Cisco: Nexus 1000 V and VMWare Switching
Cisco announced that in VMWare ESX version 4, customers will be able to license Ciscos replacement (Nexus 1000V) for VMWare virtual switching. Cisco has been working with VMWare to embed their new Nexus OS into the VMWare hypervisor. From everything I have heard so far, it is running great. There are a few major benefits that can come from this, especially for mid to large size companies.
Network management
Most businesses running VMWare ESX seem to work the same way. There is a networking group that handles the LAN / WAN, but its the VMWare administrators that manage VMWare virtual switch configuration. Nexus 1000v would give this control back to them. The Nexus system is managed via an independent server that communicates with VMWare Virtual Center server, thus moving network management back to the network group. Nexus 1000 incorporates the Cisco CLI (command line interface) which allows for easy remote control and configuration of the virtual switch. Each virtual machine is assigned a “switch port” in the Cisco OS. Along with that also comes the typical benefits of running a Cisco OS:
- Access Control Lists (ACL)
- Cisco Trustsec
- Rate limiting capabilitiesQuality of Service (QOS) policing
- Port mirroring
- VLANs
- Remote Syslogging
- SNMP
- VM level interface statistics
For me, the most promising features would be the QOS, easier VLANing, and port mirroring. QOS would allow for easy prioritizing of traffic based on load. If production and development environments were both running in the same ESX cluster, QOS would allow policies to prioritize the production servers traffic over developments. Same goes for rate limiting. It can be used to set a static threshold on how much data ports can transmit. I do love port mirroring. That would allow for an IDS / IPS solution to be ran INSIDE of the VMWare environment easily. Remote syslogging and SNMP will definitely help the centralized monitoring of the virtual switching infrastructure. The VM level interface statistics would definitely beat having to call esx-info and parse out the information that you need. Also, I bet you can clear the interface statistics non intrusively. I have yet figured out how to do that within VMWare. All around, I feel that using the Cisco CLI would allow for a lot faster provisioning of the network on top of the other inherent benefits.
Links
http://cisco.com/cdc_content_elements/flash/dataCenter/nexus1000/index.html
http://www.cisco.com/en/US/netsol/ns340/ns394/ns224/networking_solutions_packages_list.html
Note: Awesome! Cisco policies and interface configurations move with the virtual machine when they are vmotion-ed between servers.
