With the advent of the VMware vSphere 4 environment, IT managers must now choose how to manage their virtual networking switches. Should they choose the default VMware vSwitch, the vNetwork Distributed Switch included in top-of-the-line Enterprise Plus editions or the third-party Cisco Nexus 1000V?
Perhaps the biggest reason to stick with the basic vSwitch is that it's free. In addition, as VMware administrator and expert Bob Plankers points out, the vSwitch supports all the basic features you need from a familiar interface to experienced VMware administrators.
In contrast, the Cisco Nexus 1000V is a third-party product that introduces additional cost. But for shops steeped in Cisco gear, the Nexus 1000V provides an elegant way to offload virtual switch administration to networking experts. The switch also provides access to advanced Cisco IOS features and enables better security, writes virtualization author David Davis. Read the following articles for more information on whether to manage virtual switches with the VMware vSwitch or the Cisco Nexus 1000V.
Bob Plankers: Basic VMware vSwitch does it all -- at a great price
David Davis: Benefits outweigh the extra cost of Cisco Nexus 1000V
Basic VMware vSwitch does it all -- at a great price
By Bob Plankers, Contributor
There are three main options when it comes to choosing virtual switches in a VMware vSphere virtual infrastructure: The stock VMware vSwitch, the vNetwork Distributed Switch and the Cisco Nexus 1000V. Why would you ever choose the standard vSwitch over the other, more feature-laden, options?
The first big reason you might choose the stock vSwitch is price. It's free, and it comes with every incarnation of VMware ESX and ESXi. In contrast, the vNetwork Distributed Switch is only available with the top-of-the-line Enterprise Plus SKU, which can be a significant price jump per CPU for many environments. Similarly, the Cisco Nexus 1000V also requires VMware vSphere 4 Enterprise Plus licenses, and on top of that, is priced at $695 per CPU, which adds significant licensing costs to your environment if you have a lot of CPUs. The second big reason is complexity. The stock VMware vSwitch is simple, but supports the basic features you need to do virtualization. 802.1Q VLAN tagging? Port groups? Failover? Cisco Discovery Protocol (CDP)? 10 Gb Ethernet? Jumbo frames? The basic vSwitch has all that, all configurable from the command line on ESX or through the VMware vSphere client.
The vSphere vNetwork Distributed Switch does provide central management, network-aware VMotion and private VLANs, and its GUI-only vCenter Server interface is speedier and less clunky than using Enterprise Plus' host profiles to manage your network configurations. But again, those features come at a cost.
The Cisco Nexus 1000V, meanwhile, has a completely different management interface, which is all command line-based, and is not as straightforward as the stock VMware vSwitch's configuration. The NX-OS software running as part of the Cisco Nexus switch line also differs from the classic Cisco IOS for some commands, so administrators may need training and support in order to avoid mistakes and be able to correct problems in a timely fashion.
Since the Cisco Nexus 1000V is licensed through Cisco, and provided as a download from Cisco's website, customers have two vendors to deal with now instead of one. With two vendors involved, who do you call when there's a problem? Will you get caught between them, with each vendor saying you should call the other? Perhaps you'll also need to involve your network administrators in supporting your virtual infrastructure now, and that will also require training and time for them to become familiar. Adding staff and vendors to an environment definitely adds complexity, especially when it comes to upgrades and patching. Every additional component has its own certification list and release schedules, and the more components you have, the longer it will take to do upgrades or roll out patches.
When you consider the pricing and complexity increases of the Cisco Nexus 1000V, it becomes clear that the standard, basic, plain nature of the built-in VMware vSwitch is actually an advantage. Often, "just enough" is exactly what you need.
Bob Plankers is the lead Linux and VMware systems engineer at the University of Wisconsin-Madison. Plankers has 14 years of experience in IT, and he also runs The Lone Sysadmin blog.
Benefits outweigh the extra cost of Cisco Nexus 1000V
By David Davis, Contributor
With vSphere 4, Cisco introduced the new vNetwork Distributed Switch (vDS) or dvswitch -- a huge improvement over the traditional standard switch offered by VMware ESX Server. Cisco helped VMware develop the distributed switch and then took the vDS steps further with the Nexus 1000V.
One of the most important benefits of the Cisco distributed switch is that it allows you to use third-party switches. Though, today, Cisco Nexus 1000V is the only third-party product available in the market.
Here's why you should choose the 1000V over a standard vSphere vSwitch.
What you need to know about the Cisco Nexus 1000V
Before I get into what makes the Cisco Nexus 1000V so much better, let me quickly review what you need to know about it.
- To use the Nexus 1000V you must have vSphere 4 Enterprise Plus edition. (This is also required to use the vSphere distributed virtual switch.)
- The Nexus 1000V vSphere 4 add-on costs $695 per CPU running vSphere 4 (list price).
- The 1000V is made up of two pieces -- the virtual supervisor module (VSM) and the virtual Ethernet module (VEM). The VSM is actually a virtual appliance running on an ESX server. The VSM is where you connect and gain access to the Cisco IOS prompt in order to manage the VEMs that are connected to each virtual server (see diagram in Figure 1, below).
- The 1000V is installed and enabled after you have created a vSphere distributed switch.
Figure 1 - Cisco Nexus 1000V architecture
Graphic courtesy of Cisco.com
Why the Cisco Nexus 1000V is superior to a standard VMware vSwitch
Usually, things that cost more are also better. That said, not only do I want to demonstrate that the 1000V is better than a standard vSwitch, but I also aim to show you that the 1000V is worth the extra cost required to implement the 1000V.
The Cisco Nexus 1000V is better than the standard VMware vSwitch for four reasons:
Ends the feud -- It ends the feud between network and server managers. With the Nexus 1000V, network managers will now be able to manage the virtual network infrastructure with the same Cisco IOS interface and features as they already use to manage the physical network infrastructure. This provides the network management group what they have been after since the implementation of server virtualization.
It also provides the server management group the option of offloading virtual network management to the group that specializes in that. This way, VMware administrators keep using their VMware vSphere client to administer virtual machines (VMs) and network administrators use the Cisco IOS to administer physical and virtual switch ports.
- Cisco IOS interface -- It offers the well-known Cisco IOS command line interface to manage virtual networking. If you are familiar with the Cisco IOS, you know that there is a flood of training material (books, videos and classes) on how to use it. You also know that whether you are managing a 10-year-old Cisco router or the latest Nexus 1000V, the functionality and most of the commands will be the same.
If you aren't familiar with the Cisco IOS, I am sure the network management group is, or you won't have any trouble finding someone who is. Likely, you won't get many responses if you put out an ad for someone who "has years of experience managing VMware standard vSwitches" as compared to someone who can manage Cisco IOS switches.
- Traveling port profiles -- With the 1000V, you will define security and network properties that are tied to a VM's port profile. As that VM moves from server to server with VMotion, that port profile follows it. Thus, all security and network configurations, NetFlow and counters stay with the VM as it travels from server to server. This way, security policies can be enforced on VMs just as they can be enforced on physical servers.
- Advanced Cisco IOS features are available to virtualized severs -- Unlike vSphere standard vSwitches or even distributed vSwitches, with the Nexus 1000V advanced Cisco IOS features are made available to VMs. For example, now you can use features like Quality of Service (QoS); rate limits; continuous data protection; switched port analyzer; NetFlow; access control lists; port security; authentication, authorization and accounting; VLANs; and port channels (to name a few). Try doing any of that with a standard VMware vSwitch!
Not only does the Cisco Nexus 1000V offer more features, but these features will likely have financial benefits that will allow both network and virtualization management groups to do their jobs better. Additionally, by being able to use advanced security and QoS features, your company will now be able to fulfill security audit requirements and service level agreements.
In summary, the Cisco Nexus 1000V is the best choice for an enterprise today. While its cost is a premium over standard VMware vSwitches, the benefits far outweigh the cost.
For more information on the 1000V, visit the Cisco Nexus 1000V product page.
David Davis is the director of infrastructure at Train Signal Inc -- a global leader in video training for IT pros. Davis has a number of certifications, including vExpert, VCP, CISSP and CCIE #9369. Additionally, he has authored hundreds of articles and six different video training courses, including the Train Signal VMware ESX Server video training series. His websites are Happy Router.com and VMwareVideos.com.