Chapter 13. Cisco Cloud Infrastructure Portfolio
This chapter covers the following topics:
Cisco MDS 9000 Series Multilayer Directors and Fabric Switches
Cisco Nexus Data Center Switches
Cisco Prime Data Center Network Manager
Cisco Unified Computing System
Cisco Virtual Networking Services
This chapter covers the following exam objectives:
3.1 Identify key features of Cisco UCS
3.1.c B-Series
3.1.d C-Series
4.1 Describe network architectures for the data center
4.1.a Cisco Unified Fabric
4.1.a.1 Describe the Cisco Nexus product family
4.2 Describe Infrastructure Virtualization
4.2.b Cisco Nexus 1000V components
4.2.b.1 VSM
4.2.b.2 VEM
4.2.b.3 VSM appliance
5.5 Describe the various Cisco storage network devices
5.5.a Cisco MDS family
5.5.b Cisco Nexus family
5.5.c UCS Invicta
According to the Synergy Research Group1, Cisco is one of the world leading companies in cloud infrastructure equipment at the time of this writing. Such accomplishment epitomizes the great commitment the company has demonstrated with its customers in their journey to cloud computing.
1 https://www.srgresearch.com/articles/cisco-maintains-lead-public-cloud-infrastructure-while-hp-leads-private
The Cisco cloud infrastructure portfolio encompasses an impressive number of flexible solutions that can be easily orchestrated and integrated into a wide variety of cloud architectures. The purpose of this chapter is to provide a brief description of each solution from this portfolio, including format options, scalability numbers, and performance metrics when available.
Because Cisco designs its cloud infrastructure solutions with the future in mind, this portfolio has changed throughout the years. For this reason, this chapter offers a snapshot of its products at the time of this writing. In fact, you can really imagine it as a “family portrait,” which is a little bit different depending on the year it is taken.
The primary objective of this chapter is to provide you valuable information about these solutions that the previous chapters did not directly address but that you are required to know for the CLDFND exam.
For more details about each solution from this portfolio, I highly recommend that you refer to the Cisco online product documentation.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 13-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the Pre-Assessments and Quizzes.”
1. Which of the following options represent differences between Cisco MDS 9700 Series Multilayer Directors and Cisco MDS 9300, 9200, and 9100 series? (Choose all that apply.)
a. Redundant power sources
b. Redundant supervisor modules
c. Redundant fabric modules
d. I/O modules
e. VSANs
2. Which of the following are features included in the Cisco Prime DCNM Server license for the Cisco MDS 9000 Series? (Choose all that apply.)
a. DCNM-SAN management
b. Historical performance
c. Inter-VSAN Routing
d. Multifabric management
e. VSAN
3. Which of the following features is not exclusive to the Cisco Nexus 1000V Advanced Edition?
a. Dynamic ARP inspection
b. Cisco TrustSec Security Groups
c. Private VLAN
d. Virtual Security Gateway
e. IP Source Guard
4. Which feature of the Cisco Nexus 3500 is designed to support high-frequency trading applications?
a. VXLAN
b. Algo Boost
c. Virtual PortChannel
d. Enhanced Layer 3
e. Priority Flow Control
5. Which of the following represent differences between Cisco Nexus 7000 and 7700 switches? (Choose all that apply.)
a. F-Series modules
b. M-Series modules
c. Bandwidth per slot
d. Data Center Interconnection technologies such as OTV
e. Layer 3 routing
6. Which of the following Cisco Nexus 9000 Series Switches does not support NX-OS mode?
a. Nexus 9504
b. Nexus 93128TX
c. Nexus 9516
d. Nexus 9336PQ
e. Nexus 9332PQ
7. Which of the following options does not represent a feature of Cisco Prime Data Center Network Manager?
a. REST API
b. Cable management
c. Device image management
d. UCS Fabric Interconnect visualization
e. ACI management
8. Which of the following options represent fabric extenders that are compatible with UCS? (Choose all that apply.)
a. 2204XP
b. 2208XP
c. Nexus 2232PP
d. Nexus 2248TP
e. Nexus 2224TP
9. Which of the following represent components of UCS Invicta? (Choose all that apply.)
a. C3124SA
b. Storage blade
c. Scaling System Router
d. UCS Fabric Interconnect
e. Scaling System Node
10. Which of the following features are deployed by Cisco ASAv? (Choose all that apply.)
a. Remote-access VPN
b. Stateful firewall rules
c. IPsec VPN
d. WCCP
e. vPath
Foundation Topics
Cisco MDS 9000 Series Multilayer Directors and Fabric Switches
Released in 2002, the Cisco MDS 9000 family is composed of fabric and director-class Fibre Channel and Fibre Channel over Ethernet (FCoE) switches. These devices are capable of deploying highly available and scalable storage-area networks (SANs) for the most demanding data center environments.
Figure 13-1 portrays the Cisco MDS 9000 family of directors and fabric switches available at the time of this writing.
