Network Policy; Cisco Nexus 1000V Series Theory Of Operation; Vmware Networking Overview - Cisco Nexus 1000V Series Deployment Manual

Deployment Guide
These two components together make up the Cisco Nexus 1000V Series, with the VSM providing the management
plane and the VEM providing the data plane.

Network Policy

A unique aspect of the Cisco Nexus 1000V Series is the way network policy is defined and deployed. Today, a
network administrator would typically configure each interface on a switch one at a time. For Cisco switches, this
typically means entering configuration mode and applying a series of switch commands that define the interface
configuration.
Configuration may be manually applied to multiple interfaces on the same switch or different switches, connected to
similar types of servers. This management model requires server administrators to depend on network administrators
to reconfigure the network each time a server is brought online. This process can create unwanted delays in
deploying new servers.
In a VMware environment, server administrators are required to configure network policy, using the VMware virtual
switch (vSwitch) and port group features, to match the policy configured on the upstream physical switches. This
requirement removes a dependency on the network administrator for virtual access layer switch configuration (the
first network hop in the data center) and makes addition of a new virtual machine as simple as selecting the
appropriate predefined port group. This approach creates operational and security challenges such as policy
enforcement and troubleshooting, but it addresses many delays in deploying new virtual machines (no physical
infrastructure to configure).
The Cisco Nexus 1000V Series provides an ideal model in which network administrators define network policy that
virtualization or server administrators can use as new similar virtual machines are added to the infrastructure. Policies
defined on the Cisco Nexus 1000V Series are exported to VMware vCenter Server to be used and reused by server
administrators as new virtual machines require access to a specific network policy. This concept is implemented on
the Cisco Nexus 1000V Series using a feature called port profiles. The Cisco Nexus 1000V Series with the port
profile feature eliminates the requirement for the virtualization administrator to create or maintain vSwitch and port
group configurations on any of their VMware ESX hosts.
Port profiles create a unique collaborative model, giving server administrators the autonomy to provision new virtual
machines without waiting for network reconfigurations to be implemented in the physical network infrastructure. For
network administrators, the combination of the Cisco Nexus 1000V Series feature set and the capability to define a
port profile using the same syntax as for existing physical Cisco switches helps ensure that consistent policy is
enforced without the burden of managing individual switch ports. The Cisco Nexus 1000V Series solution also
provides a consistent network management, diagnostic, and troubleshooting interface to the network operations
team, allowing the virtual network infrastructure to be managed like the physical infrastructure.

Cisco Nexus 1000V Series Theory of Operation

This section describes the main concepts and components of the Cisco Nexus 1000V Series and how the
components interact.

VMware Networking Overview

To understand the Cisco Nexus 1000V Series, you must first understand the basics of the VMware networking model.
VMware networking consists of virtual network interface cards (vNICs) of various types, the physical NICs on the
hosts, and virtual switches to interconnect them.
Each virtual machine has one or more vNICs. These vNICs are connected to a virtual switch (such as the Cisco
Nexus 1000V Series) to provide network connectivity to the virtual machine. The guest OS sees the vNICs as
physical NICs. VMware can emulate several popular NIC types (vlance and Intel e1000), so the guest OS can use
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 25