Cisco on Nexus 1000V features

Posted by Staff   |   Thursday, February 5th, 2009

One of the biggest enhancements expected with the next version of VMware Infrastructure (possibly called vSphere 4.0) is the new pluggable virtual infrastructure, which will allow customers to replace the standard VMNet virtual switch with 3rd party software switches.

The first company to offer such product will be Cisco, which announced the Nexus 1000V at VMworld 2008 last September.

After seeing the virtual switch command line for in action and its architectural diagram, we now have extensive details about its features, thanks to an exclusive interview with Paul Fazzone, Product Manager of Nexus 1000V at Cisco.

Fazzone also provided a key information about the release date of the virtual switch: H1 2009.

This date makes very likely that both ESX 4 and Nexus 1000V will be released at the imminent VMworld Europe 2009 in Cannes. Why a virtual infrastructure administrator should consider deploying the new Nexus 1000V? Isn’t the VMware virtual networking good enough? What features this new product can bring in?

Paul Fazzone: There are 3 key benefits to the Cisco Nexus 1000V with VN-Link (Virtual Network Link) capabilities. They are as follows:

  • Policy-Based VM Connectivity: allows network properties to be defined in the network (including switch, NIC and trunk configs), applied to the VM via Virtual Center and enforced throughout the VM’s lifecycle (even through vMotion).

    VI Admin Benefits:

    • Accelerate & Simplify deployment of new ESX hosts
    • Ensure proper connectivity & networking safeguards are in place
  • Mobility of Network & Security Properties: VMs need to move (vMotion, DRS, SW Upgrade, etc). The Cisco Nexus 1000V solution provides vMotion for the network properties and connection state ensuring continuous operational insight and security policy enforcement.

    VI Admin Benefits:

    • Prevent ESX host/network configuration discrepancies from impacting vMotion
    • Gain consistent visibility into VM-level I/O even during vMotion
    • Secure I/O to VMs located in the DMZ
  • Non-Disruptive Operational Model: The Cisco Nexus 1000V brings enterprise and service provider class networking capability to the virtual network access layer without disrupting the virtual infrastructure administrator’s regular workflow.

    VI Admin Benefits:

    • VM workflow doesn’t change
    • ESX vSwitch configuration & management responsibility offloaded
    • Data Center operations teams equipped to respond quickly to applications issues

In addition to the key benefits mentioned above, the Cisco Nexus 1000V introduces many new networking and security features to the virtual network access layer. These features include:

  • Switching Features
    • L2 Forwarding
    • VLAN Segmentation
    • IEEE 802.1Q VLAN Tagging/Trunking
    • Port state follows VM (Network VMotion)
    • Tx Rate Limiting
    • Rx Rate Limiting
    • NIC Teaming/Port Channels
    • Asymmetric Port Channel
    • Multicast –IGMP Snooping
    • Security Features
    • Private VLAN (Isolated, Community, Promiscuous Trunks)
    • Access Control Lists (ACLs)
    • Port Security
    • DHCP Snooping
    • IP Source Guard
    • Dynamic ARP Inspection
  • Management Features
    • Virtual Center Support
    • Standard network command line interface (CLI)
    • Consistent networking features with physical network
    • Port Profiles
    • Port Profiles with Inheritance
    • SPAN – Port Mirroring
    • ERSPAN – Remote Port Mirroring across L3 boundaries
    • Netflow v5
    • Netflow v9
    • XML API
    • SNMP v3 Read/Write
    • CDP v1
    • CDP v2
    • Syslog
  • System Features
    • High Availability with Active/Standby Supervisor
    • SSH/Telnet

The Cisco Nexus 1000V enables a network management & operations model at the virtual network access layer that is consistent with the overall data center network infrastructure (physical network switches & routers). This enables customers to more easily integrate virtual machine environments into the existing data center infrastructures.

VI: How the Nexus 1000V will be deployed? Is it a virtual appliance, a core component of the ESX 4 kernel, or a piece of software that must be installed on a dedicated physical server?

PF: There are 2 architectural components to the Cisco Nexus 1000V. The first is the Virtual Ethernet Module (VEM), a Cisco developed offering of the VMware vSwitch. The Cisco Nexus 1000V VEM runs in each ESX host as an embedded kernel module and performs local switching and network services, policy enforcement and statistics gathering for the individual virtual machine interfaces. The VEM operates at the same layer as the VMware vSwitch and is compatible will all servers and NICs listed in the VMware Hardware Compatibility List (HCL).

The second component of the Cisco Nexus 1000V is the Virtual Supervisor Module (VSM), which is the management interface for the solution. The VSM is a version of the Cisco NX-OS data center operating system, which will be available as a virtual appliance and available for download from The VSM is responsible for network configuration of the VEMs, communication with VMware’s vCenter and management of up to 64 separate ESX hosts (from a networking perspective). The VSM will also be available from Cisco pre-packaged as a physical appliance so that customers have a choice of running it on their own hardware or Cisco supported hardware.

VI: Will it work with ESXi 4.0 or just with the “traditional” version of ESX?

PF: The Cisco Nexus 1000V will work on future versions of both embedded (ESXi) and traditional versions of ESX.

VI: How virtual infrastructure administrators can manage it? Is it going to have just a command line interface (CLI) reachable by TCP/IP? Or is it going to also have a web GUI? Its control panel is going to be integrated with vCenter?

PF: With the Cisco Nexus 1000V, the virtual machine workflow and lifecycle don’t change inside of vCenter. The virtual infrastructure administrator is still in charge of VM creation and management. As part of that VM creation, the VI administrator is still responsible for applying Port Groups to the individual VM VNICs. The main difference the VI administrator will see with the Cisco Nexus 1000V deployed is that the vSwitches, physical NICs and port groups for a given ESX host are automatically configured to work with the upstream network. A library of available port groups is automatically displayed inside of vCenter and the VI administrator can apply them to the VMs to meet their business needs. The application of these port groups automatically triggers the Cisco Nexus 1000V to provide the appropriate network services to a specific VM VNIC. Managed as a traditional network device, the Cisco Nexus 1000V supports the Cisco NX-OS CLI. The Cisco NX-OS operating system also supports a full XML API along with SNMP read/write capabilities so that the Nexus 1000V can be easily integrated with existing data center management solutions.

VI: Is the Nexus 1000V feature-set limited compared to its “physical” counterparts? If so what capabilities are missing?

PF: The feature set for the Cisco Nexus 1000V is very data center focused and has been modeled after products like the Catalyst 4900 and 6500 series switches. The features supported are key requirements for enterprise and service provider customers alike. The feature set has also been enhanced from a traditional “physical” network platform to address key requirements only found in a VM environment like mobility and dynamic provisioning.

VI: How Cisco will be able to guarantee a certain level of performance for this virtual switch? We know that in a virtual infrastructure the performance of any virtual machine can be impacted by the others if there is no resource reservation in place.

PF: The VM kernel has guaranteed CPU and memory available to it. Since the N1K runs in the VM kernel, and the VM kernel controls memory and CPU allocation to the individual VMs, the Cisco Nexus 1000V is safeguarded from being starved from resources. The case is the same with the VMware vSwitch.

VI: How the product will be update? Administrators will be able to use the VMware Update Manager (VUM) or Cisco will provide a new virtual appliance image?

PF: The Cisco Nexus 1000V Virtual Ethernet Module (VEM) inside of the ESX host will be upgradeable using either VMware Update Manager (VUM) or directly through the console. The Cisco Nexus 1000V Virtual Supervisor Module (VSM) will be upgraded like a traditional network device supporting High Availability and Stateful Switchover between 2 VSMs.

VI: Who will sell the product? Cisco or VMware? Will VMware be able to bundle it with VI4? Who will provide the support? Can you give us an idea of the price range and the licensing model?

PF: The product will be sold and supported by Cisco and it’s channel partners. Given the overwhelming interest in the Cisco Nexus 1000V from customers, we are exploring additional channels for the product as well. Information on these additional channels along with pricing and licensing information for the Cisco Nexus 1000V will be announced at product availability.

VI: When the product will be available?

PF: The Cisco Nexus 1000V is targeted for release in the 1 half of 2009 in conjunction with an updated version of VMware’s ESX software.

VI: Is Cisco working with other virtualization vendors (namely Citrix and Microsoft) to bring the Nexus 1000V on other hypervisors?

PF: Cisco does not comment on products that have not been announced. While the Cisco Nexus 1000V architecture has been developed in a hypervisor agnostic manner, the initial product will only offer support for VMware ESX environments.