Cisco Nexus 1000V Series Switches - StructuredWeb
Data SheetCisco Nexus 1000V Series SwitchesProduct Overview Cisco Nexus 1000V Series Switches are virtual machine access switches that are an intelligent software switch implementation for VMware vSphere environments running the Cisco NX-OS operating system. Operating insidethe VMware ESX hypervisor, the Cisco Nexus 1000V Series supports Cisco VN-Link server virtualization technologyto provide: Policy-based virtual machine (VM) connectivity Mobile VM security and network policy, and Non-disruptive operational model for your server virtualization, and networking teamsWhen server virtualization is deployed in the data center, virtual servers typically are not managed the same way asphysical servers. Server virtualization is treated as a special deployment, leading to longer deployment time, with agreater degree of coordination among server, network, storage, and security administrators. With the Cisco Nexus1000V Series, you can have a consistent networking feature set and provisioning process all the way from the VMaccess layer to the core of the data center network infrastructure. Virtual servers can now leverage the samenetwork configuration, security policy, diagnostic tools, and operational models as their physical server counterpartsattached to dedicated physical network ports. Virtualization administrators can access predefined network policy thatfollows mobile virtual machines to ensure proper connectivity saving valuable time to focus on virtual machineadministration. This comprehensive set of capabilities helps you to deploy server virtualization faster and realize itsbenefits sooner.Developed in close collaboration with VMware, the Cisco Nexus 1000V Series is certified by VMware to becompatible with VMware vSphere, vCenter, ESX, and ESXi, and with many other VMware vSphere features. You canuse the Cisco Nexus 1000V Series to manage your virtual machine connectivity with confidence in the integrity of theserver virtualization infrastructure.Product ArchitectureThe Cisco Nexus 1000V Series Switch has two major components: the Virtual Ethernet Module (VEM), executesinside the hypervisor and the external Virtual Supervisor Module (VSM) that manages the VEMs (Figure 1). 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 1 of 15
Data SheetFigure 1.Cisco Nexus 1000V Series ArchitectureVirtual Ethernet ModuleThe Cisco Nexus 1000V Virtual Ethernet Module (VEM) executes as part of the VMware ESX or ESXi kernel andreplaces the VMware Virtual Switch functionality. The VEM leverages the VMware vNetwork Distributed Switch (vDS)API, which was developed jointly by Cisco and VMware, to provide advanced networking capability to virtualmachines. This level of integration ensures that the Cisco Nexus 1000V is fully aware of all server virtualizationevents, such as VMware VMotion and Distributed Resource Scheduler (DRS). The VEM takes configurationinformation from the Virtual Supervisor Module and performs layer 2 switching and advanced networking functions: Port Channels Quality of service (QoS) Security: Private VLAN, access control lists, port security Monitoring: NetFlow, Switch Port Analyzer (SPAN), Encapsulated Remote SPAN (ERSPAN)In the event of loss of communication with the Virtual Supervisor Module, the VEM has Nonstop Forwardingcapability to continue to switch traffic based on last known configuration. In short, the VEM provides advancedswitching with data-center reliability for the server virtualization environment.Virtual Supervisor ModuleThe Cisco Nexus 1000V Series Virtual Supervisor Module (VSM) controls multiple VEMs as one logical modularswitch. Instead of physical line card modules, the VSM supports multiple VEMs running in software inside of thephysical servers. Configuration is performed through the VSM and is automatically propagated to the VEMs. Insteadof configuring soft switches inside the hypervisor on a host- by- host basis, administrators can define configurationsfor immediate use on all VEMs being managed by the Virtual Supervisor Module from a single interface.By using the capabilities of Cisco NX-OS, the Cisco Nexus 1000V Series provides these benefits: Flexibility and Scalability: Port Profiles, a new Cisco NX-OS feature, provides configuration of ports bycategory, enabling the solution to scale to a large number of ports. Common software can run all areas of thedata center network, including the LAN and SAN. High Availability: Synchronized, redundant Virtual Supervisor Modules enable rapid, stateful failover andensure an always available virtual machine network. 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 2 of 15
Data Sheet Manageability: The Cisco Nexus 1000V Series can be accessed through the Cisco command-line interface(CLI), Simple Network Management Protocol (SNMP), XML API, and CiscoWorks LAN Management Solution(LMS).The Virtual Supervisor Module is also integrated with VMware vCenter Server so that the virtualization administratorcan take advantage of the network configuration in the Cisco Nexus 1000V.Features and BenefitsThe Cisco Nexus 1000V Series provides a common management model for both physical and virtual networkinfrastructures through Cisco VN-Link technology that includes policy-based VM connectivity, mobility of VM securityand network properties, and a non-disruptive operational model.Policy-Based VM Connectivity: To complement the ease of creating and provisioning VMs, the Cisco Nexus1000V includes the Port Profile feature to address the dynamic nature of server virtualization from the network’sperspective (Figure 2). Port Profiles enable you to define VM network policies for different types or classes of VMsfrom the Cisco Nexus 1000V VSM, then apply the profiles to individual VM virtual NICs through VMware’s vCenterGUI for transparent provisioning of network resources. Port Profiles are a scalable mechanism to configure networkswith large numbers of VMs.Figure 2.Policy-Based VM Connectivity 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 3 of 15
Data SheetMobility of VM Security and Network Properties: Network and security policies defined in the Port Profile followthe VM throughout its lifecycle whether it is being migrated from one server to another (Figure 3), suspended,hibernated, or restarted. In addition to migrating the policy, the Cisco Nexus 1000V Virtual Supervisor Module alsomoves the VM’s network state, such as the port counters and flow statistics. VMs participating in traffic monitoringactivities, such as Cisco NetFlow or ERSPAN, can continue these activities uninterrupted by vMotion operations.When a specific Port Profile is updated, the Cisco Nexus 1000V automatically provides live updates to all of thevirtual ports using that same Port Profile. With the ability to migrate network and security policies through vMotion,regulatory compliance is much easier to enforce with the Cisco Nexus 1000V, because the security policy is definedin the same way as physical servers and constantly enforced by the switch.Figure 3.Mobility of Network and Security PropertiesNon-Disruptive Operational Model: Because of its close integration with VMware vCenter Server, the Cisco Nexus1000V allows virtualization administrators to continue using VMware tools to provision VMs. At the same time,network administrators can provision and operate the VM network the same way they do the physical network usingCisco CLI and SNMP along with tools such as ERSPAN and NetFlow (Figure 4). While both teams workindependently, using familiar tools, the Cisco Nexus 1000V enforces consistent configuration and policy throughoutthe server virtualization environment. This level of integration lowers the cost of ownership while supporting variousorganizational boundaries among server, network, security, and storage teams.Inside VMware vCenter Server, VMs are configured as before. Instead of defining network configuration in vCenterServer, Port Profiles defined on the Cisco Nexus 1000V Virtual Supervisor Module are displayed by vCenter as PortGroups. Virtualization administrators can take advantage of preconfigured Port Groups and focus on VMmanagement, while network administrators can use Port Profiles to apply policy for a large number of ports at thesame time. Together, both teams can deploy server virtualization more efficiently and with lower operational cost. 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 4 of 15
Data SheetFigure 4.Nondisruptive Operational ModelEnhanced Deployment ScenariosOptimize Server Bandwidth for I/O-Intensive ApplicationsToday, network interface are often dedicated to a particular type of traffic, such as VMware Console or vMotion. Withthe Cisco Nexus 1000V, all the network interface cards (NICs) on the server can be treated as a single logicalchannel with QoS attached to each type of traffic. With VMware vSphere Version 4.1, the Cisco Nexus 1000V Seriescan even provide different service-level agreements (SLAs) for production virtual machines. Consequently, thebandwidth to the server can be more efficiently utilized with virtualization of network-intensive applications.Secure Server and Desktop VirtualizationThe number of virtual machines running on a server is increasing quickly, similar to the way that CPU performancefollows Moore’s Law. With a large population of virtual machines on a server, an infected VM can quickly spread avirus or malware to other virtual machines on the same server. VMware vMotion can then migrate an infected VM toanother server, spreading the infestation. Consequently, virtual machines must have the same security policy asphysical servers.Cisco Nexus 1000V Series includes the Cisco Integrated Security Features that are found on Cisco physicalswitches to prevent a variety of attack scenarios (Table 1). For example, a rogue virtual machine can spoof its MACand IP addresses to appear to be an existing production VM, send a rogue Address Resolution