Blog‎ > ‎


posted Sep 25, 2013, 6:49 PM by Rick McGee
Finished video 29, this continued the vPath discussion and it's flow's form vm's to the VSN
vPath Flow
  1. Intercepts packets on server-enabled ports
  2. Run through vPath flow manger
  3. Flow manager emits an ACTION for the packet
    1. Permit
    2. Deny
    3. Redirect; this will allow it to go through a vNAM to a vASA, to a vWAAS
  4. Enforce the flow manger determined action
vPath flow manager
  1. Classify the packet L2/3/4
  2. Tracks TCP and UDP states in greater detail
  3. Preforms lookups based on 5-Tuple (what the hell is this)
    1. Creates flows/connections if they don't exist
    2. Programs a default policy action on the flow REDIRECT
  4. First packet of the flow incurs default policy
  5. REDIRECT policy actions detours the packet through VSN  
  6. VSN tags the detoured packets with policy decisions
  7. On arrival of the detoured packet the policy decision is extracted and programed into the flow
  8. The detoured packet is now subjected to the new policy on the flow
  9. Rest of packets o the flow are subject to the cached policy decision
  10. Policy decision permitting, packets continues through the switch
vPath Flow manger offload
  1. VSN policy decision action may be accomplished by "OFFLOAD" directive
  2. All packets on the flow from then on will be subject to the specified "ACTION" by vPath
  3. These flows-Classified packets will no longer route to VSN
  4. The action of the "OFFLOAD" directives persist until the flows are aged out
Nexus 1000V/1110 Appliance 
  1. If both VSM's go down and you lose the control and management planes, the data plane will not go down and data will be passed from VM to VM and out the physical NIC's to a north bound switch

You can have VSM's in spate L3 networks form the VEM's and even in separate DC's (watch out for latency). You must have the VSM's in the same location DC and cannot be split between two data centers.