Cisco Subnet An independent Cisco community View more

NX-OS's Best Feature: Virtual Device Contexts (VDCs)

When I wrote about the Cisco Nexus 7000 NX-OS a few weeks back, I mentioned the pinnacle of new features in NX-OS was Virtual Device Contexts (VDCs). This is a feature I could've used a lot in the past during network design and is a long-time coming. VDCs take a single physical switch and create many, unique virtual devices (switches), just as VMware does for servers. Each VDC is analogous to a virtual machine in VMware. NX-OS runs a single kernel and infrastructure layer to control the hardware and provide basic services. A single VDC Manager also runs and controls all the VDCs. It creates and deletes individual VDCs and launches necessary software services for the VDC. Each VDC is its own switch. They have their own processes, VLANs, routing protocols, spanning-tree, management plane, and configuration. It's really a completely separate switch. Interfaces are assigned to the VDC to provide external connectivity. Processes in each VDC are separate and run in their own protected memory space. Thus, if OSPF fails on VDC 12, it will not affect OSPF in the other VDCs. VDCs are created with the aid of a template, which specifies the resources a VDC can use. Inter-VDC communication is only via external interfaces, there is no internal switch like in VMware. VDCs offer several direct benefits:

  • A completely separate partition between different groups or organizations (if you network requires this separation) while using only a single switch. This reduces hardware investment, DC space usage, and power.
  • VDCs can be created for development, testing, stage, and production on the same switch. Now, all four data center environments can exist inside the same physical switch, each with its own configuration. Again, this reduces DC OPEX and increases network capacity utilization, reduces cabling, and simplifies support.
  • Network testing and training can occur in a separate VDC. Now, testing of configurations and training can occur in the actual network instead of an expensive lab.
  • Separate administrative domains are created to give different groups control over their environment, lessening the load on core network engineering and operations teams.

Furthermore, VDCs also provide an interesting way to scale hardware resources beyond their documented limits. Each line card in the Nexus 7000 can support: - 128,000 MAC addresses - 128,000 FIB entries - 64,000 ACLs - 512,000 NetFlow entries Normally, with a single VDC, entries for each of these tables are copied across every linecard so distributed (local) switching can occur. So, the limit of the entire Nexus 7000 is the numbers listed above. But, now consider the case with VDCs. Each VDC may not necessarily have ports on every linecard. Without a port in a VDC, the line card does not store entries for its MAC addresses, ACLs, NetFlow entries, etc. So, that linecard does use up any resources, even though a MAC address has been stored on another linecard. The entire capability of the single Nexus 7000 has just risen because of virtualization. With this resource breakdown using VDCs, hardware maximums can be exceeded. Notice in the table below the number of routes (FIB entries) supported in a single Nexus 7000 is no longer 128,000, it's now 180,000: Finally, VDCs, along with VSS, are going to introduce radical changes to network design. I'll be covering that soon.

More >From the Field blog entries:

* Come Visit Me at FutureNet

Tips on spending your time well at Cisco Networkers, plus: bring back the CCIE party!!

* NX-OS - Some Software For all that New Nexus 7000 Hardware

* A CCIE job that only offers $150K - ummm...maybe...well...no.....

* The DC3....err....Nexus 7000 brings some exciting hardware to the DC LAN

Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.

Recent Cisconet blog entries

20 useful sites for Cisco networking professionals

Network World's IT Buyer's Guide: Cisco products

Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies