The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
The Cisco vPath Ecosystem, is the Cisco vPath infrastructure solution that supports service chaining of multiple service nodes.
The Cisco Nexus 1000V for VMware vSphere with Cisco Prime Network Services Controller (Cisco Prime NSC) support service nodes such as Cisco Virtual Security Gateway (VSG), the Citrix NetScaler 1000V load balancer, the Cisco ASA 1000V, and Cisco vWAAS. Users can define service nodes first and then create a chain of defined service nodes and attach them to port profiles. In this way, Cisco vPath can direct traffic to the service nodes in the order in which the chain was defined. Additionally, from the Cisco Nexus 1000V control plane, you can use the command-line interface to enable Citrix NetScaler 1000V as a virtual service node and to provide licensing support.
Virtual Services include the various Layer 4 through Layer 7 network services such as firewalls, edge firewalls, load balancers, WAN optimization and others which are virtualized and delivered as virtual machines.
The following virtual services are supported by Cisco Nexus 1000V Series switch using the vPath:
Cisco ASA for 1000V: provides trusted security to multi-tenant virtual and cloud infrastructures at the edge. When implemented with the Cisco Nexus 1000V Switch, it provides consistent security across physical, virtual, and cloud infrastructures.
Cisco Virtual Security Gateway (VSG): provides trusted multitenant access with granular zone-based security policies for VMs. Cisco VSG delivers security policies across multiple servers. It supports VM mobility across physical servers for workload balancing, availability, or scale.
Cisco Virtual Wide Area Network Application Services (vWAAS): a WAN optimization solution, helps deliver assured application performance acceleration to IT users connected to enterprise data centers and enterprise private clouds.
Cisco ASA for 1000V: provides trusted security to multi-tenant virtual and cloud infrastructures at the edge. When implemented with the Cisco Nexus 1000V Switch, it provides consistent security across physical, virtual, and cloud infrastructures.
Citrix NetScaler 1000V: performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 to Layer 7 network traffic for web applications.
Cisco Virtual Service Data Path (vPath) is the service intelligence embedded in the Cisco Nexus 1000V Series switch.
vPath provides the forwarding plane abstraction and programmability required to implement the Layer 2 to Layer 7 network services such as segmentation firewalls, edge firewalls, load balancers, WAN optimization, and others. It is embedded in the Cisco Nexus 1000V Series switch Virtual Ethernet Module (VEM). It intercepts the traffic whether external to the virtual machine or between virtual machines and then redirects the traffic to the appropriate virtual service node (VSN) such as Cisco Virtual Security Gateway (VSG), Cisco ASA 1000V, Citrix NetScaler 1000V, or Cisco Virtual Wide Area Application Services (vWAAS) for processing. vPath uses overlay tunnels to steer the traffic to the virtual service node and the virtual service node can be either Layer 2 or Layer 3 adjacent.
The basic functions of vPath include traffic redirection to a virtual service node (VSN) and service chaining. Apart from the basic functions, vPath also includes advanced functions such as traffic off load, acceleration and others.
vPath steers traffic, whether external to the virtual machine or from a virtual machine to a virtual machine, to the virtual service node. Initial packet processing occurs in the VSN for policy evaluation and enforcement. Once the policy decision is made, the virtual service node may off-load the policy enforcement of remaining packets to vPath.
A service chain is an ordered list of services applied to a packet flow or traffic. A service path identifies a forwarding path used to implement a service chain.
The vPath intercepts traffic (packets/frames) originating from a virtual machine or destined to a virtual machine and directs the traffic through the service path delivering the traffic to each service along the path. vPath thus acts as an orchestrator of the chain to deliver multiple services and PNSC enables the provisioning of service chains.
Currently vPath service chaining supports the following virtual service nodes:
The service chain can have following path configuration:
vWAAS -> ASA 1000V -> Citrix NetScaler 1000V -> VSG
ASA 1000V -> VSG
ASA 1000V -> Citrix NetScaler 1000V
ASA 1000V -> Citrix NetScaler 1000V -> VSG
Citrix NetScaler 1000V on N1110 -> VSG
See the Cisco vPath and vServices Reference Guide for VMware vSphere for more information.
The following figure is a use-case example of a Cisco vPath Ecosystem solution that includes the following products that you install and configure in the following sequence:
Cisco Nexus 1000V switch
Cisco Prime NSC
Cisco VSG and Cisco ASA 1000V
Citrix NetScaler 1000V
Cisco vWAAS
Note | Alternate use-case solutions are also available. The Cisco Nexus Cloud Services Platform (CSP) can be a part of other use-case solutions. |
The Cisco Nexus 1000V provides a distributed virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in the Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.
For an overview of the Cisco Nexus 1000V switch, see the Cisco Nexus 1000V Installation and Upgrade Guide at the following location:
For information of the Cisco Nexus 1000V scale limits see the Cisco Nexus 1000V Release Notes at the following location:
Cisco Prime Network Services Controller (Cisco Prime NSC) is a virtual appliance, based on Red Hat Enterprise Linux, that provides centralized device and security policy management of Cisco virtual services. Designed for multiple-tenant operation, Cisco Prime NSC provides seamless, scalable, and automation-centric management for virtualized data center and cloud environments.
For an overview of the Cisco Prime NSC product and deployment, see the Cisco Prime Network Services Controller Release Notes at the following location:
Cisco Prime Network Services Controller Release Notes
For information about installing, configuring, and using Cisco Prime NSC, see the following documents:
Cisco Prime Network Services Controller Quick Start Guide
Cisco Prime Network Services Controller User Guide
Note | Beginning with release 3.0, the product name for Cisco Virtual Network Management Center has changed to Cisco Prime Network Services Controller. For information about Cisco Prime Network Services Controller documentation, go to the following location: Cisco Prime Network Services Controller |
The Cisco VSG is a virtual firewall appliance that provides trusted access to virtual data center and cloud environments with dynamic policy-driven operation, mobility-transparent enforcement, and scale-out deployment for dense multitenancy.
For an overview of Cisco VSG, see the guide at the following location:
For information on Cisco VSG scale limits, see the Cisco VSG Release Notes at the following location:
The Cisco ASA 1000V Cloud Firewall is a virtual appliance that was developed using the ASA infrastructure to secure the tenant edge in multitenant environments with Nexus 1000V deployments.
For an overview of Cisco ASA 1000V, see the Cisco ASA 1000V Getting Started Guide at the following location:
The vWAAS software supports WAN optimization in a cloud environment where physical WAE devices cannot usually be deployed. For an overview of vWAAS, see the Cisco Wide Area Application Services vWAAS Installation and Configuration Guide at the following location:
The Citrix NetScaler 1000V is an application switch that performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 to Layer 7 network traffic for web applications.
For an overview of Citrix NetScaler 1000V, see the Getting Started with Citrix NetScaler at the following location:
Citrix NetScaler 1000V Overview
See also, the Citrix NetScaler Release Notes at the following location:
Note | Cisco Nexus Cloud Services Platform (CSP) is not part of the solution example provided in the diagram, but CSP is a part of the Cisco vPath Ecosystem solution and is available in other use cases of the Cisco vPath Ecosystem solution. |
The Cisco Nexus CSP product family includes the Cisco Nexus 1010, Cisco Nexus 1010-X, Cisco Nexus 1110-S, and Cisco Nexus 1110-X. The Cisco Nexus CSP provides the dedicated hardware for Cisco Nexus 1000V Virtual Supervisor Modules (VSMs) and host VSMs that were hosted on virtual machines (VMs). You can now install and manage a Cisco Nexus 1000V VSM like a standard Cisco switch.
The services managed by the Cisco Nexus CSP product family are called virtual service blades (VSBs). The Cisco Nexus CSP product family supports the following VSBs:
Cisco Nexus 1000V VSM for VMware vSphere
Cisco Network Analysis Module (NAM)
Cisco Virtual Security Gateway (VSG)
Cisco Data Center Network Manager (DCNM) Module
Cisco Nexus 1000V VXLAN Gateway
Citrix NetScaler 1000V
For more information about VSBs, see the Cisco Nexus Cloud Services Platform Configuration Guide at the following location:
Cisco Nexus Cloud Services Platform Configuration Guide
For more information about the number of VSBs that are supported and hosted on the Cisco Nexus CSP product family, see the Cisco Nexus Cloud Services Platform Compatibility Information.