Protocol (ARP)transaction mimicking the way that VMware vMotion announces the location of a migrated virtual machine, and diverttraffic from the production virtual machine to the rogue virtual machine. With Cisco Integrated Security Features, thistype of attack can easily be prevented with simple networking policy. Since server virtualization is being used fordesktop and server workloads, it is critical that this type of security feature be deployed for the proper operation of avirtualized environment.Table 1.Cisco Integrated Security FeaturesFeatureCapabilityPreventsPort SecurityRestricts MAC addresses on a portMAC address spoofing by rogue virtualmachineIP Source GuardMaps IP address to MAC addressIP and MAC address spoofingDynamic ARP InspectionMonitors virtual machine ARP transactions, which are also used forVMware vMotionARP cache poisoning on other virtualmachines, hosts, and network devicesDynamic HostConfiguration Protocol(DHCP) Snooping Prevents DHCP client requests from reaching untrusted entities Prevents untrusted entities from acting as DHCP server Rogue DHCP server Denial of service to DHCP services Rate limits DHCP requests to prevent denial-of-service (DoS) attacksIn addition to built-in security features, the Cisco Nexus 1000V Series enables Layer 4 through 7 services virtualmachines to be specified as part of the virtual machine network policy. In particular, Virtual Service Domain (VSD)groups virtual machines, which may be on multiple servers, into zones and forces traffic traveling between zones 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 5 of 15
Data Sheetthrough a Layer 4 through 7 services virtual machine, such as a firewall, including VMware vShield Zones (Figure 5).This extensible capability makes the Cisco Nexus 1000V Series much easier to use with a variety of Layer 4 through7 services.Figure 5.Virtual Service DomainVirtualized Network Services with Cisco vPathAlthough VSDs have the flexibility to provide network services through any Layer 4 through 7 virtual machine, theyrequire a network service virtual machine on every host. In addition, the network service virtual machines are slowerwhen compared to performance in the hypervisor kernel, as in the case of switching in the VEM.Cisco addresses these concerns with the introduction of the Cisco vPath architecture where network service VM,called Virtual Service Node, provides the network service. Specifically, the Cisco vPath architecture provides: Intelligent Traffic Steering Redirect traffic from server requesting network service to Virtual Service Node Extend Port Profile to include network service profileFlexible Deployment: Each Virtual Service Node can serve multiple physical servers Virtual Service Node can be hosted on a separate or dedicated serverNetwork service acceleration: Network Service Decision Caching: Nexus 1000V remembers network service policy from prior trafficreducing traffic steering Performance of virtual network services can be accelerated through enforcement in hypervisor kernelIn Figure 6, when VM 1 sends a packet to VM 2 requiring virtualized network services), the VEM forwards therequest to a VSN, possibly on a different host. The VSN responds to the originating VEM with the suitable action: forexample, sending or dropping packets in this flow. The original VEM caches and executes the decision that the VSNrequested. For future packets from VM 1 to VM 2, the VEM can implement the virtualized network service withoutrequests to the VSN. Hence, the VEM: Implements the virtualized network service decision Accelerates network service since it is running in the hypervisor kernel Scales network service since the VEM is on every hypervisor hostIn addition, the VSN can be placed on any host, providing greater flexibility and separation of production work loadand network services. In fact, the vPath architecture is designed to support a variety of network services. 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 6 of 15
Data SheetFigure 6.Cisco vPath ArchitectureThe first VSN to use vPath is the Cisco Virtual Security Gateway (VSG). The Cisco VSG enforces attribute-basedsecurity policies for single and multi-tenant environments. Because Cisco VSG is offered as a virtual appliance,customers can scale its deployment with the vPath architecture and by deploying more Cisco VSG appliances ondemand.Virtual Machine as Basic Building Block of the Data CenterWith the Cisco Nexus 1000V Series, virtual machines are treated in the same way as physical servers in 1) securitypolicy, 2) monitoring and troubleshooting, and 3) operational model between network and server administrators.Therefore, virtual machines can finally be true basic building blocks of the data center. These operational efficiencieslead to greater scaling of server virtualization deployments with lower operating costs.Cisco NX-OS Software OverviewCisco NX-OS Software is a data center-class operating system built with