© 2009 voltaire inc.1 fabric management in vm environment marina lipshteyn, voltaire
TRANSCRIPT
© 2009 Voltaire Inc. 1
Fabric Management in Fabric Management in VM environmentVM environment
Marina Lipshteyn, Voltaire
© 2009 Voltaire Inc. 2
Existing approach is to have port profile manager
Port ProfileManager
ExternalSwitch
OS/Hypervisor Manager
IEEE 802.1x / EAPOL
RADIUS
© 2009 Voltaire Inc. 3
Active Fabric Manager role
► Discovery• Discovery of virtual/physical switches, VEPA elements and their capabilities
• Discovery of physical and/or logical topology
► Policy/Configuration repository (eg. maintain port profile and states, endpoint authentication)
► Resource Management:• Distribute policy across resources to meet the requirements specified in high
level and drive security, QoS configurations in individual elements.
For example: if there is a rate limiter both in the NIC and on the switches, determine the appropriate place for configuration.
• Resource allocation and validation Resource management: eg. total number of ACLs supported by each device. Verification that the CIR traffic can be committed.
► Monitoring• Distributed monitoring of physical/virtual elements
• Notifications and reporting of various fabric events (eg. migration )
© 2009 Voltaire Inc. 4
Example: VM migration
► VM migrates to a different physical machine.
► VM has a port profile which now is used to register at the new machine.
► ACLs should be configured at the new ingress point and should be removed from the old ingress point.
► However, the number of supported ACLs on the new ingress point now exceeds the limit (ACL compiler implementation dependent).
► The migration can not be done - invalid status must be propagated.
► Validation should be done by fabric manager.
© 2009 Voltaire Inc. 5
Actors and Interactions
Server/VM Manager
Port/Fabric Manager
Service Automation & Orchestration, Admins
Set server/app policySet vep/fabric policy ,placement validationReporting & monitoring
Set/get (vm-nic) group policy, associations
switchesHypervisors
Discovery* (LLDP), State change requests
Storage, license, .. managers
Discovery* (LLDP/SNMP)push (switch) policyChange requestsMonitoring* (SNMP,..)
Deploy, migrate, ..
* Current MIBs and mechanisms are associated with physical interfaces, may need to be
extended
Push/get policy
State notifications, associations
Get policy,Notifications
© 2009 Voltaire Inc. 6
VM is registered at the new location – current passive Fabric Manager
Server/VM Manager
Port/Fabric Manager
Service Automation & Orchestration, Admins
switches
Hypervisors
4
1
Register VM
Register VMwith the policy
6
2Get vm-nic side policy by profile id
3Configuration policy
Get switchconfiguration
5 associate
NO validation ofFabric resources is done.
8 Ack/ nack
7
© 2009 Voltaire Inc. 7
VM is registered at the new location – active Fabric Manager with validation
Server/VM Manager
Port/Fabric Manager
Service Automation & Orchestration, Admins
switches
Hypervisors
1
Validate/placement filter of VM connectivity requirements
INVALID!
2
© 2009 Voltaire Inc. 8
VM is registered at the new location – active Fabric Manager
Server/VM Manager
Port/Fabric Manager
Service Automation & Orchestration, Admins
switches
Hypervisors
23
Register VM
Register VMwith the policy
Validate VM connectivity requirements
1
VALID
Get vm-nic policy by profile id
5
Configuration policy
67 4
associate8
Push switch policy
9 Ack/nack
© 2009 Voltaire Inc. 9
Vport admin status down – can be Fabric Manager action
Server/VM Manager
Port/Fabric Manager
Service Automation & Orchestration, Admins
switches
Hypervisors
2
1
Vport down
Vport down
Vport down3
Find the relevant elements
© 2009 Voltaire Inc. 10
Mirroring of a Vport – active Fabric Manager role
Server/VM Manager
Port/Fabric Manager
Service Automation & Orchestration, Admins
switchesHypervisors
Mirror Vport1
2Configure mirrorring
Find the relevant elements
© 2009 Voltaire Inc. 11
Conclusion
► Previous examples show why Fabric Manager can not be static repository but requires dynamic behavior.
► Define API to Fabric Manager that enables set/get/validate of the policy, topology and capability discovery, state/configuration propagation.