An Overview of Cisco Nexus 1000v in vSphere Environment:

The idea behind the distributed switch is to have one place to do the configuration and management of the network connectivity for your entire ESXi cluster.  With Standard Switch, we have to manually create vSwitches and Port Groups on every ESX server.

With the distributed switch we configure the Port Groups in vCenter. When a new ESX server moves in to the cluster and is joined to the dvSwitch, it automatically gets the configuration.

Components of the Nexus 1000v:

The Cisco Nexus 1000V is a virtual access software switch that works with VMware vSphere and has the following components:

Virtual Supervisor Module (VSM)

Virtual Ethernet Module (VEM

Virtual Supervisor Module:

It is the control plane of the switch and a virtual machine that runs NX-OS.

The VSM is a virtual version of a hardware supervisor module.  Usually Cisco switches have a chassis switch with multiple blades wit one or more Supervisor Modules.  These hardware supervisor modules are the management cards for the entire chassis.  Some switches have redundant modules and the Nexus 1000v is no different. 

To provide fault tolerance you can run a second VSM in a standby role.  The secondary VSM will take over if the primary should fail.  Any configuration change on the primary is automatically replicated to the secondary as well

Virtual Ethernet Module:

VEM is a virtual line card embedded in each VMware vSphere (ESX) host. The VEM is partly inside the kernel of the hypervisor and partly in a user world process, called the VEM Agent.

So just like you log in to a Cisco chassis switch and do a “show modules” you’ll do the same here.  Each ESX server will be its own module.  And that’s why it’s called a Virtual Ethernet Module.

How the Modules Communicate?

Management, Control, and Packet VLANs

The Management VLAN is used for system login, configuration. and corresponds to the mgmt0 interface. The management interface appears as the mgmt0 port on a Cisco switch, and is assigned an IP address. Although the management interface is not used to exchange data between the VSM and VEM, it is used to establish and maintain the connection between the VSM and VMware vCenter Server.

The management interface is always the second interface on the VSM and is usually labeled Network Adapter 2 in the virtual machine network properties.

The Control VLAN and the Packet VLAN are used for communication between the VSM and the VEMs within a switch domain. The VLANs are used as follows:

•The Packet VLAN is used by protocols such as CDP, LACP, and IGMP.

•The Control VLAN is used for the following:

–VSM configuration commands to each VEM, and their responses

–VEM notifications to the VSM, for example a VEM notifies the VSM of the attachment or detachment of ports to the DVS

–VEM NetFlow exports are sent to the VSM, where they are then forwarded to a NetFlow Collector.

–VSM active to standby synchronization for high availability.

You can use the same VLAN for control, packet, and management, but if needed for flexibility, you can use separate VLANs. Make sure that the network segment has adequate bandwidth and latency.

Port Profiles:

A port profile is a set of interface configuration commands that can be dynamically applied to either the physical (uplink) or virtual interfaces. A port profile specifies a set of attributes that can include the following:

•VLAN

•port channels

•private VLAN (PVLAN),

•ACL

•port security

•NetFlow

•rate limiting

•QoS marking

The network administrator defines port profiles in the VSM. When the VSM connects to vCenter Server, it creates a distributed virtual switch (DVS) and each port profile is published as a port group on the DVS. The server administrator can then apply those port groups to specific uplinks, VM vNICs, or management ports, such as virtual switch interfaces or VM kernel NICs.

A change to a VSM port profile is propagated to all ports associated with the port profile. The network administrator uses the Cisco NX-OS CLI to change a specific interface configuration from the port profile configuration applied to it. For example, a specific uplink can be shut down or a specific virtual port can have ERSPAN applied to it, without affecting other interfaces using the same port profile.

Administrator Roles
Network Administrator	Server Administrator
•Creates, configures, and manages vSwitches. •Creates, configures, and manages port profiles, including the following: –security –port channels –QOS policies	•Assigns the following to port groups: –vNICs –vmkernel interfaces –service console interfaces •Assigns physical NICs (also called PNICs).

Contrasting the Cisco Nexus 1000V with a Physical Switch:

The following are the differences between the Cisco Nexus 1000V and a physical switch:

•Joint management by network and server administrators

•External fabric 
The supervisor(s) and line cards in a physical switch have a shared internal fabric over which they communicate. The Cisco Nexus 1000V uses the external fabric.

•No switch backplane
Line cards in a physical switch can forward traffic to each other on the switch's backplane. Since the Nexus 1000V lacks such a backplane, a VEM cannot directly forward packets to another VEM. Instead, it has to forward the packet via some uplink to the external fabric, which then switches it to the destination.

•No Spanning Tree Protocol
The Nexus 1000V does not run STP because it will deactivate all but one uplink to an upstream switch, preventing full utilization of uplink bandwidth. Instead, each VEM is designed to prevent loops in the network topology.

•Port channels only for uplinks 
The uplinks in a host can be bundled in a port channel for load balancing and high availability. The virtual ports cannot be bundled into a port channel, since there is no reason to.

Thanks to Site1 and Site2