Cisco Cisco Prime Virtual Network Analysis Module (vNAM) 6.0 White Paper
3-17
Cisco Virtualized Multiservice Data Center (VMDC) Virtual Services Architecture (VSA) 1.0
Design Guide
Chapter 3 VMDC VSA 1.0 Design Details
Virtualization Techniques
vPC+ is one of the new L2 resilience features introduced with FabricPath. This enables devices that do
not support FabricPath to be attached redundantly to two separate FabricPath switches without resorting
to SPT. Like vPC, vPC+ relies on port-channel technology to provide multipathing and redundancy.
Configuring a pair of vPC+ edge nodes creates an emulated FabricPath switch ID for the pair. Packets
originated by either vPC+ node are sourced with this emulated switch ID. Other FabricPath switches
simply see the emulated switch ID as reachable through both switches. Prerequisites include direct
connection via peer-link, and peer-keepalive path between the two switches forming the vPC+ pair.
not support FabricPath to be attached redundantly to two separate FabricPath switches without resorting
to SPT. Like vPC, vPC+ relies on port-channel technology to provide multipathing and redundancy.
Configuring a pair of vPC+ edge nodes creates an emulated FabricPath switch ID for the pair. Packets
originated by either vPC+ node are sourced with this emulated switch ID. Other FabricPath switches
simply see the emulated switch ID as reachable through both switches. Prerequisites include direct
connection via peer-link, and peer-keepalive path between the two switches forming the vPC+ pair.
Port-channels, rather than single links, are used with ECMP for access-edge to aggregation-edge core
connections, providing enhanced resilience if a link member fails. As this is not default behavior after
NX-OS 5.2.4, an IS-IS metric must be configured on the port-channel to ensure that individual member
link failures in port-channels are transparent to the IS-IS protocol.
connections, providing enhanced resilience if a link member fails. As this is not default behavior after
NX-OS 5.2.4, an IS-IS metric must be configured on the port-channel to ensure that individual member
link failures in port-channels are transparent to the IS-IS protocol.
Virtualization Techniques
Previous program releases leveraged VMware vSphere 5.0, 4.0 and 4.1. vSphere 5.1 is the tenant
hypervisor resource used in VMDC VSA 1.0. This integrates with Cisco’s Nexus 1000V distributed
virtual switch, enabling end to end visibility to the hypervisor level for security, prioritization, and
virtual services.
hypervisor resource used in VMDC VSA 1.0. This integrates with Cisco’s Nexus 1000V distributed
virtual switch, enabling end to end visibility to the hypervisor level for security, prioritization, and
virtual services.
Though not in the scope of VMDC VSA 1.0, alternate hypervisors can be used in VMDC reference
architectures if UCS is in their prospective Hardware Compatibility List. As of this writing, the Nexus
1000V distributed virtual switch supports only vSphere and Hyper-V. However, alternate hypervisor
VMs can connect at the FEX or primary access layer, and participate in appliance-based or Data Center
Services Node (DSN) module-based services.
architectures if UCS is in their prospective Hardware Compatibility List. As of this writing, the Nexus
1000V distributed virtual switch supports only vSphere and Hyper-V. However, alternate hypervisor
VMs can connect at the FEX or primary access layer, and participate in appliance-based or Data Center
Services Node (DSN) module-based services.
Services
Previous VMDC releases incorporated physical appliance-based and DSN module-based services, and
virtual service appliance form factors. From VMDC 2.2 forward, two tiers of security policy
enforcement points are featured in the enterprise-grade Expanded Gold container: the first perimeter
firewall implemented on a physical form factor, and the second (VSG) implemented as a virtual
appliance. The premise was that this hybrid model would best satisfy rigorous security requirements. As
is traditional, with the exception of the VMDC 3.0 “Switched Data Center” FabricPath topology model,
all physical form factors were attached at the aggregation or aggregation-edge nodes.
virtual service appliance form factors. From VMDC 2.2 forward, two tiers of security policy
enforcement points are featured in the enterprise-grade Expanded Gold container: the first perimeter
firewall implemented on a physical form factor, and the second (VSG) implemented as a virtual
appliance. The premise was that this hybrid model would best satisfy rigorous security requirements. As
is traditional, with the exception of the VMDC 3.0 “Switched Data Center” FabricPath topology model,
all physical form factors were attached at the aggregation or aggregation-edge nodes.
VMDC VSA 1.0 departs from tradition in that all IaaS network service functions are virtualized. In this
model, services are attached via VLAN stitching at the virtual access edge in the compute layer of the
infrastructure. The list of virtual service appliances includes: CSR; Citrix NetScaler VPX for SLB; ASA
1000V; VSG; Virtual Network Analysis Module (vNAM); and the Virtual WAN Acceleration Service
Module (vWAAS). Running on general-purpose server hardware, these software-based form factors are
ideal for cloud data centers in that they are software-defined and provide flexibility and agility through
enhanced programmability.
model, services are attached via VLAN stitching at the virtual access edge in the compute layer of the
infrastructure. The list of virtual service appliances includes: CSR; Citrix NetScaler VPX for SLB; ASA
1000V; VSG; Virtual Network Analysis Module (vNAM); and the Virtual WAN Acceleration Service
Module (vWAAS). Running on general-purpose server hardware, these software-based form factors are
ideal for cloud data centers in that they are software-defined and provide flexibility and agility through
enhanced programmability.
CSR
Discussed at length in an earlier white paper (VMDC Virtual Service Architecture with CSR), the CSR is
an x86-based virtual router based on the ASR 1000 product family. Although the ASR 1000 features
optimized ASIC-based forwarding, CSR forwarding is software- based. However, the CSR is extremely
feature-rich, inheriting much of the ASR 1000 functionality as it leverages IOS-XE (XE3.10 as of this
an x86-based virtual router based on the ASR 1000 product family. Although the ASR 1000 features
optimized ASIC-based forwarding, CSR forwarding is software- based. However, the CSR is extremely
feature-rich, inheriting much of the ASR 1000 functionality as it leverages IOS-XE (XE3.10 as of this