Wednesday, 31 August 2011

Feature Comparison of the Nexus 7000 and Catalyst 6500 Series Switches

After looking at the Nexus 7000 series switches , I concluded they were a lot like the Catalyst 6500 series switches without the service modules.I reviewed the configuration guides for both devices for a comparison of what options each supported today. (These options will change in new OS versions.)
OverviewThe current focus of the Nexus 7000 is to provide high density 10Gb Ethernet switching for LAN traffic primarily in the data center. (Cisco is planning to provide unified I/O supporting SAN traffic on the Nexus 7000 in the future.) My understanding is that service modules or WAN modules in the high performance backplane of the Nexus 7000 would not be very cost effective, so that an external appliance or service layer should be used to provide these features. The NX-OS is based on the Cisco MDS 9000 SAN-OS Software, and focuses on modularity. As needed, you need to enable the features with the feature feature-name configuration command. In the NX-OS 4.1, the following features can be enabled:
feature bgp
feature cts
feature dhcp
feature dot1x
feature eigrp
feature eou
feature glbp
feature hsrp
feature interface-vlan
feature isis
feature lacp
feature msdp
feature netflow
feature ospf
feature ospfv3
feature pbr
feature pim
feature pim6
feature port-security
feature private-vlan
feature rip
feature scheduler
feature ssh
feature tacacs+
feature telnet
feature tunnel
featur udld
feature vpc
feature vrrp
feature vtp
(Some features are available through licensing, others are bundled in the base NX-OS.)
The focus of the Catalyst 6500 is for all purpose enterprise switching and routing, and it supports a multitude of interface types and service modules. The Catalyst 6500 is a work horse of switch. Typically all features in the operating system license are preloaded, and just need to be configured for your specific environment.

Option Summary of the Cisco Nexus 7000 and Catalyst 6500:

Option Nexus 7000 Catalyst 6500
Operating System NX-OS 4.0 12.2SXH
switch virtualization support VDC VSS
service module support -- yes
NSF w/ SSO yes yes
enhanced Fast Software Upgrade -- yes
sup engine redundancy yes yes
48 port 10/100/1000 Ethernet yes yes
four port 10GE linecard -- yes
eight port 10GE linecard -- yes
thirty-two port 10GE linecard yes --
T1/E1 WAN -- yes
T3/E3 WAN -- yes
HSSI -- yes
T3/E3 ATM -- yes
OC-3 ATM -- yes
OC-3 Packet over SONET -- yes
OC-12 -- yes
OC-48 -- yes
OC-192 -- yes
SONET -- yes
centralized forwarding -- yes
distributed forwarding yes yes
PoE for GE -- yes
EtherChannel/Port Channel yes yes
Multichassis EtherChannel yes yes
VLANs yes yes
private VLANs yes yes
802.1Q tunneling yes yes
Layer 2 Tunneling Protocol -- yes
RPVST yes yes
MST yes yes
MPLS -- yes
AToMPLS -- yes
FRoMPLS -- yes
EoMPLS -- yes
MPLS VPNs -- yes
iBGP and eBGP yes yes
OSPF yes yes
EIGRP yes yes
ISIS yes yes
VRRP yes yes
HSRP yes yes
GLBP yes yes
IP Multicast yes yes
IGMPv1/v2/v3 yes yes
IGMP Snooping yes yes
PIMv1/v2 yes yes
MSDP yes yes
SSM yes yes
IPv6 routing yes yes
IPv6 Multicast routing yes yes
Policy Based Routing yes yes
QoS - LLQ -- yes
NBAR -- yes
VLAN ACLs yes yes
CoPP yes yes
DHCP Snooping yes yes
IP Source Guard yes yes
Dynamic ARP Inspection yes yes
802.1X Authentication yes yes
NetFlow v8 -- yes
NetFlow v9 yes --
SPAN/RSPAN yes yes
Cisco TrustSec yes --

Sunday, 14 August 2011

Deploying the Nexus 1000V

The Cisco Nexus 1000V is, of course, a Layer 2 distributed virtual switch for VMware vSphere built on Cisco NX-OS (the same operating system that drives the physical Nexus switches). It’s compatible with all switching platforms, meaning that it doesn’t require physical Nexus switches upstream in order to work. The Nexus 1000V brings policy-based VM connectivity, network and security property mobility, and a non-disruptive operational model.
The Nexus 1000V has two components: the Virtual Supervisor Module (VSM). Interestingly enough, the slide shows that the VSM can be a virtual or physical instance of NX-OS; there has been no formal announcement of which I know that has discussed using a physical instance of NX-OS as the VSM for the Nexus 1000V. The second component is the Virtual Ethernet Module (VEM), which is a per-host switching module that resides on each ESX/ESXi host. A VSM can support up to 64 VEMs in a distributed logical switch model, meaning that all VEMs are centrally managed by the VSM. Each VEM appears as a remote line card to the VSM.
The VEM is deployed using vCenter Update Manager (VUM) and supports both ESX and ESXi. The Nexus 1000V supports both 1Gbps and 10Gbps Ethernet uplinks and works with all types of servers (everything on the HCL) and upstream switches.
The Nexus 1000V supports a feature called virtual port channel host mode (vPC-HM). This feature allows the Nexus 1000V to use two uplinks (NICs in the server) connected to two different physical switches and treat them as a single logical uplink. This does not require any upstream switch support. Multiple instances of vPC-HM can be used; for example, you could use four Gigabit Ethernet uplinks, two to each physical switches, could be used to create two different vPC-HM uplinks for redundancy and separation of traffic.
For upstream switches that support VSS or VBS, you can configure the Nexus 1000V to use all uplinks as a single logical uplink. This requires upstream switch support but provides more bandwidth across all upstream switches. Of course, users can also create multiple port channels to upstream switches for traffic separation. There are lots of flexiblity in how the Nexus 1000V can be connected to the existing network infrastructure.
These network designs can be extrapolated to six NICs (uplinks), eight NICs, and more.
One interesting statement from the presenter was that Layer 8 (the Human layer) can create more problems than Layers 1 through 7.
Next, the presenter went through the use and configuration of the Cisco Nexus 1000V in DMZ environments. Key features for this use case include private VLANs (private VLANs can span both physical and virtual systems). Network professionals can also use access-conrol lists (ACLs) and remote port mirroring (ERSPAN) improve visibility and control over the virtual networking environment.
At this point, I left the session because it was clear that this session was more about educating users on the features of the Nexus 1000V and not about best practices on how to deploy the Nexus 1000V.

Friday, 12 August 2011

Red Pill or Blue Pill

Life is a matter of choice.The most difficult thing in life is to make a right choice.We are always scared to make the choice.Life may knocks down us,but it our choice to stand up or not.I decided to stand up and fight for my existence.I started my journey towards CCIE.The choice you take today 'll reflect your tomorrow.So are you ready to make the choice????