If you, like me, have not played around with the Nexus 1000v lately, its time you should. The last production 1kv that I got to play with was a few years ago, and I did NOT have fond memories. I recall just kind of silly requirements to get things fired up, and then when ya did there wasn’t a whole ton of benefits (I recall span ports being “the” differentiator vs vDS — cool but not amazing). Fear not!! I’ve been living the Nexus 1kv dream lately and I gotta say, I sincerely don’t know why I don’t see this in production at more customers. So, I figured I’d write a (hopefully) quick post about some of the basics, and some cool stuff about the 1kv.
The 1kv is sort of “free.” I think anyone with a CCO can download the “essentials” version of the 1kv. Essentials is most likely all most folks will really need, it includes my recent favorite thing VXLAN, plus vPath, normal VLAN/ACL/QoS stuff, and of course span features which are neat. The advanced edition (paid for edition) includes the VSG (which is also super cool), and some other security type features.
The parts that aren’t free… 1kv licensing is based on CPUs. You can get it “totally” free for up to X nodes, but annoyingly, the amount of nodes varies based on the flavor of hypervisor.
The 1kv supports VMWare, KVM, and Hyper-V. Thus far I’ve only dealt with it in a VMWare environment, but it should be more or less the same for each hypervisor.
The 1kv is a centrally managed “thing,” but it does have multiple parts. The VSM or virtual supervisor module, is essentially a controller that manages all of the VEMs. The VEMs are the virtual ethernet modules. The VEM is the actual “switch” that replaces the hypervisor built-in switch, in VMWares case it replaces the vSwitch or vDistributed Switch.
The VSM can be deployed as a VM either in your own virtual environment, or in the Nexus 1100 appliance. The 1100 replaces the old 1000 series appliance. The appliance is basically just a C series server with some special sauce software that the VSM gets installed too. The appliance can also house other “blades” such as the VSG, or I believe the ASA 1000v/CSR 1000v etc. There are some important caveats surrounding VXLAN gateway functionality (specifically in a VMWare environment) that are worth investigating if you decide VXLAN is in your future — hopefully I’ll be able to write about this soon.
Lastly, you can/should deploy the VSM in an HA pair; of course if you deploy the appliance, you should deploy that in an HA pair as well. If deploying HA in the hypervisor (not in the appliance) you must deploy the VSMs into different physical hosts.
Its my personal opinion that the appliance makes 1kv deployments easier since you have your own appliance to work with and the VSM is outside of the rest of the virtual environment…. although unless you need the appliance for functionality, I suppose that’s just personal preference.
The VSM(s) can go away and the VEMs continue to operate as defined. In this state, you just can’t make any changes to the VEMs — since they are all “controlled” by the VSM(s).
This is obviously not a complete deployment guide, but here are my super high level notes for deploying a VSM.
– I used the OVF downloadable on CCO
– You used to have to deploy three VLANs to support this — Management, Packet and Control… this is part of what SUCEKD before…. the VEMs had to have L2 back to the VSM on the Control and Packet VLANs….Thankfully, this is no longer the case and there is a “l3 capability” option in the config!
– VSM domain-id is unique per the 1kv instance — remember you can have multiple 1kv instances in your data center
– For VMWare, you can web to the management IP address of the VSM and get an XML file that gets deployed into vCenter that essentially tells the vCenter environment about the 1kv.
– “Connect” the 1kv to the vCenter with the “svs connect” config
– At this point, you should see the 1kv in the Home->Inventory->Networking section of vCenter
– In order to replace the vSwitch/vDS on a host, you can once again web to the 1kv and download the VIB. Copy the VIB to /var/log/vmware/ and then install it with the following command: esxcli software vib install -v /var/log/vmware/[filename]
– Now you can build port profiles and deploy them on the host you installed the VIB on.
Thats more or less it. Its actually quite simple, and Cisco’s documentation is good. I really don’t get why we aren’t doing more 1kv deployments… but I have a sinking feeling that in at least some customers there is still the us against them thing with the server and network teams (which is lame). The 1kv to me though is a really great way to provide some cool functionality at a low cost and its easy. Moving forward it will also play nice with Cisco ACI which will be good. I understand that the 1kv will essentially be renamed the Application Virtual Switch (AVS), but functionality should be identical with the notable addition that the APIC will be able to control it.
Stay tuned for some 1kv VXLAN stuff which I will hopefully be able to write about soon (because its way cool).