Chap 27 - Virtualization

Question 1

What was one of the main drivers behind server virtualization?

Answer 1

Server hardware resources were being underutilized.

Question 2

What is a VM?

Answer 2

Virtual Machine - it is a software emulation of a physical server with an operating system.

Question 3

What is a hypervisor?

Answer 3

The virtualization software that creates VMs and performs the hardware abstraction that allows multiple VMs to run concurrently.

Question 4

What are the 4 most popular hypervisors?

Answer 4

• VMware vSphere
• Microsoft Hyper-V
• Citrix XenServer
• Red Hat Kernel-based Virtual Machine (KVM)

Question 5

What is a Type 1 Hypervisor?

Answer 5

It runs directly on the system hardware. It is commonly referred to as “bare metal” or “native.”

Question 6

What is a Type 2 Hypervisor?

Answer 6

This type of hypervisor (for example, VMware Fusion) requires a host OS to run. This is the type of hypervisor that is typically used by client devices.

Question 7

What is one key capability of VMs?

Answer 7

They can be migrated from one server to another while preserving transactional integrity during movement.

Question 8

What is a container?

Answer 8

It is an isolated environment where containerized applications run. It contains the application, along with the dependencies that the application needs to run.

Question 9

What is a container image?

Answer 9

It is a file created by a container engine that includes the application code along with its dependencies.

Question 10

What are 6 popular container engines?

Answer 10

• Docker
• rkt (pronounced “rocket”)
• Open Container Initiative
• LXD (pronounced “lexdi”), from Canonical Ltd.
• Linux-Vserver
• Windows Containers

Question 11

What is a Virtual Switch (vSwitch)?

Answer 11

It is a software-based Layer 2 switch that operates like a physical Ethernet switch.

Question 12

What are vSwitches used for?

Answer 12

They enable VMs to communicate with each other and with external physical networks through the physical network interface cards (pNICs).

Question 13

What is a limitation of vSwitches?

Answer 13

Multiple vSwitches can be created under a virtualized server, but network traffic cannot flow directly from one vSwitch to another vSwitch within the same host, and the vSwitches cannot share the same pNIC.

Question 14

What are 5 of the most popular vSwitches?

Answer 14

• Cisco Nexus 1000VE Series Virtual Switch
• Cisco Application Virtual Switch (AVS)
• Open vSwitch (OVS)
• IBM DVS 5000v
• vSphere Switch

Question 15

What is one of the downsides to standard vSwitches?

Answer 15

Every vSwitch that is part of a cluster of virtualized servers needs to be configured individually in every virtual host.

Question 16

What is distributed virtual switching?

Answer 16

It is a feature that aggregates vSwitches together from a cluster of virtualized servers and treats them as a single distributed virtual switch.

Question 17

What are 3 advantages to using distributed virtual switching?

Answer 17

• Centralized mgmt simplifies administration
• Migration of networking statistics and policies with virtual machines during a live VM migration
• Configuration consistency across all the hosts that are part of the distributed switch

Question 18

What do containers use vSwitches for?

Answer 18

To enable communication within a node (server) or with the outside world.

Question 19

What is another name for vSwitches?

Answer 19

Virtual Bridges

Question 20

What does Docker do by default?

Answer 20

It creates a virtual bridge called Docker0, and it is assigned the default subnet block 172.17.0.1/ 16. Every container created by Docker is assigned a virtual Ethernet interface (veth) on Docker0 and an IP address from 172.17.0.0/16.

Question 21

What does the veth interface appear like to the container?

Answer 21

eth0

Question 22

Can containers communicate with each other?

Answer 22

All containers can then communicate with each other only if they are within the same node.

Question 23

How do you enable containers to communicate with containers in other nodes?

Answer 23

Routing at the OS level or by using an overlay network.

Question 24

What happens if Docker is installed on another node?

Answer 24

If Docker is installed on another node using the default configuration, it ends up with the same IP addressing as the first node, and this needs to be resolved on a node-by-node basis.

Question 25

What can be done to avoid having to manage duplicate IP addresses on Docker nodes?

Answer 25

Use a container orchestrator such as Kubernetes.

Question 26

What is Network Function Virtualization (NFV)?

Answer 26

It is an architectural framework created by the European Telecommunications Standards Institute (ETSI)

Question 27

What 2 things does the NFV architectural framework define?

Answer 27

• Standards to decouple network functions from proprietary hardware such as routers and firewalls
• How to manage and orchestrate the network functions

Question 28

What are 6 advantages of NFV?

Answer 28

• Reduced capital expenditure
• Faster time to market (TTM)
• Improved ROI
• Ability to scale up/down on demand
• Openness to virtual appliance and software networking vendors
• Ability to test new innovation with low risk

Question 29

What is Network Function Virtualization Infrastructure (NFVI) comprised of?

Answer 29

All the hardware and software components that comprise the platform environment in which virtual network functions (VNFs) are deployed.

Question 30

What are 5 examples of Cisco’s NFV?

Answer 30

• CSR 1000v
• Cloud Services Platform 2100 (CSP2100)
• ISRv
• NGFWv
• ASAv

Question 31

What does the NFVI Manager do?

Answer 31

• Manages and controlles the NFVI hardware and virtual resources
• Collects performance measurements and fault information
• Lifecycle management (setup, maintenance, and teardown) of all NFVI resources
• VNF service chaining

Question 32

What is Service Chaining?

Answer 32

Chaining VNFs together to provide an NFV service or solution (i.e. connecting an IDS to a NGFW to a CSR1000v)

Question 33

What are Element Managers (Ems) or Element Management System (EMS)

Answer 33

They perform fault, configuration, accounting, performance, and security (FCAPS) functions for VNFs. A single EM can manage one or multiple VNFs, and an EM can also be a VNF.

Question 34

What is the NFV Orchestrator?

Answer 34

• It is responsible for creating, maintaining, and tearing down VNF network services
• Creates an end-to-end network service over multiple VNFs
• Lifecycle mgmt of one or more VNFs
• FCAPS for the virtual components of a VNF

Question 35

What is FCAPS?

Answer 35

Fault, Configuration, Accounting, Performance and Security

Question 36

What is an NFV Orchestrator and VNF Manager together called?

Answer 36

NFV Management and Orchestration (MANO)

Question 37

What is OSS?

Answer 37

Operations Support System is a platform typically operated by service providers (SPs) and large enterprise networks to support all their network systems and services.

Question 38

What are 4 things that an OSS does?

Answer 38

• Maintains network inventory
• Provisions new services
• Configures network devices
• Resolves network issues

Question 39

What is BSS?

Answer 39

Business Support System - a combination of product management, customer management, revenue management (billing), and order management systems that are used to run the SP’s business operations

Question 40

What does OSS and BSS have in common?

Answer 40

They typically work in tandem to improve the overall customer experience.

Question 41

What is an example of North-South traffic?

Answer 41

North– south traffic comes into the hosting server through a physical NIC (pNIC) and is sent to a VNF; then it is sent from the VNF back out to the physical wire through the pNIC.

Question 42

What is an example of East-West traffic?

Answer 42

East– west traffic comes into the hosting server through a pNIC and is sent to a VNF. From there, it could be sent to another VNF (service chained) and possibly service chained to more VNFs and then sent back out to the physical wire through a pNIC.

Question 43

What is an example of combination North-South and East-West traffic?

Answer 43

a VNF uses a north– south traffic pattern for user data and an east– west traffic pattern to send traffic to a VNF that is just collecting statistics or that is just being used for logs or storage.

Question 44

What are traffic patterns important?

Answer 44

It is important to understand traffic flow direction when deciding which technology to use to switch traffic between VNFs as well as to the outside world.

Question 45

What process is repeated twice - once on physical server and once on VM?

Answer 45

data -> NIC RX ring ->NIC sends packet and packet descriptor via DMA to Main Memory buffer -> NIC sends IRQ to CPU -> CPU gives control to NIC driver which services the IRQ, receives packet, moves it into the network stack -> packet arrives in a socket and socket receive buffer -> then to OVS Virtual Switch -> OVS moves it from kernal to user space -> process repeated on the VM

Question 46

What 3 I/O technologies have been developed to avoid overhead and increase packet throughput?

Answer 46

• OVS Data Plane Development Kit (OVS-DPDK)
• PCI Passthrough
• Single-root I/ O virtualization (SR-IOV)

Question 47

What is the Data Plane Development Kit (DPDK)

Answer 47

• Operates in User space
• Poll Mode Driver (PMD) constantly polls for data coming into the pNIC, processes it, bypasses network stack, CPU, kernel, then switched directly to the VNF

Question 48

What is PCI Passthrough?

Answer 48

Maps a VNF directly to a single pNIC

Question 49

What is the downside to PCI Passthrough?

Answer 49

Each VNF requires a dedicated pNIC

Question 50

What advantages are there to PCI Passthrough?

Answer 50

• One-to-one mapping
• Bypasses hypervisor
• Direct access to I/O resources
• Reduces CPU utilization
• Reduces system latency
• Increases I/O throughput

Question 51

What is Single-root I/O Virtualization (SR-IOV)?

Answer 51

• It is an enhancement to PCI passthrough
• Allows multiple VNFs to share the same pNIC
• Emulates multiple PCIe devices on a single PCIe device (such as a pNIC)

Question 52

What does SR-IOV call the emulated PCI device?

Answer 52

Virtual Functions (VFs)

Question 53

What does SR-IOV call the physical PCI device?

Answer 53

Physical Function (PFs)

Question 54

What are the 2 modes an SR-IOV-enabled pNIC can operate in?

Answer 54

• Virtual Ethernet Bridge (VEB)
• Virtual Ethernet Port Aggregator (VEPA)

Question 55

What is Virtual Ethernet Bridge (VEB) mode?

Answer 55

Traffic between VNFs attached to the same pNIC is hardware switched directly by the pNIC

Question 56

What is Virtual Ethernet Port Aggregator (VEPA) mode?

Answer 56

Traffic between VNFs attached to the same pNIC is switched by an external switch

Question 57

What is Cisco’s Enterpise Network Functions Virtualization (ENFV)?

Answer 57

Cisco solution that replaces physical firewalls, routers, WLC, load balancers, and so on with virtual devices running in a single x86 platform.

Question 58

What advantages come from ENFV?

Answer 58

• Reduces the number of physical devices, truck rolls, technician visits
• Simplifies roll out of new services, updates, VNFs
• Centralized mgmt (DNA Center)
• Enhances network operations flexibility
• Supports SD-WAN
• Supports 3rd party VNFs

Question 59

What 4 main components make up ENFV?

Answer 59

• Management and Orchestration (MANO)
• VNFs
• Network Functions Virtualization Infrastructure Software (NFVIS)
• Hardware Resources

Question 60

What are 2 main functions of DNA Center?

Answer 60

• Roll out new branch locations
• Deploy new VNFs and virtualized services.

Question 61

What do DNA Centers network profiles include?

Answer 61

• Configuration for LAN and WAN virtual interfaces
• Services or VNFs to be used, chaining parameters, CPU and memory requirements
• Device configuration for VNFs

Question 62

What does NFVIS stand for?

Answer 62

Network Function Virtualization Infrastructure Software

Question 63

What 7 VNFs does Cisco support?

Answer 63

• ISRv
• ASAv
• NGFWv
• Viptela vEdge
• cEdge
• vWAAS
• vWLC

Question 64

What 7 3rd party VNFs does Cisco support?

Answer 64

• ThousandEyes
• Fortinet
• PaloAlto
• InfoVista
• CTERA
• Windows server
• Linux Server

Question 65

What components make up NFVIS?

Answer 65

• Linux
• Hypervisor by KVM
• vSwitch by Open vSwitch (OVS)
• VM Lifecycle Mgmt by imbedded Elastic Services Controller Lite
• Plug and Play client
• Orchestration
• HTTPs Web Server
• Device Mgmt
• Role-based Access Control (RBOC)

Question 66

What x86 hosting platforms are available for NFVIS?

Answer 66

• Cisco Enterprise Network Compute System (ENCS)
• Cisco Cloud Services Platform
• Cisco 4000-series ISRs with a Cisco UCS Series E blade
• UCS C-series