The Cisco® Application Virtual Switch (AVS) is a purpose-built virtual network edge switch for Cisco Application Centric Infrastructure (ACI). Cisco AVS brings the Cisco ACI policy model to virtual infrastructure, thus providing policy consistency across physical and virtual workloads. Cisco AVS also lets you extend these polices to the existing infrastructure, providing outstanding investment protection.
Cisco ACI is an innovative architecture that radically simplifies, optimizes, and accelerates the entire application deployment lifecycle. Cisco ACI uses a holistic systems-based approach, with tight integration between physical and virtual elements, an open ecosystem model, and innovation-spanning application-specific integrated circuits (ASICs), hardware, and software. This unique approach uses a common policy-based operating model across a network that supports Cisco ACI along with security elements (and computing and storage in the future), overcoming IT silos and drastically reducing costs and complexity.
The main benefits of Cisco ACI include:
● Simplified automation with an application-based policy model
● Common platform for managing physical, virtual, and cloud-based environments
● Centralized visibility with real-time application health monitoring
● Micro Segmentation and Distributed Firewall capabilities to secure east west traffic
● Operation simplicity, with common policy, management, and operation models across application, network, and security resources (and computing and storage resources in the future)
● Open software flexibility for development and operations (DevOps) teams and ecosystem partner integration
● Scalable performance and secure multitenancy
The Cisco ACI consists of (Figure 1):
● Cisco Application Policy Infrastructure Controller (APIC)
● Spine switches
● Physical and virtual leaf switches
Figure 1. Cisco ACI Overview
Cisco Application Virtual Switch
Cisco AVS is a purpose-built virtual switch for Cisco ACI that’s part of the virtual network edge switch offering of the Cisco ACI leaf portfolio. Cisco AVS is a distributed virtual switch that resides in the hypervisor layer of a virtualized host, providing switching and policy enforcement capabilities in the future. Cisco AVS provides consistent virtual networking across multiple hypervisors (in the future) to simplify network operations and provide consistency with the physical infrastructure (Figure 2). Here are some of the advantages of Cisco AVS:
● Cisco AVS is robustly integrated into the Cisco ACI architecture and supports application network profile (ANP) enforcement at the virtual host layer consistent with the physical Cisco Nexus® 9000 Series Switches.
● Cisco AVS is managed centrally along with rest of the Cisco ACI fabric components through Cisco APIC and provides advanced telemetry features to allow end-to-end visibility and troubleshooting capabilities across both virtual and physical devices.
● Cisco AVS enables optimal traffic steering between virtual and physical layers of the fabric to enhance performance and resource utilization. For example, if the web and application tiers are located on the same host, Cisco AVS can route traffic or apply security policies between these endpoint groups within the hypervisor itself (in the future). However, if the database is a bare-metal workload that is attached to the physical Cisco Nexus 9000 Series Switch, the application policy is consistently applied at the physical Cisco Nexus 9000 Series top-of-rack (ToR) switches instead.
Figure 2. Application Centric Infrastructure with Application Virtual Switch
Cisco AVS is compatible with any upstream physical access layer switch that complies with the Ethernet standard, including Cisco Nexus Family switches. Cisco AVS is compatible with any server hardware listed in the VMware Hardware Compatibility List (HCL). Cisco AVS is a distributed virtual switch solution that is fully integrated into the VMware virtual infrastructure, including VMware vCenter for the virtualization administrator. This solution allows the network administrator to configure virtual switches and port groups to establish a consistent data center network policy.
Figure 3 shows a topology that includes Cisco AVS with Cisco APIC and VMware vCenter with the Cisco Virtual Switch Update Manager (VSUM).
Figure 3. Sample Cisco AVS Topology
Cisco Virtual Switch Update Manager
Cisco VSUM enables you to add hosts and upgrade Cisco AVS using the VMware vSphere Web Client. The Cisco VSUM GUI is an integral part of the VMware vSphere Web Client and can be accessed only by logging into the VMware vSphere Web Client.
Table 1 summarizes the main features of Cisco AVS.
Table 1. Main Features
Systemwide application visibility and troubleshooting
● Cisco Switched Port Analyzer (SPAN) and Encapsulated Remote SPAN (ERSPAN) support
● Simple Network Management Protocol (SNMP) Version 3 support
● Bridge Protocol Data Unit (BPDU) guard
● BPDU filter
Application network profiles
Logical representation of all components of the application and their interdependencies in the application fabric
Policy and contract enforcement
● Virtual network interface cards (vNICs)
● Received and transmitted ingress and egress packets
● Broadcast, multicast, and dropped packets
● Service insertion
● Packets and bytes
● VLAN and Bridge Domain statistics
● Uplink and virtual Ethernet statistics
● Ingress and egress counters
● VMware ESXi and vSphere
● Automated creation of port groups for VLAN and VXLAN mapped to endpoint groups (EPGs)
● VMware vMotion movement between fabric-connected hosts
Secure East West traffic
● Provides Microsegmentation and Distributed firewall functionality to secure east west traffic
Secure user authentication
● TACACS+, RADIUS, and Lightweight Directory Access Protocol (LDAP) through Cisco APIC
● Local authentication with password and role-based access control (RBAC) through Cisco APIC
Upgrade using Cisco VSUM
Use of Cisco APIC to configure, manage, and troubleshoot system
● Permit, deny, and taboo list (blacklist) and application-centric whitelist policy model for securing virtual applications at the physical fabric
● EPG policy filtering (source EPG, destination EPG, and Layer 4 ports) at the physical fabric
● Secure multitenancy at scale built into Cisco ACI fabric
● Built-in distributed Layer 4 security integrated into Cisco ACI fabric to secure east-west traffic
● Security policies automated to move as workloads are moved in the data center
● RBAC, authenticated access based on certificate authentication, Cisco Secure Access Control System (ACS), and local authentication through Cisco APIC
● Static PortChannel
● Link Aggregation Control Protocol (LACP) PortChannel
● Virtual PortChannel (vPC)
● Straight-through mode to end hosts and servers
● MAC address pinning and VXLAN loadbalancing
Layer 2 features
● Layer 2 switch ports and VLAN trunks
● IEEE 802.1q VLAN encapsulation
● LACP: IEEE 802.3ad
● vPC host mode
● Jumbo-frame support; up to 9000 bytes
Virtual Extensible LAN (VXLAN)
● Scalable network isolation
● Port statistics
VMware vSphere Web Client plug-in for ease of installation and upgrade
VMware vSphere feature compatibility
● VMware vMotion
● VMware Distributed Resource Scheduler (DRS)
● VMware High Availability (HA)
● VMware Storage vMotion
● VMware Fault Tolerance (FT)
● VMware Update Manager
● VMware Auto Deploy
● VMware vRealize
Table 2 summarizes Cisco AVS scalability capabilities.
Table 2. Cisco AVS Scalability
Cisco AVS Scale
ESXi hosts per Cisco APIC cluster
Virtual Ethernet interfaces
990 per physical host
Uplinks in a PortChannel
Cisco AVS is supported in Release 4.2(1) SV2 (2.3) and later. It is supported as a virtual leaf (vLeaf) for Cisco APIC with VMware ESXi Release 5.1 and later for the VMware ESXi hypervisor. Starting December 8th Cisco AVS is supported on VMware vSphere 6.0
● Compatible with VMware vCenter Release 5.1 or later
● Cisco AVS vLeaf
◦ VMware ESXi 5.1 or later
◦ Hard disk space: 6.5 MB
◦ RAM: 150 MB
● Cisco VSUM virtual machine requirements
◦ Hard disk: 80 GB
◦ RAM: 2 GB
● Server on VMware Hardware Compatibility List (http://www.vmware.com/go/hcl)
◦ Compatible with any upstream physical switches, including all Cisco Nexus and Cisco Catalyst® Family switches as well as Ethernet switches from other vendors
Licensing and Ordering Information
Cisco AVS 1.0 licensing is included as part of Cisco ACI licensing.
Cisco AVS has a 90-day limited software warranty. For more information about the Cisco AVS warranty, see http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html.
Service and Support
Cisco AVS Service and Support are included as part of Cisco ACI. Cisco offers a wide range of services to help accelerate your success in deploying and optimizing the Cisco ACI solution in your data center. The innovative Cisco Services offerings are delivered through a unique combination of people, processes, tools, and partners and are focused on helping you increase operation efficiency and improve your data center network. Cisco Advanced Services uses an architecture-led approach to help you align your data center infrastructure with your business goals and achieve long-term value. Cisco SMARTnet™ Service helps you resolve mission-critical problems with direct access at any time to Cisco network experts and award-winning resources. With this service, you can take advantage of the Cisco Smart Call Home service capability, which offers proactive diagnostics and real-time alerts on your Cisco ACI deployment. Spanning the entire network lifecycle, Cisco Services offerings help increase investment protection, optimize network operations, support migration operations, and strengthen your IT expertise.
Financing to Help You Achieve Your Objectives
Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
For More Information
For more information about the Cisco Application Virtual Switch and for the latest software release information and recommendations, please visit http://www.cisco.com/go/avs.