Virtualization management: What you need to know about the Nexus 1000v

Cisco's Nexus 1000v platform gives network administrators some familiar tools to oversee virtual networks.

With the increased use of virtualization, Cisco Systems Inc.'s Nexus 1000v virtual switch (or N1KV, as it's known) is becoming more important in enterprise data centers. Virtualization hypervisors, such as Microsoft Corp.'s Hyper-V or VMware Inc.'s vSphere, virtualized the network with products that spanned virtual switches, virtual network connections and virtual network interfaces (on the virtual machines).

The growth of network virtualization -- and the subsequent increase in network control -- has been a boon for virtualization admins (many of whom were server admins), but it has been a detriment to network admins who lose some control when servers are virtualized.

The Cisco Nexus 1000v, then, was engineered to take the place of the virtual switches used by default in your virtualization management platform. What's more, the software provides a number of benefits to both server admins and network admins, whether you use Hyper-V or vSphere.

Here are some key must-knows about the Cisco Nexus 1000v.

How it helps

Many traditional server admins, who are now VMware or Hyper-V admins, may be turned off by a Cisco product, in essence saying that anything Cisco is the job of the network admin. That's okay; the Cisco Nexus 1000v is most beneficial to the network admin anyway. When the virtualization layer was put in, it was the network admins who lost their familiar Cisco IOS interface and access to physical switch features such as those that managed security, Quality of Service (QoS) policies and port channels.

For network admins, the ability to regain those features, as well as manage more efficiently the virtual network, is invaluable.

Engineered to be more than a virtual switch

While the Nexus 1000v offers traditional switch features and a common management solution, it's much more than just a virtual switch. The N1KV also provides insight into the virtual infrastructure as well as integration within it. It offers such features as policy-based virtual machine connectivity, mobility of virtual machine security and network properties, all under the umbrella of a non-disruptive operational model.

Want to learn more about the Nexus 1000V?

Cisco Nexus 1000V community

Cisco Nexus 1000V video training by VCDX Jason Nashfrom TrainSignal

VMware's Cisco Nexus 1000V information page

Cisco Nexus 1000V demonstrationon YouTube

Cisco Nexus 1000V documentation

In addition, the Nexus 1000v's policy-based virtual machine connectivity provides port profiles that allow you to define, per virtual machine, features -- such as vMotion -- that follow the virtual machines as they move from host to host. These port profiles are applied through vCenter, VMware's management app. Port profiles are scalable mechanisms for configuring networking policies for a large number of virtual machines. When using port profiles with QoS and security policies, you can provide a complete service-level agreement (SLA) for the virtual machine's traffic.

With the mobility feature of the N1KV, the policies defined and the virtual machine network state will follow the virtual machines as they move from one server to another. That VM network state includes the statistics for the VM network interface and traffic monitoring (if in use) will continue when the VM moves.

The intelligent traffic-steering feature redirects packets in a network flow to a virtual service virtual machine called a virtual service node (VSN), which makes traffic flow decisions that can accelerate the network traffic.

Meanwhile, the N1KV offers the Cisco Virtual Service Gateway (VSG), which provides multi-tenant, scalable security services for virtual machines linked by the Nexus 1000v software.

Finally, the N1KV allows virtualization administrators to continue using VMware tools to provision virtual machines. At the same time, network administrators can provision and operate the virtual machine network the same way they do on the physical network.

Router or switch? Hardware or software?

With Cisco being known for its router hardware, it's easy to get confused about what the N1KV really is. The Nexus 1000v is a switch (not a router) and it doesn't even provide Layer 3 switching. Essentially, it replaces the VMware vSwitch or Microsoft virtual switch with an advanced Cisco IOS-based switch.

The Nexus 1000v is 100% software and it's deployed as a virtual appliance. There is, however, a hardware option that can be used. The Cisco Nexus 1010 virtual service appliance is a physical box that runs the virtual supervisor module (VSM) management piece of the Nexus 1000v.

Basic architecture

Similar in concept to large enterprise-grade physical switches, the Nexus 1000v is comprised of two pieces:

  • VSM -- the virtual supervisor module is a virtual appliance running NX-OS. It talks to vCenter and provides management, monitoring and configuration of the N1KV virtual Ethernet module (VEM).
  • VEM -- the virtual Ethernet module runs on each virtual host and connects the virtual machines together, based on the policies the VSM dictates.

Nexus 1000v
Figure 1

Understanding the requirements

The N1KV isn't for everyone. The Nexus 1000v VSM requires VMware vSphere Enterprise Plus Version 4.0 or later, 3 GB of hard disk and 2 GB of RAM, along with a virtual CPU at 1 GHz. It can be deployed as a virtual machine on VMware ESX 3.5 or 4. The Nexus 1000v VEM requires VMware vSphere Enterprise Plus version 4.0 or later, 6.5 MB of hard disk space and 150 MB of RAM.

Note: As of April 2013, the Hyper-V edition of the Nexus 1000V is in beta; its requirements are not yet final.

So who needs it?

While any data center could exploit the features of the N1KV, the shops that will get the most benefits are those that already employ Cisco gear. Through the use of the N1KV, these network admins will be able to take the physical switch features with which they are already familiar and bring them to their virtual infrastructure.

One caveat: The N1KV requires VMware vSphere Enterprise Plus -- the highest (and most expensive) version of vSphere available. It's more likely, then, that large data centers and companies willing to make a large investment in their virtual infrastructures will use the Nexus 1000v.

Choosing among editions

With the release of N1KV version 2.1 last fall, Cisco began offering two editions -- Essential and Advanced.

The free Essential Edition provides all essential layer 2 switching features and integration with the virtual infrastructure. This includes VXLAN, Cisco vPath, VMware vCloud Director integration and a vCenter plugin.

The Advanced Edition is the commercial product. It provides the Cisco virtual security gateway (VSG), a virtual firewall, logical trust zones between applications and such advanced features as Dynamic Host Configuration Protocol snooping, IP source guard, Dynamic Address Resolution Protocol (ARP) inspection and Cisco TrustSec security group access (SGA).

Prospective customers can download either the free version or an evaluation copy of the commercial version.

So how much will it cost?

The Essentials Edition, as noted above, is completely free. The Advanced Edition is $695 per processor (suggested retail). There is also a vSphere Enterprise Plus and Cisco Nexus 1000v bundle, available for $3895 per processor. Keep in mind that if you just purchase N1KV by itself, you'll also need VMware vSphere Enterprise (or the Windows 2012 Hyper-V edition, now in beta).

Learn more about buying the bundled version of the N1KV and vSphere Enterprise Plus here.

And what are the limitations I should be aware of?

Every product has its limitations. For the N1KV, a few of them are:

  • Maximum number of virtual supervisor modules: 2
  • Maximum number of virtual Ethernet modules: 64
  • Maximum number of vCenter connections per VSM:1

Additional information about configuration limitations can be found here.

About the author
David Davis is the author of the best-selling VMware vSphere video training library from Train Signal. He has written hundreds of virtualization articles on the Web, is a vExpert, VCP, VCAP-DCA, and CCIE #9369 with more than 18 years of enterprise IT experience. His personal website is VMwareVideos.com.

This was last published in April 2013

Dig Deeper on Network virtualization technology