Cisco vPath Ecosystem, Release 2.5.1a
Overview
Downloads: This chapterpdf (PDF - 1.22MB) The complete bookPDF (PDF - 2.23MB) | The complete bookePub (ePub - 176.0KB) | Feedback

Overview

Overview

This chapter contains the following sections:

Information About Cisco vPath Ecosystem

The Cisco vPath Ecosystem, Release 2.5.1a, is the Cisco vPath infrastructure solution that supports service chaining of multiple service nodes.

The Cisco Nexus 1000V for VMware vSphere with Cisco Prime Network Services Controller (Cisco Prime NSC) support service nodes such as Cisco Virtual Security Gateway (VSG), the Citrix NetScaler 1000V load balancer, the Cisco ASA 1000V, and Cisco vWAAS. Users can define service nodes first and then create a chain of defined service nodes and attach them to port profiles. In this way, Cisco vPath can direct traffic to the service nodes in the order in which the chain was defined. Additionally, from the Cisco Nexus 1000V control plane, you can use the command-line interface to enable Citrix NetScaler 1000V as a virtual service node and to provide licensing support.

Virtual Services (vServices)

Virtual Services include the various Layer 4 through Layer 7 network services such as firewalls, edge firewalls, load balancers, WAN optimization and others which are virtualized and delivered as virtual machines.

The following virtual services are supported by Cisco Nexus 1000V Series switch using the vPath:

Cisco ASA for 1000V: provides trusted security to multi-tenant virtual and cloud infrastructures at the edge. When implemented with the Cisco Nexus 1000V Switch, it provides consistent security across physical, virtual, and cloud infrastructures.

  • Cisco Virtual Security Gateway (VSG): provides trusted multitenant access with granular zone-based security policies for VMs. Cisco VSG delivers security policies across multiple servers. It supports VM mobility across physical servers for workload balancing, availability, or scale.
  • Cisco Virtual Wide Area Network Application Services (vWAAS): a WAN optimization solution, helps deliver assured application performance acceleration to IT users connected to enterprise data centers and enterprise private clouds.
  • Cisco ASA for 1000V: provides trusted security to multi-tenant virtual and cloud infrastructures at the edge. When implemented with the Cisco Nexus 1000V Switch, it provides consistent security across physical, virtual, and cloud infrastructures.
  • Citrix NetScaler 1000V: performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 to Layer 7 network traffic for web applications.

vPath

Cisco Virtual Service Data Path (vPath) is the service intelligence embedded in the Cisco Nexus 1000V Series switch.

vPath provides the forwarding plane abstraction and programmability required to implement the Layer 2 to Layer 7 network services such as segmentation firewalls, edge firewalls, load balancers, WAN optimization, and others. It is embedded in the Cisco Nexus 1000V Series switch Virtual Ethernet Module (VEM). It intercepts the traffic whether external to the virtual machine or between virtual machines and then redirects the traffic to the appropriate virtual service node (VSN) such as Cisco Virtual Security Gateway (VSG), Cisco ASA 1000V, Citrix NetScaler 1000V, or Cisco Virtual Wide Area Application Services (vWAAS) for processing. vPath uses overlay tunnels to steer the traffic to the virtual service node and the virtual service node can be either Layer 2 or Layer 3 adjacent.

The basic functions of vPath include traffic redirection to a virtual service node (VSN) and service chaining. Apart from the basic functions, vPath also includes advanced functions such as traffic off load, acceleration and others.

vPath steers traffic, whether external to the virtual machine or from a virtual machine to a virtual machine, to the virtual service node. Initial packet processing occurs in the VSN for policy evaluation and enforcement. Once the policy decision is made, the virtual service node may off-load the policy enforcement of remaining packets to vPath.

Use-Case Example

The following figure is a use-case example of a Cisco vPath Ecosystem, Release 2.5.1a solution that includes the following products that you install and configure in the following sequence:

  • Cisco Nexus 1000V switch
  • Cisco Prime NSC
  • Cisco VSG and Cisco ASA 1000V
  • Citrix NetScaler 1000V
  • Cisco vWAAS

Note


Alternate use-case solutions are also available. The Cisco Nexus Cloud Services Platform (CSP) can be a part of other use-case solutions.


