Based from the Deep-Dive series webcast, Cisco Expert Vishal Mehta will be available for an Ask the Expert discussion focused on the advantages of Nexus 1000v Solution across spectrum of technologies and how it can be leveraged to enhance your Data Center Virtual Infrastructure to meet the next-generation goals.
Ask your Questions from February 12 through March 4, 2015
Vishal Mehta is a Technical Marketing Engineer with Cisco's Data Center Competitive Insights Team based in San Jose, California. Previously he was working as the customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013, Milan 2014, and San Francisco 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in Electrical and Computer Engineering and has CCIE® certification (# 37139) in Routing/Switching, Service Provider & Data Center
Part 1: Conquered Territory: Multi-Hypervisor – February 12, 2015
This session will discuss and compare about Nexus 1000v deployments on VMware, Hyper-V and Openstack-KVM hypervisors.
Part 2: Meet the 1000v Family: The Secret of Unity – February 17, 2015
This session will discuss vPath: The Secret behind uniting Virtual Network Services provided by ASA 1000v, VSG, vWAAS, Nexus 1000v, vNAM.
Part 3: Game Changer: Silver Lining in the Cloud – February 24, 2015
The core of this session will go through Nexus 1000v capabilities in ACI and ICF.
**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions
Both Physical ASA and Virtual ASA are Layer 3 edge firewall providing traditional filtering capabilities between different subnets.
However ASAv does not have all the capabilities that exists in Physical ASA.
ASAv does not have DMZ interfaces and cannot have sub-interfaces.
Also the protected VMs needs to in same subnet as inside interface and cannot be L3 hop away in comparison with Physical ASA
ASAv is targeted for virtual workloads on tenant-basis (smaller-scale) so that traffic does not need to traverse all the way in core to reach Physical ASA for getting firewall services
Both ASAv and VSG are used in conjunction to provide over firewall security.
VSG provides intra-vlan (i.e. east-west traffic) security at L2
ASAv provides inter-vlan (i.e. north-south traffic) security at edge (L3).
So using vPath service-chaining we can leverage both firewalls.
PNSC can integrate with all Virtual Service Nodes (VSNs) such as VSG, ASAv, VSM, vNAM, vWAAS, CSRv, Netscaler.
PNSC integrates with Virtual Machine Managers like vCenter and SCVMM
It can also integrate with VACS, UCS-Director, ICF-Director for cloud provisions
It exposes North-bound API to integrate with 3rd party and orchestration tools
PNSC is in control plane with all virtual components.
Using policy-agent (communication application running across these components), PNSC can push new/modified configurations, policies to the components; also retrieve state information from the components; get VM attributes from Virtual-Manager and so on...
With aid of policy-agent, PNSC acts as communication channel across all components to make sure the policies remain in-tact.
Detailed guidelines with configuration steps to migrate VSM as VM to as VSB is specified at below guide:
If you have any doubts on above migration steps, please let me know.
Below are good videos on VSB deployment/configuration on Nexus 1110: