- David Geer, Geer Communications
Editor's note: In the first part of this series on integrating physical and virtual networks, we examine the role of virtual switching in networking across environments. In part two, we highlight two examples of virtual switching in action.
Not every company is ready to move to full SDN or network virtualization, but there are plenty of measures to take along the way to be sure the virtual and physical worlds are communicating.
Cloud provider Iland, which is primarily a Cisco switch and router shop, takes advantage of VMware’s integration of the Cisco Discovery Protocol (CDP) Messaging System into its VMware virtual switches.
When a network team member adds network components, creates a VLAN on a physical switch, or works with MAC addresses, the CDP Messaging System integration makes these things clear, said Iland’s Giardina. “When we bring up a VM, whether we need to make sure it follows an IP address policy or a port security policy or a VLAN policy, this is all transparent to the hardware side,” he said.
Engineers trained on Cisco hardware can easily apply what they know to the virtualization stack and they can use this communication to apply virtual network components and services to network segments.
“In the past, we had to deal with multiple firewalls and multiple routers for each customer. VMware enables us to spin up iterations of its virtual firewall called the vShield Edge (a part of vCloud Networking and Security) and still have transparency at the network layer to administer everything. And now we don’t have to provision that extra hardware,” Giardina said. This creates savings in time, CAPEX, person hours, and training. “We can virtualize everything and the only cost is the monthly recurring cost to run the existing gear,” Giardina said.
Rackforce Uses Cisco Nexus 1000v
For Rackforce, a provider of data center services, Cisco’s Nexus 1000v virtual switch met a couple of challenges to integrating the virtual edge.
First, all of Rackforce’s equipment is dual-homed, using multiple upstream switch fabrics. Rackforce uses IBM blade centers and Cisco UCS chassis with dual home switching, using fabric A and fabric B. VMware did not support two fabrics in an active/active mode when Rackforce was looking for a vswitch solution. “The only way to do that was using the Cisco Nexus 1000v with MAC pinning,” said Denis Skrinnikoff, director of network at Rackforce, a Cisco customer. This created an active/active port channel to different fabrics without having to rely on the LACP or VPC protocols which were typically used to do multi-chassis link aggregation, but were not supported by Cisco UCS and IBM blade.
The second challenge for Rackforce was policy enforcement. “Using the Cisco Nexus 1000v, we identify and observe the traffic to each VM. I can use SNMP from the virtual switch and integrate my existing monitoring tools to see each VM and the amount of traffic it is using, and to look at the flows and where the traffic is going,” said Skrinnikoff. This enables end-to-end QoS and policy enforcement. “I already know Cisco, and I know XOS, and I know how to create the policy map. I can use these skill sets to enforce policies in the virtual world.”
With the Cisco Nexus 1000v, an engineer can integrate existing provisioning engines, script the network deployments, and have a single consistent network configuration from the virtual to the physical, Skrinnikoff explains.
Rackforce’s existing virtual networking topology uses Layer 2 isolation in which VLANs segment traffic in isolated, secure environments for each tenant’s traffic. “We have hundreds to thousands of VLANs running to each of our cloud infrastructures. We broke it out into multiple clouds. We are in the process of deploying a VXLAN overlay using vCloud Director,” said Skrinnikoff. This will ease scaling for Rackforce’s virtual network.
“VXLAN is simple to integrate, easy to implement, and is the most widely supported by the switch vendors we use,” said Skrinnikoff. The Cisco Nexus 1000v supports VXLAN.
About the author
David Geer writes about security and enterprise technology for international trade and business publications.
- Understanding the pros and cons of network virtualization –SearchSecurity.com