Figure 1. Cisco vPath Ecosystem 2.5.1a Solution Example



Overview of the Cisco Nexus 1000V Switch

The Cisco Nexus 1000V provides a distributed virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in the Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.

For an overview of the Cisco Nexus 1000V switch, see the Cisco Nexus 1000V Installation and Upgrade Guide at the following location:

Cisco Nexus 1000V Overview

Overview of Cisco Prime NSC

Cisco Prime Network Services Controller (Cisco Prime NSC) is a virtual appliance, based on Red Hat Enterprise Linux, that provides centralized device and security policy management of Cisco virtual services. Designed for multiple-tenant operation, Cisco Prime NSC provides seamless, scalable, and automation-centric management for virtualized data center and cloud environments.

For an overview of the Cisco Prime NSC product and deployment, see the Cisco Prime Network Services Controller Release Notes at the following location:

Cisco Prime Network Services Controller Release Notes

For information about installing, configuring, and using Cisco Prime NSC, see the following documents:

Cisco Prime Network Services Controller Quick Start Guide

Cisco Prime Network Services Controller User Guide


Note


Beginning with release 3.0, the product name for Cisco Virtual Network Management Center has changed to Cisco Prime Network Services Controller. For information about Cisco Prime Network Services Controller documentation, go to the following location:

Cisco Prime Network Services Controller


Overview of Cisco VSG

The Cisco VSG is a virtual firewall appliance that provides trusted access to virtual data center and cloud environments with dynamic policy-driven operation, mobility-transparent enforcement, and scale-out deployment for dense multitenancy.

For an overview of Cisco VSG, see the guide at the following location:

Cisco VSG Overview

Overview of Cisco ASA 1000V

The Cisco ASA 1000V Cloud Firewall is a virtual appliance that was developed using the ASA infrastructure to secure the tenant edge in multitenant environments with Nexus 1000V deployments.

For an overview of Cisco ASA 1000V, see the Cisco ASA 1000V Getting Started Guide at the following location:

Cisco ASA 1000V Getting Started Guide

Overview of Cisco vWAAS

The vWAAS software supports WAN optimization in a cloud environment where physical WAE devices cannot usually be deployed. For an overview of vWAAS, see the Cisco Wide Area Application Services vWAAS Installation and Configuration Guide at the following location:

Cisco vWaas Overview

Overview of Citrix NetScaler 1000V

The Citrix NetScaler 1000V is an application switch that performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 to Layer 7 network traffic for web applications.

For an overview of Citrix NetScaler 1000V, see the Getting Started with Citrix NetScaler at the following location:

Citrix NetScaler 1000V Overview

See also, the Citrix NetScaler Release Notes at the following location:

Citrix NetScaler 1000V Release Notes

Overview of Cisco Nexus Cloud Services Platform


Note


Cisco Nexus Cloud Services Platform (CSP) is not part of the solution example provided in the diagram, but CSP is a part of the Cisco vPath Ecosystem solution and is available in other use cases of the Cisco vPath Ecosystem solution.


The Cisco Nexus CSP product family includes the Cisco Nexus 1010, Cisco Nexus 1010-X, Cisco Nexus 1110-S, and Cisco Nexus 1110-X. The Cisco Nexus CSP provides the dedicated hardware for Cisco Nexus 1000V Virtual Supervisor Modules (VSMs) and host VSMs that were hosted on virtual machines (VMs). You can now install and manage a Cisco Nexus 1000V VSM like a standard Cisco switch.

The services managed by the Cisco Nexus CSP product family are called virtual service blades (VSBs). The Cisco Nexus CSP product family supports the following VSBs:

  • Cisco Nexus 1000V VSM for VMware vSphere
  • Cisco Network Analysis Module (NAM)
  • Cisco Virtual Security Gateway (VSG)
  • Cisco Data Center Network Manager (DCNM) Module
  • Cisco Nexus 1000V VXLAN Gateway
  • Citrix NetScaler 1000V

For more information about VSBs, see the Cisco Nexus Cloud Services Platform Configuration Guide at the following location:

Cisco Nexus Cloud Services Platform Configuration Guide

For more information about the number of VSBs that are supported and hosted on the Cisco Nexus CSP product family, see the Cisco Nexus Cloud Services Platform Compatibility Information.