Integration Of Hypervisors And L4-7 Services Into An ACI Fabric - A L C .
Integration of Hypervisors and L4-7Services into an ACI FabricBRKACI-2006Bradley WongPrincipal Engineer, INSBU Technical Marketing#clmel
“ This session provides a technical introduction to how the ACI fabric handlessingle and multi-hypervisor environments, how the ACI controller providesintegration into different VMMs for a single point of management for virtualnetwork management as well as how the fabric integrates and automates bothvirtual and physical L4-L7 services ”BRKACI-2006 ABSTRACT
Agenda Introduction to ACI Review of ACI Policy Model Hypervisor Integration Layer 4-7 Services Integration ConclusionBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public4
Introduction to ACI
Cisco ACILogical Network Provisioning of Stateless HardwareWebOutside(Tenant VRF)AppDBQoSQoSQoSFilterServiceFilterAPICACI FabricScale-Out Penalty Free OverlayBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public6Application PolicyInfrastructureController
ACI NomenclatureSpine NodesLeaf NodesAVSEPG “Internet”Service ProducersEPG “Users”EPG “Files”Service ConsumersBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
ACI Network ProfilePolicy-Based Fabric Management Extend the principle of Cisco UCS Manager service profiles to theentire fabric Network profile: stateless definitionof application requirementsApplicationWeb TierStorageStorageApp TierDB TierThe network profile fully describes the application connectivityrequirements## Network Profile: Defines Application Level Metadata (Pseudo Code Example)- Application tiers- Connectivity policies- Layer 4 – 7 services- XML/JSON schema Fully abstracted from theinfrastructure implementation- Removes dependencies of the infrastructure- Portable across different data centre fabricsBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public Network-Profile Production Web App-Tier Web Connected-To Application Client Connection-Policy Secure Firewall External Connected-To Application Tier Connection-Policy Secure Firewall Internal & High Priority . App-Tier DataBase Connected-To Storage Connection-Policy NFS TCP & High BW Low Latency .8
Opflex: AN OPEN, Extensible Policy ProtocolPolicies:OPFLEX WASDESIGNED TO OFFER: Who can talk to w hom What about Ops requirementsAPIC1.Abstract policies rather thandevice-specific configuration2.Flexible, extensible definitionof using XML / JSON3.Support for any device including virtualswitches, physical switches, networkservices with strong interoperabilityacross vendors4.OPFLEXPROXYOpen, standardised API with an opensource reference implementationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco PERVISORSWITCHADC
Multi-Hypervisor-Ready FabricVirtual IntegrationNetworkAdminAPICAPIC ACI FabricIntegrated gateway for VLAN,VxLAN, and NVGRE networksfrom virtual to physicalVLANVXLANNormalisation for NVGRE,VXLAN, and VLAN networksCustomer not restricted by achoice of hypervisorFabric is ready for multihypervisorBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.VMwareMicrosoftRed HatXenServerApplicationAdminCisco yper-VKVMVMwareMicrosoftRed HatVLANPHYSICALSERVER
ACI Layer 4 - 7 Service IntegrationCentralised, Automated, And Supports Existing Model 2015 Cisco and/or its affiliates. All rights reserved.Cisco n“Security 5”“Security 5” Chain DefinedbeginStage 1 .instServiceAdmin11Stage Ninst . BRKACI-2006App TierBWebWebServer Policy / ContractinstinstFirew allLoad BalancerendServiceGraph Web TierAService Profile Elastic service insertion architecture forphysical and virtual servicesHelps enable administrative separationbetween application tier policy and servicedefinitionAPIC as central point of network controlwith policy coordinationAutomation of service bring-up/tear-downthrough programmable interfaceSupports existing operational model whenintegrated with existing servicesService enforcement guaranteed,regardless of endpoint locationProviders
Review of the ACI Policy Model
End-points Things that connect to the fabric and use it to interface with other things A compute, storage or service instance attaching to a fabricNICvNIC.end-points [ EP ]ACI FabricBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public13
