Security (Private VLAN, access control lists (ACLs), and port security)
•
Monitoring (NetFlow, Switch Port Analyzer (SPAN), and Encapsulated Remote SPAN (ERSPAN))
•
vPath providing efficient traffic redirection to one or more chained services such as the Cisco Virtual
•
Security Gateway and Cisco ASA 1000v
FlexPod architecture will fully support other intelligent network services offered via the Cisco Nexus
Note
1110-X such as Cisco VSG, ASA1000v, and vNAM.
Figure 20
FlexPod Discrete Uplink Design - Cisco Nexus 1000v Focus
The Cisco Nexus 1000v supports port profiles. Port profiles are logical templates that can be applied to
the Ethernet and virtual Ethernet interfaces available on the Nexus 1000v. In FlexPod architecture, the
Cisco Nexus 1000v aggregates the Ethernet uplinks into a single port channel named the
"System-Uplink" port profile for fault tolerance and improved throughput.
The Cisco Nexus 1000v provides link failover detection. It is therefore recommended to disable UCS
Note
Fabric Failover within the vNIC template.
The VM facing virtual Ethernet ports employ port profiles customized for each virtual machines
network, security and service level requirements. The FlexPod architecture employs three core
VMkernel NICs (vmknics) each with their own port profile:
vmk0 – ESXi management
•
vmk1 – NFS interface
•
vmk2 – vMotion interface
•
The NFS and vMotion interfaces are private subnets supporting data access and VM migration across
the FlexPod infrastructure. The management interface support remote VMware vCenter access and if
necessary ESXi shell access.
The Cisco Nexus 1000v also supports Cisco's MQC to assist in uniform operation and ultimately,
enforcement of QoS policies across the infrastructure. The Cisco Nexus 1000v supports marking at the
edge and policing traffic from VM-to-VM.
VMware vSphere 5.1 on FlexPod with Nexus 7000 Using FCoE
FlexPod Implementation and Design
45