This chapter provides an overview of port profiles, the primary mechanism by which network policy is defined and applied to switch interfaces.
This chapter includes the following sections:
•Port Profiles and Port Groups
•Live Policy Changes
•Port Profile Inheritance
•Consistent Port Profile Configuration
Port Profiles and Port Groups
A port profile is a collection of interface-level configuration commands that are combined to create a complete network policy.
A port group is a representation of a port profile on the vCenter server. Every port group on the vCenter server is associated with a port profile on the Cisco Nexus 1000V. Network administrators configure port profiles, and then server administrators can use the corresponding port groups on the vCenter server to assign ports to port profiles.
In the VMware vCenter Server, a port profile is represented as a port group. You assign the vEthernet or Ethernet interfaces to a port group in vCenter to do the following:
•Define port configuration by policy.
•Apply a single policy across a large number of ports.
Port profiles are created on the VSM and propagated to VMware vCenter Server as VMware port groups using the VMware VIM API. After propagation, a port profile appears within VMware vSphere Client and is available to apply to the vNICs on a virtual machine.
When a newly-provisioned virtual machine is powered on, a vEthernet interface is created on the Cisco Nexus 1000V for each of the virtual machine vNICs. The vEthernet inherits the definitions in the selected port profile.
Live Policy Changes
Port profiles are not static entities but dynamic policies that can change as network needs change. Changes to active port profiles are applied to each switch port that is using the profile. This simplifies the process of applying new network policies or changing an existing policy.
Port profiles also manage the physical NICs within a VMware ESX host. When a port profile is defined, the network administrator determines whether the profile will be used to manage vEthernet interfaces or physical NICs. By default, the port profile is assumed to be used for vEthernet management.
To define a port profile for use on physical NICs, the network administrator must create the profile as an Ethernet type. When this option is used, the port profile will be available only to the server administrator to apply to physical NICs within an VMware ESX server.
Note In an installation where multiple Ethernet port profiles are active on the same VEM, it is recommended that they do not carry the same VLAN(s). The allowed VLAN list should be mutually exclusive.
Overlapping VLANs can be configured but may cause duplicate packets to be received by virtual machines in the network.
Uplink port profiles are applied to a physical NIC when a VMware ESX host is first added to the Cisco Nexus 1000V. The server administrator is presented with a dialog box in which they can select the following:
•physical NICs to associate with the VEM
•uplink port profiles to associate with the physical NICs
In addition, the server administrator can apply uplink port profiles to interfaces that are added to the VEM after the host has been added to the switch.
Port Profile Inheritance
You can apply the configuration from an existing port profile as the default configuration for another port profile. This is called inheritance. The configuration of the parent is copied to and stored in the child port profile. You can also override the inheritance by configuring the attributes explicitly in the child port profile.
You can also explicitly remove port profile inheritance, so that a port profile returns to the default settings, except where there has been a direct configuration.
For more information, see the "Configuring Port Profile Inheritance" section.
Consistent Port Profile Configuration
This section includes the following topics:
•Rollback to a Consistent Configuration
To maintain a consistent configuration among the interfaces in a port profile, the entire port profile configuration is applied to its member interfaces (sometimes referred to as inheritance). This is new in Release 4.2(1)SV1(4), and the concept is called Atomic Inheritance. In previous Cisco Nexus 1000V releases, whatever configuration could be applied from the port profile was applied to its interfaces, and whatever was not applicable was ignored.
Rollback to a Consistent Configuration
When you update the configuration in a port profile, its member interfaces are also updated. If the configuration fails, the port profile and its member interfaces are rolled back to the last known good configuration for the port profile. This is new in Release 4.2(1)SV1(4).
Interfaces are sectioned off and shut down when a port profile configuration is in error. This is a new feature in Release 4.2(1)SV1(4a), and is called Interface Quarantine. When an interface is quarantined, it maintains its mapping to the port profile, but is administratively shut down until you explicitly bring it up using the no shutdown command. If the port profile configuration is still in error, then the interface is again shut.
If you create a port profile with a command error, for example a private VLAN mapping error or service policy map error, then an attempt to apply this port profile to an interface shuts down the interface. The error is not copied to the interface and a system message is generated with details of the error. In this case, you must correct the error in the port profile, return the interface to service, and apply the corrected port profile to the interface. For more information, see the Cisco Nexus 1000V Troubleshooting Guide, Release 4.2(1)SV1(4a).