Introduction to Cisco VN-Link NETWORK SERVICE

This article mainly to give you detailed Cisco VN-LINK network services, so how to solve the network challenges of virtualization? How can we enhance the security of VMS? This article provides detailed answers.

Cisco is working with VMware to launch the next-generation server virtualization network technology. Cisco®By integrating hypervisor, VM, network, and storage, VN-Link improves the mobility of virtual machines (VMS. Cisco VN-Link provides a configuration mode that is closely coupled with VMware Virtual Center and based on collaboration policies. It adopts a flexible and unified data Center management mode, supports scalable, mobile, and highly secure VM deployment.

Solve the network challenges of server virtualization

Server virtualization is a daunting challenge for servers and network administrators. After server virtualization is deployed, because each administrative program contains one or more vswitches, the network edge or access layer is automatically extended to the server itself. This extension not only greatly increases the number of switches to be managed, but also transfers the management tasks at the edge of the network from the network administrator to the server administrator. This change requires the server administrator to undertake network design, configuration, VLAN creation, application security, monitoring, and troubleshooting. In view of these responsibilities added at the server level, and the visibility of network administrators no longer exists, risks such as accidental configuration errors, network environment creation, security vulnerabilities, and slow problem resolution in the server virtual environment increase. With Cisco VN-Link, Cisco is a brand new network technology for server virtualization environments, helping you solve these problems.

Cisco VN-Link provides real-time and coordinated network and security service configurations, which are consistent throughout the lifecycle of the VM environment. Cisco VN-Link also uses a VM-centric management model that allows server administrators to use their existing tools and operational workflows when deploying new applications.

Cisco VN-Link uses two independent deployment modes: one software virtual switch, that is, Cisco Nexus™5000 V software switch, and a hardware-based solution, Cisco Nexus series switch.

Cisco Nexus 1000V switches use cisco NX-OS software designed to replace basic switches with VMware ESX. Cisco Nexus 1000V provides a rich set of VM management features that are tightly coupled with the VMware ESX kernel. The Cisco Nexus 1000V is applicable to 1-Gbps and 10-Gbps architectures and must be integrated with existing network infrastructure.

Cisco Nexus 5000 series switches support Cisco VN-Link, which uses a new packet labeling technology to virtualize network interfaces through the hardware of upstream switches. This solution inserts a small identification mark for each packet sent by the VM. Packet traffic is then transmitted to the Cisco Nexus 5000 switch for network processing by bypassing the virtual switch in the hypervisor. The tag determines the network policy applied and forwards data packets accordingly. This hardware-based approach reduces the CPU load on the server platform and simplifies management by removing the virtual network from the hypervisor.

Collaborative VM deployment

With the advent of software-based switches and other server-centric network connection options, in many cases, the network access layer is configured and maintained by the server administrator. Before a problem occurs, the network administrator sometimes does not even know that a vswitch exists in their environment. The transfer of this management responsibility allows you to quickly deploy or re-allocate server resources through server operations without network operations, thus saving important management and operation kits for running data centers. This can improve the operational efficiency in the process.

The core of Cisco VN-Link is a Cisco NX-OS feature called Port profile. The port profile is a series of network attributes, such as VLAN allocation, QoS parameters, access control list (ACL) configurations, and other network features that were previously applied to specific network interfaces. Different from the traditional network configurations that require configuring different ports, the port configuration can be deployed on a group of ports at the same time.

In a Virtual server environment, the port profile is integrated and distributed to each hypervisor through APIS, and is provided to the server administrator as a Virtual Center port group in the hypervisor's VM management tool VMware Virtual Center. When deploying a new VM, the server administrator only needs to use the Virtual Center to select the correct port profile, and Cisco VN-Link can automatically configure the appropriate network connection and Policies for the network layer.

With Cisco VN-Link technology, network administrators can use available network properties to define network policies. server administrators can select corresponding port profiles for the applications they deploy. In this way, the network administrator can allocate and manage networks in a consistent manner, while allowing the server administrator to flexibly and quickly deploy VMS. In short, Cisco VN-Link enables you to define and deploy consistent network and security policies, and provide networks, servers, security, and operations for different functional groups in your organization) retain autonomy.

Enhanced VM Security

The virtual environment brings about new security issues. Compared with hardware switches, vswitches have relatively limited security features. In addition, the change in the relationship between the server and the network administrator also makes it possible for personnel to bypass security features, violate internal security practices or regulatory requirements. Due to these problems, many organizations may limit the types of virtualized applications, or isolate virtualized applications to ensure operational security at the expense of service efficiency.

Cisco VN-Link integrates data center-level network security and operation isolation technology to meet the security requirements of today's virtual server environment. Cisco Nexus 1000 and Nexus 5000 series switches support role-based access control (RBAC) and authentication, authorization, and accounting (AAA) functions to help ensure that correct change control is implemented and reviewed. The integration of RBAC, AAA, and Cisco VN-Link provides operation isolation between servers and network administrators, so that security policies can be implemented without affecting the server administrator's quick deployment of VM flexibility. Cisco VN-Link also supports ACL and dedicated VLAN, enabling server administrators to virtualize all new application sets without deploying dedicated physical servers for security considerations.

Consistent Operations and Maintenance

The traditional Virtual Switch deployment is maintained by the server administrator. The network administrator has almost or no knowledge of the virtual access layer configuration. When a problem occurs, the Network Administrator does not use the tools required to diagnose the problem. This is because the existing vswitch lacks basic troubleshooting features, such as port counters and Switch Port Analyzer (SPAN) functions, there is no simple command line interface. This forces the server administrator to troubleshoot network problems on his own and often prolong the downtime caused by problematic applications.

With Cisco VN-Link, network administrators have a set of unified troubleshooting tools to quickly diagnose and solve Network Problems in server virtualization environments. They can also use cisco NX-OS's advanced diagnostic capabilities. For example, the encapsulated remote SPAN (ERSPAN) enables the network administrator to mirror the traffic of a VM to a data packet analyzer located elsewhere in the network, so as to analyze the traffic between VMS in detail on the server, this is not visible in the physical network. By combining basic and advanced troubleshooting tools with Cisco error correction tools, Cisco NX-Link increases the visibility of the virtual network access layer and helps reduce application downtime.

Summary

As server virtualization deployment continues to expand, server administrators are faced with new and challenging management modes and technical responsibilities handed over to them. The added Network workload will delay application deployment and fault recovery. Cisco VN-Link delivers network deployment and management tasks back to network experts and creates a collaborative management mode that allows server administrators to quickly deploy VMS.

Cisco VN-Link provides a new virtual server deployment model that allows server administrators to quickly configure applications without relying on network administrators. With a more flexible virtual data center, they can quickly respond to changing business needs. In addition, enhanced VM Security can help achieve higher application integration and lower investment and operation expenses.