Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Nexus 1000V (N1Kv) Installation and Deployment

Nexus 1000V (N1Kv) has two components

  • Virtual Switch Module (VSM) - Like the supervisor module in CAT6K - Installs with the Data Center in the vCenter
  • Virtual Ethernet Module (VEM) - Like the ethernet line card in CAT6K - Installs as part of virtual machine with vmware tools

Port-Profile = a virtual  wire running between VSM and VEM ports. It carries VMOtion and Service Console traffic. A port-profile can be compared to a template that will contain all the networking information that will be applied on different interfaces.  Port profiles can be configured in two ways

- capability uplink: This configuration line means that the corresponding port-profile can only be applied to a physical port. This is also indicated through a special icon in the vSphere client:

  1- Uplink Capability - Will be applied to the physical interface of the ESXi host

2- If not uplink, then it will be applied on the virtual machine interface

In order to automatically install the necessary Virtual Ethernet Module (VEM) of the Cisco Nexus 1000V into the ESX hosts, we will be using VMware Virtual Update Manager (VUM).

In a vSphere setup VUM is used to stage and apply patches and updates to ESX hosts.

Lab Setup


In order to add a new host to the Distributed Switch we need to create a port-profile to enable the communication between the Virtual Supervisor Module and the different Virtual Ethernet Module. On top of that we want to enable the VMotion traffic and the Service Console Traffic on the same interface.      You will utilize 5 different VLANs.

* Control VLAN: VLAN used to allow the communication between the VSM and the VEM

* Packet VLAN: VLAN used to exchange some specific packets – e.g. CDP – between the VSM and the VEM

* VMotion: VLAN used for VMotion traffic

* Virtual Machine: VLAN used for the application traffic

* Private VLAN – Secondary VLAN: Secondary VLAN for the Private VLAN lab step

You can do SSH to the Cisco Nexus 1000V Virtual Supervisor Module (VSM). Just like you can telnet into the CAT6K supervisor to configure ports.

Control VLAN                              90
Packet VLAN                              91
VMotion VLAN                              93
VM VLAN                                   95
Private VLAN – Secondary VLAN          195

conf t
Nexus1000V(config)# port-profile system-uplink 
Nexus1000V(config-port-prof)# vmware port-group
Nexus1000V(config-port-prof)# capability uplink
Nexus1000V(config-port-prof)# switchport mode private-vlan trunk promiscuous
Nexus1000V(config-port-prof)# switchport private-vlan trunk allowed vlan 
Nexus1000V(config-port-prof)# no shutdown
Nexus1000V(config-port-prof)# system vlan X0-X1,X3
Nexus1000V(config-port-prof)# state enabled

- capability uplink: This configuration line means that the corresponding port-profile can only be applied to a physical port. This is also indicated through a special icon in the vSphere client:

The Cisco Nexus 1000V offers all the Qaulity of Service (QoS) features that can be found on other hardware switches of the Cisco Nexus product line. But with the Cisco Nexus 1000V, QoS can be applied on a per virtual interface basis. Therefore it is possible to apply different QoS policies to VM, Service Console of VMotion traffic. On appropriately dimensioned uplinks – such as 10 Gigiabt Ethernet – this removes the requirement for dedicated physical NICs for Service Console or VMtion traffic. 

•     Configure a class-map to characterize different sorts of traffic 
•     Apply a class-map on VMotion traffic as well as on VM traffic and verify its operation

Configure a class-map
1.     NX-OS leverages MQoS – similar to IOS. Therefore the first step will be to configure an ACL which selects the traffic that shall be processed for further QoS operations.
Pod1-Nexus1000V(config)# ip access-list qos 
Pod1-Nexus1000V(config-acl)# permit ip any any
2.     Next create a QoS class-map to classify the traffic
Pod1-Nexus1000V(config)# class-map type qos match-all vm-qos
Pod1-Nexus1000V(config-cmap-qos)# match access-group name qos
3.     Do some marking on those packets
Pod1-Nexus1000V(config)# policy-map type qos vm-qos
Pod1-Nexus1000V(config-pmap-qos)# class vm-qos
Pod1-Nexus1000V(config-pmap-qos)# set dscp cs7
4.     Finally let’s create a new port-profile called VM-qos
Pod1-Nexus1000V(config)# port-profile VM-qos
Pod1-Nexus1000V(config-port-prof)# no shut
Pod1-Nexus1000V(config-port-prof)# switchport mode access
Pod1-Nexus1000V(config-port-prof)# switchport access vlan X5
Pod1-Nexus1000V(config-port-prof)# service-policy type qos input vm-qos
Pod1-Nexus1000V(config-port-prof)# service-policy type qos output vm-qos
Pod1-Nexus1000V(config-port-prof)# vmware port-group
Pod1-Nexus1000V(config-port-prof)# state enabled
Apply a class-map and verify the operation

1.     Apply the newly created port-profile on WinXP-01 and WinXP-02 as you have been doing previously.

2.     Initiate another ping from WinXP-01

3.     Use Wireshark to look at the received packets.
This time apply the filter icmp.type == 0 || icmp.type == 8

You can see that the traffic has now be remarked using the DSCP value CS7
4.     At the same time you can see that X number of packets have been processed by the service policy,  issuing the command show policy-map interfaces.
Pod1-Nexus1000V# show policy-map interface
Global statistics status :   enabled


Service-policy (qos) input:   vm-qos
policy statistics status:   enabled
    Class-map (qos):   vm-qos (match-all)
      27 packets
      Match: access-group qos
      set dscp cs7
  Service-policy (qos) output:   vm-qos
    policy statistics status:   enabled
    Class-map (qos):   vm-qos (match-all)
      43 packets
      Match: access-group qos
      set dscp cs7

Congratulation! You have successfully marked the egress traffic of a particular VM for QoS operations. Using the proven way to configure QoS that can be found on other Cisco products you can ensure that traffic priorities of various traffic classes – such as Service Console, VMotion, productive VM – are observed.

You are now familiar with the Nexus 1000V. As you have experienced during the lab, The Nexus 1000V is based on three important pilar:

-     Security 
-     Mobility of the network
-     Non disruptive operational model
In this lab you: 
•     Have gotten familiar with the Cisco Nexus 1000V Distributed Virtual Switch for VMWare ESX. 
o     Install and configure the Nexus 1000V
o     Added physical ESX host to the DVS
o     Attached a Virtual Machine to the Distributed Virtual Switch 
o     Tested the VMotion capability 
•     Familiarized yourself with advanced features of the Cisco Nexus 1000V 
o     IP based access lists 
o     Configure an ERSPAN session to troubleshoot the VM Traffic
o     Configure private-vlan
o     Configure QOS

Version history
Revision #:
1 of 1
Last update:
‎08-01-2010 08:13 PM
Updated by: