Nexus 9000 and ACI Update · STATE OF THE ART BACKPLANE FREE DESIGN ... Chassis Mgmt Power Supply...
Transcript of Nexus 9000 and ACI Update · STATE OF THE ART BACKPLANE FREE DESIGN ... Chassis Mgmt Power Supply...
Innovations in Software, Hardware, ASICs and Systems
NEXUS 9000
PRICE POWER EFFICIENCY PROGRAMMABILITY PORT DENSITY PERFORMANCE
PRICE COST STRUCTURE for 1G to 1/10GT and 10G to 40G migration 50% less ASICS
PERFORMANCE INDUSTRY LEADING PRICE / LINE CARD BANDWITH 1.92 Tbps per slot 100G ready
PORT DENSITY 20% HIGHER Non-blocking Density
PROGRAMMABILITY JSON/XML API Linux Container for customer apps
POWER EFFICIENCY STATE OF THE ART BACKPLANE FREE DESIGN 15% greater power and cooling efficiency
MERCHANT+ ASIC APPROACH Innovation in Cisco ASICs
ONE COMMON PLATFORM & TWO MODES OF OPERATION
Per-Box
Programmability Centralized Fabric
Programmability
NXOS Policy Controller
& NXOS
1/10/40G
Future 100G
Network Ops Driven,
Switch Automation
Application Centric, Policy
Based Fabric Automation
Nexus 9000
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
One Platform, two operational models
Standalone, or NXOS mode
NXOS feature-set
Well known CLI commands What is NEW in Software
• Ability to run scripts on the box
• embedded python interpreter
• Linux containers
• Ability to manage the switching infrastructure with the same tools as the servers
• etc…
What is NEW in Hardware:
• 40 Gig a the cost of 10 Gig
• Power efficiency
• Larger buffers
• VXLAN routing
• ACI mode or Fabric mode
• Multi-tenancy
• Multiple devices operating as a fabric
• Connectivity definition based on policies
• Next Generation QoS
• New Troubleshooting methods:
• Health scores
• Atomic counters
• etc…
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Merchant/ Merchant Plus Portfolio
NX-OS
NX-OS (Leaf) & APIC
Controlled
Merchant Only
Merchant Plus
Modular Fixed
Nexus 9300
Nexus 3100 Nexus 9500
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Merchant Plus
Modular Fixed
ACI Mode
Merchant Only Nexus 9500
X9600
X9400
Nexus 3000
Nexus 3100
NX-OS/standalone mode
Nexus 9500
X9700 (Spine)
X9500 (Leaf)
Nexus 9300
Spine
Leaf
Cisco Merchant/ Merchant Plus Portfolio
Can be deployed in either mode
Cisco Confidential 7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modular Nexus 9500 Common Components
Three Chassis Options
4, 8 and 16 Payload Slot 9504 9508 9516
Industry Most Dense 40G
Devices (upto 576x40G Port)
Supervisor
Redundant Configuration SUP-A 4-Core, 16G
Memory, 64G SSD
SUP-B 6-Core, 24G
Memory, 256G SSD
System Controller
Redundant Configuration Dual Core, Chassis Mgmt
Power Supply
N+N, N+1 Redundancy 3000W AC PSU, 92% Efficient
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introducing Sup-B
Memory CPU Storage
6 core 2.2GHz IVY Bridge 24GB 256GB
50% more 50% more 300% more
Faster BGP Convergence
Future ready for Application Intensive Deployment
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modular Linecards
1) High Performance 40G Aggregation
X9600 Series Line Cards (Trident 2)
3) High Performance 40G ACI Spine
X9700 Series Line Cards (ASE)
NX-OS NX-OS (Leaf) & APIC Controlled 2 Modes of Operation
Merchant Only Merchant Plus
2) Entry Level 10G/40G Access & Aggregation
X9400 Series Line Cards (Trident 2)
4) Performance 10G/40G ACI Leaf
X9500 Series Line Cards (ALE, Trident 2)
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modular Nexus 9500 NX-OS LineCard Modules
Merc
han
t M
erc
han
t+
40G Fiber
9636 (36x40G)
9432 (32x40G)
9536 (36x40G)
10G Copper
9464 (48x10G+4x40G)
9564 (48x10G+4x40G)
10G Fiber
9464 (48x10G+4x40G)
9564 (48x10G+4x40G)
• Additional buffer
• VXLAN routing*
• ACI Enabled*
100G Fiber
Roadmap Q1CY15
9612PC-CXP
9612PC-QSFP
9612C-SMF
9408PC-CFP2
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modular Nexus 9500 ACI LineCard Modules
Leaf
* S
pin
e
40G Fiber 10G Copper 10G Fiber
9536 (36x40G) 9564 (48x10G+4x40G) 9564 (48x10G+4x40G)
9736 (36x40G)
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Fixed Nexus 9300/3000 NX-OS Switches
1G Fiber
3048 (48x1G+4x10G)
40G Fiber
3132 (32x40G)
3164 (64x40G)
10G Fiber
3072 (48x10G+6x40G)
9396 (48x10+12x40G)
9372 (48x10+6x40G)
10G Copper
9396 (48x10+12x40G)
93128 (96x10+8x40G)
9372 (48x10+6x40G)
• Incremental buffer
• VXLAN Routing*
• ACI Enabled
Merc
han
t M
erc
han
t+
9332 (32x40G)
New!
New!
New!
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Fixed Nexus 9300/3000 ACI Switches
40G Fiber 10G Fiber
9396TX (48x10GBaseT+12x40G)*
9372 (48x10+6x40G)*
10G Copper
9396PX(48x10 SFP+12x40G)
93128 (96x10+8x40G)
9372 (48x10+6x40G)*
Leaf
Sp
ine
9336 (36x40G)
New! New!
* Q2CY2015
9332 (32x40G)*
New!
* Q4CY2014
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Removing 40G Optics and Cabling Barriers
Problem • 40G Optics are significant portion of network
CAPEX
• 40G Optics require new cabling
Solution • Re-use existing 10G MMF cabling infrastructure
• Re-use patch cables (same LC connector)
Cisco 40G SR-BiDi QSFP • QSFP pluggable, MSA compliant
• Dual LC Connector
• Support for 100m on OM3 and 150m on OM4
• TX/RX on 2 wavelength @ 20G each
Shipping
since Jan’14
Nexus 9500/9300 Investment Protection Nexus 2200 FEX Support on Nexus 9000
• Investment protection
• Cost-effective 100 Mbps / 1 Gbps server access
• FEX support scalability
Up to 16 FEXs per Nexus 9300
FEX support on Nexus 9500 will be in Q1CY15 (up to 24 FEXs, increasing to 32 in the future)
Nexus 2248TP
Nexus 2248TP-E
Nexus 2232TM-E
Nexus 2248PQ
Nexus 2232PP-10Gbps
Nexus 2232TM
Nexus B22-Dell
Nexus B22-HP*
Nexus B22-IBM*
Nexus B22-Fujitsu*
* Future Support
New on
Nexus 9000!
New on
Nexus 9000!
New on
Nexus 9000!
Nexus 9500/9300 Investment Protection Nexus 2000 FEX Support (Q2CY2014)
Supported FEX Topology: • Single-homed FEX
• vPC port channel to hosts or
non-vPC to hosts
act/stdy
Collapsed Aggregation and Access
Option 1:
• Layer 2 and 3 boundary is on the core
• vPC between aggregation and core
• Nexus 9500 can be EoR with FEX in the racks
• Nexus 9300 can be MoR and EoR with FEX in the racks
Option 2:
• Layer 3 all the way to access
• ECMP between access and aggregation
• Nexus 9500 can be EoR with FEX in the racks
• Nexus 9300 can be MoR and EoR with FEX in the racks
Configuration Options
Nexus® 7000
DC Edge
DC Core
DC Aggr./
Access
Collapsed
Aggregation and Access
DC Aggr./
Access
Fabric
Extenders
Fabric
Extenders
N9300 N9300 N9300 N9300
N9500 N9500
N9500 N9500 N9500 N9500
Traditional 3-Tier Network Design
Option 1:
• Layer 2 or 3 boundary is on aggregation
• vPC between access and aggregation
• Nexus 9500 can be EoR
• Nexus 9300 can be ToR or MoR
Option 2:
• Layer 2 or 3 boundary is on aggregation
• vPC between access and aggregation
• Nexus 9500 can be EoR
• Nexus 9300 can be ToR or MoR
Configuration Options
Nexus® 7000
DC Edge
DC Core
DC Aggr./
Access DC
Access
Racks/Rows
Fabric
Extenders
Fabric
Extenders
N9300 N9300 N9300 N9300
N9500 N9500
N9500 N9500 N9500 N9500
N9500 N9500 N9500 N9500
Traditional
3-Tier Network
Configuration Options:
• Layer 3 IP fabric
• Layer 3 all the way to access
• Layer 2 extensibility can be provided by VXLAN
• Nexus® 9500 can be EoR
• Nexus 9300 can be ToR and MoR
Spine
Leaf
DC Edge
Fabric Extenders
2-Tier Fabric
Routing Leafs
Spine-Leaf Fabric Design
N9500 N9500 N9500 N9500
N9300 N9300 N9300 N9300 N9300 N9300 N9300 N9500 N9500
Nexus 9000 Series VXLAN Support
VXLAN is supported across the Nexus 9000 series platforms. The VXLAN Gateway functionality
is supported across all form factors and line cards. Integrated routing functionality is only
supported on ACI-enabled Modules…
Nexus 9500 Series Nexus 9300 Series
2
1
• Layer-2 Extension with VxLAN
• VxLAN VLAN (Gateway)
• VxLAN VxLAN (Bridging)
• VLAN VLAN (Bridging)
• Inter-VxLAN Routing
• VxLAN A VxLAN B (Routing)
(IP Subnet A IP Subnet B)
Host
Host
Hypervisor
VTEP
VxLAN VLAN
IP Network
VTEP (VxLAN Gateway)
Host Host
VLAN
VxLAN
VLAN
VxLAN
VxLAN Bridging
IP Network
VTEP VTEP
Host Host
VxLAN VxLAN VxLAN Routing
IP Network
VTEP VTEP
VXLAN Forwarding vPC VTEP
VXLAN
VLAN
vPC VTEP vPC VTEP
• When vPC is enabled an ‘anycast’ VTEP
address is programmed on both vPC peers
• Symmetrical forwarding behavior on both
peers provides
• Multicast topology prevents BUM traffic
being sent to the same IP address across
the L3 network (prevents duplication of
flooded packets)
• vPC peer-gateway feature must be
enabled on both peers
• VXLAN header is ‘not’ carried on the vPC
Peer link (MCT link)
Use MP-BGP with EVPN Address Family on the leaf nodes to distribute internal
host/subnet routes and external reachability information
MP-BGP also used to distribute IP multicast groups information
MP-BGP enhancements to carry up to 100s of thousands of routes and reduce
convergence time
Route-Reflectors deployed for scaling purposes
Host and Subnet Route Distribution
iBGP Adjacencies RR RR
RR
Leaf
Spine
VXLAN Phase 2 BGP Control Plane
References: A Network Virtualization Overlay Solution using EVPN (draft-sajassi-nvo3-evpn-overlay-01)
1. Host Attaches
2. Attachment VTEP advertises host’s MAC (+IP) through BGP RR
Host Advertisement
NLRI: Host MAC1, IP1 NVE IP 1 VNI 5000
Ext.Community: Encapsulation: VXLAN, NVGRE Cost/Sequence
Leaf
Spine RR RR
VNI 5000
Host 1 VLAN 10 MAC IP VNI Next-
Hop
Encap Seq
1 1 5000 IP1 VXLAN 0
VXLAN Phase 2 BGP Control Plane
1. Host Moves behind switch S3
2. VTEP-3 (S3) detects Host1 and advertises H1 with seq #1
3. VTEP-1 (S1) sees more recent route and withdraws its advertisement
Host Moves
NLRI: Host MAC1, IP3 NVE IP 1 VNI 5000
Ext.Community: Encapsulation: VXLAN, NVGRE Cost/Sequence 1
MAC IP VNI Next-
Hop
Encap Seq
1 1 5000 IP1 VXLAN 0
MAC IP VNI Next-
Hop
Encap Seq
1 1 5000 IP3 VXLAN 1
Leaf
Spine RR RR
VNI 5000
Host 1 VLAN 10
MAC IP VNI Next-Hop Encap Seq
1 1 5000 IP3 VXLAN 0
VXLAN Phase 2 BGP Control Plane
Provisioning
Package/Application
Management
Monitoring
Orchestration
Agent
Deployment
Provision Monitor
PXE/
Network Boot
LINUX Server Management Dev-Ops
Provisioning
Package/Application
Management
Monitoring
Orchestration
Std
Open API
Adapta
ble
NX
OS
TODAY IN PROGRESS
#/ifconfig
#/ip route
#/ bgpd
Consistent Dev-Ops Toolset and Operational Model Extended to the Network Devices
NX-API
<?xml version="1.0" encoding="ISO-8859-1"?>
<ins_api>
<type>cli_conf</type>
<version>0.1</version>
<sid>1</sid>
<input>show interface brief </input>
<output_format>xml</output_format>
</ins_api>
{
"ins_api": {
"type": "cli_show",
"version": "0.1",
"sid": "session1",
"outputs": {
"output": {
"TABLE_interface": {
"ROW_interface": [
{
"interface": "mgmt0",
"state": "up",
"ip_addr": "172.21.128.227",
"speed": "1000",
"mtu": "1500"
},
{
"interface": "loopback0",
"state": "up"
}
]
}
}
}
}
}
HTTP N9K
CLI Input
Programmability
Open RPC API – Extensible to support REST
Bash Access
Issue a CLI to gain access to Linux Bash Shell
Leverage favorite Linux commands like ps, grep etc. available and could be used for further monitoring and scripting
Role-based access to Bash
Bash Access (Cont’ed)
Monitor Memory Utilization and Processes through Bash:
Leverage the standard Linux command to monitor network processes
bash-4.2$ top
Shift + F
Select “N” for Memory
top - 15:00:48 up 1 day, 12:41, 4 users, load average: 0.22, 0.28, 0.33
Tasks: 219 total, 2 running, 215 sleeping, 0 stopped, 2 zombie
Cpu(s): 9.7%us, 3.3%sy, 0.0%ni, 86.4%id, 0.1%wa, 0.2%hi, 0.3%si, 0.0%st
Mem: 16402508k total, 3452904k used, 12949604k free, 258260k buffers
Swap: 0k total, 0k used, 0k free, 1477268k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5343 svc-isan 20 0 345m 54m 7936 S 0 0.3 0:01.13 vpx1
5361 root 20 0 371m 49m 32m S 0 0.3 3:10.56 clis
5470 root 20 0 770m 48m 11m S 1 0.3 10:12.65 netstack
5468 root 20 0 605m 44m 6952 S 0 0.3 0:11.99 arp
5344 svc-isan 20 0 335m 43m 7768 S 0 0.3 0:01.06 pixm
5683 root 20 0 324m 32m 8612 S 0 0.2 0:00.72 l2fm
5675 root 20 0 320m 31m 14m S 2 0.2 9:29.22 ipqosmgr
5508 root 20 0 597m 31m 10m S 0 0.2 0:41.30 snmpd
5682 root 20 0 334m 30m 10m S 0 0.2 0:01.94 ethpm
5681 root 20 0 321m 30m 7636 S 0 0.2 4:51.05 diag_port_lb
5706 root 20 0 936m 26m 11m S 0 0.2 0:14.00 pim
5664 root 20 0 314m 25m 8248 S 0 0.2 0:00.78 eltm
5703 root 20 0 604m 23m 8676 S 0 0.1 4:03.24 ospf
BCM Shell Access
Issue a CLI to get shell access to underlying BCM chips
Direct read/write access to hardware tables
Can Peek/Poke underlying registers
Python wrapper to get BCM Shell output
OpenStack Network (Neutron) Plugin Enables fully automated compute, storage and network resource
orchestration
Support for Grizzly OpenStack release
Enable VLAN-based tenant separation
Enhance efficient resource usage
Leverages NX-OS NetConf-XML programmatic interface
Controller Node
OpenStack Networking
Insieme
Plugin
OVS Plugin
Insieme
Interface
Driver
Host 1
br-eth0
Tenant A – VLAN
100
VM 1
10.0.0.3
br-int
Host 2
br-eth0
Tenant B – VLAN
200
VM 1
10.0.1.3
br-int
Host 3
br-eth0
Tenant A – VLAN
100
VM 2
10.0.0.4
br-int
Host 4
br-eth0
Tenant B – VLAN
200
VM 2
10.0.1.4
br-int
eth0 eth0 eth0 eth0
VLAN 100 VLAN 200 VLAN 100 VLAN 200
Communication with plugin
agents on hosts
Communication with Neuxs 9000 using Netconf
Enable Nexus 9000 switches to host customer applications using LXC virtualization technologies
Customers can compile & package their applications into OVAs for deployment on Nexus 9K
Base LXC to host trusted Cisco applications
• Namespace separation with LXC
• Cgroups to limit resource usage
Secure LXC to host customer applications and protect the integrity of the host system
• Drop capabilities to limit a privileged user
• Use of Secure Linux technology, like SMACK, to address risks to host 3rd party applications running at root privilege
• Restrict TIPC
Support for both 32-bit and 64-bit containers
Trust Boundary for
Secure LXC Containers
App TIPC
LXC Container
/root
/proc /dev
NOS
Host
cgroups
HOST
LXC
CPU MEM DISK
o
n
e
p
Secure LXC Containers New!
LXC – Linux Containers (Cont’ed)
3
4
LXC Benefits
• Isolates Applications and Operating Systems
• Provides nearly native performance as LXC
manages resource allocation in real-time
• More elastic than a full hypervisor
• Less time to start
• No need for a separate kernel boot
• Lightweight
LXC Limitations
• Shares kernel with underlying OS
• Only allows for Linux guests
• Not a full virtualization stack
• Security depends on the host system Kernel – 2.6.24+
Container
LXC Containers
User space
Libraries
Application 1
Application 2
Guest Shell
GUEST SHELL
Open Source
Packages
(Optional)
Apps
Apps
NXOS CLI
onePK
Cisco
Libraries
(Optional)
Python
enabled root
filesystem
Secure Linux Container (sLXC)
Python
System APIs
Nexus
DevOps
Open Source Tools, utilities, applications
3rd Party
Apps
Cisco
Repository DevNet
bootflash
Apps
NXOS CLI interface • Access the Guest Shell from
NXOS CLI
• Access NXOS CLI from within the
Guest Shell
onePK APIs • Access to a rich set of NXOS
APIs for interface to management
and datapath functions.
Python System APIs • BCM shell ?
• What else?
bootflash • Read/write access to the NXOS
bootflash.
Guest Shell is an embedded Linux
environment that allows customers
(DevOps) to develop and run custom
applications for automated control and
management of the Nexus family of
datacenter switches.
Guest Shell is
automatically enabled.
Zero-touch.
64bit application
environment
Guest Shell ships with
python support
enabled.
C and Java support can
be added through YUM
installs.
Upgradeable rootfs
packages
Built on Secure LXC.
New!
• Initially will run in an LXC
• Will run as native daemons and installed via RPM – Q1CY15
Puppet Master
Puppet Agent
NX-OS Puppet Integration New!
Cisco Puppet Resource Type Coverage: 1
Feature Resource Name Description
Cisco Device Access cisco_device Allows credentials for user access control &
accounting
Base L2/L3 interface cisco_interface General interface & L2/L3 base settings
VLAN cisco_vlan Create/destroy of VLANs and general settings
Interface-vlan (SVI) cisco_interface_vlan Create/destroy of SVIs and SVI specific
interface settings
VLAN Trunking Proto (VTP) cisco_vtp VTP global settings
SNMP cisco_snmp_server
cisco_snmp_community
cisco_snmp_group
cisco_snmp_user
SNMP monitoring settings. Notification receiver
settings not covered as of now.
OSPF cisco_ospf
cisco_ospf_vrf
cisco_interface_ospf
OSPF instance create/destroy, per-VRF
settings, and interface settings (area, cost, msg
digest, etc)
Cisco Puppet Resource Type Coverage: 2
Feature Resource Description
TACACS/AAA***
***full set not available at EFT target date
cisco_tacacs_server
cisco_tacacs_server_host
cisco_aaa_tacacs_group
cisco_aaa_authentication
cisco_aaa_authorization
cisco_aaa_accounting
• TACACS global settings
• TACACS per-host settings
• group association and settings
• mapping of groups to AAA features
(authentication, authorization, accounting).
Raw Config CLI commands cisco_command_config Resource to directly apply blocks of
configuration CLI commands.
vTracker – VM Visibility
Ability to track VM information per port – List of VMs attached
– VM’s IP Addresses, VLAN, Port Group, vNIC, MAC address
– Provide Upstream/Downstream Views
– Provision VLANs on trunks to ESX Hosts
Trace VM Movement history in network (SPLUNK integration)
Dynamic network policies
vCenter
Server
N1KV
VSM
VM1 Info:
IP: 10.1.1.1/24
VNIC: aabbccddeeff
Vlan: 10
Pinned: Eth1/1
New!
? • VLAN
• IP Address
• Subnets
• Firewalls
• Quality of Service
• Load Balancer
• Access Lists
• Application Tier Policy and Dependencies
• Security Requirements
• Service Level Agreement
• Application Performance
• Compliance
• Geo Dependencies
APPLICATION LANGUAGE NETWORK LANGUAGE
Network Infrastructure: What is Relevant Two Types of Languages
Group-Based Policies/ Network Profiles
WAN
Firewall
LB to App
Connect to DB
Connect to App
High Priority
APPLICATION
REQUIREMENTS
WEB APP DB
DB WEB APP F/W
ADC ADC
ACI UNDERSTANDS AND SPEAKS APPLICATION NEEDS
DIRECTLY MAP TO ACI NETWORK PROFILES
NETWORK
REQUIREMENTS
OPEN RESTFUL APIS
CENTRALIZED POLICY MODEL
OPEN SOURCE
CONTROLLER
APIC
ACI BUILDING BLOCKS NEXT GENERATION NEXUS—TRADITIONAL NETWORKS
POLICY MODEL
ACI >_ >_
50% SIMPLER CODE BASE
FUTURE PROOF UPGRADABLE
TO ACI
PROGRAMMABILITY AND AUTOMATION
NETWORK VIRTUALIZATION
SUPPORT
RESILIENCY: IN SERVICE PATCHING,
UPGRADE, FAST RESTART
ACI BUILDING BLOCKS FUTURE PROOF—SOFTWARE UPGRADABLE TO ACI
NEXUS 9500 and 9300 INNOVATIONS IN SOFTWARE HARDWARE AND SYSTEM DESIGN
PRICE POWER EFFICIENCY PROGRAMMABILITY PORT DENSITY PERFORMANCE
OPTIMIZED NX-OS
NEXUS 9508
SHIPPING NOW
Operational Simplicity: Agility And Automation
Latency
Health
Score
Isolation
Systems
Telemetry 25 Packets
dropped
• Centralized, Policy-Based
• Cloud management integration
• Full mobility
• Real-time visibility:
o Tenant
o Application
Latency
Isolation
Systems
Telemetry 0 Packets dropped
Health
Score
0 0 0 7 0 0 0 6
VIRTUAL PHYSICAL
Integrating ACI in to Current Data Center’s Add Nexus 9000 to Existing Nexus 2000-7000 Fabric
Deploy standalone Nexus 9000 into existing
Nexus fabric to add network capacity.
Common Management and NX-OS Software
vPC, FEX, BGP, OSPF, EIGRP, …
Existing Nexus 2K-7K Fabric
N1Kv
Nexus 9000
L2 or L3 Connection
Integrating ACI in to Current Data Center’s Interconnect a New Pod to the Existing
Deploy ACI Fabric in parallel with existing Nexus fabric. Connect via L2/L3.
Existing Nexus 2K-7K Fabric
N1Kv
Nexus 9000
ACI Fabric
APIC
Integrating ACI in to Current Data Center’s Standard Architecture with Services
Backbone
vSwitch
Services
Chassis
vSwitch vSwitch
Services Chassis
Backbone
vSwitch vSwitch vSwitch
APIC Policy
Controller
Services
“Fabric”
1. Leverage Existing Nexus/ IP Network
2. Deploy ACI: New PoDs For Cloud Build Outs
3. Extend ACI Model. Preserve - IP networks, L4-7 Services, Hypervisors
Existing Nexus PoDs
(2k-7k)
ACI POLICY
ACI Fabric
Nexus 9500 / 9300
Nexus 9300
Nexus 7000 DCI
Integrating ACI in to Current Data Center’s Extend ACI Policy Forwarding into Existing
PROFILE
Nexus 9300
ESX Hyper-V OVS Bare Metal
AVS
Bare Metal
ESX Hyper-V OVS
AVS
Single Fabric Scenarios Partially Meshed (Stretched) Fabric
• Single Fabric Scenarios
• Single Operational Zone (VMM, Storage, FW/LB are all treated as if it is ‘one’ zone)
• Use Cases
• Multi-Building cross campus and metro distances (Dual site design is a very common topology
in EMEA)
• Multi-Floor, Multi-Room Data Centers (cabling restrictions prevent full mesh)
Site/Room ‘A’ Site/Room ‘B’
300m - 40 km
Interconnect (Fully
Meshed) Leaf Nodes
Partially Meshed
Leaf Nodes Partially Meshed
Leaf Nodes
Multi-Fabric Scenarios ‘Availability + Policy Zone’ Models
• Multi-Fabric Scenarios
• Primary use case is to support multiple “Availability Zones”
• Use Cases
• Multiple Fabrics within a single site (includes Multi-Floor, Multi-Room Data Centers)
• Multi-Building cross campus and metro distances (Majority of larger customers require a dual
site active/active design)
Site ‘A’ Site ‘B’
Web/App DB
Web/App
Policy Zone ‘A’ Policy Zone ‘B’
Fabric ‘A’ Fabric ‘B’
Web/App DB
Web/App
Multi-Site
Traffic
mBGP - EVPN
Web1
App1
dB1
Web2
App2
dB2
Web2
dB1
App2
Web1
App1
Export Web, App,
DB to Fabric ‘B’ Import Web, App,
DB from Fabric ‘A’
Export Web & App
to Fabric ‘A’ Import Web & App
from Fabric ‘B’
Multi-Fabric Scenarios Policy and Connectivity
Cisco Confidential 51 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Release Timelines – Nexus 9000 Standalone
Ash2.1 Ash2.2
Ash2.2a
Ash2.3
Bronte Camden
N3K Train
Mar’14 Apr’14
Jun’14
Jun’14
Q3CY14 Q1CY15 QCY15
Jul’14
Shipped
To be Shipped
Ash2.2b
Ash3.1
Cisco Confidential 52 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Nexus 9000 advantages
Rich NXOS feature-set
Enables migration to 40 GigE
Power efficiency
Buffer space
Migration to VXLAN based transport
Comprehensive Linux feature set
Ready for upgrade to Application Centric Infrastructure
Cisco Confidential 54 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Release Ashfield1.x Hardware -
Chassis: Nexus 9508
Linecard: X9636PQ (36x 40G)
QSFP-40G-SR-BD (BiDi)
Software -
• IPv4/IPv6 Routing (BGP, OSPF, ISIS, EIGRP, RIP,
PIMv4, BFDv4)
• L3 Multicast
• VRF-Lite, VRF-Route Leak
• 64-way ECMP
• Programmability - Python, NX-API, Bash, Scripting
• Consistency Checkers
• QoS (ECN, PFC, Shaping, Policing)
• ACL
• SPAN and ERSPAN
• Config Rollback, Config Sessions
• GOLD, AAA, RADIUS, TACACS+, Callhome
• CoPP
• DHCP Relay (v4, v6)
• SNMPv2/v3, NetConf/XML
• Device Management Capabilities
Ash1.1 (shipped)
6.1(2)I1(1), Nov‘13
Cisco Confidential 55 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Release Ashfield2.x Hardware - TOR: 9396PX, 93128TX
Chassis: Nexus 9504
Linecards:
X9564PX (48p SFP+ & 4p 40G
QSFP+)
X9564TX (48p 1/10Gb-T & 4p 40G
QSFP+)
Software - • IGMP Snooping
• FHRP (IPv4/IPv6)
• vPC, PVRST+, MST, Storm Control
• Patching (Hot & Cold)
• Static route to SVI
• VXLAN Bridging/GW (for N93xx)
• OpenStack Network Plugin
• Cisco Prime DCNM & Infrastructure
Support
• XML-izing NXOS
• Chef (for hot/cold patching)
Ash2.1 (shipped)
6.1(2)I2(1), Mar’14
Hardware - QSA Support (SFP-10G-
SR, SFP-H10GB-CU1M,
SFP-10G-AOC1M
Software - • ECN w/ AFD (Approx.
Fair Drop) for 9300
• IGMP Snoop filtering
• SPAN destination 40G
(9300)
Ash2.2 (shipped)
6.1(2)I2(2), Apr’14
Software - • Up to 6 FEXes per N9300
• FEX Straight-through
• Host Active/Standby
• Host vPC
• Supported FEX
• N2224TP
• N2248TP, N2248TP-E
• N2232TM
• N2232PP
• B22HP
Ash2.3 (shipped)
6.1(2)I2(3), Jun’14
Hardware - N3164PQ
Chassis: Nexus 9516
Linecards:
X9536PQ (36p 40G,
1.5:1 OS)
X9432PQ (32p 40G
QSFP+)
X9464TX (48p 1/10GT
4p 40G QSFP+)
X9464PX (48p 1/10GF
4p 40G QSFP+)
Ash2.2a (shipped)
6.1(2)I2(2a), Jun’14
Controlled Release
Software - N3164PQ 40GE to
4x10GE Breakout
Support
Ash2.2b
6.1(2)I2(2b), Jul’14
Cisco Confidential 56 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Release Ashfield3.1
Hardware - TOR: 9396TX
TOR: 9372TX, 9372PX, 9332PQ
Coors GEM Module for N9300, 6p 40G
Supervisor: Sup-B (24G DRAM, 250G Flash, 6 core)
Software - • FEX scale increase on 9300 to 16
• B22-Dell FEX support
• Nexus 2232TM-E , Nexus 2248PQ FEX support
• Sub-interface support on 9300
• PBR support (9300, 9500)
• POAP Enhancements
• Puppet 1.0
• Secure LXC
• VM tracker for ToR
• 802.3x support
Ash3.1
6.1(2)I3(1), Q3CY14
Cisco Confidential 57 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Future Release Plans
Software - • 10G Dynamic Per-Port Break-out Support: X9636PQ
T2-Based 40GE
• FEX on N9500
• Scale up to 24 FEXes per 9500
• FEX (Straight-through) with Host A/S and Host
vPC
• New FEX models supported
• Tiburon FEX support
• VXLAN Routing (SVI Based), Ingress replication
• VXLAN Bridging/Gateway (Modular)
• VXLAN BudNode
• GRE
• IEEE 1588 PTP
• 1588 Timestamp in ERSPAN packets
• DHCP Snooping
• IPSG
• BFDv6
• Chef1.0
• XMPP
• Reserved VLAN Range
• VRRPv3 Bronte
Target: Q1CY15
Hardware - Line Card: X9612PC (12x100G)
Software - • FCoE NPV
• FastBoot on N9300
• NAT
• PVLAN
• ISSU on N9500 and N9300
• VxLAN EVPN Control Plane
• Static MPLS label pop & swap support
• IGMP Snooping on VxLAN enabled VLANs
• FEX scale increase on N9500 to 32
• FEX Pre-provisioning, Dual-Homing FEX
• FEX Support – B22-IBM, B22-Fujitsu
• Netdev
• RPM
Camden
Target: Q1CY15
Cisco Confidential 58 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modular: Nexus 9500 Line Card Types
Line Cards Ports ASICs on Line Card OS Fabric
Modules Chassis Support
X9600
X9636PQ 36p QSFP+ 3 T2 NX-OS 6 N9504, N9508
X9612PC 12p 100G (form factor TBD) 3 T2 NX-OS 6 N9504, N9508
X9500
X9564PX 48p 1/10G SFP+ and 4p QSFP+ 2 T2 & 2 ALE NX-OS, ACI 3 N9504, N9508, N9516
X9564TX 48p 1/10G-T and 4p QSFP+ 2 T2 & 2 ALE NX-OS, ACI 3 N9504, N9508, N9516
X9536PQ 36p QSFP+ (1.5:1) 2 T2 & 2 ALE NX-OS, ACI 3 N9504, N9508, N9516
X9700
X9736PQ 36p QSFP+ 2 ASE ACI 6 N9504, N9508, N9516
X9400
X9464PX 48p 1/10G SFP+ and 4p QSFP+ 1 T2 NX-OS 2 N9504, N9508, N9516
X9464TX 48p 1/10G-T and 4p QSFP+ 1 T2 NX-OS 2 N9504, N9508, N9516
X9432PQ 32p QSFP+ 2 T2 NX-OS 4 N9504, N9508, N9516
Cisco Confidential 59 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Fixed: Nexus 9300 Line Cards Ports ASICs OS RU Uplink Module
N9396PX 48p 1/10G SFP+ and 12p QSFP+ 1 T2, 1 ALE NX-OS, ACI
2 Y
N9396TX 48p 1/10G-T and 12p QSFP+ 1 T2, 1 ALE NX-OS, ACI 2 Y
N93128TX 96p 1/10G-T and 8p QSFP+ 1 T2, 1 ALE NX-OS, ACI 3 Y
N93128TX2 96p 1/10G-T and 8p QSFP+ 1 T2, 1 ALE NX-OS, ACI 2 N
N93128PX2 96p 1/10G SFP+ and 8p QSFP+ 1 T2, 1 ALE NX-OS, ACI 2 N
N9372PX 48p 1/10G SFP+ and 6p QSFP+ 1 T2, 1 ALE NX-OS, ACI 1 N
N9372TX 48p 1/10G-T and 6p QSFP+ 1 T2, 1 ALE NX-OS, ACI 1 N
N9332PQ 32p QSFP+ 1 T2, 1 ALE NX-OS, ACI 1 N
N9332PQ2 32p QSFP+ 1 T2, 1 ALE NX-OS, ACI 2 Y
N9336PQ 36p QSFP+ 2 ASE, 2 T2 ACI 2 N