flow is similar.
 Traffic redirection bases on Port-profile-to-VSG binding and flow
entry lookup in the Service Data Path (SDP)
 Processing of internet  VMs and Inter-VMs traffic are
normalized. Different firewall policies will be applied to these traffic
strictly based on source/destination attributes defined in the policy
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
30
VSG 虚拟机到虚拟机的通信流程
2nd and subsequent packets
App Servers
Web Servers
VSG
VM
#1
VM
#2
VM
#3
VM
#4
1 4
Service Data Path
VM
#5
VM
#8
VM
#7
VM
#6
2
3
Nexus 1000 DVS
 After VSG has done the policy evaluation against the first packet of
a network section, a flow-entry cache is established in SDP, which
off-loads the processing of the rest of packets to SDP
 The flow-lookup done in SDP would be able to identify the current
state of the flow, thus SDP can process the subsequent packets
based on the actions stored at the flow entry
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
31
总结
• 计算资源的虚拟化允许server做更多的工作
• 网络资源和计算资源的高度互动将大幅度提升数据中心的效率
• 统一网络服务提供了更大的弹性支撑
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
33
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
34
Cisco Nexus 1000V
Distributed Virtual Switch for VMware vSphere

Industry’s most advanced software switch for
VMware vSphere

Standards based – interoperates with all
802.1Q switching platforms

VM
VM
VM
Built on Cisco NX-OS


VM
Feature and operational consistency
across physical and virtual networks
Nexus
1000V
VEM
Maintain vCenter provisioning model

No change for server administration

Network team manages virtual network
vSphere
Nexus 1000V
VSM
Policy-Based
VM Connectivity
Presentation_ID
Mobility of Network &
Security Properties
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Non-Disruptive
Operational Model
35
Nexus 1000V – Benefits
 NX-OS feature consistency
–Across physical and virtual networks (Nexus 7K/5K/2K/1KV)
–Cisco CLI experience
 Advanced switching features
–Security, QoS, Monitoring, Management
 Administrative consistency
–Network team manages virtual network, creates port profiles
–Server team assigns port profiles to VMs
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
36
Cisco Nexus 1000V
Faster VM Deployment
Cisco VN-Link: Virtual Network Link
Policy-Based
VM Connectivity
Mobility of Network &
Security Properties
VM
VM
VM
VM
Non-Disruptive
Operational Model
VM
VM
VM
VM
Port Profiles
Nexus
1000V
VEM
WEB Apps
HR
Nexus
1000V
VEM
DB
vSphere
vSphere
DMZ
VM Connection Policy
•
Defined in the network
•
Applied in Virtual Center
•
Linked to VM UUID
Nexus 1000V VSM
vCenter
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
37
Features of the Nexus 1000V
Switching
Security
Provisioning
Visibility
Management
Presentation_ID

L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)

IGMP Snooping, QoS Marking (COS & DSCP), Class-based WFQ*

Policy Mobility, Private VLANs w/ local PVLAN Enforcement

Access Control Lists (L2–4 w/ Redirect), Port Security

Dynamic ARP inspection, IP Source Guard, DHCP Snooping

Automated vSwitch Config, Port Profiles, Virtual Center Integration

Optimized NIC Teaming with Virtual Port Channel – Host Mode

VMotion Tracking, NetFlow v.9 w/ NDE, CDP v.2

VM-Level Interface Statistics

Policy-based SPAN & ERSPAN

Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks

Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)

Hitless upgrade
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
*In 1.4 Release, 4Q CY2010 38
Cisco Nexus 1010
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
39
Nexus 1010: VSM on an Appliance
VSM on Virtual Machine
VM
1000V
VSM x 1
VM
VSM on Nexus 1010
VM
VM
1000V
VEM
VM
VM
VM
1000V
VEM
vSphere
vSphere
Server
Server
1000V
VSM x 4
Cisco Nexus 1010
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
40
Feature Comparison
Network Team manages the switch hardware
Installation like a standard Cisco switch
NX-OS high availability of VSM
NX-OS high availability of VSM
VEM running on vSphere 4 Enterprise Plus
VEM running on vSphere 4 Enterprise Plus
Nexus 1000V features and scalability
Nexus 1000V features and scalability
VSM on Virtual Machine
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
VSM on Nexus 1010
Cisco Confidential
41