Jose Martinez is an escalation engineer for server virtualization products in the RTP Technical Assistance Center. Jose joined Cisco in 1995 and has worked in multiple pre- and post-sales groups supporting different technologies, including Layer 2/Layer 3 switches, voice gateways, unified communications (Cisco CallManager), and most recently data center technologies (including Cisco UCS, Cisco Nexus 5000, and Cisco Nexus100v). He has presented in multiple Cisco Live events as well as traveled around the United States providing seminars and tech talks. Jose holds CCIE certification (number 1690) in Routing and Switching.
Matthew Wronkowski is an escalation engineer for server virtualization products in the RTP Technical Assistance Center. Matthew joined Cisco in 2001 and has worked in multiple pre- and post-sales groups, including the Cisco IOS Technology Center, researching and developing home gateway products. He joined the Cisco Technical Assistance Center in 2004 supporting large service provider voice networks. In mid-2010 he moved to the Unified Computing and Virtualization team, where he became a focal point for Cisco Nexus 1000v and Cisco UCS products. Matthew holds CCIE certification (number 21202) in Voice. He holds a master of science degree in bioinformatics from the Rochester Institute of Technology.
The following experts were helping Jose and Matthew to answer few of the questions asked during the session: Dave McFarland and Mike Timm. Dave and Mike are top UCS experts and have vast knowledge in related topics.
You can download the slides of the presentation in PDF format here. The related Ask The Expert sessions is available here. The Complete Recording of this live Webcast can be accessed here.
New Features in UCS 2.0
Q. Does the Virtual Machine Fabric Extender (VM-FEX) with hypervisor bypass configuration disable vmotion for those VMs?
A. No, it does not disables vmotion. You can do direct I/O and still vmotion will work.
Q. Does the Virtual Machine (VM) still sit on the hypervisor?
A. The VM still sits on the host and connects to the hypervisor. The system after some seconds of traffic, if it has the right components, switches modes and it takes the VM off the hypervisor. Once there it keeps switching traffic that way unless vmotion is needed.
Q. So it's just bypassing the hypervisor and not the the Nexus 1000v?
A. VM-FEX is a distributed switch, which is managed from Unified Computing System Manager (UCSM). It has fewer features than Nexus 1000v.
Q. For hypervisor bypass (VM-FEX) and vmotion, does vSphere have to have vSphereDVS configured for thisVLAN?
Q. Can FET SFP be used between FI and IOM?
A. Yes it is supported. Cisco Fabric Extender Transceiver (FET) SFP are listed in the matrix.
Q. Does the Unified Computing System (UCS) 1280 Virtual Interface Card (VIC) replace the UCS M81KR?
A. The VIC 1280 is an alternative choice to M81KR allowing increased blade bandwidth. M81KR is still available for purchase.
Q. Is VIC 1280 support available for Solaris X86?
A. It is suggested to look at the compatibility matrix at www.cisco.com for confirmation.
Q. Do you still need a Nexus 5548UP or MDS for SAN and LAN north bound connectivity for FI 6248UP?
A. Yes, it is still needed since multi-hop FCoE is not currently supported on the Fabric Interconnects. Multi-hop is on the roadmap for the next major release.
Q. Are there plans for blade FEX for IBM as the existing B22 for HP?
A. Yes, Nexus 4000 is available.
Q. When will 1280 VIC FCS?
A. Probably at the end of February; however reach out to local accounts team for more information.
Q. What are the security options for applying UCS for a three tier DMZ design?
A. For login security UCS supports certificates, trustpoint, CA, LDAP, TACACS, and RADIUS. Also multiple authentication methods are possible. UCS also has Role Based Access Control (RBAC), which allows you to control what a person can change or do on the system. Version 2.0 allows creation of VLAN to create a separate path for traffic, so that you can have links going only to DMZ and links going only to rest of the network. For physical security UCS has many options in BIOS to protect from people reloading and booting a separate OS.
Q. Will UCS support multi hop FCoE?
A. Multi hop FCoE is available in hardware although not available in software. The target date for multi hop FCoE support is the next major UCS software release.
Q. Is there a document for caveats or limitations for ESXiiSCSI SAN booting, particularly regarding limitations for hosted applications such as UC on UCS?
A. UC on UCS still requires hypervisor installed locally or on fibre channel.
Q. How do I deal with iSCSIQoS?
A. The vNIC has the QoS policy that can be applied to using the service profile for that particular SCSI booting.
Q. Is port-channel the recommended config with the 2208 and 6248?
A. Yes. This would be the best configuration option as bandwidth utilization is better allocated and improves redundancy capabilities.
Q. What is the load balance mechanism? Source MAC address/Destination MAC address?
A. For FI to IOM it is source-dest-mac. It is not configurable and is done by the system automatically. For 1280 to the IOM, it has more options up to the Layer 4.
Q. Can you dedicate bandwidth to a particular blade in port-channel operation?
A. You can enable QoS for a particular vnic using the GUI for a particular Service-profile.
Q. In HP virtual connect you have seconds of downtime/failover for blades during fimware updates. Does this exist in UCSIO module updates?
A. If you are talking about firmware update of the IOM remember that the system allows you to update one side at a time. This means that complete loss of communication does not happen. Only one path is down at a time.
Q. When will 2.02 be released?
A. Release schedules for future releases are rather fluid but the current target is sometime in March. This can obviously change.
Q. What are the plans for ESXi5?
A. Yes, the eye "i" versions only of 5.0, 4.1u1 and 4.1u2. Only those versions support iBFT, which is what is used to configure the OS during install.
Q. Is iSCSI not supported in ESXi5?
A. ESXiiSCSI boot is supported per the latest support matrix.
Hello,I understand that Contracts in ACI that are enfored by the leafs are stateless ACL. When is an ACI Contract stateful?- as far as I know when using AVS/AVE?- what about when using Kubernetes/Openstack integration with ovs?
Hi all 1) is there any command to see the WWN of all the interfaces in the FC switch ? I am using sh int at the moment 2) it is said that FCID is use to locate other switches/nodes in the fabric - what is the command to see which FCID is associa...
Hello ACI board,by default, there is the mgmt Tenant, which includes a bridge domain "inb" for inband management.The default node management EPG (mgmtInB) is associated to the "inb" bridge domain. Let's assume a large fabric with multiple pods and al...
Hi ACI folks,I'm running ACI in a Multi-Pod environment with some l3outs on my leaf switches.In fact - from a configuration and policy perspective the multipod configuration is a l3out on the spines as well. I'm wondering about the default used MTU o...
Nexus SW:- NXOS: version 7.0(3)I7(6)This SW has BGP peering with Cloud Vendor 1 , Cloud vendor 2 , Cloud Vendor 3 requirement is :-I would like to advertise routes originated from cloud vendor 1 to cloud vendor 2 and ignore cloud vendor 3 and o...