思科的数据中心虚拟化解决方案-SEVT-Jiapeng.ppt
- 文档编号:9362662
- 上传时间:2023-05-18
- 格式:PPT
- 页数:60
- 大小:8.75MB
思科的数据中心虚拟化解决方案-SEVT-Jiapeng.ppt
《思科的数据中心虚拟化解决方案-SEVT-Jiapeng.ppt》由会员分享,可在线阅读,更多相关《思科的数据中心虚拟化解决方案-SEVT-Jiapeng.ppt(60页珍藏版)》请在冰点文库上搜索。
,数据中心的虚拟化解决方案,目录,数据中心虚拟化技术的概览CISCO的数据中心虚拟化解决方案应用案例分享-CISCOIT,“By2008,50%ofTodaysDataCentersWillHaveInsufficientPowerandCoolingCapacitytoMeettheDemandsofHigh-DensityEquipment”,数据中心的趋势,DaystoDeployApplications部署应用的天数Server/StorageUtilization服务器/存储利用率AnnualStorageGrowth每年存储增长DCRecordsRetention(Years)数据中心记录保管DCPowerandCoolingCosts数据中心电力跟制冷费用DataCenterOperations数据中心维护,Source:
Gartner,2008,6018030%,Gartner200910大战略技术,1、虚拟化技术(Virtualization)2、云计算(CloudComputing)技术3、后刀片服务器(ServersBeyondBlades)4、面向互联网的架构(Web-orientedarchitecture)5、企业聚合应用(Mashup)技术6、专业化系统(Specializedsystems)7、社会化软件和社交网络(Socialsoftwareandsocialnetworking)8、统一通信技术(Unifiedcommunications)9、商业情报技术(Businessintelligence)10、绿色IT技术(GreenIT),虚拟化-定义(一种表述),Virtualization虚拟化IsthePoolingandAbstractionofResourcesandServicesinaWayThatMasksthePhysicalNatureandBoundariesofThoseResourcesandServicesfromTheirUsers,数据中心虚拟化目标,整合或者共享物理资产来提高利用率,减少物理设备,电缆,空间,电力与制冷,快速部署以及重部署资源以符合业务发展目标,从应用“独占资源”向“共享资源”转变,存储分离的高端服务器模式,数量众多的机架及刀片式服务器,T1S2-Cisco,数据中心虚拟化一览,Front-End数据中心的虚拟化核心层VDC汇聚层、服务层VDCVSSVPC访问层服务器虚拟化Back-End虚拟化SANHBAUnifiedIO(FCoE)Storage,目录,数据中心虚拟化技术的概览CISCO的数据中心虚拟化解决方案应用案例分享-CISCOIT,FRONT-END前端虚拟化,网络虚拟化,Servers,Mainframe,WAN,数据中心里的分隔,DriversConsolidatedatacentersfrommultipleorganizationalunits(OUs)HigherutilizationofdedicateddatacenterspacesNeedsPartitionroutingsogroupscantsee/accesseachother(compliance/organizationalboundaries)SeparatemanagementforsubsetofservicesOptionsVLANs/VRFsVDCsServicecontexts,SegmentationL3VRF技术,802.1q,GlobalTable,GuestVRF,SVIorsub-interface(Layer3),GRETunnelVRF-LITEendtoend,IP交换(向核心层),IP交换(向访问层),SVIorsub-interface(Layer3),PhysicalInterface(Layer3),PartnerVRF,SVIorSub-Interface(Layer3),FirstL3HopDevice,RedVRF,GreenVRF,SegmentationVDC-虚拟设备环境,VDCVirtualDeviceContextCiscoNX-OS能够将OS和硬件资源划分为模拟虚拟设备的虚拟环境每个VDC拥有其自身的软件进程、专用硬件资源(接口)和独立的管理环境独立的安全管理界限划分和故障隔离域VDC有助于将分立网络整合为一个通用基础设施,保留物理上独立的网络的管理界限划分和故障隔离特性,并提供单一基础设施所拥有的多种运营成本优势。
Infrastructure,Kernel,VDC1,VDC2,VDC3,VDC4,数据中心里用VDC做分隔,Nexus7000,Campus/WAN,Campus/WAN,VDCsandContexts,UsingVDCs,managementofbothservicesandswitchinginfrastructurekeptcompletelyindepdendentSecurity-policymanagementanddeploymentbyusergroupVRFs/VLANscanbedeployedwithincontextofeachVDC,VDC应用模式水平整合与垂直整合,Objective:
Consolidatelateralinfrastructurethatdeliverssimilarrolesforseparateoperationaloradministrativedomains.Benefits:
Reducedpowerandspacerequirements,canmaximizedensityoftheplatform,easymigrationtophysicalseparationforfuturegrowth,core1,core2,agg2,agg1,acc2,acc1,agg4,agg3,accY,accN,acc2,acc1,accY,accN,core,core,Core,AggregationVDCs,CoreDevices,AggregationDevices,aggVDC1aggVDC2,aggVDC1aggVDC2,aggVDC1,aggVDC2,AdminGroup1,AdminGroup2,AdminGroup1,AdminGroup2,core1,core2,agg4,agg3,accY,accN,accY,accN,coreVDC,aggVDC,CoreVDCs,AggregationVDCs,CoreDevices,AggregationDevices,coreVDC,aggVDC,Combinedvertical&horizontalconsolidationinsmalltomediumdesigns(2aggregationblocksorless)Power,coolingandrealestateoptimizationformultiplelayersMaximizethebenefitsofahigh-densityplatformSimplifiedgrowthmigrationpath,core1,core2,agg2,agg1,acc2,acc1,agg4,agg3,accY,accN,acc2,acc1,accY,accN,core,core,agg,agg,CoreVDCs,AggregationVDCs,CoreDevices,AggregationDevices,VDC应用模式水平+垂直整合,DevicePoolingCatalyst6500VSS的部署模式,DataCenter,WAN,Internet,Before,After,SimplifiesOperationalManageabilityBoostsNon-StopCommunicationsOptimizedpathselection,IncreasedthroughputMaximizesystemusage,Maximizeserverusage,MaximizesBandwidthUtilization,LoopfreeNon-blockingTopologyLinktoServiceSwitchorServiceAppliancearevPCthusnotblockingportsServicedeviceshavedirectpathtoactiveHSRPpeerregardlessofactivestateNullifiesfatesharingissuesasservicelocationmaynotbesuboptimalBandwidthCapacityPathsto/fromservicedevicesarebothconcurrentlyusableOversubscriptiontoservicedevicesishalved,*ApplicabletoVSSaswell,DevicePoolingNexus7000vPC的部署模式,Before,After,FRONT-END网络服务虚拟化,SIA架构的优越性ServiceInsertionArchitecture,ServiceAwareNetworking,ReducedOperationalRisk,Abilitytotest&deploynewserviceswithminimaltrafficengineering,ReducedOperationalCosts,Simplifiesdeploymentsandrepurposingofservices,InvestmentProtection,LeverageyourexistingCisconetworkinginfrastructuretoadopttheSIAframework,ServiceVirtualization,Migratetowardsanon-demandservicesconsumptionmodel,Embedservicesintelligenceintothenetwork,SimplifiedManageability,Abilitytotrace&troubleshootflowsacrossmultipleservices,Strategic,Operational,Financial,FasterDeployment,Abilitytorapidlyturnonadditionalservices,ServiceInsertionArchitecture(SIA)一览,Today,SIA-Enabled,TopologybasedtrafficsteeringVLAN&VRFstitchingWCCP,PBR,Src-NATStatic,distributedconfigurationProliferationofVLANs/VRFsPercontext,perservice,Cloud/utilityservicemodelTopologyindependentinsertionElasticvirtualserviceallocationCommontroubleshootingandmgmtSingleVLAN/VRFforservicesAllcontexts/service,Cat6500+服务模块汇聚层的“Inline”Services模式-VSSEnable,TheNeed:
Higherperformance/scalabilityrequiredinaggregationand/orcoreTheSolution:
UsetheNexus7000tosatisfyhigherportdensitiesTheMigration:
MoveCatalyst6500chassiswithservicemodulestoan“on-a-stick”configurationandre-usehighspeedlinkstoconnecttotheNexus7000,Nexus7000+ServiceChassis汇聚层的:
ServiceChassis“On-a-Stick”,TheNeed:
Higherperformance/scalabilityrequiredinaggregationand/orcoreTheSolution:
UsetheNexus7000tosatisfyhigherportdensitiesTheMigration:
MoveCatalyst6500chassiswithservicemodulestoan“on-a-stick”configurationandre-usehighspeedlinkstoconnecttotheNexus7000ESEtestedanddocumented“ImplementingNexus7000intheDataCenterAggregationLayerwithServices”,VPC/VSS与Services一起使用,ServicescanbeattachedusingEtherChannelAppliancebasedServices-chassisbased(standaloneorVSS),ASA,ACEAppliance,NAMAppliance,ServicesChassis,Nexus7000,Nexus7000,Cat6500,DBServers,StorageNetwork,MultipleVirtualDevices,CiscoACEConsolidation,ACE,Web/AppServers,DBServers,Web/AppServers,Web/AppServers,DBServers,应用控制引擎虚拟化,防火墙虚拟化,e.g.,Threecustomersthreesecuritycontextsscalesupto250VLANscanbesharedifneeded(VLAN10ontheright-handsideexample)Eachcontexthasitsownpolicies(NAT,access-lists,fixups,etc.)FWSMsupportsrouted(Layer3)ortransparent(Layer2)virtualfirewallsatthesametime,Core/Internet,CiscoCatalyst6500,FWSM,VFW,VFW,VFW,MSFC,Core/Internet,CiscoCatalyst6500,FWSM,VFW,VFW,VFW,MSFC,VLAN10,VLAN20,VLAN30,VLAN11,VLAN21,VLAN31,VLAN10,VLAN11,VLAN21,VLAN31,A,B,C,A,B,C,应用系统的虚拟化解决方案,网络:
端到端的路径分开,特别是在三层设备的VPN技术,比如MPLSVRF等应用:
每个应用区甚至每个应用都有自己的业务服务设施,比如:
防火墙、IDS、负载均衡器、SSL加速、应用服务,服务器虚拟化,Hardware-basedvirtualizationSoftware-basedvirtualizationHosted(applicationvirtualization)HypervisorFullvirtualization(binarytranslation)Para-virtualization(OSassisted)Hardware-assistedvirtualization(IntelVT-x/AMD-V),X86Hardware,GuestOS,App,GuestOS,App,HostOperatingSystem,VirtualizationSoftware,MgmtPartition,GuestOS,GuestOS,X86Hardware,Hypervisor,App,App,服务器虚拟化技术是推动客户的重要因素,Hypervisor,Hypervisor,FullVirtualization,服务器虚拟化技术是推动客户的重要因素,VMwareESXserverMicrosoftHyperVXen(withAMD-SVMorIntelVM-T)Virtuallron(hardware-assisted),Para-Virtualization,ApplicationVirtualization,例如,Xen(withtraditionalhardware)OracleVMserver,例如,VMwareserverVMwareworkstation,例如,服务器虚拟化带来的网络挑战,VN-Link:
虚拟化网络域,虚拟机感知的网络与存储服务抽象的物理跟逻辑基础设施虚拟机是新的数据中心区块,CiscoNexus1000V更快的虚拟机部署-替换Hypervisor层Vswitch,VMWESX,服务器r,VMWESX,服务器,CiscoNexus1000V,VM连接策略网络中定义应用到VirtualCenter链接到VMUUID,被定义测策略,WEBAppsHRDBCompliance,VirtualCenter,基于策略的虚拟机连接,虚拟化网络域,网络与安全属性的移动性,不间断的运行模式l,VirtualCenter,策略定义支持:
VLAN,PVLANsettingsACL,PortSecurity,ACLRedirectCiscoTrustSec(SGT)NetFlowCollectionRateLimitingQoSMarking(COS/DSCP)RemotePortMirror(ERSPAN),基于策略的虚拟机连接,安全与网络属性的移动性跟着VM走,VirtualCenterkicksoffaVmotion(manual/DRS)andnotifiesNexus1000VDuringVMreplication,Nexus1000VcopiesVMportstatetonewhost,VMWESX,Server2,Nexus1000-VEM,VMWESX,Server1,Nexus1000VVEM,VM#5,VM#8,VM#7,VM#6,VM#1,VM#4,VM#3,VM#2,MobilePropertiesInclude:
PortpolicyInterfacestateandcountersFlowstatisticsRemoteportmirrorsession,VirtualCenter,VirtualCenterkicksoffaVmotion(manual/DRS)¬ifiesNexus1000VDuringVMreplication,Nexus1000VcopiesVMportstatetonewhostOnceVMotioncompletes,portonnewESXhostisbroughtup&VMsMACaddressisannouncedtothenetwork,VMWESX,Server2,Nexus1000-VEM,VMWESX,Server1,Nexus1000VVEM,VM#5,VM#8,VM#7,VM#6,VM#1,VM#4,VM#3,VM#2,VirtualCenter,安全与网络属性的移动性跟着VM走,CiscoNexus5000VN-Link与网络端口虚拟化,Policy-BasedVMConnectivity,Non-DisruptiveOperationalModel,MobilityofNetworkandSecurityProperties,Allowsscalablehardware-basedimplementationsthroughhardwareswitchesStandards-basedinitiative:
Cisco&VMwareproposalinIEEE802tospecify“NetworkInterfaceVirtualization”CombinesVMandphysicalnetworkoperationsintoonemanagednodeFutureavailability,CiscoVirtualization-CentricNetworking,虚拟化感知的访问层基于策略的网络管理大规模的虚拟机移动性,网络扩展的虚拟化,VirtualizeatClusterScale,DataCenter,VirtualizeatDataCenterScale,VMOTION等新应用模式带来的网络挑战解决方案-NexusOTV支持,Vmotion/DRS需要虚拟机应用从一个L2区域平滑移动到另一个L2区域利用Nexus组成具备OTV特性的虚拟机服务器集群BlockOTV(OverlayTransportVirtualization)延伸L2通过L3边界Nexus7000汇聚层+Nexus1000V访问层=完善的解决方案,L3,L2,L3,L2,POD,POD,POD,POD,Inter-PodLANExtension:
SubnetsareextendedoverL3boundaries:
ExtensionofpredefinedVLANs/subnetsSTPdomainsremainisolatedtoeachpodContainmentoffaultdomainsatpodlevel,Inter-DCsLANExtension:
VLANExtensionoverMetro/WANCloud:
VLAN/subnetExtensioncomparabletointer-PodPodL2DomainsremainisolatedAccesstoPODsubnetiscontrolledbyIGP,IPCloud,BACK-END存储虚拟化与统一IO,现在:
从SAN孤岛到存储网络虚
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 思科 数据中心 虚拟 化解 方案 SEVT Jiapeng