VMware vSphere

 View Only

  • 1.  Cisco VSM as VMware VM or Cisco Appliance VM

    Posted Sep 09, 2013 07:29 PM

    We are considering using the Cisco 1000v in our environment and considering whether to use the Cisco Services Appliance 1110-X or run it on ESXi as VMs.

    anyone have any advise?

    thanks

    gd



  • 2.  RE: Cisco VSM as VMware VM or Cisco Appliance VM

    Posted Sep 10, 2013 02:07 AM

    Nice... 1000v's are lots of fun.  I prefer running the VSM's as vSphere VMs personally.  They are amazingly resilient and basically get double HA (enjoying both vSphere HA and Cisco's custom HA).  If you break one (really hard to do), the fix is to deploy a fresh one from OVA and re-join the HA pair.  A physical cannot offer that recovery ease or speed.

    However, it's never a bad idea to get more mgmt separation for the components that run your vSphere environment (i.e. dedicated mgmt farm or cross-farming your virtualized vCenter and VCDB, etc.).  So adding in the physical appliance does fit in with that model if this is important for your company.

    If you go VM, just keep in mind that:

    -  VSMs should not be snapshotted (recovery from snapshots is not supported)

    -  DRS should be set to manual (just for the VSMs).

    -  Create anti-affinity rules to keep the VSMs separated (not required, but smart)

    Other than that they are quite easy to maintain as VMs.  In my environment the 1000v's are battle proven.  Even my network guys just turned down a free pair of the new Cisco Nexus 1100's because they are happy with them as vSphere VMs.  Physicalization is now officially dead :smileyhappy:



  • 3.  RE: Cisco VSM as VMware VM or Cisco Appliance VM

    Posted Sep 10, 2013 12:56 PM

    thanks, that is great info.

    so in your design it sounds like your VSMs live on boxes that have 1000v's VEMs. have you ever had a problem bringing up the VSMs? how does the 1000v's survive without contact to the VSMs?

    thanks

    Gd



  • 4.  RE: Cisco VSM as VMware VM or Cisco Appliance VM

    Posted Sep 11, 2013 03:02 AM

    > so in your design it sounds like your VSMs live on boxes that have 1000v's VEMs.

    That's correct.  In my case, the VSM's are running as VMs that consume the very service they are providing.  This is also true of most of my vCenters in that they are VMs that manage the environment which they are a member of.  This is further complicated by a remote database (MS SQL VM) that acts as the VCDB and is a member of the same virtual datacenter.  If any of these components dies, they cut the branch they are sitting on (to quote a wise man).  This scenario is better known as the "chicken and egg" when things go wrong.

    If you believe the marketing fluff, they will tell you that the VSMs continue to run fine with no vCenter.  The truth is YMMV.  Granted this has gotten leaps and bounds better over time, the fact is there may be times that you need to power up VMs and they can't get a dvPort because vCenter or it's remote DB is down.  Sometimes this will be the virtualized vCenter or VCDB itself that cannot get a dvPort and thus cannot hit the network.  As you can see that is a real problem.

    Tip:  In the above scenario, the typical approach is to steal a pNIC from the current team and create a vSS with it.  Then create a port group with the desired VLAN and flip the vCenter (and/or VCDB) vNic to that vSS port group.  Not sure if your vCenter is virtualized and managing itself.  If so, practice this technique well.

    have you ever had a problem bringing up the VSMs? how does the 1000v's survive without contact...

    Right, so the communication between the VSMs (2 HA virtual appliances) and the VEM (VIB installed on ESXi host) is important.  In the event that the 1000v VMs are completely offline, the VEMs continue to run as expected most of the time.  However, YMMV getting dvPorts for newly powered on VMs if there are communication break-downs between any components managing the solution (i.e. vCenter, VCDB, VSM).

    BTW, Cisco Bugs hit hard when they do.  If available to you, you should have the Cisco AS team "bug scrub" your environment and recommend the best 1000v version.  Typically the latest is the greatest but this is not always true.  You should also deploy this with L3 Control instead of L2.  Changing it later is way more work.  Talk to your Cisco team about this.

    PS - the Cisco 1000v Support is amazing.  I dare you to get stuck and try them out.



  • 5.  RE: Cisco VSM as VMware VM or Cisco Appliance VM

    Posted Sep 20, 2013 09:30 PM

    The decision typically boils down to two things:

    • It's ill advised to run the VSMs on the VEMs for troubleshooting reasons (Chicken --> Egg). The physical appliance is solid option for avoiding this.
    • Multi tenant environments where there is no specific management pod / cluster to isolate resource consumption.

    I'm not aware of any other reasons, such as performance, to go physical.