Comments on: Data Center Networking Q&A #1 – starring HP, Nexus 1000V, QoS http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/ Studies in Data Center Networking, Virtualization, Computing Mon, 06 Feb 2012 01:52:15 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Joe Smith http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-5328 Joe Smith Sun, 23 Jan 2011 15:20:11 +0000 http://bradhedlund.com/?p=1339#comment-5328 Grouch Grouch

]]> By: Brad Hedlund http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-5324 Brad Hedlund Sun, 23 Jan 2011 01:02:55 +0000 http://bradhedlund.com/?p=1339#comment-5324 Joe, My comments above about Nexus 1000V had nothing to with "distributed forwarding intelligence" or "flows will remain in the chassis". The fact that Nexus 1000V may keep some traffic local to a server is largely incidental. I never cited that as reason for Nexus 1000V or hypervisor software switches in general. As I said before, worrying about keeping traffic local to a chassis (or local to a server) is largely a pointless and futile exercise in a virtual data center. I think I've been pretty consistent about that "philosophy". Cheers, Brad Joe,
My comments above about Nexus 1000V had nothing to with “distributed forwarding intelligence” or “flows will remain in the chassis”.
The fact that Nexus 1000V may keep some traffic local to a server is largely incidental. I never cited that as reason for Nexus 1000V or hypervisor software switches in general.
As I said before, worrying about keeping traffic local to a chassis (or local to a server) is largely a pointless and futile exercise in a virtual data center. I think I’ve been pretty consistent about that “philosophy”.

Cheers,
Brad

]]> By: Joe Smith http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-5322 Joe Smith Sat, 22 Jan 2011 20:51:45 +0000 http://bradhedlund.com/?p=1339#comment-5322 Brad, I agree that the 1000v offers value as opposed to the VMware vDS. No doubt. I'm not sure I understand your stance, though, with regard to distributed forwarding intelligence at the chassis level. When I made the comment before that I wasn't too crazy about the fact that the UCS does not have any forwarding intelligence in the chassis, and that it has to forward traffic to the 6100s just to go from server blade to server blade in the same chassis, you opined that its a better approach to have predictable traffic flows. THIS WAS MY COMMENT: "By the way, that brings up another point I’m not too crazy about: the fact that the UCS chassis does not provide distributed intelligence, which forces intra-chassis traffic to get forwarded to the FEX, then up to the FI, and then right back down again. " THIS WAS YOUR ANSWER: "Localizing intra-chassis traffic might be important if your data center is nothing more than (1) chassis, and there isn’t much bandwidth between your chassis and the network — but that’s simply not the case anymore. Once you add a second chassis you now have inter-chassis traffic that has a difference performance profile than the intra-chassis traffic. That’s not the case with UCS. Whether you have (1) chassis, (2) chassis, or (20) chassis, all traffic patterns are consistent and predictable. This makes it easier to keep a consistent SLA in a virtual data center with VM’s moving from one chassis to the next. With UCS, the location of the workload is of little significance." So, I am trying to understand your philosophy (read; Cisco's philosophy) when it comes to distributed forwarding intelligence. Is it better to forward all traffic to the network and have predictable flows and consistent SLAs, as you put it before? Or is it OK to have a hybrid model in which some flows will remain in the chassis and others will be forwarded to the LAN, as you are saying now? Thanks Brad, I agree that the 1000v offers value as opposed to the VMware vDS. No doubt.

I’m not sure I understand your stance, though, with regard to distributed forwarding intelligence at the chassis level. When I made the comment before that I wasn’t too crazy about the fact that the UCS does not have any forwarding intelligence in the chassis, and that it has to forward traffic to the 6100s just to go from server blade to server blade in the same chassis, you opined that its a better approach to have predictable traffic flows.

THIS WAS MY COMMENT:

“By the way, that brings up another point I’m not too crazy about: the fact that the UCS chassis does not provide distributed intelligence, which forces intra-chassis traffic to get forwarded to the FEX, then up to the FI, and then right back down again. ”

THIS WAS YOUR ANSWER:

“Localizing intra-chassis traffic might be important if your data center is nothing more than (1) chassis, and there isn’t much bandwidth between your chassis and the network — but that’s simply not the case anymore. Once you add a second chassis you now have inter-chassis traffic that has a difference performance profile than the intra-chassis traffic.

That’s not the case with UCS. Whether you have (1) chassis, (2) chassis, or (20) chassis, all traffic patterns are consistent and predictable. This makes it easier to keep a consistent SLA in a virtual data center with VM’s moving from one chassis to the next. With UCS, the location of the workload is of little significance.”

So, I am trying to understand your philosophy (read; Cisco’s philosophy) when it comes to distributed forwarding intelligence. Is it better to forward all traffic to the network and have predictable flows and consistent SLAs, as you put it before? Or is it OK to have a hybrid model in which some flows will remain in the chassis and others will be forwarded to the LAN, as you are saying now?

Thanks

]]> By: Brad Hedlund http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-5320 Brad Hedlund Sat, 22 Jan 2011 19:44:03 +0000 http://bradhedlund.com/?p=1339#comment-5320 Joe, The Nexus 1000V provides management visibility and security policies that the alternative hypervisor switch (vSwitch) does not provide. While networking options that bypass the hypervisor are certainly interesting, it doesn't necessarily mean that everybody will ultimately use those technologies. Most implementations today are based on hypervisor switches, and will continue to be for some time. That is why customers are investing in the Nexus 1000V. VMware themselves will be quick to disagree with you and make the case that the hypervisor software switch model provides the most flexibility, feature velocity, scalability, and more intelligent automated provisioning for the cloud. This was the case VMware made in some of the sessions at VMworld 2010. While VMware has a vested interest in the software switch model, some of that argument is pure marketing and turf defending, however they do make some valid points that I tend to agree with. The hypervisor software switch will always be able to bring features to market faster than hardware based solutions. Example: Netflow, DHCP Snooping, ERSPAN, etc, already present in Nexus 1000V. The hypervisor software switch does not have the same hard scalability limits (VM's per host) as compared to hardware based solutions (VM-FEX, VEPA, etc.). Example with Cisco VM-FEX you can have around 50 VMs per host, versus 248 VM's per host with Nexus 1000V. If the hypervisor has all the visibility into the information about VMs, including a VMs relationship to other VMs (vApp), can it perhaps make a more intelligent decision about network services and policies that should be provisioned? I think so. How much this really matters remains to be seen. Cheers, Brad Joe,
The Nexus 1000V provides management visibility and security policies that the alternative hypervisor switch (vSwitch) does not provide. While networking options that bypass the hypervisor are certainly interesting, it doesn’t necessarily mean that everybody will ultimately use those technologies. Most implementations today are based on hypervisor switches, and will continue to be for some time. That is why customers are investing in the Nexus 1000V.

VMware themselves will be quick to disagree with you and make the case that the hypervisor software switch model provides the most flexibility, feature velocity, scalability, and more intelligent automated provisioning for the cloud. This was the case VMware made in some of the sessions at VMworld 2010. While VMware has a vested interest in the software switch model, some of that argument is pure marketing and turf defending, however they do make some valid points that I tend to agree with.

The hypervisor software switch will always be able to bring features to market faster than hardware based solutions. Example: Netflow, DHCP Snooping, ERSPAN, etc, already present in Nexus 1000V.

The hypervisor software switch does not have the same hard scalability limits (VM’s per host) as compared to hardware based solutions (VM-FEX, VEPA, etc.). Example with Cisco VM-FEX you can have around 50 VMs per host, versus 248 VM’s per host with Nexus 1000V.

If the hypervisor has all the visibility into the information about VMs, including a VMs relationship to other VMs (vApp), can it perhaps make a more intelligent decision about network services and policies that should be provisioned? I think so. How much this really matters remains to be seen.

Cheers,
Brad

]]> By: Joe Smith http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-5314 Joe Smith Sat, 22 Jan 2011 00:54:23 +0000 http://bradhedlund.com/?p=1339#comment-5314 Brad, there is something about the Nexus 1000v deployment that I dont understand. The industry roadmap with regard to virtual server networking is clearly to bypass the ESX server's hypervisor and offload all the switching functions from the software switch to the adjacent physical bridge, as in VN-link in hardware and VEPA. If this is the case, I really don't understand why an organization will invest tens or hundreds of thousands of dollars on the N1Kv? Brad, there is something about the Nexus 1000v deployment that I dont understand.

