VMready - IBM Channel University

IBM Network Virtualization
Li Fei
IBM PureFlex ATS (GCG)
May 15th, 2014
1
© 2014 IBM Corporation
Agenda
 State of the industry
 IBM VMready™
 PureFlex vNIC 3 Mode
2
© 2014 IBM Corporation
Impact of Server Virtualization
Optimally utilized servers
Fluid, dynamic, just in time
server provisioning
Easier Maintenance, HA
Foundation technology for
Cloud computing
Server virtualization does not happen in isolation
3
© 2014 IBM Corporation
Server Virtualization Impact
 In addition to compute resources, each VM needs
• Network resources
• Storage resources
 Each VM is a server entity in the network
 More server entities for the same square footage of servers
 More VM servers installed than physical servers
4
© 2014 IBM Corporation
Server Virtualization Challenges in Data Center Networks
 Identify and track virtual machines in the network
 Apply per VM network configuration and policies
 Make network adaptive to the dynamic movement of VMs
 Management of large number of VMs in the network – virtual & physical
 Proliferation of unmanaged invisible virtual switches
 High bandwidth requirement to meet I/O load from VMs
 Network Engineers lack tools to troubleshoot VM traffic
5
© 2014 IBM Corporation
The Network is getting in the way of large scale
server virtualization!
6
© 2014 IBM Corporation
Agenda
 State of the industry
 IBM VMready™
 PureFlex vNIC 3 Mode
7
© 2014 IBM Corporation
Challenges in Virtualization-Unaware Networks
Cannot identify and track virtual machines (VM) in the network
Cannot manage VM network configuration and policies
Cannot adapt to the live migration of VMs
No VM troubleshooting information
Network administrators are blind to VMs
but are expected to provide connectivity and troubleshooting
of VMs in the network
VMready:
Hypervisor-independent
Easily deployable
Makes the network VM-aware
8
© 2014 IBM Corporation
Physical Data Center Networking
Server
Server
Server
10G
10G
10G
physical ports
10’s of Physical ports
Traditional Switches
One OS per server
• Remember when life was simple(r)?
• Port based network configuration for servers
• One Port – One network configuration
Multiple VMs per server – life gets complicated
• Port based network configuration does not work for VMs
• Can’t separate VM traffic, can’t manage
• VM mobility causes connectivity issues and security risks
9
© 2014 IBM Corporation
VMready – Virtual Machine aware networking
Server
Server
Server
10G
10G
10G
v-ports
1000’s of Virtual ports
VM-Aware Switches
Virtual ports are the new switching unit
• Fully aware of Virtual Machines
• Configuration per virtual port
• Automated Network mobility
• Configuration follows Virtual Machines in real-time
• Enables Multi-Tenancy
10
© 2014 IBM Corporation
VMready Integration with VMware vCenter
Virtual
Machine 1
G1
G2
Virtual
Machine
3
Virtual
Machine
2
Virtual
Machine
4
Virtual Switch
Virtual Switch
ESX 1 hypervisor
ESX 2 hypervisor
VM1, VM3
IBM VMready Switch
VM2, VM4
vCenter server
 Integrates with VMware vCenter
Seamless management of
physical switch and
VMware vSwitch
 Automatically creates port groups on ESX vSwitches
 Ensures VM network settings are consistent across virtual and physical networks
 Single pane of management of VMware vSwitches from IBM physical switches
11
© 2014 IBM Corporation
VMready功能全景(一)
虚端口
普通交换机只明白物理端口和物理服务器
• 控制基于每个物理端口/物理服务器
• 配置基于每个物理端口/物理服务器
12
VMReady™ 交换机明白”v-ports“
• v-ports: v-NICs, vHBAs, MQ-NIC
• 控制基于每个v-ports
• 配置基于每个v-ports
© 2014 IBM Corporation
VMready功能全景(二)
1.
2.
3.
对每一个虚机或虚机组建立一个虚端口，端口的配置包括VLANs, ACLs, QoS 等.
