Cisco Systems is making its virtual switch, the Nexus 1000v, a little less virtual.
The Nexus 1000v virtual switch replaces the vSwitch embedded in VMware hypervisor software and aims to give network administrators more control and visibility into the switching that takes place between virtual machines on a virtual host server. To date, however, the Nexus 1000v has existed as a virtual machine -- a turn-off for network administrators who are accustomed to being able to see and touch their physical network devices.
"I think a lot of network administrators were leery about having [Nexus 1000v] as a virtual appliance because it's something that's beyond their control," said Eric Siebert, senior system administrator with restaurant chain Boston Market and a TechTarget contributor. "Traditionally, the virtual administrators have control over [any virtual machines on a host server].… I think the Nexus 1010 gives them the option to have that type of control in a physical chassis."
The trouble with hypervisors' native virtual switches
From the earliest days of virtualization's entry into enterprise data centers, network administrators have struggled with the native virtual switches that are embedded in hypervisors from vendors like VMware. Simply put, network administrators can't see what these virtual switches are doing – and that has a range of security and management implications.
"Security systems like IDS and IPS can't work inside a virtual host because it can't see a lot of that traffic," Siebert said. "I think a lot of network admins don't trust virtual environments. Sometimes it's a lack of understanding. They prefer their own little [physical] world, and they don't want to lose control over that networking by seeing it go into the virtual host."
Cisco tries to solve the virtual switch problem with the Nexus 1000v
Cisco's Nexus 1000v consists of two software components: Virtual Ethernet Module (VEM) and the Virtual Supervisor Module (VSM). The architecture is similar to a physical network switch, said Omar Sultan, Cisco's senior solution manager for Data Center Solutions. The VSM is similar to a supervisor module in a chassis switch, and the VEMs are like line cards with the actual ports on them.
The Nexus 1010 Virtual Services Appliance -- a 1 RU device that plugs directly into a physical network switch -- provides a dedicated piece of hardware for running the VSMs on a physical device. Each physical box can hold four VSMs, which together can manage up to 256 VEMs on 256 different host servers.
Why a dedicated appliance for virtual switches?
While the new physical component may be a plus for network admins looking to put their hands on something, Cisco actually created the Nexus 1010 because some customers were concerned about consuming server compute cycles for the VSM control plane that would be better dedicated to enterprise applications, Sultan said. With a dedicated machine, network administrators now have improved availability for the VSM, which gives them more reliability for managing the hundreds of VEMs they have embedded on their data centers' virtualized host servers.
The Nexus 1010 will also be able to run virtual services modules, much as its chassis switches can run physical services modules. The first one to market will be the Network Analysis Module, a piece of software that can improve diagnostics of data center virtual network traffic.
What are other networking vendors doing about the virtual switch problem?
Cisco isn't the only vendor trying to get virtual server networking back into the hands of network administrators. Last August, data center switch vendor Arista Networks released vEOS, a software image of its switch operating system that integrates with VMware's virtual switches, unlike the Nexus 1000v, which replaces the VMware virtual switch.
HP ProCurve has proposed to the IEEE's 802.1 Working Group the standardization of its Virtual Ethernet Port Aggregation (VEPA) protocol, which allows physical switches to assign a predefined set of port profiles, with security and policy settings, to virtual machines on a host server. The switch can then direct the virtual switch to apply and enforce those settings, or it can replace the virtual switch altogether. Extreme Networks has already stated that if VEPA is standardized, it will update the XOS operating system on its switches to support the technology.
Let us know what you think about the story; email: Shamus McGillicuddy, News Editor