vPath, a Cisco innovative technology developed within Cisco Nexus 1000V, has been shipping for more than 2 years, enabling customers to seamlessly create policy-based multi-tenant / multi-container Data Centers across multiple hypervisor environment. Increasingly, customers are implementing network services into their virtualization and cloud networks in order to meet regulatory, security and service levels. To this end we are seeing increased deployments of virtual firewalls, load balancing, routing, WAN optimization & monitoring tools. Cisco’s vPath technology allows customers to deploy these best-in-class network services seamlessly in their Data Center and Cloud deployments. So, what makes vPath so unique in this industry?
#1 – vPath Powered Service Chaining at a tenant level: For customers to create multi-tenancy architecture today, they have to configure the different network services and manually “stitch” them together for every unique combination. While this method provides the goals for regulatory compliance, security and service levels it often increases application provision time, and does not easily support application mobility. Additionally most applications have to follow the same manually stitched network services.
With Cisco Nexus 1000V vPath technology, the customer’s Data Center becomes very agile by enabling policy based services chaining at the application or tenant level. Customers can create policies and select the L3-7 virtual services appropriate for the application at the time of VM or Tenant creation. These policies are then dynamically instantiated and fulfilled in the Nexus 1000V distributed virtual switch. If the particular application VM moves, the Nexus 1000V network policy moves with it and hence the service chain remains intact.
Figure 1: Policy based dynamic service chaining through vPath
#2 – vPath enables Distributed Cloud Network Services: As noted in the picture above, vPath controls the packet flow through all Services that are chained for that particular policy. Once the first few packets of the flow is inspected by each Service node, vPath offers the capability to off load flow decisions of the particular Service to the local host such that the subsequent packets of the same flow are locally inspected at the host. Through this mechanism, vPath improves the performance of the particular service since the subsequent packets of the flow are no longer required to be inspected by the individual Service node and hence enabling distributed behavior of the particular service.
Figure 2: Distributed Cloud Network Services through vPath Fast Path Offload
#3 – vPath offers Best-In-Class Cloud Network Services across multiple hypervisors: vPath enables the customers to use the best-in-class Cloud Network Services from Cisco such as Virtual Security Gateway, ASA 1000V & virtual WAAS, and best-in-class ecosystem partners such as Citrix NetScaler 1000V & Imperva Secure Sphere Web Application Firewall. This vPath enabled architecture will be supported across all major hypervisors such as VMware vSphere, Microsoft Hyper-V, KVM and Xen.
#4 – vPath to become a standard based Network Services Header: In traditional fashion, Cisco creates innovative solutions to help solve our customer’s IT challenges. Once proven, we offer these technologies such as VXLAN through standards bodies to allow greater interoperability and choice. Recently, vPath header format has been submitted to the IETF as a Network Service Header draft. In the future customers will be able to leverage dynamic policy based services chaining including both virtual and hardware based solutions that support Network Services Header!
To learn more about Cisco Nexus 1000V and Cloud Network Services, please visit our community site. Create a Cloud Lab account and checkout out the vPath in action today!
Lastly, if you are at VMworld, make a point to attend our sessions PHC6409 and NET6380, or stop by at the Cisco booth.
Hi,
Very nice wrap up! Thanks for that. I just have a stupid question: Is vPath still supported only on VSG, ASA 1000V, and v-WAAS or have other network services been added to the list, please? It was recommended to adjust MTU sizes of the network path between VEM’s to allow for the overhead on MTU slapped on by vPath. If i recall correctly, the MTU overhead varies according to encapsulation(62 bytes for VLAN’s and 82 for Layer 3?)…
If I may ask, do you envisage challenges on administering of routing protocols for a long term within vPath enabled large scale data centers at all? If so, what would be the cons (the pros are mentioned above :-)), please, besides the administering of MTU size for the various protocol encapsulations?
IMHO, the Virtual Security Gateway (VSG) is an excellent NX-OS-based virtual network service node supporting policy-based traffic access control to virtualized server environments and I “think” (I maybe wrong though) that VSG is also referred to as a “compute firewall”.
The good part is the VSG and VNMC can be installed as virtual machines using bootable ISO files or through OVF files with help of the VMware vCenter.
Very well done when one looks at all the complicated technical stuff pooled in by various partners (Cisco, VMware etc.)and served up aligned towards total customer satisfaction.
Cheers
santanu
Santanu,
Thanks for the feedback. In addition to the services you mentioned, vPath will be supported on Citrix NetScaler 1000V and Imperva SecureSphere Web Application Firewall.
On the MTU size, vPath is very similar to the other overlay protocols such as VXLAN, etc. Change the MTU size to 1600 and then you can chose any transport underneath.
Nisarg
The Nexus 1000V looks like a great innovation technology. If we can move the network and tailor our data centre needs with peace of mind it is differently worst looking into. The fact that the solutions can also help solve IT challenge means more time to focus on your business. Thanks for the great read and visual diagram.
It is great that Cisco is providing the much needed service chain capability for virtual devices through vPath. In order to use the fullest potential of vPath’s service chaining capability the Network Services Orchestration (NSO) is a MUST have solution. Find out how Anuta Networks’ solution complements vPath at out blog http://www.anutanetworks.com/blog/