Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
3
Replies

Nexus 1010 Virtual Services Appliance and VN-Link Hardware

Go to solution
tohoken
Level 1
Level 1

‎12-14-2010 03:12 PM - edited ‎03-01-2019 09:46 AM

All,

We are deploying the Nexus 1010 Virtual Services Appliance for the purpose of using the Network Analysis Module (NAM).  The 1010 hosts the VSM's necessary to deploy the 1000v switch in ESX.  We would also like to use VN-Link in hardware whereby we "bypass" the virtual switch and use the 6120's for the switching.  What I need to know is can the 1010 still analyze the network traffic using VN-Link hardware?  VN-Link hardware doesn't appear to need a VSM so I am thinking the 1010 cannot monitor the traffic since there will be no 1000v to "attach" to.  Can anyone shed some light on this?

Regards,

Ken

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Manish Tandon
Cisco Employee
Cisco Employee

‎12-16-2010 03:07 PM

Ken

The NAM module present in the 1010 is not exclusive for Nexus1000v traffic.

Its there as part of an appliance which happens to be the VSM (1000v) and is configured on its own.

If you look at the Nexus1000v, the VSM (which is the 1010 and holds the NAM in this case) is *not* part of the VM data path.

It is looked up for initial virtual port (veth) instantiation but after that traffic doesn't go through it.

So to send VM data traffic to the NAM module for analysis, some other mechanism (like ERSPAN) is used to route data traffic from VM's to it.

The Nexus 1000v support ERSPAN.

Same logic applies that you have a NAM module somewhere else - the 1000v can send traffic to it via ERSPAN.

Looking at VN-link in hardware - It does have a VSM which is the FI itself.

The veth in this case is on the FI.

If the FI did support ERSPAN (which it doesn't currently) you could use the same NAM module or any other NAM module to send traffic to it.

So its not a limitation of VN-link in hw switching methodology vs 1000v switching, but the fact that the FI doesn't support an "export" mechanism yet.

Hope it help

Thanks

--Manish

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jeremy Waldrop
Level 4
Level 4

‎12-16-2010 09:48 AM

You cannot use both the 1000v and the UCS VN-Link in hardware on the same ESX hosts. Both configurations require that the Nexus 1000v VEM is installed on the ESX host and the VEM can only be a member of 1 dvSwitch at a time.

0 Helpful

Go to solution
Manish Tandon
Cisco Employee
Cisco Employee

‎12-16-2010 03:07 PM

Ken

The NAM module present in the 1010 is not exclusive for Nexus1000v traffic.

Its there as part of an appliance which happens to be the VSM (1000v) and is configured on its own.

If you look at the Nexus1000v, the VSM (which is the 1010 and holds the NAM in this case) is *not* part of the VM data path.

It is looked up for initial virtual port (veth) instantiation but after that traffic doesn't go through it.

So to send VM data traffic to the NAM module for analysis, some other mechanism (like ERSPAN) is used to route data traffic from VM's to it.

The Nexus 1000v support ERSPAN.

Same logic applies that you have a NAM module somewhere else - the 1000v can send traffic to it via ERSPAN.

Looking at VN-link in hardware - It does have a VSM which is the FI itself.

The veth in this case is on the FI.

If the FI did support ERSPAN (which it doesn't currently) you could use the same NAM module or any other NAM module to send traffic to it.

So its not a limitation of VN-link in hw switching methodology vs 1000v switching, but the fact that the FI doesn't support an "export" mechanism yet.

Hope it help

Thanks

--Manish

0 Helpful

Go to solution
tohoken
Level 1
Level 1
In response to Manish Tandon

‎12-17-2010 07:20 AM

Manish,

Thank you very much for the explanation.  That is exactly what I needed to know.  I will use the 1000v for now and when the FI supports an export mechanism I will switch to vn-link in hardware.

Ken

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card