虚端口配置通过API与 vSwitches同步(VMware环境)
当虚机迁移时，其虚端口随之迁移即实施nMotion
•
虚机始终保持其原有的通信和安全状态
VM 1
VM 2
VM X
Virtual Switch
2
Virtual Switch
Virtual port
VLAN 100
ACL filters
TX/RX limits
Virtual port
VLAN 100
ACL filters
TX/RX limits
1
VMready Switch
13
2
3
VMready Switch
© 2014 IBM Corporation
VMready功能全景(三)
实现数据中心范围内的虚机感知网络
vSwitch
vSwitch
Policy
Policy
VI A
Browser
SNEM
BHM
DB
Central Policy DB
- Domain Definitions
- Switches
- Hypervisors
- VM Groups
- VM Groups
- Port Group
- VLAN
- Virtual Machines
- Etc
14
PI
VM Mgmt Server
(eg. VMWare vCenter)
vSwitch
Policies
Switch
Switch
Policy
Policy
ESX Hosts
ESX Hosts
SNMP
SSH/CLI
B
B
SP
L/A
SP
L/A
MB
MB
A
MS
Stacking
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
10101
Reset
Mgmt
A
MS
Stacking
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
10101
Reset
Mgmt
© 2014 IBM Corporation
VMready领先地位
 第一个为服务器虚拟化提供网络虚拟化解决方案
• 2009年2月VMready第一代和第二代产品发布
• 2010年8月VMready第三代产品发布
 唯一提供基于交换机(Switch-based)的网络虚拟化解决方案
 功能全部在交换机实现
• 不需要额外的服务器
• 不在Hypervisor上安装任何软件
 支持所有虚拟化软件—即VMready是中性的
VMware, Hyper-v, Xen, PowerVM, Oracle…
 支持Vmready的IBM交换机有：所有的机架交换机、所有的Flex System
交换机，所有带有万兆端口的BladeCenter交换模块
15
© 2014 IBM Corporation
VMready功能概述







发现虚机（discover VMs）
对虚机进行分组（grouping VMs）
通过组对VM进行策略控制：VLAN,ACL,QoS
当VM进迁移时，策略随之迁移，动态同步，实现一次配置，永远生效
与VMware VI-API集成，实现集中管理物理交换机和vSwitches
对虚机进行临控和统计
与IBM 网管软件SNEM结合
• 实现集中的数据库—存储、管理VM配置
• 实现数据中心范围内的部署
 实现整个数据中心虚机感知网络
16
© 2014 IBM Corporation
VMready作用
 使网络中的VMs可视化，以便管理员对虚机进行不同水平的配置和监视
• 提供对虚机可视化
• 提供对Hypervisor/Host可视化
 对VMs进行管理
• 也可对单个VM进行一些特殊管理如QoS
 由于与VMware VI-API进行集成
• 管理员只在物理交换机上配置，使物理交换机与vSwitch统一
• 减少工作负担
• 避免手工操作上的失误
17
© 2014 IBM Corporation
Agenda
 State of the industry
 IBM VMready™
 PureFlex vNIC 3 Modes
18
© 2014 IBM Corporation
IBM System Networking - Bringing speed and intelligence to the edge of the network™
Legacy Adapter&Virtual Fabric Architecture
Traditional Networking
Production Network
DMZ VM Network
Console Network
Vmotion Network
Emulex
Virtual Fabric Adapter
10GbE Pipe
5Gbps
Production Network
3.9Gbps
100Mbps
1Gbps
DMZ VM Network
5Gbps
Console Network
3.9Gbps
Vmotion Network
100Mbps
1Gbps
19
19
© 2014 IBM Corporation
vNIC1 (Virtual Fabric Mode)
with and without FCoE
© 2014 IBM Corporation
vNIC1 – Virtual Fabric Mode
Available on; EN4093, CN4093, G8124, G8264/T, G8264CS (Switch aware)
xNode 1
LoM or CN4054
pNode 3
CN4058
xNode 4
LoM or CN4054
vNIC 1-4
pNIC
pNIC
pNIC
pNIC
vNIC 1-4
vNIC Switch Port
INTA
INTB
INTA
INTB
vNIC Switch Port
vNIC Group 1
Uplink Port(s)
21
pNode 2
CN4058
FCoE VLAN
1001/1002
Uplink Port(s)
vNIC Group 3
vNIC Group 4
Uplink Port(s)
Uplink Port(s)
© 2014 IBM Corporation
vNIC1 – Pro’s and Con’s
Pros:
•
•
•
•
•
Provides multiple vNIC’s to INTEL Nodes
Works with pNodes in pNIC Mode only
Ease of Management with VLAN Agnostic
Mode (EasyConnect)
Bandwidth and vNIC’s managed on the Switch
Works with FCoE and FIPS Snooping
Switch
Switch
EN/CN4093
EN/CN4093
Cons:
•
•
•
•
Can only work in Dedicate Uplink Mode
Requires separate uplink or Port Channel for
each vNIC Group (Cable Management
nightmare)
Does not work with vLAG
Forces separate uplink for FCoE (VLAN 1001
(SAN A) / 1002 (SAN B) recommended)
Node
Chassis
Summary:
•
22
Not the best option if you’re looking for cable
consolidation
© 2014 IBM Corporation
vNIC2 (Switch Independent Mode)
with and without FCoE
© 2014 IBM Corporation
vNIC2 – Switch Independent Mode
Available on; All Switch Modules supported (Switch unaware)
xNode 1
LoM or CN4054
pNode 2
CN4058
pNode 3
CN4058
xNode 4
LoM or CN4054
vNIC 1-4
Legacy NIC
Legacy NIC
vNIC 1-4
Legacy Switch Port
Legacy Switch Port
Legacy Switch Port
Uplink Port(s)
24
Legacy Switch Port
FCoE Support
© 2014 IBM Corporation
vNIC2 – Pro’s and Con’s
Pros:
•
•
•
•
•
•
Provides multiple vNIC’s to INTEL Nodes
Works with pNodes in pNIC Mode only
Works with Layer 2/3 Switch and EasyConnect
Modes
Works with vLAG across Switches (if supported)
Works with FCoE and FIPS Snooping
Works with IBM and non-IBM Switches
•
Switch
SI/EN/CN4093
Cons:
•
Switch
vNIC’s managed from the host, requires reboot
to make changes to vNIC including bandwidth
manipulation
Bandwidth guaranteed only on transmit
SI/EN/CN4093
Node
Summary:
•
25
Probably the not the best option as vNIC’s have
to be managed through the uEFI and no current
option to make changes on the fly
Chassis
© 2014 IBM Corporation
UFP (Unified Fabric Port) Mode
with and without FCoE
© 2014 IBM Corporation
Switch Characteristics of UFP Virtual Ports
 Virtual ports (vports) are accessed and displayed in the switch as
PORT.VPORT (i.e. INTA2.1 or INTA2.2) where the VPORT is .1 thru .4
 vPorts can be defined as one of 4 modes:
• Access Port – the vPort is configured with no VLAN tagging and can only carry a
single default PVID VLAN
- The default VLAN for all vPorts on the same physical port must be unique
• Trunk Port – the vPort can carry multiple tagged VLANs and must be added as
members to the appropriate VLANs
- The default VLAN must be unique across all vPorts on the same physical port
- Trunk vPorts unique VLAN memberships (i.e. cannot have VLAN 10 on vport INTA2.1 and
INTA2.2)
• Tunnel Port (EasyConnect) – the vPort is a Q-in-Q tunnel
- The default tunnel VLAN must be unique across all vPorts on the same physical port
- A Q-in-Q tunnel must be created thru the switch (i.e. 4091-4094 as an example)
• FCOE – Carries FCOE traffic
- Only vPort 2 can be assigned as FCOE, this is an Emulex NIC hardware/firmware restriction
(vport .2 can be configured as modes other than FCOE)
27
Note: the UFP vports (intA1.1 --intA1.4) default vlans MUST be unique and different than the switch default©vlan
2014 IBM Corporation
UFP (vPort with Tunnel, Access and Trunk Mode options)
Available on; EN4093 and CN4093
xNode 1
pNode 2
xNode N
UFP NIC
pNIC
pNIC
pNIC
pNIC
UFP NIC
UFP Switch Port
INTA
INTB
INTA
INTB
UFP Switch Port
Trunk Mode
MGMT/vMotion
Access Mode
FCoE VLAN
1001/1002
Uplink Port(s)
28
pNode 3
Access Mode
Backup
…
Tunnel Mode
(Easy-Connect)
VM Data
Uplink Port(s)
© 2014 IBM Corporation
UFP – Pro’s and Con’s
Pros:
•
•
•
•
•
•
Provides multiple vNIC’s to INTEL Nodes
Works with pNodes in pNIC Mode only
Works in Layer 2/3 and EasyConnect Mode
Works with vLAG for Active/Active and
Active/Passive (choice)
Works with FCoE and FIPS Snooping
Overcomes vNIC1/vNIC2 limitation of only
one vNIC group per uplink or port channel
Management of vPorts with vLAG consists of
an understanding of how it all works to
properly design and configure access, trunk
and tunnel modes
Summary:
• Best option if vNIC’s is a requirement
• Provides for the greatest flexibility across
both the EN4093 and CN4093
29
SAN B
ToR Switch
ToR Switch
LACP
CN4093
Cons:
•
SAN A
CN4093
Node
Chassis
© 2014 IBM Corporation
Feature Description
Platform
UFP
vNIC
Support for 4K Inner VLAN’s on each vNIC
Yes
(Configure vNIC mode in “tunnel” mode)
Yes
Switching based on outer VLAN
Yes
(Configure vNIC mode in “tunnel” mode)
Yes
Configure Inner VLAN on vNIC
Yes
(Configure vNIC mode in “802.1q-trunk” mode)
No
Switching based on Inner VLAN
Yes
No
Uplink shared by vNICs within a physical port
Yes
No
Sharing unused bandwidth across vNICs
Yes
No
vNIC association with ETS traffic class
Yes
No
Special multicast traffic class
Yes
No
Shaping
(Better since it smooth out traffic flow)
Policing
(Drop packets during burst)
vNIC bandwidth Min/Max separate control
Yes
No
Access list for customer VLAN
Yes
No
Support for FCoE on one vNIC
Yes
Yes (CEE only)
vNIC bandwidth control mode
Inner VLAN = Customer VLAN (a VLAN that will be defined by the customer)
Outer VLAN = Q-n-Q VLAN (a VLAN created to tunnel inner VLAN’s through the Switch
30
© 2014 IBM Corporation
SPAR (Switch Partitioning)
with and without FCoE
© 2014 IBM Corporation
SPAR (Local Domain (Layer 2/3 Switch Mode))
Available on; SI4093, EN4093 and CN4093
xNode 1
LoM or CN4054
pNode 2
CN4058
pNode 3
CN4058
xNode 4
LoM or CN4054
vNIC2 1-4
pNIC
pNIC
pNIC
Legacy Switch Port
Legacy Switch Port
Legacy Switch Port
VLAN
200
32
VLAN
200
FCoE
VLAN
VLAN
100
Legacy Switch Port
FCoE
VLAN
VLAN
100
SPAR 1
SPAR 2
Uplink Port(s)
Uplink Port(s)
© 2014 IBM Corporation
SPAR (Pass-Through Domain (EasyConnect))
Available on; SI4093, EN4093 and CN4093
Note: SI4093 default configuration is using SPAR 1 on ALL Ports
xNode 1
LoM or CN4054
pNode 2
CN4058
pNode 3
CN4058
xNode 4
LoM or CN4054
vNIC2 1-4
pNIC
pNIC
pNIC
Legacy Switch Port
33
Legacy Switch Port
Legacy Switch Port
Legacy Switch Port
VLAN Agnostic
Supports FCoE
VLAN Agnostic
Supports FCoE
SPAR 1
SPAR 2
Uplink Port(s)
Uplink Port(s)
© 2014 IBM Corporation
SPAR – Pro’s and Con’s
Pros:
•
•
•
•
•
•
Provides for separation of Partitions when
wanting Layer 2 separate of SAME VLAN’s
within Same Switch. Example includes Multi
Tenant environments for securing between
layer 2 broadcast domains.
Simple to no configuration required
No Spanning Tree support
LACP with loop protection support
Support both pNIC and vNIC2
Up to 8 SPARS per Switch Supported
Switch
Switch
SI/EN/CN4093
SI/EN/CN4093
Cons:
•
•
No vLAG Support
Single uplink port or Port Channel for each
domain only
Summary:
•
•
34
Best option for customers looking for a plug
in play Switch (i.e. SI4093 in Pass-Through
domain)
Best option with customers looking for multi
tenant solution where same VLAN’s span
across multiple customers/domains.
Node
Chassis
© 2014 IBM Corporation
Thank you!
Li Fei
IBM PureFlex ATS (GCG)
35
© 2014 IBM Corporation

Download Report