cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3149
Views
35
Helpful
12
Replies

Ask the Expert: Nexus 1000v Features, Advantages and Implementation on VMWare ESXi

ciscomoderator
Community Manager
Community Manager
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the Nexus 1000v Distributed Virtual Switch which is used to manage Virtual Machines and VMWare ESXi hosts with Cisco Experts: Avinash Shukla and Shankar Prasath.

Monday, February 2nd, 2015 to Friday, February 13th, 2015

The Cisco Nexus 1000v Distributed Virtual Switch has important features which help simply management and operations of Large Data Center with a lot of Virtual Machines. 

Some of the functionality/features which Nexus 1000v provides are 

  • PortChannels
  • Quality of service (QoS)
  • Security: Private VLAN, access control lists (ACLs), and port security
  • Monitoring: NetFlow, Switch Port Analyzer (SPAN), and Encapsulated Remote SPAN (ERSPAN)

Ask your Questions during this two-week, open discussion thread!

Cisco ExpertsShankar Prasath is a customer support engineer from the Server Virtualization team at the Cisco Technical Assistance Center in Bangalore, India. He has around 8 years of total IT experience. He has worked across different technologies and a wide range of Cisco Data Center products and Cisco core switches/routers. He is an expert in Cisco Nexus 1000V and Cisco UCS products and holds a CCIE in R&S and Data Center.

Cisco Experts

Avinash Shukla is a customer support engineer from the Server Virtualization team at the Cisco Technical Assistance Center in Bangalore, India.  He has around 7 years of total experience. He has worked on a wide range of Cisco data center products such as Cisco UCS , Cisco Nexus 1000V, Cisco Invicta and Cisco Collaboration technology. He also holds a CCIE in Data Center & Voice

 

** Remember to use the rating system to let the experts know you have received an adequate response.**

Monday, February 2nd, 2015 to Friday, February 13th, 2015

Because of the volume expected during this event, Avinash and Shankar might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, > Other Network Infrastructure Subjects, shortly after the event. This event lasts through February 13th 2015. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

1 Accepted Solution

Accepted Solutions

Hi Tenaro,

Please find my answers inline:

- ESXi hosts connected and control0 used as L3 control interface but basic "ping a.b.c.d" (vmk interface on esxi) from VSM doesn't work; however, "ping a.b.c.d vrf default" works! Is that expected behavior? All IPs in the same subnet.

[Shankar] In the Nexus 1000v, a regular ping would use the management vrf (and hence the mgmt0 interface). To ping from the control0 interface (default vrf), we need to specify the vrf explicitly like what you've stated. This is expected.


- Is there a way to change system vlan that is already used in existing port-profiles (either for ethernet or vethernet)? If yes, please let us know how?

[Shankar] You can add System VLANs when the port-profile is in use. But you cannot delete a system VLAN when the port-profile is in use:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_x/port_profile_config/b_Cisco_N1KV_VMware_Port_Profile_Config_5x/b_Cisco_N1KV_VMware_Port_Profile_Config_5x_chapter_0100.html#concept_61CEFBDEF93C4163B1C2706120DF69E3


- Can you explain what is actually happening behind when host is connected to N1kv? Is control0 interface on VSM side and vmk on ESXi side mandatory prerequisite if "svs mode L3 interface control0" is specified or there is some alternative way for those two to communicate?

[Shankar] In the L3 mode, the VSM can use the mgmt0 or the control0 interface to talk to the VEMs. On the VEM, we use a vmkernel interface that is attached to a port-profile with 'capability l3control'. So the two end points (mgmt0 or control0 on the VSM and vmkernel on the VEM) talk to each other and they are mandatory.

In the L2 mode, the control0 interface needs L2 connectivity to the VEM (no L3 stuff here). So if you have the same VLAN extended from the VSM's control0 interface to at least one of the VEM's uplink ports, this will work.

 

- Do you agree with following statements: if control0 is used as l3control interface then only first of three vmnics on VSM VM is used; if mgmt0 is used as l3control interface then only second of three vmnics on VSM VM is used; third vmnic is not utilized when l3control mode is used but interface must be present on VSM VM?

[Shankar] mgmt0 interface is used for VSM's management and also for talking to the vCenter. So there will always be a use for this interface.

If you choose control0 for the l3 control, then the 1st interface (control0 interface), will be used to talk to the VEMs. mgmt0 will be used to talk to the vCenter and for VSM management.

If you choose mgmt0 for the l3 control, then the 2nd interface (mgmt0 interface), will talk to the VEMs apart from talking to the vCenter etc.

So the 3rd interface is never used in the L3 mode, but is necessary for the VSM to function correctly


Thanks,
Shankar

View solution in original post

12 Replies 12

avang2004
Level 1
Level 1

why would i choose Cisco 1000V over VMWare VDS ? Since VMWare has more integration and is easier for VMWare admins to configure and deploy.

Thanks for the perfect question to start the discussion. Following are the top of my mind reasons why I would prefer Nexus 1000v:

- Nexus 1000v gives us the same management ability/interface as for any other physical switch. It has supervisory module and line cards (ESXi hosts which act as line card) similar to a physical switch. This makes the transition from physical to virtual world easy.

- The integration and transition from vSwitch/dVS to Nexus 1000v is now very simple.

- Not to forget the advanced switching features which are made available to VMs through Nexus 1000V.

- For example, we can use features like Quality of Service (QoS); rate limits; switched port analyzer; NetFlow; Security Features like - access control lists; port security; authentication, authorization and accounting; VLANs; and port channels (to name a few).

- Finally Nexus 1000v is Free which means no additional cost. (Basic features do not need any licenses)

Hope this help! 

The big drawback of the nexus 1000v is following me the limitation of the number of Veth per VEM & per VSM. Why since the last major upgrade only the advanced edition has its limits increased not the essential edition?

Hi Aziz,

Thanks for your question. We will definitely take your feedback and share it with our development team/Business Unit.

Although, If you look at the (below) details of maximum supported configurations in Essential Configuration. We can have upto 300 vEths (roughly around 100+ VMs per host assuming each one has around 3 vEth/adapter), 32 Physical NICs and 8 Port-Channels per Physical Host/ESXi server.

Though I understand that these may not be too high for large Data Center but it should suffice any small to medium Data Center easily.

You can also refer specific version release notes for changes in these values:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_2_1_s_v_3_1_2/release/notes/n1000v_rn.html

Maximum Supported Configurations - Essential Edition

● 128 VMware ESX or ESXi hosts per VSM

● 4096 virtual Ethernet ports per VMware vDS, with 300 virtual Ethernet ports per physical host

● 2048 active VLANs

● 2048 active VXLANs

● 2048 port profiles

● 32 physical NICs per physical host

● 256 PortChannels per VMware vDS, with 8 PortChannels per physical host

Including the details around advanced edition for reference.

Maximum Supported Configurations - Advanced Edition

● 250 VMware ESX or ESXi hosts per VSM

● 10000 virtual Ethernet ports per VMware vDS, with 990 virtual Ethernet ports per physical host

● 4096 active VLANs

● 6144 active VXLANs

● 6144 port profiles

● 32 physical NICs per physical host

● 1024 PortChannels per VMware vDS, with 8 PortChannels per physical host

Richard Bidmead
Level 1
Level 1

Hi I have a couple of questions.

One of the advantages of implementing Nexus 1kvs over a standard VDS is the enchanced features surrounding security (port security, dhcp snooping etc). However, this functionality is immediately lost when utilising vxlan. Do Cisco have plans to enhance the functionality and feature set within a vxlan context?

The noise I hear from our VMWare guys is that the next version of ESX is not going to support third party switches as VMWare push their NSX platform, do Cisco have plans to protect their customers investment in this area?

Hi Richard,

I'll get back to you on the question about enhancing the feature set when using VXLAN.

For your second question, Nexus 1000v will be supported in vSphere 6: http://blogs.cisco.com/datacenter/announcing-cisco-nexus-1000v-for-vmware-vsphere-6-release

Thanks,
Shankar

Hi Richard,

Port security is supported with VXLAN already. Some other features supported with VXLAN are IP/MAC ACL, QoS, Netflow.

DHCP snooping with VXLAN will be evaluated for the next release.

Regards,
Shankar

Hi guys,

 

thanks for providing us such a great opportunity. I have a few quick questions just to warm up :)

- ESXi hosts connected and control0 used as L3 control interface but basic "ping a.b.c.d" (vmk interface on esxi) from VSM doesn't work; however, "ping a.b.c.d vrf default" works! Is that expected behavior? All IPs in the same subnet.

- Is there a way to change system vlan that is already used in existing port-profiles (either for ethernet or vethernet)? If yes, please let us know how?

- Can you explain what is actually happening behind when host is connected to N1kv? Is control0 interface on VSM side and vmk on ESXi side mandatory prerequisite if "svs mode L3 interface control0" is specified or there is some alternative way for those two to communicate?

- Do you agree with following statements: if control0 is used as l3control interface then only first of three vmnics on VSM VM is used; if mgmt0 is used as l3control interface then only second of three vmnics on VSM VM is used; third vmnic is not utilized when l3control mode is used but interface must be present on VSM VM?

 

Thanks,

Tenaro
 

Hi Tenaro,

Please find my answers inline:

- ESXi hosts connected and control0 used as L3 control interface but basic "ping a.b.c.d" (vmk interface on esxi) from VSM doesn't work; however, "ping a.b.c.d vrf default" works! Is that expected behavior? All IPs in the same subnet.

[Shankar] In the Nexus 1000v, a regular ping would use the management vrf (and hence the mgmt0 interface). To ping from the control0 interface (default vrf), we need to specify the vrf explicitly like what you've stated. This is expected.


- Is there a way to change system vlan that is already used in existing port-profiles (either for ethernet or vethernet)? If yes, please let us know how?

[Shankar] You can add System VLANs when the port-profile is in use. But you cannot delete a system VLAN when the port-profile is in use:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_x/port_profile_config/b_Cisco_N1KV_VMware_Port_Profile_Config_5x/b_Cisco_N1KV_VMware_Port_Profile_Config_5x_chapter_0100.html#concept_61CEFBDEF93C4163B1C2706120DF69E3


- Can you explain what is actually happening behind when host is connected to N1kv? Is control0 interface on VSM side and vmk on ESXi side mandatory prerequisite if "svs mode L3 interface control0" is specified or there is some alternative way for those two to communicate?

[Shankar] In the L3 mode, the VSM can use the mgmt0 or the control0 interface to talk to the VEMs. On the VEM, we use a vmkernel interface that is attached to a port-profile with 'capability l3control'. So the two end points (mgmt0 or control0 on the VSM and vmkernel on the VEM) talk to each other and they are mandatory.

In the L2 mode, the control0 interface needs L2 connectivity to the VEM (no L3 stuff here). So if you have the same VLAN extended from the VSM's control0 interface to at least one of the VEM's uplink ports, this will work.

 

- Do you agree with following statements: if control0 is used as l3control interface then only first of three vmnics on VSM VM is used; if mgmt0 is used as l3control interface then only second of three vmnics on VSM VM is used; third vmnic is not utilized when l3control mode is used but interface must be present on VSM VM?

[Shankar] mgmt0 interface is used for VSM's management and also for talking to the vCenter. So there will always be a use for this interface.

If you choose control0 for the l3 control, then the 1st interface (control0 interface), will be used to talk to the VEMs. mgmt0 will be used to talk to the vCenter and for VSM management.

If you choose mgmt0 for the l3 control, then the 2nd interface (mgmt0 interface), will talk to the VEMs apart from talking to the vCenter etc.

So the 3rd interface is never used in the L3 mode, but is necessary for the VSM to function correctly


Thanks,
Shankar

Hello Guys

 

I'm new with the nexus 1000v, can you share some link where I can review

 

Regards

 

Wilson

Hi Wilson,

To start with I would recommend the following deployment guide:

http://www.cisco.com/c/en/us/products/collateral/switches/nexus-1000v-switch-vmware-vsphere/guide_c07-556626.html#wp9000164

It covers the basic concepts and deployment methodology. 

 

Next you can refer the Nexus 1000v Getting started guide below. It covers all the steps involved in the implementation.

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4_b/getting_started/configuration/guide/n1000v_gsg.html

 

Lastly, you can also look up videos posted on Youtube for ease of installation & configuration once you go through the above guides if needed.

 

Thanks,

Avinash

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco