網(wǎng)絡(luò)虛擬化的變革

2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 網(wǎng)絡(luò)虛擬化的變革 思科系統(tǒng) (中國 )網(wǎng)絡(luò)技術(shù)有限公司 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2 Agenda 鏈路的虛擬化 設(shè)備的虛擬化 服務(wù)的虛擬化 全面的虛擬化 總結(jié) 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3 司空見慣的虛擬化 Ethenet port chanel Multilink ppp HSRP/GLBP Local Access Loop=64 kbps DLCI: 400 PVC DLCI: 500 DLCI: 200 DLCI: 100 PVC Frame-relay/ATM-SVC/PVC 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4 Virtualized Interconnect L3 VPNs MPLS VPNs, GRE, VRF-Lite, MPLS services over GRE, VNETs* L2 VPNs - AToM, Unified I/O, VLAN trunks, OTV* 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5 虛擬鏈路 (ipsec/ssl-vpn)實現(xiàn)遠程用戶安全接入 總部 SITE-SITE VPN 業(yè)務(wù)伙伴 Extranet VPN 到業(yè)務(wù)伙伴的 WAN擴展 新應(yīng)用 新的業(yè)務(wù)模型 遠程辦公室 Intranet VPN 低的成本 , 通道連接，豐富的 VPN服務(wù) 新應(yīng)用，省錢 家庭辦公 移動用戶 POP POP 遠程訪問 VPN 安全 , 可擴展 , 加密的通道 省錢，簡單 VPN 路由器 ISR VPN 路由器 ISR VPN 軟件 VPN 軟件 思科 ASA5500 作為EASY-VPN SERVER AAA認證 服務(wù)器 ACS GRE-VPDN 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6 Storage IPC LAN Processor Memory I/O I/O I/O Storage IPC LAN I/O Subsystem Processor Memory FCoE 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7 數(shù)據(jù)中心網(wǎng)絡(luò)融合 : IP,SAN,HPC Unified Fabric Unified Fabric and I/O 存儲網(wǎng)絡(luò) 管理網(wǎng)絡(luò) 后臺網(wǎng)絡(luò) 前端網(wǎng)絡(luò) 網(wǎng)絡(luò)備份 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8 Agenda 鏈路的虛擬化 設(shè)備的虛擬化 服務(wù)的虛擬化 全面的虛擬化 總結(jié) 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9 VLAN-TRUNK VLAN Tag added by incoming port VLAN Tag stripped by forwarding port 802.1Q VLAN identifier 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10 路徑隔離： router vrf（ Virtual Routing/Forwarding） 設(shè)備虛擬化 Control Plane Virtualization Data Plane Virtualization Management Virtualization 數(shù)據(jù)路徑虛擬化 Single-hop Multi-hop 802.1q DLCI VPI/VCI PW, VFI Tags / circuits Tags / circuits vlan vlan 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11 Branch Blue VRF Green VRF Red VRF Branch Blue VRF Green VRF Red VRF Branch Blue VRF Green VRF Red VRF Branch Blue VRF Green VRF Red VRF Network Virtualization - Extension Servers Mainframe WAN Which Virtualization Technology For Extending: - L2 ? - L3 ? Campus and Data Center 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Virtual SANs (VSANs)-將 lan的概念移植到存儲 Eliminates costs associated with separate physical fabrics through consolidation Allows partitioning of individual switches and/or fabrics Overlay isolated virtual fabrics on same physical infrastructure VSANs contain zones and separate fabric services Availability Fault isolation isolate virtual fabrics from fabric-wide faults/reconfigurations Scalability Replicated fabric services per VSAN Security Complete hardware isolation between virtual SAN Department/ Customer A Shared Storage Department/ Customer B VSAN-Enabled Fabric Mgmt VSAN MDS 9222i 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 Inter-VSAN Routing (IVR) Sharing Resources Across VSANs Allows sharing of centralized resources such as tape and disks across VSANs without merging separate fabrics Provides high fabric resiliency and VSAN-based manageability Distributed, scaleable, and highly resilient architecture Transparent to third-party switches Enables blade-per-VSAN architecture for blade servers Tape VSAN_4 (access via IVR) HR VSAN_3 Marketing VSAN_2 Blade Server Tape VSAN_4 (access via IVR) VSAN-Specific Disk Engineering VSAN_1 Marketing VSAN_2 HR VSAN_3 IVR IVR MDS 9222i MDS 9222i IVR 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 Virtual Firewall Core/Internet Catalyst 6500/7600 FW SM A B C VFW VFW VFW MSFC E.g. three customers a three security contexts scales up to 256 VLANs can be shared if needed (VLAN 10 on the right-hand side example Each context has its own policies (NAT, access-lists, fixups, etc.) Core/Internet Catalyst 6500/7600 A FW SM B C VFW VFW VFW MSFC Vlan 10 Vlan 20 Vlan 30 Vlan 11 Vlan 21 Vlan 31 Vlan 10 Vlan 11 Vlan 21 Vlan 31 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 Online Bank Application Virtualized Application Switching ACE Way Cisco ACE ESX Server Virtual Machines Bank Apps Micro soft Orcale Microsoft Outlook Virtual Machines Bank Apps Micro soft Oracle App Has Capacity Available Ideal Isolation 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16 IDSM-2 Module for the Catalyst 6500 Chassis Catalyst-integrated security module delivering full-featured intrusion protection Industry-exclusive product providing high speed threat protection Promiscuous operation with no impact on Catalyst performance or reliability Common code base for consistent features and signature updates Enhanced management simplifying deployment 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17 StackWise Plus 統(tǒng)一堆疊 如同一臺設(shè)備 64Gbps 堆疊吞吐量 與 StackWise 的向后兼容 一個網(wǎng)管單元（ IP、 SNMP、CLI、 STP 協(xié)議、 VLAN ） 跨堆疊 EtherChannel 、跨堆疊 QoS 主用 /備用架構(gòu)支持主機故障切換 雙向堆疊提供容錯性 業(yè)務(wù)智能轉(zhuǎn)發(fā) 配置和管理自動化 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18 語音服務(wù)器群集 CLUSTER 集 群服務(wù)器 Infiniband VPN SERVER CLUSTER ASA5500 IPSEC/SSL VPN CALLMANAGER Internet 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19 VPC 基于 Nexus7000虛擬化技術(shù) 跨機箱多鏈路捆綁 避免以太網(wǎng)環(huán)路 增加上行帶寬 雙活的工作機制 快速故障收斂 網(wǎng)絡(luò)更簡單 傳統(tǒng)設(shè)計 VPC 設(shè)計 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20 Si Si特性 網(wǎng)絡(luò)系統(tǒng)虛擬化 不中斷的轉(zhuǎn)發(fā) /機箱間的狀態(tài)切換 （ NSF/SSO） 多機箱 EtherChannel（ MEC） VSS的優(yōu)勢 通過簡化網(wǎng)絡(luò)來提高運行效率 促進不中斷的持續(xù)通信 將系統(tǒng)帶寬容量擴展到 1.44 Tbps 虛擬交換系統(tǒng) 1440 網(wǎng)絡(luò)系統(tǒng)虛擬化 物理視圖 邏輯視圖 主控制層面 主數(shù)據(jù)層面 熱等待 控制層面 主數(shù)據(jù)層面 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21 FEX = Virtual Chassis 簡化網(wǎng)絡(luò)，簡化管理 ToR 的布線， EoR 的架構(gòu) Nexus 5000 Virtualized chassis + Nexus 5000 Nexus 2000 Fabric Extender = 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22 Layer-2 Protocols Layer-3 Protocols VLAN mgr STP OSPF BGP EIGRP GLBP HSRP VRRP UDLD CDP 802.1X IGMP snoop LACP PIM CTS SNMP Protocol Stack (IPv4 / IPv6 / L2) RIB RIB 1 RIB n VDC Layer-2 Protocols Layer-3 Protocols VLAN mgr STP OSPF BGP EIGRP GLBP HSRP VRRP UDLD CDP 802.1X IGMP snoop LACP PIM CTS SNMP Protocol Stack (IPv4 / IPv6 / L2) RIB RIB 1 RIB n Infrastructure Linux 2.6 Kernel Layer-2 Protocols Layer-3 Protocols VLAN mgr STP OSPF BGP EIGRP GLBP HSRP VRRP UDLD CDP 802.1X IGMP snoop LACP PIM CTS SNMP Protocol Stack (IPv4 / IPv6 / L2) RIB RIB 1 RIB n Layer-2 Protocols Layer-3 Protocols VLAN mgr STP OSPF BGP EIGRP GLBP HSRP VRRP UDLD CDP 802.1X IGMP snoop LACP PIM CTS SNMP Protocol Stack (IPv4 / IPv6 / L2) RIB RIB 1 RIB n 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23 VN-Link 以虛對虛 VMW ESX Server VMW ESX Server Cisco VN-Link VM #5 VM #8 VM #7 VM #6 VM #4 VM #3 VM #2 VM #1 VM #4 VM #3 VM #2 VM #1 VN-Link Property Mobility Vmotion for the network Ensures VM security Maintains connection state Virtual Center VMs Need to Move VMotion DRS SW Upgrade/Patch Hardware Failure Policy-Based VM Connectivity Non-Disruptive Operational Model Mobility of Network & Security Properties Cisco VN-LinkVirtual Network Link 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24 Agenda 鏈路的虛擬化 設(shè)備的虛擬化 服務(wù)的虛擬化 全面的虛擬化 總結(jié) 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25 Cisco WAAS/Mobile Solution Overview Branch Office Regional Office WAAS WAAS WAAS Large Campus OR Data Center WAAS Mobile Server VPN VPN WAAS Mobile Server International Mobile User WAAS Mobile SW over VPN WAAS Mobile SW over VPN Domestic Mobile User WAN Internet 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26 W1 A1 FS1 FS2 V1 E1 分支機構(gòu)中的虛擬數(shù)據(jù)中心服務(wù) IP 網(wǎng)絡(luò) W1 A1 FS2 E1 數(shù)據(jù)中心 分支機構(gòu) 1 分支機構(gòu) 2 WAAS V1 W1 A1 FS1 FS2 V1 E1 FS1 WAAS WAAS 為分支機構(gòu)用戶提供與總部一樣的應(yīng)用性能 降低總擁有成本 提高業(yè)務(wù)靈活性和響應(yīng)能力 簡化數(shù)據(jù)保護，備份和永續(xù)性 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27 虛擬會議 -webex/meeting place -經(jīng)典的云計算 面對面的溝通無論在是時間上還是成本上都會是很大的問題。 需要集成的虛擬會議解決方案 統(tǒng)一的撥號規(guī)劃 目錄服務(wù) 服務(wù)質(zhì)量 管理 統(tǒng)一的網(wǎng)絡(luò)架構(gòu)，便于管理 減少開支 同一通信網(wǎng)絡(luò) 唯一的技術(shù)支持隊伍 應(yīng)用層面的培訓(xùn) 運維開銷降低 統(tǒng)一的工具 用戶方便地實現(xiàn)多種會議服務(wù) 撥號 /點擊 進入會議 多種會議服務(wù) 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28 思 科聯(lián)絡(luò)中心解決方案 互 聯(lián)網(wǎng) 網(wǎng) 關(guān) 固 話網(wǎng) 共享 應(yīng)用和服務(wù) 無處不在的 基于網(wǎng)絡(luò)的托管 可 分布的 服務(wù)和終端 一致的 客戶體驗 座 席 Web 應(yīng) 用 基 于語音的 自我服務(wù)系統(tǒng) 業(yè) 務(wù)規(guī)則 路 由處理 處 理引擎 報 表系統(tǒng) CRM Cisco 語音 分配管理系統(tǒng) 移 動座席 知 識員工 專 業(yè)技能組 語 音 /數(shù)據(jù) 網(wǎng) 絡(luò) 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29 思科網(wǎng)真，既虛擬又真實 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30 思科三維網(wǎng)真 -將科幻變成現(xiàn)實 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31 Agenda 鏈路的虛擬化 設(shè)備的虛擬化 服務(wù)的虛擬化 全面的虛擬化 總結(jié) 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32 SAN L4-7 services L4-7 services Branches Data Center I Data Center II WAN/MAN/Internet Branches Data Center I Data Center II ranches ncheCampus Network and Compute Virtualization Network Virtualization Compute Virtualization Virtual Machines Clusters Storage Virtualization Partition Simplify/Pool Interconnect Consolidated I/O Segmentation VM-aware Networking Intelligent L2 Domains LAN Extension Centralized Management 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33 UCS 管理者 Embedded in Fabric Interconnect UCS多機箱 Fabric互聯(lián)交換機 20 Port 10Gb FCoE 40 Port 10Gb FCoE UCS機箱 Fabric擴展器 Logically part of Fabric Interconnect Inserts into Blade Enclosure UCS 刀片服務(wù)器機箱 Flexible bay configurations Logically part of Fabric Interconnect UCS 刀片服務(wù)器