VN Tag Question

Unanswered Question
Sep 6th, 2010
User Badges:
  • Blue, 1500 points or more

Why does the Cisco VN-tag model require that the interface virtualizer tag VM traffic?


Why cant the interface virtualizer track the MAC and IP addresses of the vNICs?


Tagging the traffic is even a requirement when a 1000v is used - why? What good is a switch if it cant track MACs?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Manish Tandon Mon, 09/06/2010 - 23:56
User Badges:
  • Bronze, 100 points or more

Lamav


Tagging of traffic internally right now is unique to UCS. Thats how the forwarding is implemented within the system irrespective of VM or bare metal.

For an end user it shouldn't matter as you will never see it outside the system..

Tagging of Nexus-1000v or vswitch or bare metal traffic in UCS is a result of that.

Nexus-1000v traffic for example on a standalone server is not tagged.


The so mentioned tag brings networking awareness to the VM level.

Yes, a switch is of no good if it cannot track MAC's and the UCS-6100 does track MAC's. The MAC table is used to lookup a tag within the fabric.


Now the question comes to why use a tag and not the MAC's ..That is a question which is being addressed in the 801.Q bc/g/h standards.

Using MAC as an identifer has concerns like security (MAC's can be spoofed), ACL's application and scalability,  multicast optimization for building efficient networks (in UCS for multiple receivers on the same adapter,  adapter  is where a packet gets replicated and not at the switch for multiple receivers), issues with some DC utilities like sniffers etc where an interface is in promiscous mode etc.

Tags can also be and will be used for cascading when it comes to building larger fabrics. The MAC approach doesn't scale as you still have the problem of IV and the controlling bridge operating/configured independently ..



--Manish

lamav Tue, 09/07/2010 - 08:45
User Badges:
  • Blue, 1500 points or more

Manish, thanks for your thoughtful post.


Lets just keep the discussion narrow for a bit.


Physical switches keep track of MACs of physical servers connected to them. This is standard.This is how it knows to whom it should forward a packet.


So, why does Cisco feel the need to tag the ethernet packet from a vNIC (from a VM) for the 6100 to keep track of it? The VM will have its own MAC address, too, just like a physical server.


Thanks

Manish Tandon Tue, 09/07/2010 - 09:38
User Badges:
  • Bronze, 100 points or more

Lamav


The 6100 does keep track of the MAC addresses etc.


Yes - for simple cases without a tag approach i.e do everything on the basis of MAC would have worked too..

But for the reasons I listed in my first response, the tag approach was chosen.

---snip--

Using MAC as an identifer has concerns like security (MAC's can be spoofed), ACL's application and scalability,  multicast optimization for building efficient networks (in UCS for multiple receivers on the same adapter,  adapter  is where a packet gets replicated and not at the switch for multiple receivers), issues with some DC utilities like sniffers etc where an interface is in promiscous mode etc.

--snip--


The issue the tag approach tries of solve is more than just the fact where a MAC address sits. Its all of the above reasons and then some more.


Thanks


--Manish

Actions

This Discussion