網(wǎng)絡(luò)虛擬化的變革

1、 2007 cisco systems, inc. all rights reserved.cisco confidential1 網(wǎng)絡(luò)虛擬化的變革 思科系統(tǒng)(中國)網(wǎng)絡(luò)技術(shù)有限公司 2007 cisco systems, inc. all rights reserved.cisco confidential2 agendaagenda 鏈路的虛擬化鏈路的虛擬化 設(shè)備的虛擬化設(shè)備的虛擬化 服務(wù)的虛擬化服務(wù)的虛擬化 全面的虛擬化全面的虛擬化 總結(jié)總結(jié) 2007 cisco systems, inc. all rights reserved.cisco confidential3 司空見慣的虛擬化

2、司空見慣的虛擬化 ethenet port chanelmultilink ppp hsrp/glbp local access loop=64 kbps dlci: 400 pvc dlci: 500 dlci: 200 dlci: 100 pvc frame-relay/atm-svc/pvc 2007 cisco systems, inc. all rights reserved.cisco confidential4 virtualized interconnect l3 vpns mpls vpns, gre, vrf-lite, mpls services over gre, vn

3、ets* l2 vpns - atom, unified i/o, vlan trunks, otv* 2007 cisco systems, inc. all rights reserved.cisco confidential5 虛擬鏈路虛擬鏈路(ipsec/ssl-vpn)(ipsec/ssl-vpn)實現(xiàn)遠(yuǎn)程用戶安全接入實現(xiàn)遠(yuǎn)程用戶安全接入 總部總部 site-site vpn 業(yè)務(wù)伙伴業(yè)務(wù)伙伴 extranet vpn 到業(yè)務(wù)伙伴的到業(yè)務(wù)伙伴的wan擴(kuò)擴(kuò) 展展 新應(yīng)用新應(yīng)用 新的業(yè)務(wù)模型新的業(yè)務(wù)模型 遠(yuǎn)程辦公室遠(yuǎn)程辦公室 intranet vpn 低的成本低的成本, 通道連接通道連接

4、 ，豐富的，豐富的vpn服務(wù)服務(wù) 新應(yīng)用，省錢新應(yīng)用，省錢 家庭辦公家庭辦公 移動用戶移動用戶 pop pop 遠(yuǎn)程訪問遠(yuǎn)程訪問 vpn 安全安全, 可擴(kuò)展可擴(kuò)展, 加密的通道加密的通道 省錢，簡單省錢，簡單 vpn 路由器路由器isr vpn 路由器路由器isr vpn 軟件軟件 vpn 軟件軟件 思科思科asa5500 作為作為 easy-vpn server site-site vpn easy vpn easy vpn aaa認(rèn)證 服務(wù)器acs gre-vpdn 2007 cisco systems, inc. all rights reserved.cisco confidentia

5、l6 storage ipc lan processor memory i/oi/oi/o storage ipc lan i/o subsyste m processor memory fcoe 2007 cisco systems, inc. all rights reserved.cisco confidential7 數(shù)據(jù)中心網(wǎng)絡(luò)融合數(shù)據(jù)中心網(wǎng)絡(luò)融合: ip,san,hpc unified fabric unified fabric and i/o 存儲網(wǎng)絡(luò)存儲網(wǎng)絡(luò) 管理網(wǎng)絡(luò)管理網(wǎng)絡(luò) 后臺網(wǎng)絡(luò)后臺網(wǎng)絡(luò) 前端網(wǎng)絡(luò)前端網(wǎng)絡(luò) 網(wǎng)絡(luò)備份網(wǎng)絡(luò)備份 2007 cisco systems, inc.

6、 all rights reserved.cisco confidential8 agendaagenda 鏈路的虛擬化鏈路的虛擬化 設(shè)備的虛擬化設(shè)備的虛擬化 服務(wù)的虛擬化服務(wù)的虛擬化 全面的虛擬化全面的虛擬化 總結(jié)總結(jié) 2007 cisco systems, inc. all rights reserved.cisco confidential9 vlan-trunk vlan tag added by incoming port vlan tag stripped by forwarding port 802.1q vlan identifier 2007 cisco systems, i

7、nc. all rights reserved.cisco confidential10 路徑隔離：路徑隔離：router vrf（virtual routing/forwarding） 設(shè)備虛擬化 control plane virtualization data plane virtualization management virtualization 數(shù)據(jù)路徑虛擬化 single-hop multi-hop 802.1q dlci vpi/vci pw, vfi tags / circuits tags / circuits vlan vlan 2007 cisco systems,

8、inc. all rights reserved.cisco confidential11 branch blue vrf green vrf red vrf branch blue vrf green vrf red vrf branch blue vrf green vrf red vrf branch blue vrf green vrf red vrf network virtualization - extension servers mainframe wan which virtualization technology for extending: - l2 ? - l3 ?

9、campus and data center 2007 cisco systems, inc. all rights reserved.cisco confidential12 virtual sans (vsans)-將將lan的概念移植到存儲的概念移植到存儲 eliminates costs associated with separate physical fabrics through consolidation allows partitioning of individual switches and/or fabrics overlay isolated virtual fabr

10、ics on same physical infrastructure vsans contain zones and separate fabric services availability fault isolation isolate virtual fabrics from fabric-wide faults/reconfigurations scalability replicated fabric services per vsan security complete hardware isolation between virtual san department/ cust

11、omer a shared storage department/ customer b vsan-enabled fabric mgmt vsan mds 9222i 2007 cisco systems, inc. all rights reserved.cisco confidential13 inter-vsan routing (ivr) sharing resources across vsans allows sharing of centralized resources such as tape and disks across vsans without merging s

12、eparate fabrics provides high fabric resiliency and vsan-based manageability distributed, scaleable, and highly resilient architecture transparent to third-party switches enables blade-per-vsan architecture for blade servers tape vsan_4 (access via ivr) hr vsan_3 marketing vsan_2 blade server tape v

13、san_4 (access via ivr) vsan-specific disk engineering vsan_1 marketing vsan_2 hr vsan_3 ivr ivr mds 9222i mds 9222i ivr 2007 cisco systems, inc. all rights reserved.cisco confidential14 virtual firewall core/internet catalyst 6500/7600 fw sm abc vfwvfwvfw msfc e.g. three customers a three security c

14、ontexts scales up to 256 vlans can be shared if needed (vlan 10 on the right-hand side example each context has its own policies (nat, access-lists, fixups, etc.) core/internet catalyst 6500/7600 a fw sm bc vfwvfwvfw msfc vlan 10vlan 20vlan 30 vlan 11 vlan 21vlan 31 vlan 10 vlan 11 vlan 21vlan 31 20

15、07 cisco systems, inc. all rights reserved.cisco confidential15 online bank application virtualized application switching ace way cisco ace esx server virtual machines bank apps micro soft orcale microsoft outlook virtual machines bank apps micro soft oracle app has capacity available ideal isolatio

16、n 2007 cisco systems, inc. all rights reserved.cisco confidential16 idsm-2 module for the catalyst 6500 chassis catalyst-integrated security module delivering full-featured intrusion protection industry-exclusive product providing high speed threat protection promiscuous operation with no impact on

17、catalyst performance or reliability common code base for consistent features and signature updates enhanced management simplifying deployment 2007 cisco systems, inc. all rights reserved.cisco confidential17 統(tǒng)一堆疊 如同一臺設(shè)備 64gbps 堆疊吞吐量 與 stackwise 的向后兼容 一個網(wǎng)管單元（ip、snmp、 cli、stp 協(xié)議、vlan ） 跨堆疊 etherchanne

18、l、跨堆 疊 qos 主用/備用架構(gòu)支持主機(jī)故障 切換 雙向堆疊提供容錯性 業(yè)務(wù)智能轉(zhuǎn)發(fā) 配置和管理自動化 2007 cisco systems, inc. all rights reserved.cisco confidential18 語音服務(wù)器群集語音服務(wù)器群集 cluster 集集群服務(wù)器群服務(wù)器 infiniband vpn server cluster asa5500 ipsec/ssl vpn callmanager internet 2007 cisco systems, inc. all rights reserved.cisco confidential19 vpc 基于基

19、于nexus7000虛擬化技術(shù)虛擬化技術(shù) 傳統(tǒng)設(shè)計傳統(tǒng)設(shè)計 vpc vpc 設(shè)計設(shè)計 2007 cisco systems, inc. all rights reserved.cisco confidential20 sisisisi 特性特性 網(wǎng)絡(luò)系統(tǒng)虛擬化網(wǎng)絡(luò)系統(tǒng)虛擬化 不中斷的轉(zhuǎn)發(fā)不中斷的轉(zhuǎn)發(fā)/機(jī)箱間的狀態(tài)切換機(jī)箱間的狀態(tài)切換 （nsf/sso） 多機(jī)箱多機(jī)箱etherchannel（mec） vss的優(yōu)勢的優(yōu)勢 通過簡化網(wǎng)絡(luò)來提高運行效率通過簡化網(wǎng)絡(luò)來提高運行效率 促進(jìn)不中斷的持續(xù)通信促進(jìn)不中斷的持續(xù)通信 將系統(tǒng)帶寬容量擴(kuò)展到將系統(tǒng)帶寬容量擴(kuò)展到 1.44 tbps 虛擬交換系統(tǒng)虛擬交

20、換系統(tǒng)1440 網(wǎng)絡(luò)系統(tǒng)虛擬化網(wǎng)絡(luò)系統(tǒng)虛擬化 物理視圖物理視圖邏輯視圖邏輯視圖 主控制層面主控制層面 主數(shù)據(jù)層面主數(shù)據(jù)層面 熱等待熱等待控制層面控制層面 主數(shù)據(jù)層面主數(shù)據(jù)層面 2007 cisco systems, inc. all rights reserved.cisco confidential21 fex = virtual chassis 簡化網(wǎng)絡(luò)，簡化管理簡化網(wǎng)絡(luò)，簡化管理 tor 的布線，的布線，eor 的架構(gòu)的架構(gòu) nexus 5000nexus 5000 virtualized chassisvirtualized chassis + + nexus 5000nexus 50

21、00 nexus 2000 fabric extendernexus 2000 fabric extender = = 2007 cisco systems, inc. all rights reserved.cisco confidential22 layer-2 protocolslayer-2 protocolslayer-3 protocolslayer-3 protocols vlan mgrvlan mgr stpstp ospfospf bgpbgp eigrpeigrp glbpglbp hsrphsrp vrrpvrrp udldudld cdpcdp 802.1x802.1

22、xigmp snoop lacplacppimpimctsctssnmpsnmp protocol stack (ipv4 / ipv6 / l2)protocol stack (ipv4 / ipv6 / l2) ribrib rib 1rib 1rib nrib n vdc layer-2 protocolslayer-2 protocolslayer-3 protocolslayer-3 protocols vlan mgrvlan mgr stpstp ospfospf bgpbgp eigrpeigrp glbpglbp hsrphsrp vrrpvrrp udldudld cdpc

23、dp 802.1x802.1xigmp snoop lacplacppimpimctsctssnmpsnmp protocol stack (ipv4 / ipv6 / l2)protocol stack (ipv4 / ipv6 / l2) ribrib rib 1rib 1rib nrib n infrastructureinfrastructure linux 2.6 kernellinux 2.6 kernel layer-2 protocolslayer-2 protocolslayer-3 protocolslayer-3 protocols vlan mgrvlan mgr st

24、pstp ospfospf bgpbgp eigrpeigrp glbpglbp hsrphsrp vrrpvrrp udldudld cdpcdp 802.1x802.1xigmp snoop lacplacppimpimctsctssnmpsnmp protocol stack (ipv4 / ipv6 / l2)protocol stack (ipv4 / ipv6 / l2) ribrib rib 1rib 1rib nrib n layer-2 protocolslayer-2 protocolslayer-3 protocolslayer-3 protocols vlan mgrv

25、lan mgr stpstp ospfospf bgpbgp eigrpeigrp glbpglbp hsrphsrp vrrpvrrp udldudld cdpcdp 802.1x802.1xigmp snoop lacplacppimpimctsctssnmpsnmp protocol stack (ipv4 / ipv6 / l2)protocol stack (ipv4 / ipv6 / l2) ribrib rib 1rib 1rib nrib n 2007 cisco systems, inc. all rights reserved.cisco confidential23 vn

26、-link 以虛對虛以虛對虛 vmw esx server vmw esx server cisco vn-link vm #5 vm #8 vm #7 vm #6 vm #4 vm #3 vm #2 vm #1 vm #4 vm #3 vm #2 vm #1 vn-link property mobility vmotion for the network ensures vm security maintains connection state virtual center vms need to move vmotion drs sw upgrade/patch hardware fa

27、ilure policy-based vm connectivity non-disruptive operational model mobility of network & security properties cisco vn-linkvirtual network link 2007 cisco systems, inc. all rights reserved.cisco confidential24 agendaagenda 鏈路的虛擬化鏈路的虛擬化 設(shè)備的虛擬化設(shè)備的虛擬化 服務(wù)的虛擬化服務(wù)的虛擬化 全面的虛擬化全面的虛擬化 總結(jié)總結(jié) 2007 cisco systems,

28、inc. all rights reserved.cisco confidential25 cisco waas/mobile solution overview branch office regional office waas waas waas large campus or data center waas mobile server vpn vpn waas mobile server international mobile user waas mobile sw over vpn waas mobile sw over vpn domestic mobile user wan

29、internet 2007 cisco systems, inc. all rights reserved.cisco confidential26 w1a1fs1fs2v1e1 分支機(jī)構(gòu)中的虛擬數(shù)據(jù)中心服務(wù)分支機(jī)構(gòu)中的虛擬數(shù)據(jù)中心服務(wù) ip 網(wǎng)絡(luò)網(wǎng)絡(luò) w1a1fs2e1 數(shù)據(jù)中心數(shù)據(jù)中心 分支機(jī)構(gòu)分支機(jī)構(gòu)1分支機(jī)構(gòu)分支機(jī)構(gòu)2 waas v1 w1a1fs1fs2v1e1w1a1fs1fs2v1e1w1a1fs1fs2v1e1 fs1 waaswaas 為分支機(jī)構(gòu)用戶提供為分支機(jī)構(gòu)用戶提供 與總部一樣的應(yīng)用性與總部一樣的應(yīng)用性 能能 降低總擁有成本降低總擁有成本 提高業(yè)務(wù)靈活性和響提高業(yè)務(wù)靈活

30、性和響 應(yīng)能力應(yīng)能力 簡化數(shù)據(jù)保護(hù)，備份簡化數(shù)據(jù)保護(hù)，備份 和永續(xù)性和永續(xù)性 2007 cisco systems, inc. all rights reserved.cisco confidential27 虛擬會議虛擬會議-webex/meeting place -經(jīng)典的云計算經(jīng)典的云計算 q 面對面的溝通無論在是時間上還是成本 上都會是很大的問題。 q 需要集成的虛擬會議解決方案 統(tǒng)一的撥號規(guī)劃 目錄服務(wù) 服務(wù)質(zhì)量 管理 q 統(tǒng)一的網(wǎng)絡(luò)架構(gòu)，便于管理 q 減少開支 同一通信網(wǎng)絡(luò) 唯一的技術(shù)支持隊伍 應(yīng)用層面的培訓(xùn) 運維開銷降低 統(tǒng)一的工具 q 用戶方便地實現(xiàn)多種會議服務(wù) 撥號/點擊 進(jìn)入

31、會議 多種會議服務(wù) 2007 cisco systems, inc. all rights reserved.cisco confidential28 網(wǎng)網(wǎng)關(guān)關(guān) 共享應(yīng)用和服務(wù) 無處不在的基于網(wǎng)絡(luò)的托管 可分布的服務(wù)和終端 一致的客戶體驗 web web 應(yīng)應(yīng)用用 基基于語音的于語音的 自我服務(wù)系統(tǒng)自我服務(wù)系統(tǒng) 業(yè)業(yè)務(wù)規(guī)則務(wù)規(guī)則 路路由處理由處理 處處理引擎理引擎 報報表系統(tǒng)表系統(tǒng) cisco cisco 語音語音 分配管理系統(tǒng)分配管理系統(tǒng) 移移動座席動座席 知知識員工識員工 專專業(yè)技能組業(yè)技能組 2007 cisco systems, inc. all rights reserved.cis

32、co confidential29 思科網(wǎng)真，既虛擬又真實思科網(wǎng)真，既虛擬又真實 2007 cisco systems, inc. all rights reserved.cisco confidential30 思科三維網(wǎng)真思科三維網(wǎng)真-將科幻變成現(xiàn)實將科幻變成現(xiàn)實 2007 cisco systems, inc. all rights reserved.cisco confidential31 agendaagenda 鏈路的虛擬化鏈路的虛擬化 設(shè)備的虛擬化設(shè)備的虛擬化 服務(wù)的虛擬化服務(wù)的虛擬化 全面的虛擬化全面的虛擬化 總結(jié)總結(jié) 2007 cisco systems, inc. all

33、rights reserved.cisco confidential32 san l4-7 services l4-7 services branches data center i data center ii wan/man/internet branches data center i data center ii branches branches campus network and compute virtualization network virtualization compute virtualizatio n virtual machines clusters stora

34、ge virtualization partitionsimplify/poolinterconnect consolidated i/o segmentationvm-aware networking intelligent l2 domains lan extension centralized management 2007 cisco systems, inc. all rights reserved.cisco confidential33 ucs 管理者管理者 embedded in fabric interconnect ucs多機(jī)箱多機(jī)箱fabric互聯(lián)交換機(jī)互聯(lián)交換機(jī) 20

35、port 10gb fcoe 40 port 10gb fcoe ucs機(jī)箱機(jī)箱fabric擴(kuò)展器擴(kuò)展器 logically part of fabric interconnect inserts into blade enclosure ucs 刀片服務(wù)器機(jī)箱刀片服務(wù)器機(jī)箱 flexible bay configurations logically part of fabric interconnect ucs 刀片服務(wù)器刀片服務(wù)器 different blade types mix blade types within enclosure ucs 虛擬網(wǎng)絡(luò)適配卡虛擬網(wǎng)絡(luò)適配卡 three

36、adapter options mix adapters within blade ucs系統(tǒng)系統(tǒng)-虛擬化的集中體現(xiàn)虛擬化的集中體現(xiàn) i/o 虛擬化 computing 虛擬化 memory 虛擬化 network/storage 虛擬化 管理虛擬化 2007 cisco systems, inc. all rights reserved.cisco confidential34 2007 cisco systems, inc. all rights reserved.cisco confidential35 網(wǎng)絡(luò)虛擬化使的應(yīng)用從網(wǎng)絡(luò)虛擬化使的應(yīng)用從“獨占資源獨占資源” 向向“共享資源共享資源

37、 ”轉(zhuǎn)變轉(zhuǎn)變 共享的服務(wù)導(dǎo)向模式共享的服務(wù)導(dǎo)向模式 標(biāo)準(zhǔn)化資源組成標(biāo)準(zhǔn)化資源組成“共享池共享池” 根據(jù)需求以構(gòu)筑根據(jù)需求以構(gòu)筑 數(shù)據(jù)中心的數(shù)據(jù)中心的“虛擬化虛擬化”基礎(chǔ)架構(gòu)基礎(chǔ)架構(gòu) 數(shù)據(jù)中心數(shù)據(jù)中心 網(wǎng)絡(luò)網(wǎng)絡(luò) 用戶接入用戶接入 網(wǎng)絡(luò)網(wǎng)絡(luò) 共享的應(yīng)用服務(wù)共享的應(yīng)用服務(wù) 計算資源池計算資源池 存儲資源池存儲資源池 存儲分離的存儲分離的 高端服務(wù)器模式高端服務(wù)器模式 數(shù)量眾多的數(shù)量眾多的 機(jī)架及刀片式服務(wù)機(jī)架及刀片式服務(wù) 器器 單獨的單獨的 應(yīng)用系統(tǒng)應(yīng)用系統(tǒng) 單獨的單獨的 應(yīng)用系統(tǒng)應(yīng)用系統(tǒng) 獨立的專用獨立的專用 主機(jī)模式主機(jī)模式 單獨的單獨的 應(yīng)用系統(tǒng)應(yīng)用系統(tǒng) t1s2-cisco 2007 cis

38、co systems, inc. all rights reserved.cisco confidential36 整合整合虛擬化虛擬化自動化自動化設(shè)施設(shè)施市場市場 功能使用功能使用 隨我所欲隨我所欲 資源分配資源分配 隨我所欲隨我所欲 業(yè)務(wù)部署業(yè)務(wù)部署 隨我所欲隨我所欲 商用服務(wù)商用服務(wù) 隨我所欲隨我所欲 unified fabric unified network unified computing 企業(yè)級的云計算服務(wù) 云計算(多云) 2007 cisco systems, inc. all rights reserved.cisco confidential37 agendaagenda 鏈路的虛擬化鏈路的虛擬化 設(shè)備的虛擬化設(shè)備的虛擬化 服務(wù)的虛擬化服務(wù)的虛擬化 全面的虛擬化全面的虛擬化 總結(jié)總結(jié)