The industry roadmap with regard to virtual server networking is clearly to bypass the ESX server’s hypervisor and offload all the switching functions from the software switch to the adjacent physical bridge, as in VN-link in hardware and VEPA.

If this is the case, I really don’t understand why an organization will invest tens or hundreds of thousands of dollars on the N1Kv?

]]> By: Ken Henault http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-1054 Ken Henault Tue, 08 Jun 2010 21:23:38 +0000 http://bradhedlund.com/?p=1339#comment-1054 Brad, I just realized there is the option to change the VLAN tags on a mapped VLAN. I've never used it, nor have I ever seen it used. I'm not sure why anyone would use it for the reason you mentioned above. Thanks, Ken Henault Brad, I just realized there is the option to change the VLAN tags on a mapped VLAN. I’ve never used it, nor have I ever seen it used. I’m not sure why anyone would use it for the reason you mentioned above.

Thanks,
Ken Henault

]]> By: Ken Henault http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-1053 Ken Henault Tue, 08 Jun 2010 17:53:53 +0000 http://bradhedlund.com/?p=1339#comment-1053 Thanks for reading the documentation, and pointing out that section. It obviously needs some clarification. Just to be clear, Virtual Connect DOES NOT alter the VLAN ID. The server NICs will always see the same VLAN ID as it exists on the upstream switch. There is no mechanism within Virtual Connect to change the VLAN ID. Thanks for reading the documentation, and pointing out that section. It obviously needs some clarification. Just to be clear, Virtual Connect DOES NOT alter the VLAN ID. The server NICs will always see the same VLAN ID as it exists on the upstream switch. There is no mechanism within Virtual Connect to change the VLAN ID.

]]> By: Brad Hedlund http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-1044 Brad Hedlund Mon, 07 Jun 2010 18:43:30 +0000 http://bradhedlund.com/?p=1339#comment-1044 Ken, Either you or your documentation team need to spend some more time understanding your own product a little better. Here is a direct quote from Page 75 of the latest Virtual Connect 2.30 User Guide: http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c01880580/c01880580.pdf <blockquote>If Virtual Connect is set to map VLAN tags, VC-Enet modules accept incoming frames with valid server VLAN tags and translate server-assigned VLANs into corresponding internal network VLANs, thus placing the server packet on the correct network. When these frames reach the uplinks, network VLANs are once again translated into external data center VLANs. Similarly, VLANs are translated back to server-assigned VLANs (or stripped and untagged) before sending frames out to servers. <strong>This function allows for the possibility of configurations where server VLANs might not match external VLANs used on uplinks.</strong></blockquote> Am I reading that wrong? Cheers, Brad Ken,

Either you or your documentation team need to spend some more time understanding your own product a little better. Here is a direct quote from Page 75 of the latest Virtual Connect 2.30 User Guide:

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c01880580/c01880580.pdf

If Virtual Connect is set to map VLAN tags, VC-Enet modules accept incoming frames with valid server VLAN tags and translate server-assigned VLANs into corresponding internal network VLANs, thus placing the server packet on the correct network. When these frames reach the uplinks, network VLANs are once again translated into external data center VLANs. Similarly, VLANs are translated back to server-assigned VLANs (or stripped and untagged) before sending frames out to servers. This function allows for the possibility of configurations where server VLANs might not match external VLANs used on uplinks.

Am I reading that wrong?

Cheers,
Brad

]]> By: Ken Henault http://bradhedlund.com/2010/06/03/data-center-networking-qa-1-hp-nexus-1000v-qos/comment-page-1/#comment-1040 Ken Henault Mon, 07 Jun 2010 11:34:04 +0000 http://bradhedlund.com/?p=1339#comment-1040 Brad, VLAN mapping in Virtual Connect does not change the VLAN tags. In mapped mode Virtual Connect lets you define (map) which VLAN or VLANs are assigned to a specific NIC. In tunnel mode, the whole VLAN trunk is passed through to the NIC, and no VLAN processing happens in Virtual Connect. Thanks, Ken Brad, VLAN mapping in Virtual Connect does not change the VLAN tags. In mapped mode Virtual Connect lets you define (map) which VLAN or VLANs are assigned to a specific NIC. In tunnel mode, the whole VLAN trunk is passed through to the NIC, and no VLAN processing happens in Virtual Connect.

Thanks,
Ken

]]>