Data Center Virtualization: BRKDCT-1870

BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Data Center Virtualization
BRKDCT-1870
BRKDCT-1870
© 2006, Cisco Systems, Inc. All rights reserved.

Presentation_ID.scr
Housekeeping
We value your feedback—don’t forget to complete your

online session evaluations after each session and
complete the Overall Conference Evaluation which will
be available online from Thursday
Visit the World of Solutions
Please switch off your mobile phones
Please remember to wear your badge at all times
including the Customer Appreciation Event
BRKDCT-1870
Before We Get Started

Introduction level session focused on data center
virtualization technologies and solutions, including both
front-end and back-end networks as well as server
virtualization
Prerequisites: Being familiar with the basic LAN and SAN
design models as well as server virtualization technologies
Other recommended sessions
BRKDCT-2840 Data Center Networking: Taking Risk Away
Layer 2 Interconnects
BRKDCT-2866 Data Center Architecture Strategy and Planning
BRKDCT-2868 Network Integration of VMware Server
Virtualization—LAN and Storage
BRKDCT-3831 Advanced Data Center Virtualization
BRKDCT-1870

Presentation_ID.scr
Data Center Trends
Days to Deploy Applications 60–180
Server/Storage Utilization < 25%
Annual Storage Growth 40–400%
DC Records Retention (Years) 7–10
DC Power and Cooling Costs ~ 25–30%
Data Center Operations > 30%
“By 2008, 50% of Today’s Data Centers Will Have Insufficient Power
and Cooling Capacity to Meet the Demands of High-Density Equipment”
Source: Gartner, 2008
BRKDCT-1870
Enables consolidation or sharing of

physical assets to increase utilization
Reduces physical devices and cabling,

space, power, and cooling
Enables rapid deployment and redeployment

of resources to meet business objectives
BRKDCT-1870

Presentation_ID.scr
“[Virtualization is] a technique for hiding the physical
characteristics of computing resources from the way in which
other systems, applications, or end users interact with those
resources. This includes making a single physical resource
(such as a server, an operating system, an application, or
storage device) appear to function as multiple logical
resources; or it can include making multiple physical
resources (such as storage devices or servers) appear as a
single logical resource.”
Mann, Andi, Virtualization 101

Enterprise Management Associates (EMA)
BRKDCT-1870
Consolidation and Isolation

Share All or Share Nothing?
No Isolation
Applications compete
Device 1
for resources
Application 1
One Physical Changes to one application
Device Application 2 can impact others
Application 3 Security and compliance
can be complex
Or Inefficient Isolation
Device 1
Application 1
Device sprawl
Underutilized resources
Many Physical Device 2
Devices Application 2 Complex to upgrade
Device 3 Complex service chaining
Application 3
BRKDCT-1870

Presentation_ID.scr
Physical Consolidation and Logical Isolation
Ideal Isolation
One Physical Partitioning enables
Device Virtual Device 1 segmentation of traffic
Security Admin and/or resources
Sys Admin Abstraction hides
Apps Admin physical resources
Network Admin Ideally per partition
RBAC enables
Virtual Device 2
customized,
Virtual Device 3
autonomous policies
Virtual Device 4
Multiple Virtual
Devices ..
Virtual Device 5
Virtual Device n
BRKDCT-1870

Network
Network Virtualization Virtualization
Consolidation of physical networks
Greater flexibility
Improved capacity utilization
Server
Virtualization
Server Virtualization App
App App App App
OS OS OS OS
Consolidation of physical servers OS
Hypervisor
Improved server utilization

Greater flexibility
Storage
Virtualization
Storage Virtualization
Consolidation of physical SANs
Improved storage utilization
Greater flexibility
BRKDCT-1870

Presentation_ID.scr
Network Virtualization
BRKDCT-1870
What Is Network Virtualization?
Virtualization: Many-to-one
One network consolidates many physical networks
Security Network
Guest/Partner Network
Backup Network
Out-of-Band Management Network
Data Center Network

BRKDCT-1870

Presentation_ID.scr
Various Degrees of Virtualization
VPN, VRF, and VLAN Data/Control Plane
Logical separation of data plane

(and some control plane) functionality Data/Control Plane
+
Virtual contexts Management Plane
Logical separation of configuration Data/Control Plane

or management and data plane +
Management Plane
+
Virtual device contexts Resources
+
Logical separation of control plane, Operating Environment
data plane, management, resources,

and system processes
Hypervisor Model
BRKDCT-1870
Virtualized Network Devices
Switch virtualization: VLANs

Router virtualization: Virtual Routing/Forwarding (VRFs)
802.1q, GRE, LSP,

802.1q or Others
Physical Int, Others
VRF
VRF
Global
Logical or Logical or
Physical Int Physical Int
(Layer 3) (Layer 3)
BRKDCT-1870

