Professional Documents
Culture Documents
October14
IMPORTANT:Audioisbeingbroadcastdirectlytoyour
computerspeakers,somakesuretheyarefunctional.No needtodialinseparately.
Back2Basics
Today sPresenter Todays Presenter
Current
CiscoDataCenterConsultingSystems EngineerspecializinginNexus7000partner E i i li i i N 7000 enablement.LocatedinRosemont,Chicago
Past
CiscoSecuritySystemsEngineer,Sr.Network EngineeratIPG (InterPublicGroup),Network Engineerat3com/USRobotics andMotorola Engineer at 3com/USRobotics and Motorola
Cisco Nexus 7000 Series Cisco Nexus 7000 Back to Basics Switch & NX-OS Roadmap
Presentation_ID
Cisco Confidential
Application Complexity
Physical Infrastructure
10G ready wiring Server/cabling density
Application Performance
WAN optimization Application Acceleration
Presentation_ID
Cisco Confidential
Virtualization
MultiMulti-SP Cloud Private Cloud Unified Computing Unified Fabric Architecture SP Cloud
VDC Unified Fabric Fabric Extender OTV FabricPath Cloud-centric Networking Services LISP
5
Cisco Confidential
Nexus 4000
Nexus 5000
2008
1K
x86
Presentation_ID
Cisco Confidential
Nexus 7010
8 I/O Slots + 2 Supervisor Slots Front to Back Airflow 256 10GbE (4:1) / 64 Ports line rate 384 10/100/1000 Ports
Nexus 7018
16 I/O Slots + 2 Supervisor Slots Side to Side Airflow 512 10GbE (4:1) / 128 Ports line rate 768 10/100/1000 Ports
Cisco NX-OS Multi-protocol Operating System Data Center Network Manager (DCNM)
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Front-toback airflow
Air exhaust
Front
N7K-C7010
Cisco Confidential
Rear
25RU
Power supplies
Front
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
N7K-C7018
10
Rear
10
Supervisor Engine
Performs control plane and management functions D l Dual-core 1 66GH Intel Xeon processor with 4GB DRAM 1.66GHz I l X ih 2MB NVRAM, 2GB internal bootdisk, compact flash slots Out-of-band 10/100/1000 management interface Always-on Connectivity Management Processor (CMP) for lights-out management Console and auxiliary serial ports USB ports for file transfer
N7K-SUP1
CMP Ethernet
Management Interfaces
Management Ethernet
10/100/1000 interface used exclusively for system management Belongs to dedicated management VRF
Prevents data plane traffic from entering/exiting from mgmt0 interface Cannot move mgmt0 interface to another VRF Cannot assign other system ports to management VRF
Provides lights out remote management and lights out disaster recovery via 10/100/1000 interface
Removes need for terminal servers
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
N7K-M148GT-11
(Shipping)
N7K-M148GS-11
(Shipping)
N7K-M148GT-11L
(Target Cairo 2HCY10)
N7K-M148GS-11L
(FCSd May 25th)
XL Capable
13
N7K-M132XP-12
(Shipping)
N7K-M132XP-12L
(Cairo Target Oct 2010)
N7K-M108X2-12L
(FCSd May 25)
32 x 10GigE 4:1 Oversubscribed SFP+ 60 Mpps 80 Gbps Fabric XL Capable FEX Support
L2 / L3
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
14
SFP+ and RJ-45 10G DCB I/O RJ 45 modules 1G/10G dual-speed switch-on-chip design Layer 2 with L3/L4 services
L3 Routing provided by M1 Modules
Hi h performance High f
230 Gbps fabric connectivity 320 Gbps local switching 480 Mpps forwarding per module 7.68 Billion pps per 7018
SKU N7K-F132XP-15=
Presentation_ID
Cisco Confidential
15
Presentation_ID
Cisco Confidential
Access to fabric controlled using QoS aware central QoS-aware arbitration with VOQ
N7K-C7010-FAB-1
N7K-C7018-FAB-1
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
46Gbps/slot
46Gbps/slot
46Gbps/slot
18
18
Bandwidth capacity on egress modules represented by Virtual Output Queues (VOQs) t i (VOQ ) at ingress t fabric to f b i
I/O modules interface with arbiter to gain access to VOQs
Presentation_ID
Cisco Confidential
NX-OS Nexus
SAN-OS SAN OS
Presentation_ID
20
Storage Protocols
VSANs FCIP IVR Zoning FSPF
HA Manager M
Future
System Infrastructure
Kernel (Linux)
Based on MDS-9000 Series SAN-OS Every process runs in protected memory for fault containment Automatic stateful process restart Modular code only runs in DRAM when invoked
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
In Service Software Upgrades Minimize Planned Downtime Upgrades are possible between minor and major software releases Critical components for LAN + SAN vision
Active
OSP PF OSP PF BGP P PIM M etc c.
Standby
BGP P PIM M e etc.
HA Manager
Stateful Process Restart Avoid Network Re-convergence Processes can restart in milliseconds and maintain state from state database (PSS) Net effect is zero impact to neighbor relationships Supported for all L2 protocols as well as OSPFv2
Restart process!
TCP/UDP P HSRP OSPF LACP IPv6 STP BGP PIM etc
PSS
Presentation_ID
Cisco Confidential
23
Unified Fabric
Increased Efficiency, Simplified Operations Efficiency
Mgmt Network Front-End Network Backup Network Unified Fabric Storage Network Back-End Network
Unified Fabric
Presentation_ID
Cisco Confidential
24
FC Payload
FCS S
25
Presentation_ID
Cisco Confidential
FCoE
iSCSI
Cisco Confidential
FCIP
FCoE
FC
26
Layer 3 Protocols
OSPF BGP EIGRP PIM GLBP HSRP IGMP SNMP
Layer 3 Protocols
VLAN OSPF BGP EIGRP PIM GLBP HSRP IGMP SNMP UDLD CDP 802.1X CTS
Infrastructure Kernel VDC Virtual Device Context (Up to 4) Fl ibl separation/distribution of h d Flexible i /di ib i f hardware resources and software components d f Complete data plane and control plane separation, Physical ports allocated to VDCs Complete software fault isolation Securely delineated administrative contexts Forwarding engine scalability with appropriate interface allocation
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
27
=
VDC 4 VDC Extranet VDC DMZ
VDC 2
VDC Prod
Fewer number of devices to manage Lowers overall data center power draw
28
Switch Fabric
X
Linecard 1
MAC Table
Linecard 2
MAC Table
Linecard 3
MAC Table
MAC A A
1/1 1/2 1/3 1/4 2/1
MAC A A
2/2 2/3 2/4 3/1 3/2 3/3 3/4
VDC 10
VDC 20
VDC 20
VDC 10
VDC 30
VDC 20
MAC Address A
MAC A is propagated to linecard 2 and 3 but only linecard 2 installs MAC due to local port being in VDC 10
Cisco Confidential
VDC 30
Presentation_ID
29
VDC 20
Linecard 3
FIB TCAM
VDC 30
Linecard 5
FIB TCAM
FIB and ACL TCAM resources are more effectively utilized utilized
Linecard 6
FIB TCAM
Linecard 2
FIB TCAM
Linecard 4
FIB TCAM
Linecard 7
FIB TCAM
Linecard 8
FIB TCAM
64K
64K
64K
64K
64K
64K
64K
64K
Presentation_ID
Cisco Confidential
30
VDC Administrator can change any configuration for resources allocated to that VDC and can also create user roles specific to that VDC with a subset of configuration commands b t f fi ti d
VDC User Role is a restricted role based access for a given VDC and can perform configuration as defined by the VDC Administrator
Presentation_ID
Cisco Confidential
31
Non-vPC
vPC
Physical Topology
Logical Topology
vPC is a Port-channeling concept extending link aggregation to two separate physical switches h i l i h Allows the creation of resilient L2 topologies based on Link Aggregation. Aggregation Eliminates the need for STP in the access-distribution Layer
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Uses all available uplink bandwidth y, Enable seamless VM Mobility, Server HA Clusters Scale Available Layer 2 Bandwidth Grow the size of the layer 2 network Simplify Network Design
32
Presentation_ID
vPC peer a vPC switch, one of a pair vPC member port one of a set of ports (port channels) that form a vPC vPC the combined port channel between the vPC peers and the downstream device
CFS protocol
vPC peer-link Link used to synchronize state between vPC peer devices, must be 10GbE
vPC peer vPC
vPC peer-keepalive link the keepalive link between vPC peer devices, i.e., backup to the vPC peer-link vPC VLAN one of the VLANs carried over the peer-link and used to communicate via vPC with a peer device. non vPC VLAN One of the STP VLANs not non-vPC carried over the peer-link
CFS Cisco Fabric Services protocol, used for state synchronization and configuration validation between vPC peer devices
Presentation_ID
Cisco Confidential
vPC peer-link
vPC peer
Standalone Port-channel
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved.
vPC
Cisco Confidential
Recommendations:
Use LACP when available for better failover and misconfiguration protection
vPC Regular member Portport channel port
vPC
Presentation_ID
Cisco Confidential
Dynamic Encapsulation
No Pseudo-Wire State Maintenance Optimal Multicast Replication Multipoint Connectivity Point-to-Cloud Model
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Protocol Learning
Nexus 7000 First platform to support OTV starting with 5.0(3) release! Preserve Failure Boundary Built-in Loop Prevention Automated Multi-homing Site Independence
36
MAC TABLE IF
Eth 2 Eth 1 IP B IP B
OTV
MAC
MAC 1
IP A
1 Layer 2 L Lookup
OTV
2 Encap
IP A IP B
Decap IP B 4
OTV
VLAN
100 100 100 100
MAC
MAC 1
IF
IP A
OTV MAC 2 IP A
5 Layer 2 L Lookup
MAC 1 MAC 3
MAC 1 MAC 3
IP A IP B
MAC 3 MAC 4
Eth 3 Eth 4
MAC 1 MAC 3
Presentation_ID
MAC 1
West Site
Cisco Confidential
East Site
MAC 1 MAC 3
6
37
MAC 3
SMAC
Eth
Payload
DMAC 6B
SMAC 6B
Ether Type 2B
OTV Shim 8B
Original Frame
CRC 4B
ToS ToS
20B
42 Byte encapsulation
(same as VPLSoGRE)
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
38
OTV
OTV
West
East
Multicast-enabled Core
OTV
The mechanism
Edge Devices (EDs) join an ASM multicast group in the core. They join as hosts (no PIM on EDs) OTV hellos and updates are encapsulated in IP and sent to the multicast group lti t EDs are both sources and receivers
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
39
1
OTV Hello
2 Encap
OTV
OTV Hello
OTV Hello
5 4 Decap
OTV
IP A Mcast G
OTV Hello
IP A Mcast G
OTV Hello
IP A Mcast G
IP A
IP B
IGMP Report IGMP Repor rt
West
IGMP Report
East
IP C 4 Decap
OTV
OTV Hello IP A Mcast G
OTV Hello
South
40
OTV Hello
OTV Hello
9 Decap p
OTV
OTV
9 Decap
IP A
IP B
IGMP Report p
West
IGMP Report p
East
IP C 7 Encap
OTV
OTV Hello IP C Mcast G
OTV Hello
South
6 The South Site sends its hello with Wests address in the TLV
41
4
IF
IP A IP A IP A
1
3 New MACs are learned on VLAN 100 Vlan 100 Vlan 100 Vlan 100 MAC A MAC B MAC C
100
100 100
Core
VLAN
East
MAC
MAC A MAC B MAC C
IF
IP A IP A IP A
West
3
South-East
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
42
Configuration
OTV CLI Configuration
Connects to the core. Used to join the Overlay network core network. Its IP address is used as source IP for the OTV encap ASM/Bidir group in the core used for the OTV Control Plane.
interface Overlay0 otv join-interface Ethernet1/1 otv control-group 239.1.1.1 otv data group 232 192 1 0/24 data-group 232.192.1.0/24 otv extend-vlan 100-150 otv site-vlan 99
SSM group range used to carry the sites site s mcast traffic data.
VLAN used within the Site for communication between the sites Edge Devices
Presentation_ID
Cisco Confidential
43
Mac-inMac-in-Mac
Up to 16-Way L2 ECMP
Mac-inMac-in-Mac
Up to 16Way L2 ECMP
44
No MAC learning via flooding Routing, not bridging Built-in loop-mitigation Time to Live Time-to-Live (TTL) RPF Check
Plug-n-Play Layer 2 IS-IS Support unicast and pp multicast Fast, efficient, and scalable Equal Cost Multipathing (ECMP) VLAN and Multicast Pruning Cisco NX-OS NX-
45
FabricPath Routing
S11 S42
S42
Ingress Switch
C A DATA A
Egress Switch
L2 Bridging
STP Domain 1 AC
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
STP Domain 2 AC
46
L2 Fabric
Presentation_ID
Cisco Confidential
47
Switc h S42
L2 Fabric
1/1 /
A
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
C
48
Ingress switch for FabricPath decides which tree to be used and add tree number in the header
L2 Fabric
A
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
C
49
FabricPath Configuration
No L2 IS-IS configuration required New feature-set keyword introduced to allow multiple conditional services required by FabricPath to be enabled in one shot Simplified operational model only 3 CLIs to get FabricPath up and running
N7K(config)# feature-set fabricpath N7K(config)# vlan 10-19 N7K(config-vlan)# mode fabricpath N7K(config)# interface port-channel 1 N7K(config if)# N7K(config-if)# switchport mode fabricpath
L2 Fabric
Presentation_ID
Cisco Confidential
Nexus 7000 + FEX is single management FEX/Nexus 7000 Nexus 2000 FEX is like a Line Card to the Nexus 7000 No Spanning Tree between FEX and Nexus 7000 Nexus 7000 maintains all management and configuration
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
51
48x1GE/100Mb
4x10GE
Beacon & Status LEDs Beacon & Status LEDs Power Supplies, Redundant & Hot Swappable
52
Combines benefits of Top of Rack (ToR) and End of Row (EoR) network architectures Reduces cable runs Cross Nexus architecture provides p Investment protection Reduce management points in the network Solution for higher density 1G (i.e. 96 port 1G module) Ensures feature consistency across hundreds or thousands of server ports
VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM
Ac ccess
Aggre egation
N2K / N7K 1 GE
N2K / N7K 1 GE
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Juniper EX8208 is shipping Juniper EX8216 is getting positioned in the DC Touting Stratus architecture IBM teaming up with Juniper in Switching
HP with a bag of switches from various vendors. H3Cme too features of Nexus 7000 Series Leading with lower price Aggressive marketing against N7K with incorrect claims
Arista with its latest modular switch 7500 Big Claims like.. 5x Performance 1/10th the Power Consumption the footprint
Brocade / Foundry gaining market share in modular switching FCoE on DCX Aggressively taking Foundry boxes to channels
Presentation_ID
Cisco Confidential
54
Presentation_ID
Cisco Confidential
55