The Cisco Nexus 1000V Architecture

In this post mapping to the new CCIE Data Center certification, we will examine the architecture of the important Nexus 1000V switch. I find that many students are a little foggy when it comes to this new and very interesting piece of technology from Cisco. First of all, real simple, when you see the V – think virtual. The Cisco Nexus 1000V Series Switch is a software solution that is used in place of the VMware Standard Switch (vSwitch) in order to provide functionality that VMware does not inherently provide. The vSwitch from VMware is the virtual switch that virtual machines use to connect to the network. To be more specific, the 1000V enhances a form of the vSwitch that VMware created called the vSphere Distributed Switch. The vSphere Distributed Switch maintains network runtime states for VMs as they move across multiple physical ESX hosts, enabling inline monitoring and centralized firewall services. It provides a framework for monitoring and maintaining the security of virtual machines as they move from physical server to physical server and enables the powerful Nexus 1000V.

Long time “traditional” Cisco engineers will feel right at home with the feature set that the Nexus 1000V provides in the virtualized datacenter to those amazing little Virtual Machines. Next-gen engineers already excited by virtualization capabilities will also enjoy:

• VLANs
• Private VLANs (PVLANs)
• Access Control Lists (ACLs)
• Port Security
• Access Control Lists Redirects
• Cisco TrustSec (SGT)
• NetFlow
• QoS Markings
• Rate limiting
• Switched Port Analyzer (SPAN)
• Encapsulated Remote Switched
• Mobility of network and security policies
• VMware vMotion support

The architecture of the solution features a single software-basedCisco Nexus Operating System (NX-OS) supervisor module that can manage the switching capabilities of as many as 64 VMware ESX physical servers. The architecture of the Cisco 1000V is modular. There is the Virtual Supervisor Module (VSM) and the Virtual Ethernet Module (VEM). The VEM acts as a remote line card of the VSM. The Virtual Supervisor Module can run within a Virtual Machine, or on a Cisco hardware appliance called the Cisco Nexus 1010 Virtual Services Appliance. The Virtual Ethernet Module presents Virtual Ethernet Ports (vEthernet) to the individual Virtual Machines. These ports represent the Virtual NIC (vNIC) of a virtual server. The beauty of this virtualization lies in the fact that the vEthernet port remains the same even if the virtual machine migrates to another physical ESX server entirely. This is an obvious and huge benefit for the mobility of network and security policies. The Nexus 1000V uses a control path application-programming interface (API) in order to communicate with the data plane. This API allows the simulation of Out of Band management. A control VLAN is used to provide separation. In fact, VLANs are critical in the architecture as one might expect. Typical VLANs used include:

• System – for bootstrap communications between the VEM and VSM
• Control – VEM-to-VSM communications
• Management – console access to ESX, vCenter, and/or the VSM
• Packet – CDP, IGMP, or LACP data
• vMotion
• VM traffic – for application traffic running on the VMs

We hope you will join us for future posts on different aspects of this exciting Cisco Data Center component including installation, configuration, and management. We also hope that you will join us for the upcoming IPexpert CCIE Data Center Written Online Class. This class prepares you for the CCIE Data Center Written and the foundational skills required for the lab exam. It is delivered live online and features weeks of instructor-led interactive events for mastery of the written and beyond.