Cisco MDS 9148S is a 1-RU line-rate fabric switch that supports up to 32 virtual SANs (VSANs) and has 48 Fibre Channel autonegotiable ports that are capable of speeds of 2, 4, 8, and 16 Gbps. The base switch model comes with 12 enabled ports, which can be scaled through a 12-port activation license resulting in 24, 36, or 48 usable interfaces.
Cisco MDS 9222i is a 3-RU modular fabric switch that has eighteen fixed 1/2/4 Fibre Channel ports and four Gigabit Ethernet interfaces, which can deploy Internet Small Computer System Interface (iSCSI) and Fibre Channel over IP (FCIP). One available slot allows the insertion of an additional I/O module.
Although a companion in the MDS 9200 series, the Cisco MDS 9250i is a 2-RU line-rate fixed fabric switch with forty 2/4/8/16-Gbps Fibre Channel ports, two 1/10-Gigabit Ethernet IP storage services ports (also for iSCSI and FCIP), and eight 10-Gigabit Ethernet FCoE ports. Its base configuration starts with twenty 2/4/8/16-Gbps ports that can be scaled through activation licenses. Both MDS 9200 platforms support up to 256 VSANs and offer intelligent SAN services such as Cisco Data Mobility Manager (DMM), I/O Accelerator (IOA), and Fibre Connection (FICON) for mainframe-based environments.
Cisco MDS 9336S is a 2-RU line-rate fabric switch with ninety-six 2/4/8/10/16-Gbps Fibre Channel ports. It comes in two base formats: 48 or 96 ports enabled (the 48-port base model can be upgraded through a 12-port on-demand port activation license). The Cisco MDS 9336S also supports up to 256 VSANs.
Finally, the Cisco MDS 9700 is a series of Cisco director-class switches that are defined by components that are completely redundant to achieve 99.999 percent availability.
There are two chassis in this family:
MDS 9706 (six slots)
MDS 9710 (ten slots)
To maintain their required reliability, each chassis must have two supervisor modules, which are responsible for the switch control and management plane. On Cisco MDS 9700 Series Multilayer Directors, data traffic between I/O modules traverses highly redundant switch fabric modules (up to six). For that reason, MDS 9700 Directors can achieve 1.5 Tbps of traffic between I/O modules.
Table 13-2 shows the currently available I/O modules for both MDS 9700 chassis.
As you can see in Table 13-2, neither of the MDS 9700 I/O modules deploys oversubscription to the switch fabric (because their throughput to the switch fabric modules supports all traffic from the module ports). Therefore, the current fabric modules’ capacity will also support future port speeds such as 32-Gbps Fibre Channel without oversubscription.
Note
Although Cisco MDS 9700 Series Multilayer Directors also support 256 VSANs per device, the Cisco-validated limit for a physical fabric is 80 VSANs.
All MDS 9000 directors and switches support the licenses described in Table 13-3.
You can find more information about Cisco MDS 9000 directors and switches at http://www.cisco.com/go/mds.
Cisco Nexus Data Center Switches
In 2008, Cisco launched its family of specialized data center switches. Since then, the Cisco Nexus Data Center Switches have established their leadership in corporate and service provider data centers of varied sizes and characteristics.
Deploying the same modular network operating system (Cisco NX-OS), the various families of data center switches brought to data centers innovations such as
Management of multi-hypervisor virtual networks
Unified Fabric with Data Center Bridging (DCB) and FCoE
Fabric Extenders
Virtual device contexts (VDCs)
Virtual PortChannels (vPCs)
Layer 2 multipathing with FabricPath
Intelligent virtual switching
Algo Boost technology for ultra-low-latency applications
Application Centric Infrastructure (ACI)
Cisco Nexus 1000V Series Switches
Cisco Nexus 1000V Series Switches are Layer 2 distributed virtual switches for server virtualization and cloud environments. These “software switches” control virtual machine connectivity as faithfully as a “hardware switch” provides Ethernet switching for physical servers.
As Cisco NX-OS-based devices, the Cisco Nexus 1000V Series Switches bring multiple access, security, and extensibility features to multi-hypervisor environments. Such similarity allows the great majority of customer processes and tools (such as the command-line interface [CLI], Simple Network Management Protocol [SNMP], NetFlow, and Encapsulated Remote Switched Port Analyzer [ERSPAN]) to be applied to both physical and virtual networking infrastructures.
Two basic components form a Cisco Nexus 1000V instance:
Virtual Ethernet Module (VEM): Runs as part of the hypervisor kernel, replacing its native connectivity model. It deploys the data plane component of Nexus 1000V, performing Layer 2 switching, among other NX-OS advanced features (such as PortChannels, QoS, private VLANs, and access control lists [ACLs]).
Virtual Supervisor Module (VSM): Coordinates multiple virtual Ethernet modules, providing the control and management plane for Nexus 1000V. Dynamically linked with VM managers (such as VMware vCenter, Microsoft System Center Virtual Machine Manager, or OpenStack Nova), VSM allows the creation of port profiles that will be exported to these managers as standard connectivity policies (to be executed by the VEMs).
