Friday, November 21, 2008

Cisco Introduces VN-Link - Virtual Switch for VMWare

The details are still sketchy, and I'm not sure I understand all the pieces. But, Cisco has just introduced a product that replaces the built-in virtual switch within VMWare's ESX product. This new product is called the VN-Link, or Nexus 1000V.

This new software switch provides the glue between the virtual servers and the network. The magic behind the curtain is a new protocol called Network Interface Virtualization (NIV). Developed jointly by Cisco and VMWare, NIV has been presented to IEEE for ratification as an open standard.

NIV is used to communicate host moves from one physical server to another, in conjunction with the Nexus 5000 top-of-rack switch. Another feature called the N-Port Virtualizer (NPV) is a function currently available on the Cisco MDS 9000 family of multilayer switches that allows storage services to follow a virtual machine as it moves.

More explanation from Cisco's site -
This tight coupling of the virtual machine to both network and storage services enables policy and security to be managed at the virtual machine and for those services to follow the virtual machine as it moves when features such as VMware's dynamic resource management are used. Cisco VN-Link also provides visibility down to the virtual machine level, simplifying management, troubleshooting, and regulatory compliance. Further, Cisco VN-Link allows the server, storage, and network teams to collaborate more closely while still maintaining team autonomy. For example, the server administrator can add or move a server or virtual machine without having to call the network or storage team or to take on storage or network responsibilities. Similarly, each team can continue to use its favorite management and operations tools.
Ultimately, this provides a real Cisco switch inside the VMWare virtual environment, giving the network team the tool-set that we are accustomed to using in the physical network world.
Cisco VN-Link combines data-center class network security with operational segregation to meet the security challenges of today's virtual server environments. The Cisco Nexus 1000 and Nexus 5000 Series switches support roles-based access control (RBAC) and authentication, authorization, and accounting (AAA) to help ensure that proper change control can be implemented and audited. RBAC and AAA coupled with Cisco VN-Link provides operational separation between server and network administrators so that security policies can be enforced without sacrificing the flexibility of server administrators to rapidly provision VMs. Cisco VN-Link also supports ACLs and private VLANs, enabling server administrators to virtualize a whole new set of applications that would otherwise require dedicated physical servers for security.
The Nexus 1000V is the first installment of what will likely be some very interesting solutions to re-focus the blurred line between server virtualization and network connectivity/monitoring.

For more information about Cisco VN-Link, visit, and by watching TechWiseTV Episode 38: Accelerating Virtual Machines.

As more details become available, I will pass them along here. I welcome your comments.

1 comment:

Aaron Davis said...

"A look at the Nexus 1000V cli" on the VMware Networking Blog. No technical details.