Information About Cisco vPath Ecosystem
The Cisco vPath Ecosystem, is the Cisco vPath infrastructure solution that supports service chaining of multiple service nodes.
The Cisco Nexus 1000V for VMware vSphere with Cisco Prime Network Services Controller (Cisco Prime NSC) support service nodes such as Cisco Virtual Security Gateway (VSG), the Citrix NetScaler 1000V load balancer, the Cisco ASA 1000V, and Cisco vWAAS. Users can define service nodes first and then create a chain of defined service nodes and attach them to port profiles. In this way, Cisco vPath can direct traffic to the service nodes in the order in which the chain was defined. Additionally, from the Cisco Nexus 1000V control plane, you can use the command-line interface to enable Citrix NetScaler 1000V as a virtual service node and to provide licensing support.
Virtual Services (vServices)
Virtual Services include the various Layer 4 through Layer 7 network services such as firewalls, edge firewalls, load balancers, WAN optimization and others which are virtualized and delivered as virtual machines.
The following virtual services are supported by Cisco Nexus 1000V Series switch using the vPath:
Cisco ASA for 1000V: provides trusted security to multi-tenant virtual and cloud infrastructures at the edge. When implemented with the Cisco Nexus 1000V Switch, it provides consistent security across physical, virtual, and cloud infrastructures.
-
Cisco Virtual Security Gateway (VSG): provides trusted multitenant access with granular zone-based security policies for VMs. Cisco VSG delivers security policies across multiple servers. It supports VM mobility across physical servers for workload balancing, availability, or scale.
-
Cisco Virtual Wide Area Network Application Services (vWAAS): a WAN optimization solution, helps deliver assured application performance acceleration to IT users connected to enterprise data centers and enterprise private clouds.
-
Cisco ASA for 1000V: provides trusted security to multi-tenant virtual and cloud infrastructures at the edge. When implemented with the Cisco Nexus 1000V Switch, it provides consistent security across physical, virtual, and cloud infrastructures.
-
Citrix NetScaler 1000V: performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 to Layer 7 network traffic for web applications.
vPath
Cisco Virtual Service Data Path (vPath) is the service intelligence embedded in the Cisco Nexus 1000V Series switch.
vPath provides the forwarding plane abstraction and programmability required to implement the Layer 2 to Layer 7 network services such as segmentation firewalls, edge firewalls, load balancers, WAN optimization, and others. It is embedded in the Cisco Nexus 1000V Series switch Virtual Ethernet Module (VEM). It intercepts the traffic whether external to the virtual machine or between virtual machines and then redirects the traffic to the appropriate virtual service node (VSN) such as Cisco Virtual Security Gateway (VSG), Cisco ASA 1000V, Citrix NetScaler 1000V, or Cisco Virtual Wide Area Application Services (vWAAS) for processing. vPath uses overlay tunnels to steer the traffic to the virtual service node and the virtual service node can be either Layer 2 or Layer 3 adjacent.
The basic functions of vPath include traffic redirection to a virtual service node (VSN) and service chaining. Apart from the basic functions, vPath also includes advanced functions such as traffic off load, acceleration and others.
vPath steers traffic, whether external to the virtual machine or from a virtual machine to a virtual machine, to the virtual service node. Initial packet processing occurs in the VSN for policy evaluation and enforcement. Once the policy decision is made, the virtual service node may off-load the policy enforcement of remaining packets to vPath.
Service Chaining
A service chain is an ordered list of services applied to a packet flow or traffic. A service path identifies a forwarding path used to implement a service chain.
The vPath intercepts traffic (packets/frames) originating from a virtual machine or destined to a virtual machine and directs the traffic through the service path delivering the traffic to each service along the path. vPath thus acts as an orchestrator of the chain to deliver multiple services and PNSC enables the provisioning of service chains.
Currently vPath service chaining supports the following virtual service nodes:
-
Cisco VSG
-
Cisco ASA 1000V
-
Cisco vWAAS
-
Citrix NetScaler 1000V
The service chain can have following path configuration:
-
vWAAS -> ASA 1000V -> Citrix NetScaler 1000V -> VSG
-
ASA 1000V -> VSG
-
ASA 1000V -> Citrix NetScaler 1000V
-
ASA 1000V -> Citrix NetScaler 1000V -> VSG
-
Citrix NetScaler 1000V on N1110 -> VSG
See the Cisco vPath and vServices Reference Guide for VMware vSphere for more information.
Use-Case Example
The following figure is a use-case example of a Cisco vPath Ecosystem solution that includes the following products that you install and configure in the following sequence:
-
Cisco Nexus 1000V switch
-
Cisco Prime NSC
-
Cisco VSG and Cisco ASA 1000V
-
Citrix NetScaler 1000V
-
Cisco vWAAS
Note |
Alternate use-case solutions are also available. The Cisco Nexus Cloud Services Platform (CSP) can be a part of other use-case solutions. |