End-points Things that connect to the fabric and use it to interface with other things A compute, storage or service instance attaching to a fabricEPEPEP.BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.A collection of end-points withidentical network behaviour form a End Point Group (EPG)Cisco Public14
End-point Groups (EPGs)Allows to specify rules and policies ongroups of physical or virtual end-pointswithout understanding of specificidentifiers and regardless of physicallocation.EPG APP SERVERpoliciesCan flexibly map intoEPG WEBEPEPEP. application tier of multi-tier app segmentation construct (ala VLAN) a security construct ESX port group, SCVMM VMNetwork end-point group [ EPG ]BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public15
Tenant L3, L2 IsolationTenantEPG outsidesubnetEPG APP SERVERBDsubnetsubnetEPG WEBEPEPEP.network profileBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.BDWith orwithoutfloodingsemanticsL3 context(isolated tenant VRF)Cisco Public16self-containedtenant definitionrepresentable as arecursivestructured textdocument
Integration with Multiple Hypervisors
Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vCenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack IntegrationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public18
Hypervisor Interaction with ACITwo modes of OperationNon-Integrated ModeVLAN 10VLAN 10Integrated ModeVXLAN 10000APP ACI Fabric as an IP-EthernetTransportWEBDBDB ACI Fabric as a Policy Authority Encapsulations manually allocated Encapsulations Normalised anddynamically provisioned Separate Policy domains for Physicaland Virtual Integrated Policy domains acrossPhysical and VirtualBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public19
Hypervisor Integration with ACIControl Channel - VMM DomainsvCenter DVSVMM Domain 1BRKACI-2006vCenter AVSVMM Domain 2SCVMMVMM Domain 3 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public20 Relationship is formed betweenAPIC and Virtual Machine Manager(VMM) Multiple VMMs likely on a singleACI Fabric Each VMM and associated Virtualhosts are grouped within APIC Called VMM Domain There is 1:1 relationship between aVirtual Switch and VMM Domain
Hypervisor Integration with ACI ACI Fabric implements policy onVirtual Networks by mappingEndpoints to EPGs Endpoints in a Virtualisedenvironment are represented as thevNICsAPIC VMM applies network configurationApplication Network ProfileF/WEPGAPPL/BAPP PORT GROUPWEB PORT GROUPVMBRKACI-2006EPGWEBVMby placement of vNICs into PortGroups or VM NetworksEPGDB EPGs are exposed to the VMM as aDB PORT GROUP1:1 mapping to Port Groups or VMNetworksVM 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public21
ACI Fabric – Integrated OverlayData Path - Encapsulation NormalisationIP Fabric UsingVXLAN TaggingNormalisedEncapsulationAny to AnyVTEPLocalisedEncapsulationVXLANVNID 5789802.1QVLAN 50VXLANVNID 11348NVGREVSID 7456 All traffic within the ACI Fabric is encapsulated with an extended VXLAN header External VLAN, VXLAN, NVGRE tags are mapped at ingress to an internal VXLAN tag Forwarding is not limited to, nor constrained within, the encapsulation type orencapsulation ‘overlay’ network External identifies are localised to the Leaf or Leaf port, allowing re-use and/or translationif requiredBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco PayloadNormalisation of IngressEncapsulation
Hypervisor Integration with ACIVMM Domains & VLAN Encapsulation VLAN ID only gives 4K EPGs16M Virtual Networks(12 bits) Scale by creating pockets of4K EPGs Map EPGs to VMM Domainbased on scope of livemigrationEPEPEPEPEPEPEPVMM Domain 14K EPGsBRKACI-2006EPEP 2015 Cisco and/or its affiliates. All rights reserved.EPEPEPEPEPVMM Domain 24K EPGsCisco Public23 Place VM anywhere Live migrate within VMMdomain
Hypervisor Integration with ACIVMM Domains & VLAN Encapsulation VLAN ID only gives 4K EPGs16M Virtual Networks(12 bits) Scale by creating pockets of4K EPGsVNID 6032 Map EPGs to VMM Domainbased on scope of livemigrationEPEPEPVLAN 16VLAN 5VMM Domain 14K EPGsBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved. Place VM anywhereEP Live migrate within VMMVMM Domain 24K EPGsCisco Public24domain
Hypervisor Integration with ACIEndpoint Discovery Virtual Endpoints areAPICdiscovered for reachability &policy purposes via 2 methods: Control Plane Learning:-Out-of-Band Handshake: vCenterAPIs-Inband Handshake: OpFlexenabled Host (AVS, Hyper-V,etc.) Data Path Learning: Distributedswitch learningControl(vCenter API)Control(OpFlex) LLDP used to resolve Virtualhost ID to attached port on leafnode (non-OpFlex Hosts)BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Data PathData PathDVS HostOpFlex HostCisco Public25VMM
Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vCenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack IntegrationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public26
VMWare IntegrationThree Different OptionsDistributed Virtual Switch(DVS)vCenter vShieldApplication Virtual Switch(AVS) Encapsulations: VLAN Installation: Native VM discovery: LLDP Software/Licenses:vCenter withEnterprise LicenseBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved. Encapsulations: VLAN,VXLAN Encapsulations: VLAN,VXLAN Installation: Native Installation: VIB throughVUM or Console VM discovery: LLDP Software/Licenses:vCenter withEnterprise License,vShield Manager withvShield LicenseCisco Public27 VM discovery: OpFlex Software/Licenses:vCenter withEnterprise License
ACI Hypervisor Integration – VMware DVS/vShieldApplication Network Profile5APICEPGWEBF/WCreate Application PolicyEPGAPPL/BEPG DBAPIC Admin9ACIFabricPush Policy1Cisco APIC andVMw are vCenter InitialHandshake62Create VDS7Create PortGroupsVIRTUAL DISTRIBUTED SWITCHWEB PORT GROUPvCenterServer / vShield8VI/Server AdminBRKACI-2006Instantiate VMs,Assign to Port Groups 2015 Cisco and/or its affiliates. All rights reserved.Learn location of ESXHost through LLDP4Automatically MapEPG To Port GroupsCisco Public3Attach Hypervisorto VDSW ebAppH YPER VISOR28APP PORT GROUPDBW ebDB PORT GROUPW ebH YPER VISORDB
ACI Hypervisor Integration – VMware DVSName of VMM DomainType of vSwitch (DVS or AVS)Associated Attachable Entity Profile (AEP)VLAN PoolvCenter Administrator CredentialsvCenter server informationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public29
ACI Hypervisor Integration – VMware DVSBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public30
Application Virtual Switch (AVS)Integration Overview OpFlex Control protocol- Control channel- VM attach/detach, link statenotifications VEM extension to the fabricHypervisorManagervSphereSouthboundOpFlex API vSphere 5.0 and above BPDU Filter/BPDU GuardVMVMVMVM SPAN/ERSPAN Port level stats collectionN1KV VEM Remote Virtual Leaf Support(future)BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public31
ACI Hypervisor Integration – AVSApplication Network Profile5APICEPGWEBF/WCreate Application PolicyEPGAPPL/BEPGDBAPIC Admin9ACIFabricPush Policy1Cisco APIC andVMw are vCenter InitialHandshake6Learn location of ESXHost through OpFlex4Automatically MapEPG To Port GroupsOpFlex Agent2Create AVSVDS7Create PortGroupsApplication Virtual Sw itch (AVS)WEB PORT GROUPvCenterServer8VI/Server AdminBRKACI-2006Instantiate VMs,Assign to Port Groups 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public3Attach Hypervisorto VDSW ebAppH YPER VISOR32OpFlex AgentAPP PORT GROUPDBW ebDB PORT GROUPW ebH YPER VISORDB
ACI Hypervisor Integration – VMware DVSName of VMM DomainType of vSwitch (DVS or AVS)Switching mode (FEX or Normal)Associated Attachable Entity Profile (AEP)VXLAN PoolMulticast PoolvCenter Administrator CredentialsvCenter server informationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public33
ACI Hypervisor Integration – VMwareBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public34
Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vCenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack IntegrationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public35
Microsoft Interaction with ACITwo modes of OperationIntegration with SCVMMIntegration with Azure PackAPICAPIC Policy Management: Through APIC Superset of SCVMM Software / License: Windows Server withHyperV, SCVMM Policy Management: Through APIC orthrough Azure Pack VM Discovery: OpFlex Software / License: Windows Server withHyperV, SCVMM, Azure Pack (free) Encapsulations: VLAN, NVGRE (Future) VM Discovery: OpFlex Plugin Installation: Manual Encapsulations: VLAN, NVGRE (Future) Plugin Installation: IntegratedBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public36
Q2 CY 15ACI Hypervisor Integration—MSFT SCVMMAPIC AdminAPIC OpFlex AgentSCVMMAdminAPIC OpFlex AgentHypervisor Virtual SwitchWEB VMNETWORKWEBMSFTSCVMMAPP VMNETWORKAPPWEBHYPERV NetworksInitial HandshakeOpFlexBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco PublicAPPHYPERV ISORVIRTUAL123456789DB VMNETWORKDB
Cisco ACI: Microsoft Azure Pack IntegrationPolicyManagement:APIC / Azure PackAzure Pack GUIWebsites, Apps,Database, VMs, ACIWebsitesProvider PortalVMsSQLConsumerSelf-Service PortalService BusFutureServicesVM Discovery:OpFlexACIPROVIDERSERVICEMicrosoft System Center R2 w/ Service Provider FoundationOpFlex DriverACI FABRICBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco PublicQ2 CY 15Encapsulation:VLAN in Q2CY15(VXLAN, NVGREin future)Zero touchnetworkprovisioningService Insertion(Physical/ Virtual)
Hypervisor Integration Agenda Hypervisor Integration Overview VMWare vCenter Integration Microsoft SCVMM & Azure Pack Integration OpenStack IntegrationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public39
OpenStack ComponentsInitial Focus on Networking(Neutron)BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public40
OpenStack Neutron Networking ModelTenantNetwork:externalRouterNetworkSubnetL3 ExternalNet ExtensionBRKACI-2006Core APIPortSec GrpExtension 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public41Security GroupSecurity GroupRule
Cisco ACI ModelTenantOutsideNetworkApp ProfileBridge DomainContext(VRF)ContractSubnetSubjectEndpoint GroupBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public42
Cisco OpenStack ACI ModelNeutron API MappingBRKACI-2006OpenStackACITenantTenantNo EquivalentApplication ProfileNetworkEPG Bridge DomainSubnetSubnetSecurity GroupHandled by HostSecurity Group RuleHandled by HostRouterL3 ContextNetwork:ExternalL3 Outside 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public43
ACI OpenStack Integration – Phase 13APICCreate Application PolicyAPIC Admin(Performs Steps 3)ACIFabric5Push Policy2Automatically PushNetw ork Profiles toAPICCreate Netw ork, Subnet,Security Groups, Policy1NEUTRONOpenStack Tenant(Performs Steps 1,4)BRKACI-2006NOVANETWORKOPEN VIRTUAL SWITCH4W ebInstantiate VMs 2015 Cisco and/or its affiliates. All rights reserved.ROUTINGCisco PublicAppH YPER VISOR44SECURITYOPEN VIRTUAL SWITCHW ebAppOPEN VIRTUAL SWITCHDBH YPER VISORW ebW ebDBH YPER VISOR
Group-Based Policy in OpenStackGBP release 2014.2 “Juno” Messy mapping ACI to currentOpenStack component Endpoint groups (ports security groups) Contracts (security groups security grouprules) Goal: Introduce ACI model intoOpenStack Starting with groups and /GroupBasedPolicyBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
ACI OpenStack Integration – Phase 2Create Application Netw orkProfileApplication Network ProfileNEUTRONNOVA4OpenStack Tenant(Performs step 1,4)W ebInstantiate VMs2EPGWEBF/WL/B1AppW ebH YPER VISOREPGAPPL/BAppDBW ebH YPER VISOREPGDBW ebDBH YPER VISORAutomatically PushNetw ork Profiles toAPICApplication Network Profile3APICCreate Application PolicyACI Admin(manages physicalnetw ork, monitors tenantstate)5Push PolicyBRKACI-2006F/WL/B 2015 Cisco and/or its affiliates. All rights reserved.Cisco PublicACIFabricEPGWEBL/BEPGAPPEPGDB
Layer 4-7 Services Integration
Agenda Challenges with Network Service Insertion Goals of ACI Services Insertion and Automation Key concepts and building blocks Services Insertion Configuration WizardBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public48
Challenges with Network Service InsertionConfigure Network to insert FirewallRouterConfigure firewall network parametersService insertion takesdaysConfigure firewall rules as required by the applicationNetwork configuration istime consuming and errorproneFWRouterLBConfigure Load Balancer Network ParametersSwitchvFWConfigure Router to steer traffic to/from Load BalancerserversConfigure Load Balancer as required by the applicationService Insertion In traditionalNetworksBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public49Difficult to trackconfiguration on services
Goals of ACI Service Insertion and AutomationConfigure and Manage VLAN allocation for service insertionConfigure the network to redirect traffic through service deviceConfigure network and service function parameters on service deviceBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
APIC Application ProfileApplication profileEXTERNALPolicyWEBAPPPolicyPolicyDBAPIC Policy ModelEndpoint Group (EPG): Collection of similar End Points identifying a particularApplication Tier. Endpoint could represent VMs, VNICs , IP, DNS name etcApplication Profile: Collection of Endpoint Groups and the policies that define wayEndpoint group communicate with each otherBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public51
ACI Communication AbstractionPolicy Contract “Users Files”Single Point of Orchestration(APIC)All TCP/UDP: AcceptUDP/16384-32767: PrioritiseAll Other: DropDifferent administrative groupsuse same interface, high levelof object sharingACI FabricCreate Contracts Between EndpointGroupsPort-level rules: drop, prioritise, push toservice chain; reusable templatesEnforce Ingress Fabric RulesHardware rules on each port, security indepth, embedded QoSSingle Pass ServicesDefine Endpoint GroupsSecurity administrator definesgeneric templates in APIC,availed to contract creation“Files”Service GraphBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public“Users”Any endpoints anywhere within thefabric, virtual or physical
Application PolicydB ContractAPPConsumesMSSQL: AcceptMySQL: AcceptProvidesHTTP: Accept, CountEPG - APPDBEPG - DBContractFilterActionNamed collection of L4 portranges- HTTP [80, 443]- MSSQL [1433-1434]- MySQL [3306, 25565]- DNS [53, 953, 1337, 5353]BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.What action or actions to take onpacket- Accept- Service Insert- Count- Copy (future sw release)Cisco Public53
Network Service InsertionEXTERNALWeb ContractConsumesWEBHTTP: Accept, Service GraphConsumerProviderLBFWContract provides a mechanism to add Network Services through associating a Service GraphA Service Graph identifies a set of network service functions required by an applicationAPIC configures network service functions on devices like firewall, Load Balancers through a device packagesA device package can be uploaded on APIC at run timeAdding new network service support through device package does not require APIC rebootBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Key Concepts in Service Insertion Concrete Device: it represents aservice device, e.g. one loadbalancer, or one firewall Logical Device Context: specifiesupon which criteria a specific devicein the inventory should be used torender a service graph Logical Device: represents a clusterof 2 devices that operate inactive/standby mode for instance. Device Package:– defines things such as how to label“connectors” for a function, and how totranslate “names” from ACI to thespecific device.– E.g. a load balancer “function” haspredefined connectors called: Service Graph: defines a sequenceof “functions” connected: e.g. afirewall from Checkpoint followed bya load balancing from “F5”. “external” “internal” “management”.BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public55
Service Insertion ArchitectureDevice PackageService functions are added to the APIC through a device packageConfiguration Model (XML File)Device package contains a device model and device python scriptsPython ScriptsAPICAPIC– Policy ManagerConfiguration ModelDevice Model defines Service Function and ConfigurationScript EngineAPIC Script InterfacePython ScriptsDevice scripts translates APIC API callouts to device specific calloutsDevice Interface: REST/CLIScript can interface with the device using REST, SSH or any mechanismService DeviceBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Device Package ExampleFollowing functions can be configured through APICBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public57
Device Information Extracted Out of Device PackageFunctions (Or Services) provided by theService DeviceSLB, SSL, ResponderVendor Info, Software Version Info andModel Info of Service DeviceInfo on how many interfaces types theappliance has (Inside, Outside andMgmt for e.g.)BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Register Service Devices with APICConfigure Management IP address on the deviceCreate username/password for APIC to manage the deviceAttach the management interface to appropriate interface/port-groupRegister the device with APIC – Provide IP address and Login credentialsBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public59
Device ClusterDevices on APIC are registered as a clusterCluster can contain one or more physical or virtual devicesDevices within the cluster can be deployed in Active-Active or Active-Standby modeAPIC configures Service Function using Cluster Mgmt IP and Login CredentialsLogical Device (LDev): Represents a clusterConcrete Device (CDev):A Physical or VirtualService Device -NConcrete Device (CDev):A Physical or VirtualService Device -1APIC can configure device specific feature ike (Port-channel configuration etc) using device’s IP address and login credentialsBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public60
Service Function GraphFunctions rendered on the same deviceService Graph: L offloadTerminalsConnectorsFirewall paramsPermit ip tcp * dest-ip vip dest-port 80Deny ip udp *BRKACI-2006Func:Load Balancing 2015 Cisco and/or its affiliates. All rights reserved.SSL paramsIpaddress vip port 80Cisco Public61Load-Balancing paramsvirtual-ip vip port 80Lb-aglorithm: round-robin
Create Service GraphBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public62
Configure Function ParametersBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public63
Service InsertionApplication profileEXTERNALWEBPolicyAPPTerminal: Output1Terminal: Input1Service Graph: “appGraph”Service Graph: oad BalancerFunc:Load Balancer 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public64PolicyDB
Associate Graph to a ContractBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public65
Example GraphBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public66
Services Insertion Configuration WizardThree step process and each can be re-usedCreate L4-L7 Service Devices123BRKACI-2006Create L4-L7 Service Graph TemplateApply L4-L7 Service Graph Template to EPGs 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Devices – Single DeviceDevice Management IP Addressand portName of the deviceSpecify Device Package to manage thisClusterModel of the devicePolicy domainLogin Credentials to manage thedevice and connectivity informationBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Devices - HAThis shows how Wizard will look ifyou select HA ClusterBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Devices – Device PackageList of device packagethat APIC has will beshown hereBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Devices – Model (Citrix)Associated interfaces on the deviceto interface labelsSingle device or cluster / HABRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Devices – Connectivity (Citrix)Managementconnectivity tothe deviceBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Devices – Connectivity (Citrix)Device Parameter thatis required.BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Devices – Connectivity (Citrix)Shows all theparametersBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Graph TemplateTemplates gives you option tochoose simple Service Graphbased on your requirementBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Create a L4-7 Service Graph TemplateSingle Node ADCDevice Package gives you anoption that you want to use forthe particular Services GraphProfile will give the servicegraph all the parameters that isneeded. E.g. SSLUsers can also customise theprofile. You can click on profileto see what parameters areavailable.BRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Apply L4-L7 Service Graph Template to EPGsEPG and Service GraphTemplateIf you uncheck “Allow AllTraffic” i.e. IP Any any or youcan create your own specificfilter entriesBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Apply L4-L7 Service Graph Template to EPGsBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco Public
Q&A
Complete Your Online Session EvaluationGive us your feedback and receive aCisco Live 2015 T-Shirt!Complete your Overall Event Survey and 5 SessionEvaluations. Directly from your mobile device on the Cisco LiveMobile App By visiting the Cisco Live Mobile 015 Visit any Cisco Live Internet Station locatedthroughout the venueT-Shirts can be collected in the World of Solutionson Friday 20 March 12:00pm - 2:00pmBRKACI-2006 2015 Cisco and/or its affiliates. All rights reserved.Cisco PublicLearn online with Cisco Live!Visit us online after the conference for fullaccess to session videos andpresentations. www.CiscoLiveAPAC.com
Integrated gateway for VLAN, VxLAN, and NVGRE networks from virtual to physical Normalisation for NVGRE, VXLAN, and VLAN networks Customer not restricted by a choice of hypervisor Fabric is ready for multi-hypervisor Virtual Integration Network Admin Application Admin PHYSICAL SERVER VLAN VXLAN VLAN NVGRE VLAN VXLAN VLAN ESX Hyper-V KVM Hypervisor
Centrify DirectControl SSSD Tip For the list of supported platforms, see the documentation from the vendors of the Active Directory integration packages. HDX 3D Pro The following hypervisors, Linux Distributions, and NVIDIA GRID GPU are required to support HDX 3D Pro. Hypervisors The following hypervisors are supported: XenServer VMware ESX .
deploying OpenStack will continue to use primarily KVM and Xen open source hypervisors. As hypervisors commoditize, IDC believes that customers will care less and less about the hypervisor used. Existing hypervisors will be used where existing workloads and certifications are to be migrated, but IDC expects the
Manila started supporting IPv6 in Queens For the following demo, we have used our development lab hypervisors and storage devices Baremetal hypervisors running Ubuntu and KVM NetApp ONTAP devices Hypervisors are connected to two IPv6 networks: management and data ONTAP are also connected to the same networks, with IPv6 interfaces
All Vaults are OS agnostic and support popular open source firewall distros (pfSense, OPNsense, OpenWRT etc.), hypervisors, and much more. All Vaults are tested for compatibility with a variety of Operating Systems, supporting Windows, linux, *BSD, and hypervisors like Proxmox, XCP-NG and VMWare ESX.
PUBLIC 4 Developed in 2008 & managed by OASIS Open Supported by all clouds and enterprise hypervisors (VIRTIO 1.0 & 1.1) A standardized interface for I/O between virtual machines and hypervisors Drivers widely available in major operating systems (Linux, Android, BSD, Windows, etc.) More and more devices becoming available for the automotive
Vary greatly, with options including: Type 0 hypervisors - Hardware-based solutions that provide support for virtual machine creation and management via firmware IBM LPARs and Oracle LDOMs are examples Type 1 hypervisors - Operating-system-like software built to provide virtualization Including VMware ESX, Joyent SmartOS, and Citrix XenServer
number of open-source hypervisors available such as Xen, Linux KVM and OKL4 Microvisor, this is the first paper to present the open-source embedded hypervisor eXtensible Versatile hypervISOR (Xvisor) and compare it against two of the commonly used hypervisors KVM and Xen in-terms of comparison factors that affect the whole system performance.
DC power supply1 A new 1100W DC power supply option will be available for the R720 and R720xd. Failsafe hypervisors The internal dual SD module enables Dell's unique Failsafe Virtualization architecture, ensuring uptime by providing failover capability for embedded hypervisors, such as VMware ESXi . Fresh air cooling
