Data Center Designs: Network Virtualization

Table Of Contents

Cisco Virtualized Multi-Tenant Data Center Solution 2.2

Overview

VMDC 2.2 Solution Highlights

Solution Scale

Solution Topology

Solution Components

Layered Security Strategy

Differentiated Services—Example Service Tiers

Management and Automation

For More Information

Cisco Virtualized Multi-Tenant Data Center Solution 2.2

---

Overview

The Cisco® Virtualized Multi-Tenant Data Center (VMDC) architecture is a set of specifications and guidelines for creating and deploying a scalable, secure, and resilient infrastructure that addresses the needs of cloud computing. To develop a trusted approach to cloud computing, Cisco VMDC combines the latest routing and switching technologies, advancements in cloud security and automation, and leading edge offerings from cloud ecosystem partners. Cisco VMDC enables service providers (SPs) to build secure public clouds and enterprises to build private clouds with the following benefits:

•Reduced time to deployment—Provides a fully tested and validated architecture that enables technology adoption and rapid deployment.

•Reduced risk—Enables enterprises and service providers to deploy new architectures and technologies with confidence.

•Increased flexibility—Enables rapid, on-demand workload deployment in a multi-tenant environment using a comprehensive automation framework with portal-based resource provisioning and management capabilities.

•Improved operational efficiency—Integrates automation with multi-tenant resource pools (compute, network, and storage) to improve asset use, reduce operational overhead, and mitigate operational configuration errors.

VMDC 2.2 Solution Highlights

Highlight	Details of Release 2.2
Validated data center design for enterprise or service provider scalability	Builds on top of the baseline that was established in release 2.0, validating standard data center architectures in a multi-tier, Layer 3-centric network architecture with compact to large scale specifications, using standard integrated compute stacks such as Cisco FlexPodTM and VCE VblockTM Infrastructure Packages.
Enhanced security services for improved secure multi-tenancy	Extends the security model that was established in release 2.0, which among other benefits enabled secure multi-tenancy by adding "defense in depth" strategy using Cisco Virtual Security Gateway (VSG) and Cisco Adaptive Security Appliances (ASA).
Differentiated services	Supports the same set of differentiated services defined in release 2.0 and 2.1, Gold, Silver, Bronze, and Palladium.
Multi-media application support	Extends and validates the campus quality of service (QoS) model to the data center, enabling higher quality of experience for multi-media applications such as VoIP, video, and hosted collaboration.
Layer 2 data center interconnect	Validates Virtual Private LAN Services (VPLS) and Ethernet over Multiprotocol Label Switching (EoMPLS) on the Cisco Aggregation Series Router 9000 (ASR 9000) for data center interconnect, enabling SPs to seamlessly connect their data centers through their IP-NGN networks for intra-data center connectivity as well as hybrid cloud support for connecting enterprise data centers.
Scalability	Builds on top of the release 2.0 baseline and revalidates the scalability of the large pod model for parameters such as VLANs, MAC addresses, Hot Standby Router Protocol (HSRP), routes, contexts, and virtual machines.
End-to-end security	Revalidates the end-to-end security validation that was designed in release 2.0 and extended with enhanced security services for secure multi-tenancy.
High availability	Revalidates failover scenarios and the high availability of the system as designed in release 2.0.
Platforms	Validates new platforms such as the ASR 9000 for data center edge, Cisco ACE30 Application Control Engine Module for virtual Server Load Balancing (vSLB), ASA5585X for virtual firewall (vFW), and VSG for virtual machine (VM) security.

Solution Scale

The following table summarizes the Cisco VMDC 2.2 scalability validation.

Feature	Compact Pod Design	Large Pod Design
Tenants	32	152
Servers per pod	64	512
Virtual machines per pod	1440	11,520
VLANs per pod	180	520
Virtual firewall contexts	6	8
Virtual load balancers	16	24
Server VLANs	180	200
MAC addresses	12,000	24,000
HSRP gateway instances	196	504
Routing protocol scale	256 Open Shortest Path First (OSPF) neighbors	480 Border Gateway Protocol (BGP) peers

Solution Topology

Solution Components

Features	Components
Network	•Cisco Nexus® 7010, 7018, NXOS 5.2.1 •Data center services node—Cisco Catalyst® 6509-E Switch (with Virtual Switching System [VSS]), IOS 12.2(33)SXJ •Cisco ASR 9000, XR 4.1.0 •Cisco ASR 1006, XE 3.4.0 15.1(3)S
Services	•Cisco Nexus 1000V switch, NXOS 4.2.1 SV1(1.4a) •Cisco Virtual Security Gateway, 4.2(1)SV1(2) •Cisco Virtual Network Management Center: 1.2(1b) •Cisco Adaptive Security Appliance 5585-60X, 8.4.2 •Cisco ACE30 Application Control Engine Module, A 4.2.1
Compute	•Cisco Unified Computing System™ (UCS™), 1.4(2b) •Cisco UCS 5108 Blade Server Chassis •Cisco UCS 6140 Fabric Interconnect •Cisco UCS B200 M1 Blade Server •Cisco UCS M71KR-E Emulex Converged Network Adapter (CNA) •Cisco UCS M81KR Virtual Interface Card (VIC)
Virtualization	•VMware® vSphereTM 4.1 U1 •VMware ESXi 4.1U1 Hypervisor •Cisco Nexus 1000V switch (virtual access switch)
Storage	•Cisco MDS 9513 Multilayer Directors, NXOS 5.0.4d •EMC® Symmetrix® VMAXTM with Engenuity 5874 •NetApp® FAS3170 and NetApp FAS6080 with ONTAP® 8.0.2

Layered Security Strategy

Layer	Security Options
Data center edge	•Secured access and perimeter firewall •MPLS •Layer 2 and Layer 3 VPNs •SSL and IP Security (IPsec) VPNs •Infrastructure security to protect device, traffic plane, and control plane
Core and aggregation	•Device virtualization for control-, data-, and management-plane segmentation •Infrastructure security to protect device, traffic plane, and control plane services
Services	•Server load balancing to mask servers and applications •Application firewall to mitigate cross-site scripting (XSS), HTTP, SQL, and XML attacks •Infrastructure security to protect device, traffic plane, and control plane
Aggregation and access	•Secure, authenticated connections •Dynamic Address Resolution Protocol (ARP) inspection •Dynamic Host Configuration Protocol (DHCP) snooping •IP source guard •Zone security (private VLANs, port switching, and port profiles with access control lists) •Infrastructure security to protect device, traffic plane, and control plane
Virtual access	•Policy-based virtual machine connectivity •Mobile virtual machine security and network policies •Virtual firewall integration with Cisco Nexus 1000V switch
Compute	•Role Based Access Control •Application security
Storage and storage aggregation	•Fibre Channel Zoning

Differentiated Services—Example Service Tiers

Service	Bronze	Silver	Gold	Palladium
Tenant-specific network services	No additional services	Load-balancing services	Firewall and load-balancing services	Firewall and load-balancing services
Segmentation	One VLAN per client and a single virtual routing and forwarding (VRF) instance	Multiple VLANs per client and a single VRF instance	Multiple VLANs per client and a single VRF instance	Multiple VLANs per client with both a a public and private VRF instance
Data protection	None	Snap: Virtual copy (local site)	Clone: Mirror copy (local site)	Clone: Mirror copy (local site)
Disaster recovery	None	Remote replication (with specific recovery-point objective [RPO] or recovery-time objective [RTO])	Remote replication (any-point-in- time recovery)	Remote replication (any-point-in- time recovery)
Workload sizing (number of virtual machines per core)	4:1, 2:1, or 1:1	4:1, 2:1, or 1:1	4:1, 2:1, or 1:1	4:1, 2:1, or 1:1

Management and Automation

VMDC 2.2 is complemented by a set of orchestration, automation, and management software. For details contact your Cisco account representative.

For More Information

For more information about Cisco VMDC, visit http://www.cisco.com/go/vmdc and consult your Cisco account representative.