Presentation_ID.scr
IEEE 802.1q VLANs
Hardware-based isolation
of tagged traffic belonging
to different VLANs VLAN Header Is
Removed at Egress Point
No special drivers or
Cisco Catalyst Series
configuration required Cisco Nexus Series Trunk Port
for end nodes
(hosts, disks, etc.) IEEE802.1Q Trunk
Carries Tagged Traffic
from Multiple VLANs
Traffic tagged at ingress
Trunk Port
and carried across 802.1q VLAN Header Is
Added at Ingress Point
links between switches Indicating Membership
Servers may also No Special Support

be connected using Required by End Nodes
802.1q trunks
BRKDCT-1870
Virtual LANs
The Basics
All hosts on a VLAN typically communicate directly

A VLAN typically represents one IP subnet
Inter-VLAN traffic must use a router to communicate…
typically
.11 .12 .13 .11 .12 .13 .11 .12 .13

10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
BRKDCT-1870

Presentation_ID.scr
Private VLANs
Promiscuous
ports receive Promiscuous Promiscuous
Port Port
and transmit Only One Subnet
to all hosts
Communities allow
communications
between groups
x x
Isolated ports talk
to promiscuous
ports only x
Primary VLAN
Community VLAN
.11 .12 .13 .14 .15 .16 .17 .18
Community VLAN
Community Community Isolated
Isolated VLAN
‘A’ ‘B’ Ports
BRKDCT-1870
Private VLAN Use Cases
Hosting environments
Multiple hosts can share a single .1
subnet while maintaining separation
Conserves IP addresses
Provides traffic separation, i.e. gold
.11 .12 .13 .14 .15 .16
customer cannot affect green
Security
Segmentation of DMZ attached or .1
public-facing servers
Remember to use ACLs on the
router
.11 .12 .13 .14 .15 .16
Can be used for worm mitigation
BRKDCT-1870

Presentation_ID.scr
Introduction to VRF
(Virtual Route Forwarding)
All routes learned are, by default, placed into a

consolidated routing table, which is referred to as
the “global” routing table
eigrp 1
Routes 10.2.1.0
10.5.3.0
Show ip route
10.1.2.0/24 ospf 1
10.2.1.0/24 10.4.6.0
10.5.3.0/24 Global Routing 10.5.1.0
10.6.3.0/24 Table
10.6.7.0/24
10.9.2.0/24
router eigrp 1 eigrp 1

network 10.1.1.0 255.255.255.0
! 10.6.7.0
router ospf 1 Routes 10.1.8.0
network 10.2.1.0 0.7.255.255 area 0
ospf 1
10.9.2.0
10.7.5.0
BRKDCT-1870
VRF Overview
What Is a VRF (Virtual Routing and Forwarding)?
VRFs allow dividing up your routing table into multiple virtual tables
Routing protocol extensions allow binding a process/address
family to a VRF
Interfaces are bound to a VRF using eigrp 1
Routes 10.2.1.0
ip vrf forwarding <vrf-name> 10.5.3.0
ospf 1
10.4.6.0
10.5.1.0
router eigrp 1
network 10.1.1.0 255.255.0.0
!
router ospf 1 vrf orange
network 10.2.1.0 0.7.255.255 area 0 …
eigrp 1
10.6.7.0
Show ip route Show ip route vrf orange 10.1.8.0
10.2.1.0 10.4.6.0 Routes
10.5.3.0 10.5.1.0 ospf 1
10.6.7.0 10.9.2.0 10.9.2.0
10.1.8.0 10.7.5.0 10.7.5.0
BRKDCT-1870

Presentation_ID.scr
Simplifying Data Center Operations
with Virtualization
Complex, error-prone service chaining and cabling

Indirect failure detection difficult to troubleshoot
Inefficient use of resources
BRKDCT-1870
Enhancing Application
Availability with VRF
Direct detection of component

failure
Simplifies topology and VRF VRF
troubleshooting
Predictable traffic flows
Improved availability VRF VRF
VRF VRF
BRKDCT-1870

Presentation_ID.scr
Virtual Switch Networking
Traditional data center designs require switched

(Layer 2) adjacencies between server nodes due
to prevalence of VMware virtualization technology
Large Layer 2 networks, placing more burden
on loop-detection protocols such as Spanning Tree
Virtual switch networks enable extended switched
networks to be built
BRKDCT-1870
Cisco Virtual Switch Networks

Virtualizes identity of two or more
switches into a single entity
Simplifies large scale data center
networks topology and operations
Single switch configuration and O/S
Scales data center performance
and density
Multichassis EtherChannel
Reduces protocol adjacencies
Maximizes application availability
Stateful, interchassis NSF/SSO
Maintains investment in Cisco
Catalyst features and hardware
BRKRST-3468: Cisco Catalyst Virtual Switching System (VSS)

BRKDCT-1870

Presentation_ID.scr
Common Data Center Challenges
L3 Core
FHRP, HSRP, VRRP
Spanning Tree
Policy Management
L2/L3 Distribution
Single Active Uplink
per VLAN, L2
Reconvergence,
Excessive BPDUs
L2 Access
Single Active Uplink
per VLAN, L2
Reconvergence
Servers
Dual-Homed
Active/Standby,
Limited VM Mobility
Due to L3 Constraints
BRKDCT-1870
Virtual Switch System at Data Center

A Virtual Switch-Enabled Data Center Allows for Maximum Scalability so
Bandwidth Can Be Added When Required, but Still Providing a Larger
Layer 2 Hierarchical Architecture Free of Reliance on Spanning Tree
L3 Core
Single L2/L3 Node, Fast
Convergence, Scalable, VLAN
Extension Without Spanning Tree
L2/L3 Distribution
Fast L2 Convergence, Minimized
L2 Control Plane, Scalable,
No Spanning Tree
L2 Access
Multichassis EtherChannel,
Fast L2 Convergence,
No Spanning Tree
Servers
Dual-Homed Active/Active,
BRKDCT-1870

Presentation_ID.scr
Enhancing Data Center Availability
and Mobility with VSS
Root
Active Active
Stdby Stdby
Data Center 1 Data Center 2
Extending VLANs between data centers required for application

HA and mobility
Geoclustering, Veritas, VMware
Requires careful consideration of spanning tree behavior
Inefficient bandwidth utilization
Spanning tree operation blocks paths
NIC teaming requires Active/Standby
BRKDCT-1870
Enhancing Availability and

Mobility with VSS
VSS VSS VSS VSS
Root
Active Active
Active Active
Data Center 1 Data Center 2

Simplifies network configuration and topology

Single adjacency between VSS switches
Multichassis EtherChannel between VSS switches
Eliminates Spanning Tree*
Efficient bandwidth utilization
All paths forwarding—increased throughput
*Spanning Tree runs in the background as a safety net

BRKDCT-1870

Presentation_ID.scr
Virtual Private LAN Services (VPLS)
Layer 2 Extension Across Layer 3
10.1.1.12
10.1.1.11 Routed
IP Network
10.1.1.13
Multipoint Layer 2 VPN

Enables extension of Layer 2 VLAN across routed infrastructure
for Geoclustering or VMotion
Connects two or more customer devices using Ethernet bridging
techniques
Requires MPLS for forwarding
For more information BRKAGG-2000 or BRKDCT-2840
BRKDCT-1870
Virtual Device Contexts

Enables coexistence of disparate networks on the same
physical infrastructure
Physical Switch
L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols
VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP
VLAN
VLAN Mgr
LACP
LACP
Mgr UDLD
UDLD
CTS
CTS
BGP
BGP
EIGRP
EIGRP
HSRP
HSRP
VRRP
VRRP
VLAN
VLAN Mgr
LACP
LACP
Mgr UDLD
UDLD
CTS
CTS
BGP
BGP
EIGRP
EIGRP
HSRP
HSRP
VRRP
VRRP
… VLAN
VLAN Mgr
LACP
LACP
Mgr UDLD
UDLD
CTS
CTS
BGP
BGP
EIGRP
EIGRP
HSRP
HSRP
VRRP
VRRP
IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP
L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB RIB
RIB RIB
RIB
Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack
Protocol Stack
(IPv4/IPv6/L2)
VDC1 VDC2 VDCn
Infrastructure
NX-OS Kernel
Hardware
BRKDCT-1870

Presentation_ID.scr
Virtual Device Context
Enables consolidation of networks on a single infrastructure
For example, production, stage and development
Isolated configuration and management environments

Independent isolated processes (OSPF, Spanning Tree, etc.)
per VDC
L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols
VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP
VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP
LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP
IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PI
PIMM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PI
PIMM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PI
PIMM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP
L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB RIB
RIB RIB
RIB L2
L2 Table
Table RIB
RIB L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB RIB
RIB RIB
RIB L2
L2 Table
Table RIB
RIB
Protocol
Protocol Stack
Protocol Stack (IPv4/IPv6/L2)
Protocol Stack
Protocol Stack
Protocol Stack
Protocol Stack
(IPv4/IPv6/L2)
VDC1 VDC2 VDCn VDC4 VDC1 VDC2 VDC4 VDC2 VDCn VDC4
BRKDCT-1870
Application
Infrastructure
“Virtualization”
BRKDCT-1870

Presentation_ID.scr
Application Infrastructure Virtualization
DNS
Global Site Selector
www.cisco.com: A 10.1.1.1 10.1.1.1
10.1.1.1
10.1.2.1
10.1.2.2
10.1.2.3
Defines services that can be used to abstract and segment

applications, for example:
DNS abstracts service from IP address
Virtual IP abstracts physical servers
Abstracts SSL from servers
Improves performance, availability, and operations

BRKDCT-1870
Application Networking Services

Global Site Selection and Application Awareness
ACE
Advanced
Data Center #1 Server Load
10.1.1.1 Balancing
DNS Request DNS Response

www.foo.com 10.1.1.1
10.1.1.2
10.1.1.2
GSS
Fully Integrated DNS
Server with Intelligent
Site Selection Data Center #2
Intelligent site selection enables Active/Active data center

Intelligent failover based on site, device, or virtual device failure
Stateful operation limits business impact of an outage
BRKDCT-1870

Presentation_ID.scr
SLB: Layer 4
10.1.1.1: 80
SYN 192.1.1.1 10.1.1.1 SYN 192.1.1.1 10.1.2.2

10.1.2.1
192.1.1.1 10.1.1.1 SYN-ACK 192.1.1.1 10.1.2.2 SYN-ACK
10.1.2.2
ACK 192.1.1.1 10.1.1.1 ACK 192.1.1.1 10.1.2.2
10.1.2.3
Layer 4 load balancing decision made upon TCP

connection set up to VIP and TCP port
Does not inspect HTTP/SOAP headers
Load balancer rewrites destination IP address
May rewrite source IP address
BRKDCT-1870
SLB: Delayed Binding

SYN 192.1.1.1 10.1.1.1 10.1.1.1
192.1.1.1 10.1.1.1 SYN-ACK
ACK 192.1.1.1 10.1.1.1

10.1.2.1
http://foo 192.1.1.1 10.1.1.1
10.1.2.2
SYN 192.1.1.1 10.1.2.2
10.1.2.3
192.1.1.1 10.1.2.2 SYN-ACK
ACK 192.1.1.1 10.1.2.2
http://foo 192.1.1.1 10.1.2.2
Delayed binding negotiates TCP handshake first

Makes SLB decision based upon http header
Enables TCP reuse—can improve server performance
BRKDCT-1870

Presentation_ID.scr
Simplifying Data Center
Operations with Virtualization
Per application
SLB/SSL/firewalls
C1 C2 C3
Underutilized devices
Inefficient space,
power, cooling …
BRKDCT-1870
Enhancing Data Center

Operations with Virtualization
Consolidate multiple
devices into a single device
Separate, autonomous
policies with guaranteed
resources per virtual device
On-demand, virtual device
creation accelerates
deployment
C1 C2 C3 C4
Reduces physical
infrastructure
Space, power and
cooling, and cabling
BRKDCT-1870

Presentation_ID.scr
Storage Virtualization
BRKDCT-1870
Today’s Storage Area Networks

Siloed, Inflexible, Inefficient
Storage aligned by application or department

Underutilized islands of storage
Duplicated inefficient resources
Limited flexibility to share storage, or migrate data and workloads
Back-Up E-Mail OLTP
BRKDCT-1870

Presentation_ID.scr
VSAN Advantages for Consolidation
SAN Islands Consolidated SANs
Blade Server VSAN-Specific
VSAN_1 Array
(Access via IVR)
OLTP OLTP
VSAN_1 VSAN_1
E-Mail
VSAN_2
Overlay Isolated Virtual IVR
IVR
Fabrics (VSANs) on Same Back-up

Physical Infrastructure VSAN_3
Tape
OLTP VSAN_4
Back-Up E-Mail IVR
(Access
via IVR)
E-Mail Back-Up
VSAN_2 VSAN_3
Attribute
More Number of SAN Switches Fewer
No Share Disk/Tape Yes
No Share DR Facilities Yes
Complex SAN Management Simple
Very Hard Virtualization and Mobility Easy
BRKDCT-1870
VSAN Technology
The Virtual SANs Feature
Consists of Two Primary
Functions Fiber Channel
Services for
Hardware-based isolation of tagged VSAN Header Is
Blue VSAN
Removed at Egress Fiber Channel

traffic belonging to different VSANs Point Services for
Red VSAN
No special drivers or configuration Cisco MDS 9000
required for end nodes (hosts, disks, etc.) Family with VSAN Trunking
Service E_Port
Traffic tagged at Fx_Port ingress and (TE_Port)
carried across EISL (enhanced ISL) links
Enhanced ISL (EISL)
between switches Trunk Carries
Tagged Traffic from
Create independent instance of fiber Multiple VSANs
channel services for each newly Trunking
E_Port
created VSAN—services include: VSAN Header Is (TE_Port)
Added at Ingress
Zone server, name server, management Point Indicating Fiber Channel
Membership Services for
server, principle switch election, etc. Blue VSAN
Each service runs independently and No Special Fiber Channel

Support Required Services for
is managed/configured independently by End Nodes Red VSAN
BRKDCT-1870

Presentation_ID.scr
Inter-VSAN Routing
Similar to L3 Blade Server with Integrated
MDS 9100 Switch
interconnection Blade Server
VSAN_1
VSAN-Specific
Disk
between VLAN (Access via IVR)

Engineering
Engineering VSAN_1
VSAN_1
Allows sharing of Marketing

centralized storage VSAN_2
IVR
services such as tape IVR
HR
VSAN_3
libraries and disks

without merging
separate VSANs IVR
Network address Marketing

VSAN_2
Tape
VSAN_4
translation allow (Access via IVR)
interconnection of VSANs
HR
without a predefined VSAN_3
addressing schema
BRKDCT-1870
Inter-VSAN Routing (IVR)

Resilient SAN Extension Solutions
IVR minimizes the impact of change in fabric services across

geographically dispersed sites
Limit fabric control traffic such as SW-RSCNs and build/reconfigure fabric
(BF/RCF) to local VSANs
Flexible connectivity with the highest availability
Works with any transport service (FC, SONET, DWDM/CWDM, FCIP)
Inter-VSAN
Connection with Completely
Primary Data Center Isolated Fabrics Secondary Data Center
Replication
Replication
VSAN_4
VSAN_1 EISL#1 in
Port Channel
Metro DWDM
CWDM
SONET/SDH
FCIP
IVR IVR
Transit EISL#2 in
VSAN_3 (IVR) Port Channel
Local Local
VSAN_2 VSAN_5
BRKDCT-1870

Presentation_ID.scr
Storage Volume Virtualization
Initiator Target
Initiator Target
SAN
Fabric
Adding more storage requires administrative changes

Administrative overhead, prone to errors
Complex coordination of data movement between arrays
BRKDCT-1870
Storage Volume Virtualization

Virtual Virtual
Target 1 Initiator
VSAN_10 VSAN_30
Initiator Virtual Volume

VSAN_10 1
Virtual Virtual Volume Virtual

Initiator 2
Target 2 Initiator
VSAN_20
VSAN_20 VSAN_30
SAN
Fabric
A SCSI operation from the host is mapped in one or more

SCSI operations to the SAN-attached storage
Zoning connects real initiator and virtual target or virtual
initiator and real storage
Works across heterogeneous arrays
BRKDCT-1870

Presentation_ID.scr
Sample Use: Seamless Data Mobility
Virtual Virtual
Target 1 Initiator
VSAN_10 VSAN_30
Initiator Virtual Volume

VSAN_10 1 Tier_2 Array
Virtual Virtual Volume Virtual

Initiator 2
Target 2 Initiator
VSAN_20 Tier_2 Array
VSAN_20 VSAN_30
SAN
Fabric
Works across heterogeneous arrays

Nondisruptive to application host
Can be utilized for “end-of-lease” storage migration
Movement of data from one tier class to another tier
BRKDCT-1870
N-Port ID Virtualization (NPIV)

Application Server
Separate network port per

application for SAN segmentation
on server
File
E-Mail Web
Fabric port applies access control, Services
zoning, Port Security (PSM)

N_Port N_Port N_Port
Inefficient resource utilization ID-2 ID-2 ID-3
Multiple Host BUS Adapters (HBA)

Multiple SAN ports
F_Port F_Port F_Port
New applications may require
another HBA E_Port
E_Port
Expansion ports connect switches
SAN Fundamentals:
BRKSAN-2000 E-Mail Web File and Print
VSAN_3 VSAN_2 VSAN_1
BRKDCT-1870

Presentation_ID.scr
NPIV Usage Examples
Virtual Machine Aggregation
ESX 3.5-Enabled Server
Associates multiple N_Port

IDs to a single N_Port
File
E-Mail Web
N_Port IDs are associated Services
to the same VSAN N_Port N_Port N_Port

ID-2 ID-2 ID-3
Inter-VSAN routing
compliments access vHBA
control, zoning, Port Security NPIV-

Enabled HBA
(PSM) implemented at
application level F_Port
E_Port
Efficient use of HBA and E_Port
SAN resources
Add new applications
without adding hardware E-Mail
VSAN_3
Web
VSAN_2
File and Print
VSAN_1
BRKDCT-1870
Blade Switch/Top-of-Rack
Domain ID Explosion
Domain ID used for
addressing, routing, and
access control
Blade Switch
One domain ID per
SAN switch
Theoretically 239 domain
ID, practically much less
supported
Limits SAN fabric scalability Blade Switches
Increase Domain MDS
Theoretical
Maximum: 239
IDs, Increase 9500 Domain IDs
SAN Fundamentals: Fabrics per SAN
BRKSAN-2000
Tier 1 Tier 2 Tape Farm
BRKDCT-1870

Presentation_ID.scr
Cisco MDS Network Port Virtualization
Eliminates edge switch
Domain ID
Edge switch acts as an Blade Switch
NPIV host
Simplifies server and
SAN management and
operations NPV NPV NPV NPV
Increases fabric scalability

NPV-Enabled Edge Switch
SAN Fundamentals: Switches Do
Not Use
MDS
9500
Acts as a
NPIV Host
Domain IDs NPV NPV
BRKSAN-2000
Supports
Up to 100 Edge
Switches
Tier 1 Tier 2 Tape Farm
BRKDCT-1870
Flex Attach (Virtual PWWN)

Assign virtual PWWN Before
on NPV switch port
Zone vPWWN to storage FC1/1
vPWWN1
LUN masking is done PWWN1
on vPWWN pwwn1 pwwnX vpwwn1 pwwnX
Reduce operational overhead

Enables server or physical
HBA replacement After
No need for zoning modification
No LUN masking change FC1/1
vPWWN1
Automatic link to new PWWN PWWN2
No manual relinking to new PWWN

pwwn2 pwwnX vpwwn1 pwwnX
is needed
BRKDCT-1870

Presentation_ID.scr
Server Virtualization
BRKDCT-1870
Data Center Virtualization Technologies

Server Virtualization
A single physical server

hosting multiple independent
Guest OS + application(s)
Hypervisor abstracts physical
hardware from Guest O/S
and application
CPU
Presents a standard “server”
to the O/S and application vNIC Hypervisor Virtual Machine
Virtual SMP Virtual Switch File System
May present multiple
Identities (IP + MAC) VMFS
RAM
Partitions systems resources
RAM, CPU, disk, etc. pNIC HBA
Multiple implementations
VMware, XEN, Microsoft,
Sun containers
Each implementation is different
BRKDCT-1870

Presentation_ID.scr
Virtual Machine Hypervisor Networking
Each VM vNIC has a unique MAC
address (and IP address)
Be aware of IP subnetting and MAC address
vSwitch forwards traffic using standard

bridge forwarding rules
Virtual Machines
vSwitch does not learn MAC addresses
nor participate in Spanning Tree VLANs VLAN
“A” “B”
IP multicast constrained by vNIC
programming forwarding entries on
vSwitch pNIC0 pNIC1 pNIC2 pNIC3
vSwitch does not forward traffic received

on one pNIC to another
VLANs can be used traffic segmentation
and security purposes
pNIC filters “noninteresting”
VLAN-tagged traffic
vSwitches and associated VLANs are
managed independently of the main
data center network
BRKDCT-1870
Virtual Machine Considerations

Virtual machines
multiply network
resource utilization
Increased control
and data plane Virtual
demands Servers
Real
Servers
Port Address
Port Address
Port Address
Switch and network Port 2/1 Address
Port 2/1 Address
Port 2/1 Address
aa.aa.aa
aa.aa.aa
Port Addressaa.aa.aa
architecture are Port 2/1
2/1 Address
2/1 2/1
2/1
2/1
aa.aa.aa
aa.aa.aa
aa.aa.aa
bb.bb.bb
bb.bb.bb
2/1 aa.aa.aabb.bb.bb
critical considerations 2/1 2/1 2/1
aa.aa.aa
2/1
2/1
bb.bb.bb
bb.bb.bbcc.cc.cc
cc.cc.cc
12,000
10,000
16,000
14,000
8,000
6,000
4,000
2,000 2/1
2/1 2/1
2/1 2/1
bb.bb.bb
bb.bb.bb
bb.bb.bb
cc.cc.cc
cc.cc.cc
dd.dd.dd
2/1cc.cc.cc
Network availability is 2/1
2/1 2/1
2/1
dd.dd.dd
2/1cc.cc.cc
dd.dd.dd
cc.cc.cc
2/1 2/1 dd.dd.dd
2/1cc.cc.cc ee.ee.ee
of paramount 2/1 2/1 dd.dd.dd
ee.ee.ee
2/1 2/1 dd.dd.dd
ee.ee.ee
2/1 2/1 dd.dd.dd
dd.dd.ddee.ee.ee
2/1 2/1 2/1 11.11.11
importance 2/1
2/1 2/1
2/1
2/1
ee.ee.ee
ee.ee.ee
ee.ee.ee
11.11.11
11.11.11
2/1 11.11.11
2/1 ee.ee.ee
11.11.11
2/1 11.11.11
2/1
2/1 11.11.11
11.11.11
BRKDCT-1870

Presentation_ID.scr
Virtual Machine Considerations
Hardware MAC learning Virtual Servers
Control plane policing

Topology-based forwarding
Broadcast suppression
Layer 2 trace
BRKDCT-1870
Physical and Virtual Machine Security

Security policies for physical servers must be mapped to virtual servers
The network “sees” no difference between physical and virtual machines
Can be achieved today by synchronizing VLANs between VM
and network, and collaborating
Physical Virtual
BRKDCT-1870

Presentation_ID.scr
VM Hypervisor Storage Networking
VMFS abstracts physical
storage from Guest O/S
and application
Presents a SCSI Disk to the O/S
O/S cannot discover physical CPU
HBA or LUNs
vDisk vDisk VMFS vDisk
Presents a single HBA to
vDisk
the SAN RAM

Prior to ESX 3.5 pHBA
May require SAN consolidation

Can introduce scaling or
compliance problems
Distributed file system ensures

operation across clusters
BRKDCT-1870
VM Hypervisor Storage Networking

ESX 3.5 raw device
mode enables vHBA to
be presented to the
SAN fabric
Guest OS accesses CPU
VMFS using SCSI VMFS

vDisk vDisk vDisk vDisk
IVR and NPIV support

RAM vHBA vHBA vHBA vHBA
maintains SAN separation
and VM mobility NPIV HBA
Consistent separation and

policy enforcement ensures
compliance
HR Marketing Engineering
BRKDCT-1870 VSAN_3 VSAN_2 VSAN_1

Presentation_ID.scr
Virtual Machine: Mobility and
Business Continuance
E-Mail Web File and Print
VSAN_3 VSAN_2 VSAN_1
Process migration increases

application availability
VMotion Control network
recommended for VM migration
IVR IVR LAN requires Layer 2 path

pHBA pHBA to maintain user sessions
vHBA vHBA
during migration
Embedded network services
enable consistent policy
VLAN
“A”
VLAN
“B”
VLAN
“A”
VLAN
“B”
enforcement and user
experience
Inter-VSAN routing enables
mobility with secure fabric
isolation
BRKDCT-1870
Orchestrating
Virtual IT
BRKDCT-1870

Presentation_ID.scr
FC
Security LAN SLB LAN Servers SAN Storage

BRKDCT-1870
Application Service Provisioning

Design, Orchestration, and Deployment
VLAN_A VLAN_B VLAN_D VLAN_E Server VSAN_Z
Service
Delivery
Chain Partition_1 Partition_1
Firewall VLANs L4–L7 Server Boot OS/ VSANs

Service Application
Components
Firewall, Switch VIPs, LB CPU Boot Zones,

Service Context, Config Policies, Memory, Image, VM, VSANs,
Policies, VLAN, Port Probes IO, etc. Application LUNs,
Policies etc. SVIs, etc. Volumes
Automated Failover Policy-Based Resource Optimization

Automate
Management Integration API Service Maintenance
BRKDCT-1870

Presentation_ID.scr
The Foundation for Data Center Automation
FC
Security LAN SLB LAN Servers SAN Storage
End-to-End Service Provisioning

BRKDCT-1870

and Automation
Simplify and accelerate application deployment

Programmatic, repeatable deployment patterns
improves operations by automating error prone,
repetitive tasks
Dynamically react to data center conditions
Allocate servers based upon workload, time of day, etc.
Turn down unused servers to reduce power load
Rapidly deploy new applications
Web Services API integration

Integrates with upstream management tools
BRKDCT-1870

Presentation_ID.scr
Summary
BRKDCT-1870

Summary
The foundation for Utility

Computing…
Can significantly improve asset
utilization
More than one single
technology
Can reduce power & cooling, &
cabling overhead
May increase operational
complexity
BRKDCT-1870

Presentation_ID.scr
Q and A
BRKDCT-1870
Recommended Reading
Continue your Cisco

Live learning experience
with further reading from
Cisco Press
Check the Recommended
Reading flyer for
suggested books
Available Onsite at the Cisco Company Store

BRKDCT-1870

Presentation_ID.scr
Recommended Reading
BRKDCT-1870
Complete Your Online

Session Evaluation
Give us your feedback and you could win Don’t forget to activate
fabulous prizes. Winners announced daily. your Cisco Live virtual
account for access to
Receive 20 Passport points for each session all session material
evaluation you complete. on-demand and return
for our live virtual event
Complete your session evaluation online now in October 2008.
(open a browser through our wireless network Go to the Collaboration
to access our portal) or visit one of the Internet Zone in World of
stations throughout the Convention Center. Solutions or visit
www.cisco-live.com.
BRKDCT-1870

Presentation_ID.scr
BRKDCT-1870

Presentation_ID.scr

Data Center Virtualization: BRKDCT-1870

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Data Center Virtualization: BRKDCT-1870

Încărcat de

Drepturi de autor:

Formate disponibile

BRKDCT-1870

Data Center Virtualization

© 2006, Cisco Systems, Inc. All rights reserved.

 We value your feedback—don’t forget to complete your

Before We Get Started

© 2006, Cisco Systems, Inc. All rights reserved.

Server/Storage Utilization < 25%

Annual Storage Growth 40–400%

DC Records Retention (Years) 7–10

DC Power and Cooling Costs ~ 25–30%

Data Center Operations > 30%

Data Center Virtualization

 Enables consolidation or sharing of

 Reduces physical devices and cabling,

 Enables rapid deployment and redeployment

© 2006, Cisco Systems, Inc. All rights reserved.

Mann, Andi, Virtualization 101

Consolidation and Isolation

© 2006, Cisco Systems, Inc. All rights reserved.

Data Center Virtualization

 Improved server utilization

© 2006, Cisco Systems, Inc. All rights reserved.

What Is Network Virtualization?

Out-of-Band Management Network

Data Center Network

© 2006, Cisco Systems, Inc. All rights reserved.

 VPN, VRF, and VLAN Data/Control Plane

Logical separation of data plane

Logical separation of configuration Data/Control Plane

data plane, management, resources,

Virtualized Network Devices

 Switch virtualization: VLANs

802.1q, GRE, LSP,

© 2006, Cisco Systems, Inc. All rights reserved.

 Servers may also No Special Support

 All hosts on a VLAN typically communicate directly

.11 .12 .13 .11 .12 .13 .11 .12 .13

© 2006, Cisco Systems, Inc. All rights reserved.

Private VLAN Use Cases

© 2006, Cisco Systems, Inc. All rights reserved.

 All routes learned are, by default, placed into a

router eigrp 1 eigrp 1

© 2006, Cisco Systems, Inc. All rights reserved.

 Complex, error-prone service chaining and cabling

 Direct detection of component

© 2006, Cisco Systems, Inc. All rights reserved.

 Traditional data center designs require switched

Cisco Virtual Switch Networks

BRKRST-3468: Cisco Catalyst Virtual Switching System (VSS)

© 2006, Cisco Systems, Inc. All rights reserved.

Virtual Switch System at Data Center

© 2006, Cisco Systems, Inc. All rights reserved.

Data Center 1 Data Center 2

 Extending VLANs between data centers required for application

Enhancing Availability and

Data Center 1 Data Center 2

 Simplifies network configuration and topology

*Spanning Tree runs in the background as a safety net

© 2006, Cisco Systems, Inc. All rights reserved.

 Multipoint Layer 2 VPN

Virtual Device Contexts

© 2006, Cisco Systems, Inc. All rights reserved.

We value your feedback—don’t forget to complete your

Enables consolidation or sharing of

Reduces physical devices and cabling,

Enables rapid deployment and redeployment

Improved server utilization

VPN, VRF, and VLAN Data/Control Plane

Switch virtualization: VLANs

Servers may also No Special Support

All hosts on a VLAN typically communicate directly

All routes learned are, by default, placed into a

Complex, error-prone service chaining and cabling

Direct detection of component

Traditional data center designs require switched

Extending VLANs between data centers required for application

Simplifies network configuration and topology

Multipoint Layer 2 VPN

Isolated configuration and management environments

Defines services that can be used to abstract and segment

Improves performance, availability, and operations

Intelligent site selection enables Active/Active data center

Layer 4 load balancing decision made upon TCP

Delayed binding negotiates TCP handshake first

Storage aligned by application or department

Allows sharing of Marketing

Network address Marketing

IVR minimizes the impact of change in fabric services across

Adding more storage requires administrative changes

A SCSI operation from the host is mapped in one or more

Works across heterogeneous arrays

Separate network port per

Associates multiple N_Port

SAN Fundamentals: Fabrics per SAN

Increases fabric scalability

LUN masking is done PWWN1

Reduce operational overhead

A single physical server

vSwitch forwards traffic using standard

vSwitch does not forward traffic received

Control plane policing