Table 13-4 represents the Cisco Nexus 1000V switch scalability limits for every compatible hypervisor, at the time of this writing.
Additionally, Cisco Nexus 1000V provides features that are designed to optimize virtual networking, such as Virtual Extensible LAN (VXLAN) and Virtual Service Data Path (vPath).
Cisco Nexus 1000V Series Switches are available in two versions: Essential Edition (which is free, charging only for support) and Advanced Edition (which includes security features such as DHCP Snooping, IP Source Guard, Dynamic ARP Inspection, Cisco TrustSec Security Groups support, and Cisco Virtual Security Gateway).
You can find more details about Cisco Nexus 1000V Series Switches at http://www.cisco.com/go/nexus1000v.
Cisco Nexus 1100 Cloud Services Platforms
Based on the Cisco UCS C-Series rack-mountable servers and also leveraging NX-OS software, the Cisco Nexus 1100 Cloud Services Platforms (CSPs) permit the installation and management of virtual service blades (VSBs).
Each VSB can contain one of the applications described in Table 13-5.
Table 13-5 Virtual Service Blades (values applicable to the latest versions at the time of this writing)
Active-standby availability for a pair of VSMs is deployed with their installation over two distinct Cisco Nexus 1110 CSPs.
Cisco Nexus 1110 CSPs offer dedicated hardware for these services, providing independence from the server virtualization infrastructure. They also deploy a setup initialization script that is very similar to a standard Cisco switch.
Table 13-6 summarizes the main characteristics of these devices.
You can find more details about Cisco Nexus 1110 Series Cloud Services Platforms at http://www.cisco.com/c/en/us/products/switches/nexus-1100-series-cloud-services-platforms/index.html.
Cisco Nexus 2000 Series Fabric Extenders
Simultaneously decreasing cabling and consolidating management of data center networking devices, the Cisco Nexus 2000 Series of Fabric Extenders (FEXs) behave as remote linecards for a parent Cisco Nexus switch.
Because of their simplicity, network operational teams can deploy Nexus 2000 Series Fabric Extenders within server cabinets (similarly to top-of-rack switches) with a small space and power footprint (from 80 W to 350 W in 1 RU).
Figure 13-2 portrays some of the Nexus 2000 devices that are available at the time of this writing.
Table 13-7 outlines the main characteristics of these models.
Both Nexus 2248TP-E and Nexus 2232TM-E differ from their respective “non-E” models mainly through bigger shared buffers, which benefit applications such as large-volume databases, distributed storage, and video editing.
Besides Twinax copper cables and standard 10-Gigabit Ethernet transceivers, Nexus 2000 models also deploy cost-effective Fabric Extender Transceivers (FETs) that can reach up to 100 meters of fiber to connect to the parent switch.
The Cisco family of Fabric Extenders is further extended with the Cisco Nexus B22 Blade Fabric Extenders for HP BladeSystem c3000 and c7000 enclosures (B22HP), Fujitsu PRIMERGY BX400 and BX9000 enclosure (B22F), and Dell PowerEdge M1000e. All models have 16 host interfaces (10GBASE-KR) for internal blade server connectivity and eight 10-Gigabit Ethernet SFP+ fabric interfaces.
The Cisco Nexus 2000 Series Fabric Extenders support the following platforms as parent switches: Cisco Nexus 5000, Nexus 7000, and Nexus 9000. Please refer to the Cisco.com documentation for specific details about the features supported by each parent switch and FEX combination.
You can find more details about Cisco Nexus 2000 Series Fabric Extenders at http://www.cisco.com/go/nexus2000.
Cisco Nexus 3000 Series Switches
Cisco originally designed Cisco Nexus 3000 Series Switches to provide ultra-low-latency switching to high-frequency trading (HFT) and high-performance computing (HPC) environments. With a small footprint of 1 RU and a distinctive “switch-on-a-chip” architecture, these NX-OS devices are capable of providing wire-rate Layer 2 and 3 switching.
Figure 13-3 shows some of the Nexus 3000 Series models that are available at the time of this writing. Table 13-8 describes their main characteristics.
Cisco Nexus 3016, 3048, 3064-T, and 3064-X support up to 4000 VLANs, 128,000 MAC address entries, and 16,000 IPv4 routes.
Cisco Nexus 3100 Platform Switches have added VXLAN gateway and VXLAN bridging to the Cisco Nexus 3000 features. They support up to 4094 VLANs, 288,000 MAC address entries, and 16,000 IPv4 routes, except for Cisco Nexus 3164Q, which supports 96,000 MAC address entries and 128,000 IPv4 routes.
The Cisco Nexus 3200 Platform Switches are yet another step in the evolution of the series, with the hardware support of other port speeds such as 25, 50, and 100 Gbps. These switches support 4094 VLANs, 136,000 MAC address entries, and 128,000 IPv4 routes.
Cisco Nexus 3500 Platform Switches introduce the groundbreaking technology Cisco Algo Boost that enables a switching latency of less than 200 nanoseconds for all types of traffic (unicast and multicast, Layer 2 or Layer 3). The switches support 512 VLANs, 200 Virtual Routing and Forwarding (VRF) instances, and, depending on its mode of operation:
From 8000 to 64,000 MAC address entries
From 4096 to 16,384 IPv4 routes
All Nexus 3000 platforms deploy innovative NX-OS features such as virtual PortChannels (vPCs), Cisco Embedded Event Manager (EEM), 64-way equal-cost multipath (ECMP) for Layer 3 spine-leaf designs, Ethanalyzer (NX-OS built-in packet analyzer), and Precision Time Protocol (IEEE 1588).
Additionally, through the Enhanced Layer 3 license, the Cisco Nexus 3000 can implement full Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Border Gateway Protocol (BGP), VRF Lite, and VXLAN gateway and bridging.
You can find more details about Cisco Nexus 3000 Series Switches at http://www.cisco.com/go/nexus3000.
Cisco Nexus 5000 Series Switches
The Cisco Nexus 5000 Series Switches are arguably the most flexible platforms within the Cisco Data Center switching portfolio. Figure 13-4 portrays some of the Nexus 5000 models currently offered at the time of this writing.
The Cisco Nexus 5500 Platform Switches introduced innovations in data center networks such as FabricPath, VM-FEX, and Unified Ports, which are interfaces that can provide Ethernet (1/10 Gbps with FCoE) or Fibre Channel (1/2/4/8 Gbps) according to the inserted transceiver. Unified Ports enable flexibility and an easier migration from Fibre Channel to FCoE networks.
The Cisco Nexus 5600 Platform Switches improved the series flexibility with integrated Layer 3 forwarding, new features such as VXLAN (gateway, bridging, and routing), higher scalability, and advanced programmability tools such as NX-API.
Table 13-9 describes the main characteristics of the Cisco Nexus 5000 Series Switches models.
The slots on the Nexus 5500 chassis allow the connection of the following expansion modules:
Sixteen 1/10-Gigabit Ethernet (SFP+)
Eight 1/10-Gigabit Ethernet (SFP+) and eight 1/2/4/8-Gbps Fibre Channel ports
Sixteen Unified Ports
Sixteen 10GBASE-T ports (5596T only)
Layer 3 with 160 Gbps and 240 Mpps, and 1000 VRFs (only 5596UP and 5596T)
Additionally, Nexus 5548UP supports a Layer 3 daughter card that does not consume an expansion slot with the same performance and VRF scalability.
Meanwhile, the expansion module for Nexus 56128P has twenty-four Unified Ports and two 40-Gigabit Ethernet ports (QSFP+). The Cisco Nexus 5624Q and 5648Q support a generic expansion module (GEM) that offers an additional twelve 40-Gigabit Ethernet ports (QSFP+), where each port can be divided into four 10-Gigabit Ethernet ports via breakout cables.
The Cisco Nexus 5696Q chassis allows the insertion of the following expansion modules:
Twelve 40-Gigabit Ethernet (QSFP+) that can be converted into forty-eight 10-Gigabit Ethernet (SFP+) ports
Twenty Unified Ports
Four 100-Gigabit Ethernet ports (CXP)
The Cisco Nexus 5500 switches support 32,000 MAC address entries, and 24 FEX in Layer 2 mode (16 in Layer 3), while the Cisco Nexus 5600 switches support 256,000 combined entries of MAC addresses and Address Resolution Protocol (ARP) entries, and 24 FEX in Layer 2 or 3 mode. One exception is the Cisco Nexus 5696Q, which can support up to 48 FEX in Layer 2 mode.
Note
All Cisco Nexus 5000 Series Switches support 4094 VLANs and up to 32 VSANs.
Table 13-10 describes the main licenses available for the Cisco Nexus 5000 Series Switches.
You can find more details about Cisco Nexus 5000 Series Switches at http://www.cisco.com/go/nexus5000.
Cisco Nexus 7000 Series Switches
The Cisco Nexus 7000 Series Switches are high-density Ethernet switches that can achieve up to 17.6 Tbps of switching capacity and a forwarding rate of 11.5 billion packets per second (bpps).
Four Nexus 7000 chassis are available at the time of this writing:
Nexus 7004 (7 RU): Two slots for supervisor modules and two slots for I/O modules
Nexus 7009 (14 RU): Two slots for supervisor modules, seven slots for I/O modules, and five slots for switch fabric modules
Nexus 7010 (21 RU): Two slots for supervisor modules, eight slots for I/O modules (vertical), and five slots for switch fabric modules
Nexus 7018 (25 RU): Two slots for supervisors, sixteen slots for I/O, and five slots for switch fabric modules
The Cisco Nexus 7700 Platform Switches constitute the latest evolution of the Cisco Nexus 7000 Series modular switches. Achieving more than 80 Tbps of switching capacity, the Cisco Nexus 7700 Platform Switches are available in the following chassis:
Nexus 7702 (3 RU): One slot for a supervisor module and one slot for one I/O module
Nexus 7706 (9 RU): Two slots for supervisor modules, four slots for I/O modules, and six slots for switch fabric modules
Nexus 7710 (14 RU): Two slots for supervisor modules, eight slots for I/O modules (vertical), and six slots for switch fabric modules
Nexus 7718 (26 RU): Two slots for supervisors, sixteen slots for I/O, and six slots for switch fabric modules
Figure 13-5 depicts the Cisco Nexus 7000 and 7700 Platform Switches chassis.
In Nexus 7000 and 7700 switches, the supervisor modules are responsible for their control and management plane. Table 13-11 describes the main characteristics of such modules.
Except on the Nexus 7004 and 7702, traffic between I/O modules traverses switch fabric modules. At the time of this writing, there are two available types of switch fabrics:
Switch Fabric-2 for Nexus 7000: Supports up to 110 Gbps (550 Gbps per slot for an aggregate of five fabric modules)
Switch Fabric-2 for Nexus 7700: Supports up to 220 Gbps (1.32 Tbps per slot for an aggregate of six fabric modules)
Note
The I/O slots on the Nexus 7004 share a 440-Gbps direct connection between each other.
Table 13-12 summarizes the characteristics of the available Nexus 7000 I/O modules.
Table 13-13 summarizes the characteristics of the available Nexus 7700 I/O modules.
A Nexus 7000 or 7700 switch can support up to 16,000 VLANs and 1000 VRF instances distributed over its virtual device contexts. Table 13-14 depicts the main differences between each I/O module series.
Note
Although FCoE-enabled Nexus 7000 Series Switches support more VSANs per switch, the Cisco-verified limit for a physical fabric is 80 VSANs.
Table 13-15 describes the main licenses available for the Cisco Nexus 7000 and 7700 Platform Switches.
You can find more details about Cisco Nexus 7000 Series Switches at http://www.cisco.com/go/nexus7000.
Cisco Nexus 9000 Series Switches
The Cisco Nexus 9000 Series Switches represent the ultimate generation of Cisco switches for data centers. In summary, besides superior performance, density, lower latency, and better power efficiency, the Nexus 9000 Series Switches also introduce a wide range of programmability tools (NX-API, Linux containers, as well as access to both ASIC and Linux shells). Additionally, these switches provide the hardware basis for the revolutionary software-defined networking architecture called Application Centric Infrastructure (ACI).
Figure 13-6 depicts some of the Nexus 9000 switches that are available at the time of this writing.
With a few exceptions, all Cisco Nexus 9000 Series Switches can run in NX-OS mode (much like all other Nexus switches) or ACI mode (when they are part of an ACI fabric).
There are two platforms within the Cisco Nexus 9000 Series:
Cisco Nexus 9300: Fixed-port switches
Cisco Nexus 9500: Modular switches
Table 13-16 describes the main characteristics of the Cisco Nexus 9300 models.
The Cisco Nexus 9500 Platform Switches are available in three different modular chassis:
Nexus 9504 (7 RU): Two slots for supervisor modules, four slots for I/O modules, and six slots for switch fabric modules
Nexus 9508 (13 RU): Two slots for supervisor modules, eight slots for I/O modules (vertical), and six slots for switch fabric modules
Nexus 9516 (20 RU): Two slots for supervisor modules, 16 slots for I/O modules, and six slots for switch fabric modules
At the time of this writing, Nexus 9500 switches can use one of the following supervisor modules:
Supervisor A: 4-core, 1.8-GHz x86 CPU, with 16 GB of RAM, and 64-GB solid-state disk (SSD) drive
Supervisor B: 6-core, 2.2-GHz x86 CPU, with 24 GB of RAM, and 256-GB SSD drive
Differently from other modular switches, the Cisco Nexus 9500 Platform Switches do not have a midplane, which is commonly used to provide connectivity between linecards and fabric modules. With such design, Nexus 9500 chassis achieve a better cooling and power efficiency.
Within NX-OS mode, the Cisco Nexus 9500 chassis may deploy two distinct fabric modules:
First Generation (N9K-C9504-FM, N9K-C9508-FM, and N9K-C9516-FM): Optimized for 10- and 40-Gigabit Ethernet deployments, each one offering 320 Gbps per slot (1.92 Tbps per slot in its maximum configuration)
Second Generation (N9K-C9504-FM-S, N9K-C9508-FM-S, and N9K-C9516-FM-S): Optimized for 40- and 100-Gigabit Ethernet deployments, each one offering 1.5 Tbps per slot (9 Tbps per slot in its maximum configuration)
Table 13-17 describes the I/O modules for Nexus 9500 chassis.
When running in NX-OS mode, the Cisco Nexus 9300 Platform Switches support 4094 VLANs, 96,000 MAC address entries, and 128,000 IPv4 routes. The Cisco Nexus 9500 chassis support 4094 VLANs, 160,000 MAC address entries (depending on used I/O modules), and 128,000 IPv4 routes.
Table 13-18 describes the licenses for Nexus 9000 Series Switches running in NX-OS mode.
Note
ACI mode requires a specific license (Cisco ACI License) for each switch. You can find verified scalability for ACI at http://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html#ConfigurationGuides
You can find more information about the Cisco Nexus 9000 Series Switches at http://www.cisco.com/go/nexus9000.
Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager (DCNM) provides a single pane of glass to Cisco Data Center Unified Fabric, which is composed of Nexus and MDS 9000 switches.
Note
Cisco DCNM also manages Unified Computing System (UCS) Fabric Interconnects.
DCNM’s graphical interface automates provisioning and proactively monitors LAN and SAN elements simultaneously, and its RBAC capabilities help further separate configuration of LAN and SAN networks on converged switches. Cisco DCNM authenticates administration through the following protocols: TACACS+, RADIUS, and LDAP.
Distinct LAN and SAN Java clients provide advanced monitoring and provisioning capabilities, while a web dashboard offers health and performance monitoring of a data center fabric. This dashboard allows network and storage administrators to quickly troubleshoot health and performance across the entire range of Cisco NX-OS devices.
Additionally, Cisco DCNM deploys the following features:
Cable plan management
Automated discovery and topology views
Event management and forwarding
Web templates
Performance and capacity planning
Virtual machine path analysis for LAN and SAN
Standard and customized reports
Configuration and change management
Device image management
RESTful API
VXLAN fabric management
Orchestration support (OpenStack, Cisco UCS Director, and VMware vCloud Director)
This management solution can be deployed in Windows and Linux, or as a virtual service blade on Nexus 1100 Cloud Services Platforms. More Cisco DCNM servers can be added to a cluster to follow the growth of a network.
You can find more information about DCNM at http://www.cisco.com/go/dcnm.
Cisco Unified Computing System
By design, Cisco Unified Computing System (UCS) consolidates high-performance Intel-based servers, high-speed networking, storage access, and server virtualization into an integrated infrastructure.
With fewer points of managements than similar server solutions, UCS drastically reduces the amount of time dedicated to physical server provisioning and enables bare-metal installations to achieve a similar performance level of server virtualization environments.
Figure 13-7 portrays the main components of Cisco Unified Computing System.
In addition to the content presented in the following sections, you can find more details about UCS at http://www.cisco.com/go/ucs.
Cisco UCS 6200 and 6300 Series Fabric Interconnects
Cisco UCS Fabric Interconnects provide network connectivity and management capabilities for a Unified Computing System domain. Based on Nexus platforms, the Cisco UCS 6200 Series Fabric Interconnects offer line-rate, low-latency, Ethernet, Fibre Channel, and FCoE connectivity for UCS B-Series Blade Servers and C-Series Rack Servers.
As the only model representing the Cisco UCS 6300 Series Fabric Interconnects, the Cisco UCS 6324 Fabric Interconnect forms a Cisco Unified Computing System more adequate for smaller environments. Because it is directly inserted into the Cisco UCS 5108 Blade Server Chassis, it comprises what is known as UCS Mini, which controls up to 15 servers (8 blade servers and up to 7 direct-connect rack servers).
Table 13-19 represents the main characteristics of these Fabric Interconnects.
Note
All UCS Fabric Interconnects support up to 32 VSANs.
Cisco UCS 5100 Series Blade Server Chassis
The Cisco UCS 5108 Blade Server Chassis enables the accommodation of up to eight blade servers into 6 RU. It supports up to two I/O modules for UCS 6200 Fabric Interconnect connection or the direct insertion of up to two Cisco UCS 6324 Fabric Interconnects.
UCS 5108 supports autodiscovery by UCS Manager, and its passive midplane allows up to 80 Gbps of traffic for each half-width blade server slot.
Cisco UCS 2200 Series Fabric Extenders
Contributing to UCS’s consolidation of management points, UCS 2200 Series Fabric Extenders provide unified connectivity for all servers installed on a UCS 5100 chassis.
Table 13-20 describes the main characteristics of the Fabric Extenders that can be used on Cisco UCS.
Cisco UCS B-Series Blade Servers
Cisco UCS B-Series Blade Servers are Intel Xeon servers that can be accommodated into UCS 5100 chassis to integrate a UCS domain.
At the time of this writing, Cisco offers a great variety of B-Series blade server models, as shown in Table 13-21.
Cisco UCS C-Series Rack Servers
Cisco UCS C-Series Rack Servers are rack-mountable devices that can be part of a UCS domain or work as standalone servers. More specifically, UCS C-Series servers can also address workloads that might depend on a higher number of PCIe adapters or internal storage resources.
Also based on Intel Xeon architecture, the current variety of UCS C-Series models is comparable to UCS B-Series servers.
Table 13-22 shows the released UCS C-Series models.
Cisco UCS Invicta
Cisco UCS Invicta is a solid-state drive (SSD) storage system focusing on bringing faster I/O operations to enterprise applications, such as database, email, virtual desktops, high-performance computing (HPC), and video transcoding.
Note
Cisco has announced the end-of-sale for UCS Invicta solutions in 2015. However, I have maintained its content in this certification guide to address the CLDFND exam blueprint.
Cisco UCS Invicta was available in two physical factors:
Cisco UCS Invicta C3124SA Appliance: A single hardware piece that connects to a UCS domain composed of blade or rack servers. It provides block I/O access to SCSI LUNs through Fibre Channel or iSCSI.
Cisco UCS Invicta Scaling System: Composed of scaling system routers (SSRs), which are responsible for connectivity and management, including replication, striping, and RAID configurations; and scaling system nodes (SSNs) deploying individual flash-memory management, including RAID and data protection.
Figure 13-8 depicts both Cisco UCS Invicta formats.
Table 13-23 details the characteristics of both solutions.
Cisco UCS M-Series Modular Servers
New cloud-scale applications, such as online gaming and high performance computing (HPC), have generated some inadequacies in the way servers are designed today. Because these cloud-scale applications require small compute nodes that should be scaled out according to demand, when a server is qualified for an application, all of its compute resources (CPU, memory, network, internal storage, and so forth) are specified based on peak utilization, and it is very common that some of these components are underutilized.
As the next wave of innovation within the Cisco UCS portfolio, the UCS M-Series provides a smart solution for such challenges through the disaggregation of these components to form a compute node.
Figure 13-9 exhibits the Cisco UCS M-Series Modular server.
In a nutshell, the UCS M-Series compute node is essentially a set of dedicated CPU and memory resources while other resources are shared within a single chassis. The creation of a compute node is completely related to a UCS Manager service profile, which is mandatory for the M-Series (and therefore the presence of a Fabric Interconnect pair).
At the time of this writing, a pair of Fabric Interconnects can handle up to 20 UCS M-Series M4308 2-RU chassis that can handle two 1400-W power sources, two 40-Gigabit Ethernet external connections, and up to eight compute cartridges. Shared among the compute nodes are power, cooling, I/O, hard disk drives, and management.
The cartridges are composed of CPU and memory resources as outlined in Table 13-24.
This structure enables a server administrator to create up to 320 nodes per UCS domain, dynamically assigning them according to the availability of resources within the chassis in the domain. Leveraging the automation capabilities of UCS Manager, a cloud can greatly benefit from the flexibility brought by this solution.
Note
You can find more details about the Cisco UCS M-Series Modular servers at http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/unified-computing/whitepaper_c11-732876.html.
Cisco Virtual Networking Services
As explained in Chapter 7, “Virtual Networking Services and Application Containers,” Cisco offers a large array of networking solutions as virtual appliances that can be used in generic server virtualization and select public cloud environments. As one of the key advantages from these solutions, operational teams can reuse procedures and tools from their physical network to administer these solutions with minimal adaptation.
Using technologies as Cisco Virtual Service Data Path (vPath) and service graphs, some of these virtual networking services can facilitate traffic redirection and improve performance in Cisco Nexus 1000V and ACI environments, respectively.
Cisco Adaptive Security Virtual Appliance
The Cisco Adaptive Security Virtual Appliance (ASAv) is a stateful virtual firewall solution that was designed to secure the tenant edge of private and public cloud environments.
In summary, the Cisco ASAv inherits its code and perimeter security functions from Cisco ASA 5500 Adaptive Security Appliances and complements the security services provided by the Cisco Virtual Security Gateway (VSG).
The Cisco ASAv offers the following features for virtualized data centers:
Default gateway and static routing
Network Address Translation (NAT)
Dynamic Host Control Protocol (DHCP)
Stateful failover between two ASAv instances
VXLAN gateway, sending traffic to and from a VXLAN to a traditional VLAN
VPNs, including site-to-site IPsec VPNs, remote-access IPsec VPNs, and clientless SSL VPNs
The Cisco ASAv is available for the following hypervisors: VMware vSphere ESXi, Linux KVM, and Microsoft Hyper-V. Additionally, it can be managed through different methods such as the CLI, REST API, Cisco Adaptive Security Device Manager (ASDM), Cisco Security Manager (CSM), and Application Policy Infrastructure Controller (APIC) in ACI deployments.
Table 13-25 outlines the multiple ASAv models.
This virtual networking service deploys Smart Software Licensing, which provides automatic license activation when the virtual appliance is provisioned. After a successful installation, the Cisco ASAv self-registers with Cisco license servers in the cloud, allowing customers to monitor product entitlements through the Cisco Smart Software Manager.
Cisco Cloud Services Router 1000V
The Cisco Cloud Services Router (CSR) 1000V consists of a single-tenant router deployed as a virtual appliance. In essence, this virtual networking service brings to server virtualization and public cloud environments WAN functionalities such as
Secure VPN gateway
MPLS WAN termination
Data center interconnection with Layer 2 extension
Traffic control and redirection
Based on the industry-leading Cisco IOS-XE network operating system, the CSR 1000V enables network operational teams to transparently extend their WAN capabilities to cloud environments using the following hypervisors: VMware vSphere ESXi, Citrix XenServer, Microsoft Hyper-V, and Red Hat KVM. In addition, the Cisco CSR 1000V is supported on Amazon Web Services (AWS).
Tip
You will find more information about CSR 1000V for AWS in the AWS Marketplace at https://aws.amazon.com/marketplace/pp/B00EV8VXG2.
The Cisco CSR 1000V licenses are based on throughput and feature set, and can be purchased for a term of 1 year, 3 years, or perpetually. At the time of this writing, the virtual networking service offers licenses for the following throughput maximum rates: 10 Mbps, 50 Mbps, 100 Mbps, 250 Mbps, 500 Mbps, 1 Gbps, 2.5 Gbps, 5 Gbps, and 10 Gbps.
Note
After a throughput license is activated, the CSR 1000V instance will limit its aggregate bidirectional throughput to that stated value.
Table 13-26 describes the Cisco CSR 1000V feature set licenses and the functionalities they enable in an instance.
Note
Not all features are available for every throughput license or AWS. Please refer to http://www.cisco.com/go/csr1000v for more details about CSR 1000V.
Citrix NetScaler 1000V
The Citrix NetScaler 1000V consolidates the industry-leading Application Delivery Controller (ADC) and Cisco virtual networking and software-defined networking innovations. Using Cisco Nexus 1000V vPath or ACI service graphs, the virtual networking service provides advanced load-balancing features with ease and flexibility.
Citrix NetScaler 1000V can run as a virtual appliance over VMware vSphere ESXi and Linux KVM or as a virtual blade on the Cisco Nexus 1110 Cloud Services Platforms. An advantage of the latter situation is that the Cisco Nexus 1110-X can deploy an SSL offload card for high-performance encryption.
Table 13-27 describes features available in each Citrix NetScaler 1000V edition.
Citrix NetScaler 1000V can be licensed according to its maximum allowed throughput. Available throughputs are 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 3 Gbps, 4 Gbps, and 5 Gbps.
Note
The 5 Gbps license is only available when Citrix NetScaler is deployed as a virtual blade on Cisco Nexus 1110-X with SSL offload card.
As an illustration, Table 13-28 compares the maximum performance Citrix NetScaler 1000V achieves as a virtual appliance and as a virtual blade.
Cisco Virtual Wide-Area Application Services
Cisco Virtual Wide-Area Application Services (vWAAS) was one of the first WAN accelerators available as a virtual networking service. Both for server virtualization and private cloud environments, vWAAS can bring benefits such as
All features and compatibility with Cisco WAAS
Integration with Cisco Nexus 1000V through vPath
Caching high availability through external storage
Compatibility with VMware vSphere advanced features such as VMware High Availability, VMotion, and Storage VMotion
Table 13-29 describes the available licenses for vWAAS instances at the time of this writing.
Virtual Security Gateway
Cisco Virtual Security Gateway (VSG) is a virtual appliance that provides trusted access to secure server virtualization and cloud networks. Cisco VSG ensures that security zones are controlled within server virtualization clusters without losing the flexibility and scalability of such environments.
Intrinsically linked to Cisco Nexus 1000V, Cisco VSG uses vPath technology to offload subsequent traffic to the virtual switch, after the first packet of the communication is analyzed.
In summary, Cisco VSG provides the following features:
Trusted access
Dynamic operation
Non-disruptive administration
VXLAN awareness
vPath service chaining to multiple virtual network services
VSG is available as a virtual appliance (VMware vSphere ESXi or Microsoft Hyper-V) or a virtual service blade on Cisco Nexus 1100 Cloud Services Platforms. The virtual networking service is licensed per server socket along with the Cisco Nexus 1000V advanced license.
At the time of this writing, a single VSG instance can support up to 256,000 concurrent connections and control up to 10,000 new connections per second.
Exam Preparation Tasks
Review All the Key Topics
Review the most important topics in this chapter, denoted with a Key Topic icon in the outer margin of the page. Table 13-30 lists a reference of these key topics and the page number on which each is found.
Table 13-30 Key Topics for Chapter 13
Complete the Tables and Lists from Memory
Print a copy of Appendix B, “Memory Tables” (found on the CD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Answers to Memory Tables,” also on the CD, includes completed tables and lists so that you can check your work.
Define Key Terms
Define the following key terms from this chapter, and check your answers in the glossary: