Cisco Cisco Prime Virtual Network Analysis Module (vNAM) 6.3 Libro bianco
3-11
Cisco Virtualized Multiservice Data Center (VMDC) Virtual Services Architecture (VSA) 1.0
Design Guide
Chapter 3 VMDC VSA 1.0 Design Details
Container Models
•
Network redundancy in clustered NetApp Data ONTAP is supported by the interconnect and
switching fabrics, permitting cluster and data and management network interfaces to fail over to
different nodes in the cluster, which extends beyond the HA pair.
switching fabrics, permitting cluster and data and management network interfaces to fail over to
different nodes in the cluster, which extends beyond the HA pair.
For NAS connectivity, the FlexPod architecture leverages the Unified Target Adapter (UTA) and the
traditional 10 GigE Ethernet adapter. UTA provides the greatest flexibility when migrating to an
end-to-end FCoE design; however, a standard 10 GigE can be used for IP-based storage designs. The
vPC links between the Nexus 5548 switches and NetApp storage controller UTAs are converged,
supporting both FCoE and traditional Ethernet traffic at 10 Gbps and providing a robust connection
between initiator and target. UTAs installed in each NetApp storage controller use FCoE to send and
receive Fibre Channel traffic to and from the Nexus switches over 10 GigE. UCS also uses FCoE to send
and receive Fibre Channel traffic to and from the various UCS components (for example, UCS B-Series
blade servers and UCS C-Series servers). The system provides the option to leverage true end-to-end
FCoE, which greatly simplifies network design and reduces application time to market.
traditional 10 GigE Ethernet adapter. UTA provides the greatest flexibility when migrating to an
end-to-end FCoE design; however, a standard 10 GigE can be used for IP-based storage designs. The
vPC links between the Nexus 5548 switches and NetApp storage controller UTAs are converged,
supporting both FCoE and traditional Ethernet traffic at 10 Gbps and providing a robust connection
between initiator and target. UTAs installed in each NetApp storage controller use FCoE to send and
receive Fibre Channel traffic to and from the Nexus switches over 10 GigE. UCS also uses FCoE to send
and receive Fibre Channel traffic to and from the various UCS components (for example, UCS B-Series
blade servers and UCS C-Series servers). The system provides the option to leverage true end-to-end
FCoE, which greatly simplifies network design and reduces application time to market.
Container Models
Virtualizing compute and storage resources enables sharing across an organizational entity. In contrast,
virtualized multi-tenancy, a concept at the heart of the VMDC reference architecture, refers to the logical
isolation of shared virtual compute, storage, and network resources. In essence, this is "bounded" or
compartmentalized sharing. A tenant is a user community with some level of common security affinities.
For example, in an enterprise, a tenant may be a business unit, department, or workgroup. Depending
upon business requirements or regulatory policies, a tenant "container" may stretch across physical
boundaries, organizational boundaries, and even between corporations. In large-scale environments,
network function virtualization of tenant services provides considerable CAPEX cost savings, enabling
a "pay as you grow" infrastructure model.
virtualized multi-tenancy, a concept at the heart of the VMDC reference architecture, refers to the logical
isolation of shared virtual compute, storage, and network resources. In essence, this is "bounded" or
compartmentalized sharing. A tenant is a user community with some level of common security affinities.
For example, in an enterprise, a tenant may be a business unit, department, or workgroup. Depending
upon business requirements or regulatory policies, a tenant "container" may stretch across physical
boundaries, organizational boundaries, and even between corporations. In large-scale environments,
network function virtualization of tenant services provides considerable CAPEX cost savings, enabling
a "pay as you grow" infrastructure model.
A tenant container can reside wholly in the private cloud, or can extend from the tenant enterprise to SP
facilities in a public cloud. The VMDC architecture addresses these tenancy use cases through a
combination of secured data path isolation and a tiered security model that leverages classical security
best practices and updates them for the virtualized multitenant environment.
facilities in a public cloud. The VMDC architecture addresses these tenancy use cases through a
combination of secured data path isolation and a tiered security model that leverages classical security
best practices and updates them for the virtualized multitenant environment.
VMDC VSA 1.0 considers the following container models:
•
Bronze—The most basic container type, a bronze container features a single logical segment for the
attachment of hosts. Optionally, an L2 virtual firewall (for example, Cisco VSG) can be applied to
provide security zoning. In VMDC VSA 1.0, CSR provides the L3 boundary, serving as the logical
perimeter for this container, and as the default gateway.
attachment of hosts. Optionally, an L2 virtual firewall (for example, Cisco VSG) can be applied to
provide security zoning. In VMDC VSA 1.0, CSR provides the L3 boundary, serving as the logical
perimeter for this container, and as the default gateway.