advertisement

Annual Top Gun: Dynamic Fabric Automation (DFA)

63 %
38 %
advertisement
Information about Annual Top Gun: Dynamic Fabric Automation (DFA)
Technology

Published on February 20, 2014

Author: gseltzer

Source: slideshare.net

Description

Annual Top Gun: DFA
advertisement

Dynamic Fabric Automation February 2014 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 1

DFA – Agenda  DFA Requirements and Functions  Optimized Network  Virtual Fabrics  Fabric Management  Workload Automation  Platform Support This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 2

What is DFA? If you ask 10 People, you get 11 answer! This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 3

What is DFA? DFA is Evolution NOT Revolution! This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 4

What is DFA? DFA are Enhancements to - Simplify - Optimize - Automate the Unified Fabric! Most likely your customers already use DFA Or at least one function of it This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 5

#1: Fabric Management Advantages XMPP Server • Device Auto-Configuration • Cabling Plan Consistency Check • Common point of fabric access LDAP TFTP Services Message Broker DHCP Services • Network, Host & Workload Visibility This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 6

#2: Workload Automation Cloud Stacks Advantages Compute & Storage Policies Network & Network Services Policies Open APIs • Any workload, anywhere, anytime • Open orchestration integration Fabric Mgmt Provisioning Network Services Controller Flow Controller Published Schemas • Automated scalable provisioning • Policy based Provisioning This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 7

#3: Optimized Networking  Any/all leaf distributed default gtwy  Any/all subnets on any leaf Advantages  N Spines/Paths + scale-out model L3 Environments FC/FCoE Environments Nexus 3k, 5K, 6K, 7K Fabricpath Environments MDS, Nexus 5K, 7K • Optimized for L2-L7 • Reduced failure domains STP/VPC Environments Nexus 2K, 5K, 6K, 7K Nexus 2K, 3K, 5K, 6K, 7K • Extensible scale & resiliency • Interoperability with other architectures This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 8

#4: Virtual Fabrics HR Finance Manufacturing Sales Advantages • Any VLAN / Subnet Anywhere • Scalable secure virtual fabrics • Virtual fabric tenant visibility • Physical-virtual integration This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 9

Programmable Fabric Orchestration Cisco UCS Director Custom Built Openstack One Controller Integrated Management N1KV Physical Hyper-V KVM XEN ESX Multi-Hypervisor Support This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 10

Hardware & Software Requirements Product Function Software Version Nexus 6000 Leaf, Border-Leaf, Spine, RouteReflector Nexus 7000 Leaf: F3**, Border-Leaf: F3** Spine: F2, F2e, F3* Route-Reflector* 6.2(6) Nexus 7700 Leaf:F3**, Border-Leaf: F3** Spine: F2, F2e, F3* Route-Reflector* 6.2(6) DCNM (CPOM) 7.0(0)N1(0.513) Fabric Management incl. DHCP, TFTP, XMPP 7.0.(1.S23) Virtual Switch with VDP-Signaling Nexus 1000v 4.2(1)SV2(2.2) (FCS: VMWare vSphere, other Hypervisor coming soon) *requires NX-OS 6.2(6) / **requires NX-OS 7.1(x) planned for Q2 CY’14 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 11

License Requirements  Nexus 7000 / 7700 > Enhanced Layer-2 (ENHANCED_LAYER2_PKG ) > Enterprise Services (LAN_ENTERPRISE_SERVICES_ PKG)  Nexus 6000 > Enhanced Layer-2 (ENHANCED_LAYER2_PKG) > Layer-3 Base (LAN_BASE_SERVICES_PKG) > Layer-3 Enterprise (LAN_ENTERPRISE_SERVICES_ PKG)  Nexus 5500 > Enhanced Layer-2 (ENHANCED_LAYER2_PKG)  It is required to install the Switch Feature Licenses before configuring DFA!  Please ensure that Nexus 6000 Layer-3 Base & Enterprise License is installed! n6k# show license usage Feature Lic Status Expiry Da Count --------------------------------------------------------FCOE_NPV_PKG No Unused FM_SERVER_PKG No Unused ENTERPRISE_PKG No Unused FC_FEATURES_PKG No Unused VMFEX_FEATURE_PKG No Unused ENHANCED_LAYER2_PKG Yes In use Never LAN_BASE_SERVICES_PKG Yes In use Never LAN_ENTERPRISE_SERVICES_PKG Yes In use Never --------------------------------------------------------n6k# This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. Ins 12

Dynamic Fabric Automation – Modular Building Blocks Fabric Management Workload Automation Optimized Networking Virtual Fabrics Bundled functions are Modular, Flexible and follows your Choice of Integration and Speed of Adoption! This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 13

Optimized Networking

Optimized Networking v Network Config profile v Network Services Profile Advantages n1000v# show port-profile name WebProfile port-profile WebServer-PP description: status: enabled system vlans: port-group: WebServers config attributes: switchport mode access switchport access vlan 110 no shutdown security-profile Protected-Web- Srv evaluated config attributes: switchport mode access switchport access vlan 110 • Any subnet, anywhere, rapidly no shutdown assigned interfaces: Veth10 • Reduced Failure Domains • Extensible Scale & Resiliency • Profile Controlled Configuration § Full bisectional bandwidth (N spines) § Any/all Leaf Distributed Default Gateways § Any/all subnets on any leaf This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 15

FabricPath – An Ethernet Fabric Flexible Topologies, Easy Configuration FabricPath  Connect a group of switches using an arbitrary topology  With a simple CLI, aggregate them into a Fabric: N7K(config)# interface ethernet 1/1 N7K(config-if)# switchport mode fabricpath  An open protocol based on Layer 3 technology provides Fabricwide intelligence and ties the elements together This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 16

Optimal, Low Latency Switching MAC IF A e1/1 … … B s8, e1/2 FabricPath e1/1 s3 s8 e1/2 A B  Single address lookup at the ingress edge identifies the exit port across the fabric  Traffic is then switched using the shortest path available  Reliable L2 connectivity any to any (as if it was the same switch, no STP inside) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 17

High Bandwidth, High Resiliency Equal Cost Multipathing e1/1 s3 s8 e1/2 A B  Mutipathing (up to 256 links active between any 2 devices)  Traffic is redistributed across remaining links in case of failure, providing fast convergence This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 18

Unmatched Scale Conversational Learning MAC IF MAC IF A e1/1 A s1,e1/1 … … … … B s8, e1/2 B e1/2 FabricPath s3 s5 s8 e1/2 e1/1 A MAC … B IF …  Per-port mac address table only needs to learn the peers that are reached across the fabric A virtually unlimited number of hosts can be attached to the fabric This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 19

Automatic VLAN Pruning Reducing Admin Workload and Mistakes FabricPath V10 V20 V30 V10 V30 V10 V20 V10 V30 V20 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. V30 20

Multiple Topologies Virtual Fabrics within a Fabric Topology: a group of links in the Fabric  By default, all links are part of topology 0  Links can be assigned to several topologies  An IS-IS routing table is built per topology  A VLAN is mapped to a unique topology FabricPath Topology 0 Topology 1 Topology 2 Topologies are used for static VLAN pruning, security, traffic engineering This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 21

Legacy L2 Integration vPC+ FabricPath s3 A s4 s7 s8 B VLAN X VLAN Y VLAN Z  Allows extending vlans with no limitation (no risks of loop)  Devices can be attached active/active to the fabric using IEEE standard port channels and without resorting to STP  Legacy L2 device support not limited to Cisco products This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 22

Edge Devices Integration Hosts can leverage multiple L3 default gateways FabricPath dg dg L3 s3 A  Hosts see a single default gateway  The fabric provide them transparently with multiple simultaneously active default gateways  Allows multipathing to extend from inside the fabric to the L3 domain outside the fabric This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 23

Scaling with FabricPath Example: 2,048 x 10GE server design Traditional Spanning Tree Based Network FabricPath Based Network 2:1 8:1 FabricPath 4 Pods 64 Access Switches 2, 048 Servers  16X 6 Fully Non-Blocking Oversubscription 16:1 Blocked Links 8 Access Switches 2, 048 Servers improvement in bandwidth performance to 1 consolidation (from 74 managed devices to 12 devices)  2X+ increase in network availability  Simplified IT operations (fewer devices, vlans anywhere) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 31

Optimized Networking Beyond FabricPath

FabricPath vs DFA IS-IS feature support FabricPath DFA Control Plane Yes Yes (Switch connectivity only) Host connectivity MAC learning based BGP based ARP flooding Yes IP-MAC binding carried by IS-IS GM LSP announcement All FP enabled VLANs Only legacy VLANs Emulated switch Yes Yes Configurable Multi-destination trees Yes Yes (for base topology) Anycast HSRP Yes Support exists Multi-topology Yes Not for current release Software Any version that supports FP code since Cairo release Iluka release onwards This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 34

Connecting Switches for DFA Reference Topology RR RR WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. RR 35 = DFA RouteReflector

Connecting Switches for DFA Scale-Out to fit your needs RR RR WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. RR 36 = DFA RouteReflector

Connecting Switches for DFA Flexible Topologies WAN RR RR RR RR WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. RR 37 = DFA RouteReflector

CLOS WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 38

Fabric Interfaces RR RR WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 39

Host Interfaces RR RR WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf = Host Interfaces This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 40

Fabric Control Plane IS-IS as Fabric Control Plane  IS-IS for Fabric Link-State distribution RR  Fabric Node reachability for overlay Encapsulation (FabricPath) RR IS-IS  Building Multi-Destination Trees for Multicast/Broadcast traffic  Quick reaction to Fabric Link/Node failure  Enhanced for mesh topologies WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. RR 41 = DFA RouteReflector

Fabric Control Plane Host and Subnet Route Distribution  Host Route Distribution decoupled from the Fabric link state protocol RR RR  Use MP-BGP on the leaf nodes to distribute internal Host/Subnet routes and external reachability information MP-BGP  MP-BGP also used to distribute IP multicast groups information  MP-BGP enhancements to carry up to 100s of thousands of routes and reduce convergence time = DFA-Spine = DFA-Leaf = DFABorderLeaf WAN = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. RR 42 = DFA RouteReflector

Fabric Control Plane Host Originated Protocols RR RR  ARP, ND, IGMP, LLDP, DHCP originated on servers are terminated on Leaf nodes  Contain floods and failure domains, distribute control packet processing > Unknown unicast is dropped on leaf: fabric knows all hosts/subnets (DFA Proxy-Gateway) > Non ARP broadcast is flooded in the segment: ACL override can drop them > Per VNI/Segment override to allow ARP flooding: handles silent servers (DFA Anycast-Gateway = DFA-Spine = DFA-Leaf ARP ,ND , IGMP, LLDP, DHCP with endpoints PIM, IGP, eBGP WAN toward the L3 Network Domain Terminate PIM, OSPF, eBGP from external networks on Border Leafs = DFABorderLeaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. RR 43 = DFA RouteReflector

Connecting Switches with DFA  Distributed Gateway exists on all DFA-Leaf where VLAN/Segment-ID is active RR  There are different DFA Forwarding Modes for the Distributed Gateway: RR  Proxy-Gateway (Enhanced Forwarding) > Leverages proxy-ARP > Intra- and Inter-Subnet forwarding based on Routing > Contain floods and failure domains to the Leaf  Anycast-Gateway (Traditional Forwarding) > Intra-Subnet forwarding based on FabricPath WAN > Layer-2 lookup is performed at the leaf > Data-plane based conversational learning for endpoints MAC addresses > ARP is flooded across the fabric = DFA-Spine = DFA-Leaf = DFABorderLeaf = Fabric Interface RR This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = DFA RouteReflector 44 = Distributed Gateway

Connecting Switches for DFA – Proxy-Gateway  Proxy-Gateway (enhanced Forwarding) > Leverages proxy-ARP RR > Intra- and Inter-Subnet forwarding based on Routing RR > Contain floods and failure domains to the Leaf vlan 123 mode fabricpath vn-segment 30000 WAN = DFA-Spine = DFA-Leaf interface vlan 123 vrf member Coke fabric forwarding mode proxy-gateway ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown = DFABorderLeaf = Fabric Interface RR This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = DFA RouteReflector 45 = Distributed Gateway

Connecting Switches for DFA – Anycast-Gateway  Anycast-Gateway (Traditional Forwarding) > Intra-Subnet forwarding based on FabricPath > Layer-2 lookup is performed at the leaf RR > Data-plane based conversational learning for endpoints MAC addresses RR > ARP is flooded across the fabric vlan 123 mode fabricpath vn-segment 30000 WAN = DFA-Spine = DFA-Leaf interface vlan 123 vrf member Coke fabric forwarding mode anycast-gateway ip address 10.1.1.1/24 ip dhcp relay address 200.200.200.100 no shutdown = DFABorderLeaf = Fabric Interface RR This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = DFA RouteReflector 46 = Distributed Gateway

DFA Forwarding Modes Comparison Proxy-Gateway Anycast-Gateway Non-DFA Mode* VLAN/Subnets stretched between leaves ✓ ✓ ✓ Common Anycast GW IP across leaves ✓ ✓ ✗ Common Anycast GW MAC across leaves ✓ ✓ ✗ ✗ ✗ ✓ ✓ ✓ Use Proxy-ARP/ND (respond to ARP/ND only if the destination is available in the RIB) ARP Flooding in Layer-2 Domain ✗ Intra-Subnet forwarding Silent Host Discovery (requires anchor Leaf) (floods also across DFA Fabric) (local flood only) Always routed (TTL decrement) Bridged Bridged ✗ ✓ ✓ * VLANs/IP Subnets are only locally defined behind a DFA leaf (or a pair of vPC peer leaves) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 48

Interface Consideration  Consistently use the Fabric facing Interfaces to maximize simplification during POAP Definition RR  On DFA-Leafs use the same Interfaces for Fabric Interfaces, VPC Peer-Link, Host Interfaces and FEX uplinks RR e1/5 e1/8 e1/6e1/7 e1/5 e1/5 e1/5 e1/5  On DFA-Spine, use the same Interfaces for Fabric Interfaces WAN = DFA-Spine = DFA-Leaf = DFABorderLeaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. RR 49 = DFA RouteReflector

Optimized Networking DFA and the Nexus 5500

DFA and Nexus 5500 (co-existence) H1: 10.1.1.11/24 H2: 192.168.11.22/24 H3: 192.168.11.33/24 = L2-only DFALeaf = Full DFA-Leaf H4: 10.1.1.44/24 = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = Host Interface 51

DFA and Nexus 5500 (co-existence) vlan 101 mode fabricpath Intra-Subnet Forwarding based on FabricPath only H1: 10.1.1.11/24 (VLAN 101) H4: 10.1.1.44/24 (VLAN 101) = L2-only DFALeaf = Full DFA-Leaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = Host Interface 52

DFA and Nexus 5500 (co-existence) vlan 101 mode fabricpath vlan 221 mode fabricpath H1: 10.1.1.11/24 (VLAN 101) Inter-Subnet Forwarding over Anchor-Leaf (Single or VPC+ Domain) Full DFA-Leaf act as Anchor-Leaf with Gateway for all L2-only DFA-Leaf H4: 10.1.1.44/24 (e.g. N5k) (VLAN 101) H2: 192.168.11.22/24 (VLAN 221) = L2-only DFALeaf = Full DFA-Leaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = Host Interface 53

DFA and Nexus 5500 (co-existence) vlan 101 mode fabricpath vlan 221 mode fabricpath Anchor-Leaf requires static Configuration with HSRP in addition to the “fabric forwarding mode anycastgateway” interface vlan 101 vrf member Coke fabric forwarding mode anycast-gateway ip address 10.1.1.2/24 no shutdown hsrp version 2 hsrp group 101 ip 10.1.1.1 mac-address 2020.0000.00AA Anycast-MAC required for Distributed Gateway H1: 10.1.1.11/24 (VLAN 101) H2: 192.168.11.22/24 (VLAN 221) = L2-only DFALeaf H4: 10.1.1.44/24 (VLAN 101) = Full DFA-Leaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. Maximum of 2 AnchorLeaf per VLAN with vPC+ Configuration for Active/Active Gateway = Host Interface 54

DFA and Nexus 5500 (co-existence) interface vlan 101 vrf member Coke fabric forwarding mode anycast-gateway ip address 10.1.1.2/24 no shutdown hsrp version 2 hsrp group 101 ip 10.1.1.1 mac-address 2020.0000.00AA vlan 101 mode fabricpath vlan 221 mode fabricpath H1: 10.1.1.11/24 (VLAN 101) interface vlan 221 vrf member Coke fabric forwarding mode anycast-gateway ip address 192.168.11.2/24 no shutdown hsrp version 2 hsrp group 221 ip 192.168.11.1 H4: 10.1.1.44/24 mac-address 2020.0000.00AA H2: 192.168.11.22/24 (VLAN 221) = L2-only DFALeaf (VLAN 101) = Full DFA-Leaf = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = Host Interface 55

DFA and Nexus 5500 (co-existence) Co-Existence of Enhanced- and Traditional-Forwarding allowed on a per SVI base vlan 3001 or 3005 mode fabricpath vn-segment 30531 vlan 101 mode fabricpath H1: 10.1.1.11/24 (VLAN 101) interface vlan 101 vrf member Coke fabric forwarding mode anycast-gateway ip address 10.1.1.2/24 ip dhcp relay address interface vlan 200.200.200.100 3001 or 3005 vrf member no shutdown Coke fabric forwarding mode proxy-gateway ip address 192.168.11.1/24 ip dhcp relay address 200.200.200.100 no shutdown H2: 192.168.11.22/24 H3: 192.168.11.33/24 (VLAN 3001) (VLAN 3005) = L2-only DFALeaf = Full DFA-Leaf H4: 10.1.1.44/24 (VLAN 101) = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = Host Interface 56

DFA and Nexus 5500 (co-existence) interface vlan 101 vrf member Coke fabric forwarding mode proxy-gateway ip address 10.1.1.1/24 ip dhcp relay address interface vlan 200.200.200.100 3001 or 3005 vrf member no shutdown Pepsi fabric forwarding mode proxy-gateway ip address 192.168.11.1/24 ip dhcp relay address 200.200.200.100 no shutdown vlan 3001 or 3005 mode fabricpath vn-segment 30531 Vlan 101 mode fabricpath vn-segment 54321 H1: 10.1.1.11/24 (VLAN 101) After last L2-only DFA-Leaf has been removed, proxygateway mode could be used H2: 192.168.11.22/24 H3: 192.168.11.33/24 (VLAN 3001) (VLAN 3005) = L2-only DFALeaf = Full DFA-Leaf H4: 10.1.1.44/24 (VLAN 101) = Fabric Interface This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = Host Interface 57

DFA and Nexus 5500 (co-existence)  No default gateway presence on L2-only DFA-Leaf (Nexus 5500)  No Segment-ID support > All Nexus 5500 involved VLANs are non-Segment-ID enabled across all DFA-Leafs RR  Reverts back to traditional FabricPath for forwarding  L2 lookup is performed at the L2only DFA-Leaf > Data-Plane based conversational learning for endpoints MAC addresses  ARP is flooded across the fabric  Routing performed at Anchor-Leaf which could be every Full DFA-Leaf in Forwarding-Mode “AnycastGateway” (maximum 2 per VLAN) H1: 10.1.1.11/24 (VLAN 101) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. H3: 192.168.11.33/24 58

Optimized Networking Connecting Servers for DFA

Connecting Servers and/or FEX for DFA  Valid Server connection models are: > Single-Homed Server with single Link to one DFA-Leaf (1) Always connect Servers to DFA-Leaf or hybrid DFA-Leaf/BorderLeaf only (not Spine!) > Single-Homed Server with Port-Channel to one DFA-Leaf (2) > Dual-Homed Server with Active/Standby Link to two DFA-Leafs (3) > Dual-Homed Server with virtual Port-Channel to two DFA-Leafs (vPC+ Domain) (4) > All Options with either Access-Port or 802.1q Trunk  Valid FEX connection models are*: > Single-Homed FEX with single Link to one DFA-Leaf (5) WAN > Single-Homed FEX with Port-Channel to one DFA-Leaf (6) > Dual-Homed FEX with virtual Port-Channel to two DFA-Leafs (vPC+ Domain) (7) > eVPC with FEX A/A and Dual-Homed Server with Active/Standby or Port-Channel (8) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 61

Connecting Servers and/or FEX for DFA 1 2 WAN 5 3 WAN 6 WAN 4 WAN 7 WAN This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. WAN 8 WAN WAN 62

Virtual Fabrics

Virtual Fabrics HR Finance Manufacturing Sales Advantages • Any workload, any vFabric, rapidly • Scalable Secure vFabrics • vFabric Tenant Visibility • Routing/Switching Segmentation This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 64

What is a Segment-ID?  Traditionally VLAN space is expressed over 12 bits (802.1Q tag) FabricPath Frame Format > Limits the maximum number of segments in a datacenter to 4096 VLANs  The Segment-ID solution consists in using a double 802.1Q tag for a total address space of 24 bits, allowing for the support of ~16M L2 segment  Segment-ID is added/removed by the DFA Leaf nodes and is part of the Layer-2 Header  DFA Spines usually forward traffic based on FabricPath Switch-ID values, but can prune multi-destination traffic by parsing the segment-ID field > Segment-ID is hardware-based innovation offered by DFA leaf and spine nodes Integrated Fabric Frame Format Segment -ID This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. = 67 802.1 Q 802.1 Q

802.1Q Tagged Traffic to Segment-ID Mapping VLAN 10 <-> Segment-ID 5000 VLAN 11 <-> Segment-ID 5001 …………………….. VLAN 20 <-> Segment-ID 5020 VLAN 20 <-> Segment-ID 5000 VLAN 41 <-> Segment-ID 5001 …………………….. VLAN 70 <-> Segment-ID 5020 Fabric 802.1q Trunks 802.1q Trunk  Segment-IDs are utilized for providing isolation at Layer-2 and Layer-3 across the DFA Fabric  802.1Q tagged frames received at the Leaf nodes from edge devices must be mapped to specific Segments VLANs VLANs Segment-IDs (Global)  The VLAN-Segment mapping can be performed on a Leaf device level  VLANs become locally significant on the Leaf node and 1:1 mapped to a Segment-ID  Segment-IDs are globally significant, VLAN IDs are locally significant This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 68

Virtual Fabrics – L2 Flows 1. H1 sends a packet to H2  traffic between the vSwitch and the Leaf is tagged with a local VLAN-ID 10 2. L2 lookup is performed by L1 in the MAC Table for the Segment-ID associated to VLAN 10 (5000) 3. L1 adds the L2 and FP headers before sending the packet into the fabric. The Segment-ID associated to VLAN 10 is added inside the L2 header 4. L4 receives the frame and performs the L2 lookup by looking at the Segment-ID value. It then sends it to H2 using a local VLAN-ID 20 DSID→ L4 SSID→ L1 DMAC→ H2_MAC 3 SMAC→ H1_MAC [Segment-ID = 5000] 4 VLAN 20 <-> Segment-ID 5000 2 H2_MAC  e1/1 VLAN 10 <-> Segment-ID 5000 H2_MAC  L4 SW_ID L4 L1 e1/1 vSwitch DMAC→ H2_MAC vSwitch [VLAN = 20] 1 DMAC→ H2_MAC SMAC→ H1_MAC SMAC→ H1_MAC [VLAN = 10] H1 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. H2 69

How are Segment-IDs Utilized?  Each IP Subnet defined at the Leaf of the DFA Fabric is associated to a Layer-2 Domain, which is represented by a Segment-ID  Multiple Segments can be defined for a given Tenant, mapped to a Layer-3 VRF and uniquely identifying that Tenant  A dedicated Segment-ID value uniquely identifies each VRF defined in the DFA Fabric  Note: Every Segment-ID will always be mapped to a traditional VLAN on a Leaf Switch. The “system fabric core-vlans” range will be used for the Layer-3 VRF Segment-Id Green Tenant VRF: Green Segment-ID 6001 Blue Tenant VRF: Blue Segment-ID 6000 Segment-ID 5002 192.168.12.0/24 Segment-ID 5000 10.0.0.0/24 Segment-ID 5020 10.0.0.0/24 Segment-ID 5001 11.1.2.0/24 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 70

Virtual Fabrics – Fabric Routed Flows 1. H1 sends a packet to H2  traffic between the vSwitch and the Leaf is tagged with a local VLAN-ID 10 2. L3 lookup is performed by L1 in the context of the Blue VRF 3. L1 adds the L2 and FP headers before sending the packet into the fabric. The Segment-ID identifying the Blue VRF is added inside the L2 header 4. L4 receives the frame and associates it to the Blue VRF by looking at the Segment-ID value. It then sends it to H2 using a local VLAN-ID 20 DSID→ L4 SSID→ L1 DMAC→ L4_MAC 3 [Segment-ID = 6000] DIP→ 10.1.1.20 Blue_VRF <-> Segment-ID 6000 SIP→ 10.1.1.10 2 10.10.10.20  e1/1 Blue_VRF <-> Segment-ID 6000 10.10.10.20  NH L4_IP L1 L4 e1/1 4 [VLAN = 20] DMAC→ G_MAC SMAC→ H1_MAC vSwitch DMAC→ H2_MAC SIP→ 10.1.1.10 vSwitch SMAC→ G_MAC 1 DIP→ 10.1.1.20 [VLAN = 10] DIP→ 10.1.1.20 Note: this behavior applies to all fabric routed flows (intra-subnet or intersubnet) SMAC→ L1_MAC SIP→ 10.1.1.10 H1 10.10.10.10 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. H2 10.10.10.20 71

DFA - Platform Support

Cisco Dynamic Fabric Automation – Platform Support Nexus 7X00 (F2/F2e/F3) Cloud Stacks & Orchestration Tools High Density Spine Nexus 6004 Medium Density Spine Compute & Storage Network DCNM/CPoM ToR Nexus 5596/5548 Leafs Nexus 6001 High Density Leafs Nexus 6004 Network Services Virtual Switch Services Controller Nexus 1000v OVS Fabric Extenders Nexus 2x00 Leaf / Border Leaf Nexus 7X00 (F3) Virtual Networking Fabric Extenders Nexus 2x00 Nexus 1kv, OVS This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 74

DFA availability at FCS N7k-S1 Nexus 7000 (F2/F2e) and Nexus 6000 as Full DFA-Spine – Full Co-Existence Support! N7k-S2 N6k-S3 Nexus 5500 as L2-Only DFA-Leaf (no Segment-ID support) N5k-1 Nexus 6000 as Full DFALeaf; supporting all the Functionalities L3 N6k-2 N2k Nexus 2000 FEX Support at every kind of DFA-Leaf (Full or L2-only) N6k-S4 N6k-3 N6k-4 N6k-6 L2 vSwitch N1kv Nexus 1000v enhancing Virtual Workload with VDPSignalization This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 75

Platform to DFA-Pillar Support at FCS? Platform Fabric Management Workload Automation Optimized Networking Virtualized Fabrics Nexus 6000 ✓ ✓ ✓ ✓ Nexus 5500 ✓ ✗ ✓(1,3) ✓(1,3) Nexus 7000 (M) ✓ ✗ ✗ ✗ Nexus 7k/7.7k (F2/F2e) ✓ ✗ ✓(2) ✓(2) Nexus 3000 ✗ ✗ ✗ ✗ Nexus ✓ ✓ 1000v 1No Segment-IDs 2Spine 3Layer-2 only ✓ ✗ This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 76

DFA - Openstack and UCS Director Support  UCS Director support – work in progress • FCS Target 1HCY2014  Openstack support – work in progress • EFT2 will support openstack plugin • Work in progress to upstream openstack plugin DFA support • Work in progress to have Canonical and Redhat to support openstack plugin for DFA This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 77

Cisco Dynamic Fabric Automation - Roadmap Nexus 6K Nexus 7000 4QCY2013 (EFT Starting soon) 1HCY2014 (Commit Pending) 2HCY2014+ (Commit Pending) • F3-Series card • DFA Spine with F2/F3 (Fabricpath Encap) • PoAP support for traditional Fabricpath deployments • DFA Leaf, Border Leaf (Fabricpath Encap) • DFA Spine (VXLAN Encap) • Fabric Management support for Fabricpath/vPC • DFA Leaf, Border Leaf (VXLAN Encap) • DFA Spine (NVGRE Encap) • MAC Learning via Control Plane (evpn support) • Workload Automation for existing Fabricpath/vPC deployments • DFA Spine, Leaf, Border Leaf (Fabricpath Encap) • Fabric Management support on N5K/N6K for vPC/Fabrcipath deployments • DFA Spine, Leaf, Border Leaf (VXLAN Encap) • FCoE Support with DFA • Workload Automation Support on N5K/N6K for Fabricpath/vPC deployments • DFA Leaf, Border Leaf (NVGRE Encap) • MAC Learning via Control plane (evpn support) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 78

DFA – Services Roadmap VCD OpenStack vSphere UCSD OpenStack Neutron ESXi KVM DCNM CloudStack Orchestration SCVMM Controller Hypervisors HyperV N1kv N6k/N7k/5k SC-OM CIAC Network & Service PNSC (Services) VSG ASA1000V VPX1000v CSR1000v Components •Turnkey Mgt OVA •Automation API (REST) •POAP •Auto-Configuration •OpenStack Ph. 1 •VCD Agent •Services [PNSC] VSG, ASA1000V, CSR100V, VPX/1000v •VM/Segment Tracking Q4CY13 •OpenStack Ph. 2 (Community + Canonical) •Unified OpenStack Plug-In • [DFA + Nexus 1000v] •Services Ph. 2 [PNSC] •Additional Services [F5] •Device Updates Q1CY14 vASA, Citrix SDX, ASA55xx, Framework •DCI support •REST Updates •Scale Roadmap Q2CY14 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 2HCY14 79

Fabric Management

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81

Product Function Software Version Nexus 6000 Leaf, Border-Leaf, Spine, RouteReflector Nexus 7000 Leaf: F3**, Border-Leaf: F3** Spine: F2, F2e, F3* Route-Reflector* 6.2(6) Nexus 7700 Leaf:F3**, Border-Leaf: F3** Spine: F2, F2e, F3* Route-Reflector* 6.2(6) DCNM (CPOM) 7.0(0)N1(0.513) Fabric Management incl. DHCP, TFTP, XMPP 7.0.(1.S23) Virtual Switch with VDP-Signaling Nexus 1000v 4.2(1)SV2(2.2) (FCS: VMWare vSphere, other Hypervisor coming soon) *requires NX-OS 6.2(6) / **requires NX-OS 7.1(x) planned for Q2 CY’14 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 82

 Nexus 7000 / 7700 > Enhanced Layer-2 (ENHANCED_LAYER2_PKG ) > Enterprise Services (LAN_ENTERPRISE_SERVICES_PK G)  Nexus 6000  It is required to install the Switch Feature Licenses before configuring DFA!  Please ensure that Nexus 6000 Layer-3 Base & Enterprise License is installed! > Enhanced Layer-2 (ENHANCED_LAYER2_PKG) > Layer-3 Base (LAN_BASE_SERVICES_PKG) > Layer-3 Enterprise (LAN_ENTERPRISE_SERVICES_PK G)  Nexus 5500 > Enhanced Layer-2 (ENHANCED_LAYER2_PKG) DCNM- Advanced License in NOT required….but recommended This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 83

Components of DCNM OVA for Enhanced Fabric Management The DCNM OVA (CPOM), is intended to be a new product from the DCNM family of products. There is no upgrade path from DCNM 4.x,5.x, and 6.x train to this DCNM version. This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 84

Components of DCNM OVA for Enhanced Fabric Management What is an OVA and what is a DCNM OVA ? A virtual appliance, in general, is a pre-built software solution, comprised of one or more virtual machines that is packaged, maintained, updated, and managed as a unit. The DCNM virtual appliance has a pre-installed operating system (CentOS 6.3) with pre-installed DCNM (Cisco Data Center Network Manager). It also provides an option to install additional packages to manage Enhanced Fabric architecture on demand. This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 85

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86

 DFA Centralized Point of Management (CPOM) > DCNM Fuji Release (7.0) > DHCP-Server > TFTP > XMPP > LDAP > Message Broker  Virtual Appliance for vSphere  All Functions packaged and pre-installed in ONE single OVA! This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 87

Menu structure with access to CPOM Functions, Configuration and Administration Welcome Screen provides easy access to Licensing POAP Performance Collection Documentation This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 88

Summary Dashboard showing all Health, Inventory, Topology and Performance Collection Information Health Status and Event Overview Automatic Discovered Topology with Load and Health information Detailed Performance Collection for Top Access-Port, ISL/TrunkPort & CPU This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 89

Search for Switch and discovered Server (virtual and physical)* DFA Dashboard showing Leaf/Spine Topology incl. Status and active Links Pull-down to change view to selected virtual Fabric Detailed Port Information available on MouseOver Selected Node with all active Links and Status *requires VDP This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 90

Search for Switch and discovered Server (virtual and physical) DFA Dashboard showing Leaf/Spine Topology incl. Status and active Links Pull-down to change view to selected virtual Fabric Selected Node with all active Links and Status Detailed Port Information available on Mouse-Over This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 91

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92

DCNM (CPOM)  The management port for any given switch are connected to a the same management subnet that will include the DCNM (CPOM) “Fabric Management” interface Fabric Manageme nt  During Power-On Auto Provisioning (POAP) the device makes a DHCP request that is locally scoped and the DCNM (CPOM) DHCP server responds with a temporary (bootstrap) IP address This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. DCN M mgmt0 DHCP,TFTP,SCP,LDAP,XMPP  The management connectivity for DFA must come through the NXOS device management interface (mgmt0) hostname con0 Serial Console Access 93

 DCNM Access for User-Access to the DCNM (CPOM) WebUI or DCNM via Fat-Client > Configuration of this Interfaces requires:  Fabric Management for Access to the Network Switch Out-of-Band Management (mgmt0) > IP Address > Configuration of this interface requires: > Netmask > IP Address > Gateway > Netmask > DNS-Server > DNS-Server DCNM Access Fabric Management DCNM (CPOM) Fabric Management DCN M Access for DCNM (CPOM) Users This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. Access to CPOM/DCNM managed Fabric 94

Fabric Management DCNM (CPOM) DCNM Access DCN M Fabric Management - Out-of-Band (OOB) Network mgmt0 mgmt0 con0 con0 Access for DCNM (CPOM) Users Console Connection is recommended but not required This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 95

Fabric Management DCNM (CPOM) DHCP,TFTP,SCP,LDAP,XMPP,SNMP,SSH,TELNET DCNM Access DCN M mgmt0 DHCP,TFTP,SCP,LDAP,XMPP,SNMP,SSH,TELNET mgmt0 con0 con0 Access for DCNM (CPOM) Users This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 96

 The following Settings have to be verified or enabled after DCNM (CPOM) Setup and the Fabric bring-up (POAP)  Verify DFA Health in DCNM (CPOM) > Dashboard -> Dynamic Fabric Automation -> DFA Health  Install the necessary Licenses > Admin(General) -> License  Verify if all Switches are shown as a Data sources Fabric Management IP Management Access IP FQDN of CPOM (cpom.domain.tld) > Admin(General) -> Data Sources -> LAN  Add your vCenter to DCNM (CPOM) for additional Visibility > Admin(General) -> Data Sources -> VMware  Enable Performance Collection for Trunks, Access-Ports and Error&Discards (Requires DCNM Advanced) > Admin(Performance) -> Collections  DFA management portion is intended to be DCNM Web-UI only > The use of the DCNM Java-Client (aka Thick-Client) is not a validated option for Nexus 1000v management within DFA > DFA is not managing any Virtual Machine Manager (e.g. Vmware vCenter, Microsoft SCVMM etc) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 97

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 98

 Full DCNM (CPOM) integrated POAP Engine  DHCP Scope-Definition > Own DHCP-Daemon  Image & Configuration Repository > Embedded TFTP- & SCPServer  Pre-Defined as well as fully scriptable Configuration Templates  Easy POAP Switch Definition Workflow This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 99

PoAP Flow This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 100

2 Switch asks for IP Address via DHCP Fabric Management DCNM (CPOM) DCNM Access DCN M mgmt0 mgmt0 3 DCNM (CPOM) answers to DHCP request and answers Access for DCNM (CPOM) Users with IP Address and POAP specific Boot-Options (TFTP) IP: 192.168.12.142 / 24 tftp://dcnm/tftpboot/ boot.py 1 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. Switch Boots-Up without Configuration 101

DHCP  Use open source ISC DHCP Server 4.1.1-P1  It only supports the following DHCP options: • • • • • • IP Address & netmask Default gateway Domain name server Lease Time TFTP server bootscript  By default, the TFTP server option has the value of DCNM IP address  By default, the bootscript has value of poap_dcnm.py which is a PYTHON script provided by DCNM team)  IP address is allocated to the device temporarily. Once POAP process is complete, the IP address will be release back to the DHCP server  DCNM DHCP server only listens to interface eth1  It is required that the POAP switches and DCNM DHCP server has L2 adjacency. This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 102

DHCP Scope of DCNM (CPOM) for POAP Pre-Defined DHCP Scope, derived from “Enhanced Fabric Management” IP Address Edit the Scope to define the Temporary IP Address Range for Bootstrapping the Switches This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 103

1 Switch asks for NX-OS Image and Configuration File Fabric Management DCNM (CPOM) DCNM Access DCN M mgmt0 mgmt0 2 Access for DCNM (CPOM) Users DCNM (CPOM) answers with NXOS Image-Download path and Configuration-Files (SCP) Boot with image: 6.0(2) Use Configuration: Spine Hostname: Spine-4 IP: 192.168.12.4 / 24 … This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 104

Image & Config Servers  Allow customer to define the file server and the directory(path) where the images, the uploaded or generated configuration will be stored.  By default, DCNM will create a system-defined “Default_SCP_Repository” repository located at /var/lib/dcnm to store the image & configuration.  No GUI support for image upload. It is the customer responsibility to upload the desired device images to the file server  Only SCP protocol is used by the devices to download images or configuration  If external file server is used, the provided access credential should have permission on directory creation, file read & write  Device images are always stored at the top level directory (e.g. /var/lib/dcnm)  Each device configuration (uploaded or generated) is stored under the device corresponding serial number directory (e.g. /var/lib/dcnm/TB03030000B/device-config) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 105

Image and Config Server of DCNM (CPOM) Pre-Defined SCP Server, listening on both Interfaces of DCNM (CPOM) Path for accessing the Image- and Configuration-Files (Default Directory on DCNM (CPOM) is: /var/lib/dcnm) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 106

1 Switch Boots-Up with defined NX-OS Image and Startup-Configuration Fabric Management DCNM (CPOM) DCNM Access DCN M mgmt0 mgmt0 2 DCNM (CPOM) Discovers new Switch and adds it to Inventory Access for DCNM (CPOM) Users This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 107

Fabric Management DCNM (CPOM) DCNM Access DCN M Fabric Management - Out-of-Band (OOB) Network mgmt0 mgmt0 Power on Auto Provisioning (PoAP) communicates over the out-of-band network interface mgmt0 with the DHCP-, TFTP Access for DCNM (CPOM) Usersand SCP-Server. DCNM (CPOM) combines the function of DHCP-, TFTP- and SCP-Server in his installation and will listen and serve it over the “Fabric Management” Network. Note: Please ensure that only one single DHCP-Server serves in the “Fabric Management Network”; either the one of DCNM (CPOM) or another delegated one. This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 108

POAP Definition © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 109

POAP Definition – pre-requisite Pre-requisite: • Desired device images are manually copied to the image & config servers • The desired POAP templates exists (DCNM does provide some system defined templates for DFA) or existing configuration is available • DHCP server is assigned the correct IP address range, up and running • User has the serial numbers of the POAP switches (use the command “show license host-id” to find out the serial number) • The switches and DCNM server is Layer 2 adjacency. This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 110

POAP Definition Features 1. Allow user to upload device startup configuration or generate one 1. Allow batch creating of multiple POAP device definitions(bulk edit does not support) 2. Allow user to associated device images with the device. 1. Automatically import the POAP device into inventory system for discovery This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 111

POAP Definition Features (cont.) 5. Allow user to create device configuration basing on template. 6. Allow user to reuse the fill-in template values (setting feature) 7. Provide template form with field validation (support bulk config generation) and CLI preview 8. Real-time update of the POAP bootscript execution status (including error) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 112

POAP Definition Features (cont.) 9. Send write erase & reload command to device to POAP bootup 10. Automatically determine the switch id/name and management IP address from the uploaded configuration This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 113

Choose from pre-defined DFA Templates Parameter Values can be saved for later purpose Form, automatically created from the Templates; list and range Values supported to accommodate multiple Switches This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 114

POAP Definition -- action Steps to create a POAP Switch Definition: 1. Determine whether uploading the static configuration or generating one basing on template 2. Fill the information regarding device serial number, kickstart & system images, which image& config server to use, what devices group it belongs to, the access credential of the device 3. If upload the start up config, please upload it 4. If using template to generate config, please select the desired template and fill in the template form 5. Click “publish” button 6. Boot up the device in POAP mode This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 115

POAP Template © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 116

DCNM Template Feature  Existing DCNM template builder is enhanced  system defined templates for DFA (leaf, spine, etc) are provided  Support Cloning template  Only template marked as POAP and Published will be used as POAP Templates This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 117

DCNM Template Feature  Annotation feature is added to the template builder • Display the description or hint of the template form field • Provide the default value, allowed format, allowed min, max value • Provide tagging to allow application to extract data from the filled template form • Which field represents management IP address, switch id, etc  “stuct” data type is added to support grouping of variables This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 118

Workflow to for POAP-Definitions Generate new POAP Definition for a single or multiple Switches Upload existing Startup Config for a given Switch This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 119

Enter the Switch SerialNumber, multiples commaseparated or upload a CSVFile Define the Switch Type (N5k, N6k, N7k etc.) Define the Switch repository (where are your images; default is local SCP repository (var/lib/dcnm) Choose Kickstart- and SystemImage for Switch; list view of images in repository Configuration Repository to use during POAP process This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. Username and Password for accessing the Switches through CLI, SNMP, etc. 120

Choose from pre-defined DFA Templates Parameter Values can be saved for later purpose Form, automatically created from the Templates; list and range Values supported to accommodate multiple Switches This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 121

 The following Task have to be completed before using DCNM (CPOM) with it’s integrated POAP-Engine  Verify the DHCP-Scope, if it matches your Setup. Have a close focus on the IP Address Range, which are temporary IP Addresses during the POAP Process > Config -> Power-On Auto Provisioning (POAP)  Upload the required NX-OS Kickstart- and System-Images to the chosen RepositoryServer. If DCNM (CPOM) is your RepositoryServer, you have to upload the images to DCNM (CPOM) via SCP or SFTP.  Via SCP and TFTP, the following Folder is exposed for your NX-OS Kickstart- and SystemImages: /var/lib/dcnm This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 122

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 123

Pre-Defined Configuration Template Repository Templates covering Switch Name, Management, VPC, FEX, DFA, everything ….. Template Creator supporting scripting Language and FormCreation This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 124

Select pre-defined Template for Open, Edit or Save-As This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 125

Integrated Template Editor Including check for Syntax Validation This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 126

Pre-Defined Configuration Template Repository Placeholder defined with “$$$” This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 127

Detailed Description available within Template Editor Templates covering Switch Name, Management, VPC, FEX, DFA, Placeholder and everything ….. definition of valid entries defined in Template Header This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 128

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 129

General & Out-of-Band Configuration Fabric: Layer-3 Control-Plane (BGP & BGP Route-Reflector) Fabric: Manageability and Cable Plan *Distributed Gateway & Host Mobility specifics In-Band Configuration *VPC+ Domain Configuration Fabric: Layer-2 Control-Plane (Fabric & FabricPath) Interface, Port-Channel & FEXConfiguration *Leaf / Border-Leaf only This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 130

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 144

 Detects Cabling anomalies > Incorrect Connectivity (ErrC) > Link Not present (Unkn) > Unexpected Connections (Enp)  Flexible > > > > supports DFA and Non-DFA platforms Cable plan can be deployed global or device-specific Enforcement on one side  Auto Generation, Import, Export  Granular – Per port Validation This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 145

Consistency Check OK based on Cable Plan/Tier Definition 2 Consistency Check FAILED based on Cable Plan/Tier Definition 2 2 2 ✓ 1 1 1 1 ✗ 1 1 1 = DFA-Spine (Tier 2) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 146 ✗ 1 = DFA-Leaf (Tier1)

Configuration already done in PreDefined POAP-Templates; you can chose if the Cable-Pan should be enforced or not Individual Cable-Plan-File generated and uploaded thru DCNM (CPOM) nexus# dir bootflash:/// | include cableplan.xml 906 May 28 06:43:52 2011 cableplan.xml nexus# feature cable-management feature lldp ! fabric connectivity tier 2 fabric connectivity cableplan enforce 2 2 Error Disable detect on per Default Error Disable recovery OFF per errdisable Default recovery interval 300 errdisable detect cause miscabling no errdisable recovery cause miscabling 1 feature cable-management feature lldp ! fabric connectivity tier 1 fabric connectivity cableplan enforce 1 1 1 = DFA-Spine (Tier 2) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 147 = DFA-Leaf (Tier1)

Log Message on Cable Plan Consistency Check failure Error detected on peer tier check 2011 May 31 02:37:40 n6k-leaf-2018 %$ VDC-1 %$ %CMM-2-MISCBL_TIERERR: Miscabling: Port Ethernet1/47 Error detected on peer tier check. Local: Tier 1 System n6k-leaf-2018 Chassis 002a.6a27.27d6 Port Eth1/47 Neighbor: Tier 1 n6k-leaf-2018# show fabric connectivity neighbors System n6k-leaf-2017 Chassis 002a.6a22.a416 Port Eth1/47 -----------------------------------------------------------------------------Local System: Device Tier Config: Enabled Device Tier Level: 1 Mismatch Delay Config: Disabled Mismatch Delay Timeout: 2 2 0 Cable-Plan Enforce: Enabled DeviceID: n6k-leaf-2018 ChassisID: 002a.6a27.27d6 -----------------------------------------------------------------------------Codes: (Ok) Normal, (ErrT) Tier error , (ErrC) Cable-Plan error, (V) VPC Peer connection, (S) Stale entry, (Unkn) Unknown, (Enp) Entry not present in Cable-Plan, (Tl) Tier level Neighbor Table: -----------------------------------------------------------------------------Local DeviceID PortID Tl Cable-Plan Status ✗ ✗ Intf Entry 1 1 1 n6k-spine-2016 Eth1/38 n6k-leaf-2018# show interface eth1/47 Ethernet1/47 is down (Miscabled) 1 Eth1/37 n6k-spine-2015 Eth1/47 Eth1/37 Ok Eth1/38 Ok n6k-leaf-2017 ErrT,S 2 n6k-spine-201,Eth1/37 2 n6k-spine-201,Eth1/38 Eth1/47 Total entries displayed: 3 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 148 1 Enp

DCNM (CPOM) Shows same information: Failure on Node and how many Interface Miscabling Interface Status This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 149

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 150

  Perquisite is a successful installed DCNM with XMPP-Server Protocol is XMPP Username is either the pre-defined or one > Pidgin is a Opensource XMPP capable Chat- you did create with the appmgr-tool Client Pidgin is installed on your Client > http://pidgin.im/  This is the FQDN of the DCNM-Server Configure your Pidgin to XMPP-Server Connection in the Pidgin-Client > Accounts -> Manage Accounts -> Add  Add Buddy to Pidgin (Buddy List) > Buddies -> Add Buddy  Name your Buddy (Buddy’s Username) > This is the FQDN of your Switch; hostname@dcnm-fqdn > Authorize the Switches when got asked in Pidgin > Repeat this step for every Switch you want to import in to Pidgin This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 151

 Switches will appear as Buddies  The Status of the Switches will be shown  You can now IM to a Switch sending NX-OS CLI command > Double-click the Buddy Name to open a Instant Message session This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 152

 Create a Chat-Room in Piding > Buddies -> Add Chat  Name your Chat-Room > Note: the Room-Name has to be configured in the Switches > fabric access group group1 group2 > Every other setting is predefined from your Pidgin XMPP-Connection  You can now IM to a Group of Switches sending NX-OS CLI command > Double-click the Buddy Name to open a Instant Message session > Note: wait until all participants joined the room (# people in the room) This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 153

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 154

Orchestration Stack UCS Director (Cloupia), OpenStack, vCloud Director Compute & Storage Orchestration Network & Services Orchestration For Information on how to integrate Orchestrator into DFA, please refer to the “DCNM 7.0 OVA Installation Guide” and the “DFA Fabric Management Whitepaper” Auto-Config Triggers VDP* N1kv/OVS Virtual Machines DHCP/ARP-ND Data Packet MAC Learning Driven Programmatic DCNM (CPOM) Physical Machines *VDP (VSI Discovery and Configuration Protocol) is IEEE 802.1Qbg Clause 41 This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 155

 Orchestration Administrator defines logical Organization Network > Mapping the Auto-Config Definition “Name” to the logical Organization Network > Name-Space (Segment-IDs) resources are administrated within the Orchestrator > Orchestrator (for example vCD, Openstack) directly interacts with the Virtual Switch  Network Administrator prepares Auto-Config Definition in DCNM (CPOM) > Virtual Switch are configured through Orchestrator (like in vCD) or pre-populated PortGroups/Port-Profiles  When new Virtual-Machine get created and Network DCNM (CPOM) gets polled for Auto-Config Definition > Based on MAC learn or VDP signalization Network gets instantiated > Dynamic VLAN gets chosen and mapped to the Segment-ID (based on Dynamic VLAN range and Segment-ID Namespace, managed by Orchestrator) > Auto-Config Definition gets installed (VLAN, SVI, VRF, Segment-ID) > VLAN ID gets exchanged via VDP to the Virtual Switch (no, not VTP) > Leaf receives 802.1q tagged frames and associates them to the segment-ID This presentation contains materials that are either copyright © 2011 IBM Corporation or copyright © 2011 Cisco Systems, Inc. All rights reserved. 156

 DFA enables Network Auto-Configuration with no Workload&Network Orchestrator Auto-Config Triggers VDP* DHCP/ARP-ND Data Packet MAC Learning Driven Programmatic N1kv/OVS Virtual Machines DCNM (CPOM) Physical Machines *VDP (VSI Discovery

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Winning with Cisco and IBM - Denver, CO

Winning with Cisco and IBM in the Data Center 7th Annual Denver Top Gun Training . ... Management Platforms, Dynamic Fabric Automation (DFA), ...
Read more

Furk.net :: Furk.net

Furk.net is your personal secure storage that fetches media files and lets you stream them immediately You can use it to stream video or listen to your ...
Read more

Touch of Modern | Modern Products & Styles

Touch of Modern is the most popular men's fashion site. Leave Boring Behind: Discover Extraordinary Products Now. Guaranteed Lowest Prices.
Read more

2013 Catalogue Automechanika - de.scribd.com

... 13, 2013 (annual ... dynamic forum to formulate policies and take actions that ... systems and tyres. The industry’s top ...
Read more

Usenet.nl – finest downloads since 1979

Trustworthy anonymity. Usenet.nl provides complete protection of your privacy and does not log IPs or any other data. Enjoy the diversity of Usenet in an ...
Read more

E-VERIFY EMPLOYERS AND FEDERAL CONTR AC TORS - USCIS

DFA of California North and South of ... On Top Construction, Inc. H & H Engineering Construction, Inc. Cell Gate USA ... Breen Automation Systems Inc. Solvang
Read more

National Candidates Profiles - scribd.com

... Attainment would grant annual ... Gordon authored the Election Automation Act ... Most Dynamic City (2004) and Top 5 Most ...
Read more

A Scalable, Commodity Data Center Network Architecture

... Proceedings of the 46th Annual Design Automation ... Parisa Jalili Marandi , Fernando Pedone , Robert Kleinberg , Emin Gun ... but standard DFA or ...
Read more

Google

Advertising Programmes Business Solutions +Google About Google Google.com © 2016 - Privacy - Terms. Search; Images; Maps; Play; YouTube; News; Gmail ...
Read more

Сайт aloo

Теперь у меня есть свой сайт, который я буду наполнять всякими интересностями и ...
Read more