1. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Les services rseaux se virtualisent aussi ! Mai 2014 Portfolio et Dmonstrations Damien Gouju dgouju@cisco.com Vincent Esposito vesposit@cisco.com Systems Engineers Data Center Solutions & Expertise 2. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Principaux blocs fonctionnels dun Data Center La virtualisation a introduit un nouveau bloc fonctionnel Virtual Access SERVEURS VIRTUAL ACCESS EXTENSION LAN DC SAN ROUTAGE LAN BACKBONE WAN LAN DEDIE SECURITE ET IP SERVICES RESEAU DE MANAGEMENT OUT OF BAND SYSTEMES DE MANAGEMENT LAN SWITCHING LAN STOCKAGE / SAUVEGARDE SERVEURS DE SAUVEGARDE STOCKAGE SERVEURS 3. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Consquences rseau de la virtualisation serveurs Challenges 1. Le dplacement des VMs implique une cohrence de configuration rseau de bout en bout 2. Impossible de voir ou dappliquer une rgle rseau pour le trafic commut localement dans lhyperviseur 3. Ncessit dune nomenclature commune et dune collaboration troite entre les quipes serveur et rseau (ex : pour les rgles de scurit) Port Group Administration hyperviseur Administration rseau 4. Passer du provisionnement sur demande au self-provisionning (aka Cloud) 4. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Cisco Nexus 1000v Un chassis modulaire virtuel Chassis modulaire Server 1 Server 2 Server 3 Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Linecard-N 5. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Cisco Nexus 1000v Un chassis modulaire virtuel Chassis modulaire Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Linecard-N Hyperviseur Hyperviseur Hyperviseur 6. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Cisco Nexus 1000v Un chassis modulaire virtuel Chassis modulaire VSM1 VSM2 Appliances virtuelles VSM: Virtual Supervisor Module Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Linecard-N Hyperviseur Hyperviseur Hyperviseur 7. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Cisco Nexus 1000v Un chassis modulaire virtuel Chassis modulaire VEM-NVEM-1 VEM-2 VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module VSM1 VSM2 Appliances virtuelles Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Linecard-N Hyperviseur Hyperviseur Hyperviseur 8. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Cisco Nexus 1000v Un chassis modulaire virtuel Chassis modulaire VEM-NVEM-1 VEM-2 VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module VSM1 VSM2 Appliances virtuelles L2Mode L3Mode Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Linecard-N Hyperviseur Hyperviseur Hyperviseur 9. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Cisco Nexus 1000v Une mme architecture pour adresser les diffrents hyperviseurs VM VM VM VM Nexus 1000V VEM ESXiNexus 1000V VSM vCenter / vCD VM VM VM VM Nexus 1000V VEM Hyper-VNexus 1000V VSM SCVMM VM VM VM VM Nexus 1000V VEM KVMNexus 1000V VSM OpenStack Controller Node (future) 10. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Nexus 1000v tire bnfice des fonctions NX-OS Commutation L2 L2 Switching, 802.1Q Tagging, VLAN Segmentation, VXLAN, Rate Limiting (TX) IGMP Snooping, QoS Marking (COS & DSCP) Scurit Policy Mobility, Private VLANs w/ local PVLAN Enforcement Access Control Lists (L24 w/ Redirect), Port Security Provisionning Automated vSwitch Config, Port Profiles, Virtual Center Integration Optimized NIC Teaming with Virtual Port Channel Host Mode Visibilit ERSpan, NetFlow v9 w/ NDE, CDP v.2 VM-Level Interface Statistics Management Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks ISSU, Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3) Virtual Desktop (VDI) DHCP Snooping, Dynamic ARP Inspection, Port Security Virtual Service Domains Virtual Services Insertion de traffic intelligent avec vPath (VSG, vWAAS, VPX, ASA 1000v) Essentialedition(Gratuit!) Advanced (auCPU) 11. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Embarquer les services rseau Nouveau point dinsertion Des services embarqus sur demande: Ingnierie = Temps, ressources, cots VLANs Obliger le passage du trafic dans lappliance App Server Database Server Web Server App Server Database Server Web Server Nexus 1000v Des services embarqus de fait: Port-profile = Compliance, self-provisionning Un point de passage naturel: le Virtual Switch VSNVSN 12. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Les services rseau virtualiss Portfolio et ecosystme Routeur WAN Serveurs Tenant ASAv Cloud Firewall Nexus 1000V Infrastructure physique Datacenter Cloud vWAAS Cisco Virtual Security Gateway Switches Citrix NetScaler VPX Imperva SecureSphere WAF Cloud Services Router 1000V Zone A Zone B vPath** Multi-Hypervisor (VMware, Microsoft, OpenStack, Xen*) Nexus 1000V (Dist. Virtual Switch) Switch Distribu Cohrence NX-OS VSG (Zone-based FW) Contrle la VM FW par zones ASAv (Cloud FW) Edge firewall, VPN Inspection protocolaire vWAAS (WAN Optimization) Optimisation du WAN Traffic Applicatif +7000 clients Disponible Disponible Disponible CSR 1000V (Cloud Router) Passerelle WAN L3 Routage et VPN Disponible Ecosystme de Services Citrix NetScaler VPX virtual ADC Imperva Web App. FW Disponible vNAM (Network Analytics) Visibilit applicative(L2 -L7) Disponible *Roadmap Network Analysis Module (vNAM) VSG Prime Network Services Controller API **Pre-standard NSH 13. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Place aux Dmonstrations! 14. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Thmes des dmonstrations Scurit Firewalling: ASAv VPN: ASAv + Anyconnect Filtrage Zone-Based: VSG Flexibilit Loadbalancing: Citrix NetScaler 1000v Routage et Extension L2: CSR 1000v + OTV Optimisation WAN: vWAAS Visibilit Sonde rseau ERSPAN / Netflow: vNAM Trafic SNMP: SNMP Nexus 1000v + Cacti Services Rseaux Virtualiss 15. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 N1Kv N1Kv N1Kv Topologie du lab VSG WAN WEB1 WEB2 FILER Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv NetScaler Site HQ Datacenter Cloud Site Distant VSG 16. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 N1Kv N1Kv N1Kv Demo 1: Filtrage avecASAv VSG WAN WEB1 WEB2 FILER Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv NetScaler Site HQ Datacenter Cloud Site Distant VSG Scurit 17. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 N1Kv N1Kv N1Kv Demo 2: VPN avecASAv VSG WAN WEB1 WEB2 FILER Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant VSG Scurit NetScaler 18. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Fonctions de lASAv Fonctions du train ASA 9.x ASAv Suppression du Clustering et du mode multi-contextes La virtualisation limine laspect contexte / cluster Plusieurs vNICs, sous-interfaces VLANs Crypto logicielle Remote Access VPN IPv6, NAT66, NAT46/NAT64 SDN et outils traditionnels dadministration ASAv30 jusqu 2Gbps Mme politiques grer sur le modle physique / virtuel Licence: Capacit / Fonctions, perptuel ou sur 1-3-5 ans ASAV est disponible sur vSphere Roadmap sur KVM / Hyper-V 19. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 N1Kv N1Kv N1Kv Demo 3: Zone-based Firewall avec VSG VSG WAN WEB1 WEB2 FILER Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant VSG Scurit NetScaler 20. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Services de scurit virtualiss ASA & VSG Tenant BTenant A VDC vApp vApp VDC Prime Network Services Controller ASA 5500-X / ASA SM Firewalls trs haute performance Richesse fonctionnelle pour la scurit dun domaine ASAv Firewall protgeant le tenant Base ASA Nexus 1000v Nexus 1000v vPath Hyperviseur Hyperviseur vPath Virtual Security Gateway Apporter une scurit intra-tenant Assurer la scalabilit et la performance VSG VSG VSG VSG VSG VSG est disponible sur vSphere & Hyper-V (KVM: future) Inclus dans la licence Nexus 1000v Advanced! 21. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 N1Kv N1Kv N1Kv Demo 4: Loadbalancing avec Citrix NetScaler 1000v VSG WAN WEB1 WEB2 FILER Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant VSG Flexibilit NetScaler 22. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Citrix NetScaler 1000v NetScaler 1000v disponible sur Nexus 1110 et vSphere Licence lie la capacit / aux fonctions Loadbalancer complet virtualis - Content Switching - Caching - DNS et GSLB - SSL et SSL Offload - Compression - Firewall Applicatif (L7) Reporting intgr Administration par Prime Network Services Controller ou loutil Citrix embarqu 23. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 N1Kv N1Kv N1Kv Demo 5: Mobilit avec OTV sur CSR1000v VSG WAN WEB1 WEB2 FILER Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant VSG Flexibilit OTV OTV NetScaler 24. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Cloud Services Router 1000v Vritable routeur Cisco IOS virtualis IOS XE complet Routage avanc (OSPF, EIGRP, BGP, PBR) Large panel de fonctionnalits (IPv6, VRF, MPLS, OTV, IPSec, QoS, NAT, GRE, LISP, ACL, ) Flexibilit de connectivit par ajout dinterfaces virtuelles Administration via Prime Network Service Controller, CLI IOS, Cisco Prime Infrastructure et API RESTful CSR1000v disponible sur vSphere, KVM, OpenStack, Xen & Hyper-V Licence lie la capacit / aux fonctions Disponible sur EC2! 25. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 N1Kv N1Kv N1Kv Demo 6: Optimisation des flux avec vWAAS VSG WAN WEB1 WEB2 Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant VSG Flexibilit FILER OTV OTV NetScaler 26. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Virtual WAAS Optimisation de flux de toutes natures: - Microsoft Exchange NTLM MAPI / eMAPI, SharePoint - Citrix ICA et ICA w/SSL, Multi Stream ICA, - Optimisation des impressions - CIFS, SMB v2.x natif - Caching en fonction du contexte applicatif - Optimisation des flux TCP Interoprable avec les appliances WAVE et ISR Gestion consistante avec Prime Central Manager vWAAS disponible sur vSphere (Hyper-V roadmap) Licence lie la capacit / aux fonctions 27. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 N1Kv N1Kv N1Kv Demo 7: Visibilit avec vNAM VSG WAN WEB1 WEB2 Client Filer Client Web Client Filer Client VPN CSR1kv CSR1kv vNAM vWAAS vWAAS ASAv Site HQ Datacenter Cloud Site Distant VSG FILER Visibilit OTV OTV NetScaler 28. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Cisco Prime Virtual NetworkAnalysis Module (vNAM) Outil de management et de reporting centralis Support de SPAN, RSPAN, ERSPAN et NetFlow Analyse du trafic rseau (Packet Capture, QoS, Jitter, ) Gestion des encapsulations (VXLAN, CAPWAP, OTV, GRE, ) Fournit une visibilit des applications (moteur dinspection protocolaire) et de leur temps de rponse Solution conomique! vNAM hberge sur Nexus 1110, vSphere et KVM Hyper-V: Roadmap Licence lie au dbit du trafic 29. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Services rseaux Virtualiss Offre complte et ouverte Continuit des oprations Tirent partie du N1kv Multi- hyperviseurs Solutions prouves Conclusion