New Nexus 9K Items
Two prior blogs discussed OTV, Cisco Overlay Transport Virtualization. One of those blogs pointed out some concerns one might have about optimal routing, OTV optimal routing. (My virtual machine — VM — moved to the other data center — does inbound / outbound traffic do the right thing?) A reader (thanks!) shared a good link, and that motivated me to find some Cisco-centric answers as well.
For some of the basics of OTV, see http://netcraftsmen.com/blogs/entry/understanding-layer-2-over-layer-3-part-1.html. The second blog of the two discussed OTV optimal routing, see http://netcraftsmen.com/blogs/entry/understanding-layer-2-over-layer-3-part-2.html#comment-97.
Update (2/2/11): See fresh info and my CMUG presentation. My FHRP (First Hop Routing Protocol info blog article may also be of interest, towards filtering FHRP for optimal outbound routing — see below).
Cisco has pretty much solved the issue of sub-optimal routing from virtual machines (VMs) to the World. This is done by manually (now) or automagically (future) filtering of FHRP (First Hop Routing Protocol) hellos by OTV (i.e. HSRP, VRRP, or GLBP). This allows the default gateway at each site to have the same IP and not cause problems. When VMotion moves a VM to the other data center, the VM’s IP and default gateway do not change. Cool stuff!
The prior blogs also noted that inbound traffic needs optimal routing, and the OTV materials don’t go into the details. (They pretty much still do not do so.)A recent comment from Dave Wood spurred me to investigate. (And thanks to him in NZ!) He provided the following link: http://www.youtube.com/user/f5networksinc#p/u/19/XtVcNAyfxxI. That is a F5 video on how they support Long Distance (LD) VMotion, including the inbound optimal routing, by tight integration with vmware vSphere 4 / vCenter. In googling around, I came across the related link, http://www.f5.com/pdf/deployment-guides/vmware-vmotion-dg.pdf. Neat stuff!
(I do vividly imagine this as almost if there’s a bidding contest going on concerning LD VMotion. How little bandwidth do you really need? If you compress and de-duplicate, how much? Can this solution go a longer distance than that one? Cautious people might stick with the Cisco-supported solution(s).)
The next question was, how does Cisco do this? The answer turns out to be, Cisco apparently can do it, the details are at present perhaps a bit sketchy (meaning I haven’t managed to find them yet). Relevant links:
What this seems to boil down to is that the Cisco ANM (Application Networking Manager) now has a component that integrates with vmware vCenter, possibly allowing workflow automation to drive ANM. Basically, when a client does DNS to GSS, it needs to resolve to a Virtual IP (VIP) on the ACE in the data center where the VM is presently running. (Something has to track the VM location and “activate” a corresponding VIP.)This appears to be approximately what F5 is doing as well.
If you have found more details on this, please do us all a favor, by commenting with a link.
I’ve now seen some detailed Cisco slideware about OTV, and am even more impressed with the technology. I may summarize more of how OTV works and some of the things it does in a later blog. Neat stuff!
Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.
Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.
John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services. Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.
He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.