modularity, resiliency, and serviceability atits foundation. Based on the industry-proven Cisco MDS 9000 SAN-OS Software, Cisco NX-OS Software helpsensure continuous availability and sets the standard for mission-critical data center environments. The self-healingand highly modular design of Cisco NX-OS Software makes zero-impact operations a reality and enablesexceptional operational flexibility. Focused on the requirements of the data center, Cisco NX-OS Software provides arobust and rich feature set that fulfills the Ethernet and storage networking requirements of present and future data centers. With a CLI like that of Cisco IOS Software, Cisco NX-OS Software provides state-of-the-artimplementations of relevant networking standards as well as a variety of true data center - class Cisco innovations.Cisco NX-OS Software Features and Benefits Software Compatibility: Cisco NX-OS Software Release 4.0 interoperates with Cisco products running anyvariant of the Cisco IOS Software operating system. Cisco NX-OS Software Release 4.0 also interoperateswith any networking OS that conforms to the networking standards listed as supported in this data sheet. Common Software Throughout the Data Center: Cisco NX-OS Software simplifies the data centeroperating environment and provides a unified OS designed to run all areas of the data center network,including the LAN, SAN, and Layer 4 through 7 network services. Modular Software Design: Cisco NX-OS Software modular processes are instantiated on demand, each in aseparate protected memory space. Thus, processes are started and system resources allocated only when afeature is enabled. The modular processes are governed by a real-time preemptive scheduler that helpsensure the timely processing of critical functions. In-Service Software Upgrade (ISSU): The Cisco Nexus 1000V Series enables server and networkadministrators to transparently upgrade the VEM and VSM software, reducing downtime and allowingcustomers to integrate the newest features and functions with little or no negative effect on networkoperations. Network and server administrators can upgrade the VSM and VEM during different maintenancewindows and continue operation of the Cisco Nexus 1000V Series. 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 7 of 15
Data Sheet Quick Development of Enhancements and Problem Fixes: The modularity of Cisco NX-OS Softwareallows new features, enhancements, and problem fixes to be integrated into the software quickly. Thus,modular fixes can be developed, tested, and delivered in a short time span. SNMP and XML API: Cisco NX-OS complies with SNMPv1, v2, and v3. A rich collection of MIBs issupported. Cisco NX-OS also has a rich, documented XML API, enabling integration with third-partymanagement tools. Role-Based Access Control (RBAC): With RBAC, Cisco NX-OS enables administrators to limit access toswitch operations by assigning roles to users. Administrators can customize and restrict access to the userswho require it.Product SpecificationsVMware Product CompatibilityThe Cisco Nexus 1000V Series is VMware Ready Certified to be compatible with VMware vSphere as a vNetworkDistributed Switch with support for VMware ESX and ESXi hypervisors and integration with VMware vCenter Server.VMware vSphere Feature CompatibilityThe Cisco Nexus 1000V Series is supported with the following VMware vSphere features: VMware vMotion VMware Distributed Resource Scheduler (DRS) VMware High Availability (HA) VMware Storage vMotion VMware Fault Tolerance (FT) VMware Update Manager VMware vShield ZonesMaximum Supported Configurations 64 VMware ESX or ESXi hosts per VSM 2048 virtual Ethernet ports per VMware vDS, with 216 virtual Ethernet ports per physical host 512 active VLANs 32 physical NICs per physical host 256 PortChannels per VMware vDS, with 8 PortChannels per physical host 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 8 of 15
Data SheetLayer 2 Features Layer 2 switch ports and VLAN trunks IEEE 802.1Q VLAN encapsulation Link Aggregation Control Protocol (LACP): IEEE 802.3ad Advanced PortChannel hashing based on Layer 2, 3, and 4 information Source MAC address (default) Virtual port ID Destination IP address and Layer 4 port Destination IP address, Layer 4 port, and VLAN Destination IP address and VLAN Destination MAC address Destination Layer 4 port Source and destination IP addresses and Layer 4 port Source and destination IP addresses, Layer 4 port, and VLAN Source and destination IP addresses and VLAN Source and destination MAC addresses Source and destination Layer 4 port Source IP address and Layer 4 port Source IP address, Layer 4 port, and VLAN Sou
The Cisco Nexus 1000V Virtual Ethernet Module (VEM) executes as part of the VMware ESX or ESXi kernel and replaces the VMware Virtual Switch functionality. The VEM leverages the VMware vNetwork Distributed Switch (vDS) API, which was developed jointly by Cisco and VMware, to provide advanced networking capability to virtual machines.
Cisco Nexus 1000V Cisco Nexus 1010 Cisco Nexus 4000 Cisco MDS 9100 Series Cisco Nexus 5000 Cisco Nexus 2000 Cisco Nexus 6000 Cisco MDS 9250i Multiservice Switch Cisco MDS 9700 Series Cisco Nexus 7000/7700 Cisco Nexus 3500 and 3000 CISCO NX-OS: From Hypervisor to Core CISCO DCNM: Single
Cisco Nexus 3172TQ, Cisco Nexus 31108TC-V, Cisco Nexus 92348GC-X, Dell S4148T-ON Access or Leaf Switches Cisco Nexus 3132QX, Cisco Nexus 3164Q, Cisco Nexus 93180YC-EX, Cisco Nexus 93180YC-FX, Cisco Nexus 93240YC-FX2, Cisco Nexus N93360YC-FX2, Dell S5048F-ON, Dell S5248F-ON, ‡Dell S5296F-ON , Dell S5224F-ON ‡, Dell S4148F-ON Aggregation or Spine
Cisco Nexus Virtualized Data Center Components Benefits of using Cisco MDS for VDI SAN infrastructure Cisco UCS Overview . – Installing anzzd Configuring the Nexus 1010 Nexus 1000v Port Profile Configuration Configure Nexus 1000V and 1000V Port Profile Nexus 1000v Port Profile Configuration Technical Training
The Cisco Nexus 2000 Series Fabric Extenders behave like remote line cards for a parent Cisco Nexus 5000, Nexus 6000, or Nexus 7000 Series Switch. Working in conjunction with Cisco Nexus switches, the Cisco Nexus 2000 Series Fabric Extenders extend the capabilities and benefits offered by the parent Cisco Nexus switch while
The Cisco Nexus 5600 platform is the third generation of the Cisco Nexus 5000 Series Switches: the industry's leading data center server access switches. The Cisco Nexus 5600 platform switches can be categorized into 10-Gbps and 40-Gbps switches. This data sheet focuses on the 10-Gbps switches only. Cisco Nexus 5600
Nexus 5K with Integrated VSM ACI VTS UCS 5108 Blade Chassis Storage Database Relational UPS, RPS Nexus 2000 10GE Nexus 5k Nexus 4k Nexus 3k Nexus 2k Nexus 1KV VSM Nexus 1k Layer 3 Nexus 5k Switch Blade Server (color and subdued) Server DNS Server Secure Server Nexus 1010 Fibre Channel Fabric Switch Nexus 7k Telegram Channel
Cisco Nexus 3548-X and 3524-X with red handles indicating port-side intake airflow Cisco Nexus 3548-XL and 3524-XL Switches The Cisco Nexus 3548-XL and 3524-XL Switches (Figure 7) are, respectively, Cisco Nexus 3548-X and 3524-X Switches with a faster CPU, running at 2.5 GH
The Cisco Nexus 5600 platform is the third generation of the Cisco Nexus 5000 Series Switches: the industry’s leading data center server access switches. The Cisco Nexus 5600 platform switches can be categorized into 10-Gbps and 40-Gbps switches. This
