Nexus 1000V On Open Source Hypervisors
Last week at Cisco Live, Cisco unveiled the Cisco ONE strategy. I won’t go into detail on Cisco ONE in this blog post, there has been plenty of blog and analyst coverage of this elsewhere. One piece of the announcement I would like to talk about is the Nexus 1000V and it’s move to running on Open Source hypervisors, along with OpenStack Quantum integration.
Nexus 1000V on KVM With OpenStack: The Cisco Live Demo
At Cisco Live, we demonstrated the Nexus 1000V on KVM with integration into OpenStack. The demo included both the Nexus 1000V Virtual Supervisor Module (VSM), as well as the Virtual Ethernet Module (VEM). The VSM is a virtual machine running Cisco NX-OS software. For the demo, the VSM was running on a Nexus 1010 physical appliance. The VEM was running on the Linux host itself, which was running Fedora Linux, version 16. The OpenStack version we demoed was OpenStack Essex. We were running Nova, Glance, Keystone, Horizon and Quantum. We also wrote a Nexus 1000V Quantum plugin which handles interaction between Quantum and the Nexus 1000V VSM. This is done via a REST API on the Nexus 1000V VSM.
What we demonstrated was the ability for providers to create networks using the standard “nova-manage” CLI in OpenStack. These networks were then mapped to port-profiles on the Nexus 1000V VSM. When a tenant then powered up a VM, the VM was placed on the provider network, and ultimately had it’s VIF attached to the port-profile associated with the provider network. The network administrator, through the VSM, is now able to see the virtual interfaces attached to veth ports, and can apply policies on them. We demoed ACLs on the virtual ports, to demonstrate a Nexus 1000V feature in use with OpenStack. What the demo ultimately showed was the Nexus 1000V operational model separating network and server administrator in an OpenStack deployment.
Where To Go From Here
One thing we are planning to do around our Quantum plugin is to expose the port-profile concept as an extension to the standard Quantum API. This allows profiles to be managed by our Quantum plugin, and allows for us to provide the ability to expose profiles to users of Quantum via the extension API. One immediate benefit this allows for is a GUI such as Horizon to expose port-profile information back into their UI, allowing tenants to select port-profiles to map to virtual interfaces when powering up virtual machines. Effectively, this would allow for providers to create port-profiles and make them available for their tenants to select when powering up virtual machines. Providers can then control policy on the virtual interfaces on their networks.
The End Result
The result of integrating Nexus 1000V with Open Source hypervisors is allowing for the continued evolution of advanced virtual machine networking onto these platforms. OpenStack Quantum integration allows for the integration of the concept of network and server administrator separation into the OpenStack deployment model. Both of these are ultimately about providing more control, visibility, and programmability for customers. I think this is something customers will be excited about, just as we are excited about driving to deliver this to those same customers.