Question 1
What is Cisco Network Virtualization Architecture ?
Answer
The concept of virtualization is not new and has been employed since the days of mainframe computers. It has been
widely deployed as part of data center network designs and is seeing increasing adoption in campus networks.
Network services virtualization within the campus helps IT focus on providing a unique set of policies to different
network segments without having to deploy dedicated service nodes.
Question 2
Explain three components of Network virtualization architecture ?
Answer
- Network access control and segmentation of classes of users: Users are authenticated and either
allowed or denied into a logical partition. Users are segmented into employees, contractors and consultants,
and guests, with respective access to IT assets. This component identifies users who are authorised to
access the network and then places them into the appropriate logical partition.
- Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to
the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and
transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and
to virtual services is also performed in component.
- Network Services virtualization: This component provides access to shared or dedicated network services
such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol
[DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application
environments, if required.
Question 3
What Is Network Services Virtualization?
Answer
Network services virtualization is a critical building block in network virtualization. Although all the building blocks can
be deployed in isolation, network services virtualization is an excellent strategy for consolidating multiple appliances
into one, simplifying network operations and reducing overall acquisition cost. Network services virtualization
virtualizes a network service node such as a firewall module, for example, by partitioning the available hardware
resources among different virtual firewalls. The service virtualization provides independent instances of name space,
configuration, inspection engines, and other resources within each instance. Network services virtualization negates
the need to acquire separate devices every time the network service is required by using the software instance on
the same physical hardware. Some implementations such as the Cisco Catalyst®
6500 Series Firewall Services
Module (FWSM) can support nearly 250 separate virtual firewall instances.
Question 4
What are the benefits in this Network Services Virtualization ? Explain in short notes.
Answer
(a) Efficient utilization: Acquisition cost is reduced as network services delivery is removed from a physical
device to a virtual context, extending its access without the need to deploy specialized hardware for every
instance of the network service that is required. From an expense-management perspective, users see:
i. Reduced total cost of ownership (TCO) and increased return on investment (ROI) through improved asset
utilization, achieved by enabling additional capabilities within existing infrastructure
ii. Pay-as-you-grow licensing model for the virtualized service, giving the end user greater flexibility in
deploying the right number of virtual instances; further, it is easy to scale to a greater number of instances
if future needs increase.
(b) Green: Reduced power consumption is achieved by consolidating multiple service instances into a single
physical device without requiring deployment of dedicated hardware for each instance. Eliminating the need
for additional physical devices effectively removes the need for additional power supplies, cooling, and rack
space that would otherwise have been required.
(c) Manageability: Virtual service instances offer simplified provisioning. To enable a particular service within
existing siloed infrastructure requires addition of network infrastructure equipment and changes to network
cabling. With the network service virtualization approach, a virtual service node instance can be created on
the same physical infrastructure without the need for additional network cabling. The management interface
becomes more flexible as many network service instances can be managed as one, or each instance can
have its own, separate management interface.
(d) Regulatory compliance: Compliance with regulations such as Health Insurance Portability and
Accountability Act (HIPAA), Office of the Controller of the Currency (OCC) rules, and Sarbanes-Oxley require
customers to segment their network services on a group basis. This segmentation of network services helps
ensure that the security, QoS, and traffic path manipulation of one group is different from the other groups
within the enterprise.
Question 5
What will be the platforms available in this Network Services Virtualization in Cisco Catalyst 6500 ?
Answer
Network Services Virtualization – Cisco Catalyst 6500
Virtualized network services available on the Cisco Catalyst 6500 series platform include:
1. Network security virtualization through multicontext virtual firewall contexts, also called security
contexts: Each security context is an independent firewall with its own security policy, interfaces, and
administrators. The overall system resources within a single physical firewall can be administrated separated
for other contexts. This system resource administration is required to make sure that no context inadvertently
affects another context.
2.Virtual Route Forwarding (VRF) network services: VRF-aware network services include:
i. VRF-Aware Address anagement services; VRF-aware DHCP helps enable pervasive DHCP policies for
groups of geographically dispersed users.
ii. Optimized traffic redirection using VRF-aware Policy-Based Routing (PBR) and PBR-set VRF
◦ Facilitating operational manageability with VRF-aware syslog and VRF Aware Telnet. , facilitating
operational manageability.
Question 6
What are the 3 cloud supporting services cloud providers provide to customers ?
Answer
+ SaaS (Software as a Service): SaaS uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the clients’ side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins.
+ PaaS (Platform as a Service): are used for applications, and other development, while providing cloud components to software. What developers gain with PaaS is a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and cost-effective. With this technology, enterprise operations, or a third-party provider, can manage OSes, virtualization, servers, storage, networking, and the PaaS software itself. Developers, however, manage the applications.
+ IaaS (Infrastructure as a Service): self-service models for accessing, monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or bare metal), storage, networking, and networking services (e.g. firewalls). Instead of having to purchase hardware outright, users can purchase IaaS based on consumption, similar to electricity or other utility billing.
