A while ago, a tweet praising the wonders of 802.1BR piqued my curiosity. I couldn’t resist downloading the latest draft and spending a few hours trying to decipher IEEE language (as far as the IEEE drafts go, 802.1BR is highly readable) ... and it was déjà vu all over again.
Short summary: 802.1BR is repackaged and enhanced 802.1Qbh (or the standardized version of VM-FEX). There’s nothing fundamentally new that would have excited me.
Compared to Edge Virtual Bridging (EVB, 802.1Qbg) 802.1BR does have a few interesting twists: you can have hierarchical port extenders, which means that 802.1BR gives you a standardized way to connect (for example) a hypervisor host to a Nexus 5000 through a port extender (Nexus 2000), and see each VM as a separate interface on the Nexus 5000/5500. Whether that solves your management or scalability problems is a different question.
Cisco touts numerous advantages of VM-FEX including:
- Feature richness. Physical switches have richer feature sets than hypervisor switches. Those features are definitely nice to have, but do you need them? Are all of them available on dynamic port extender interfaces?
- Better security. To be precise, you can tightly control the VM traffic with ACLs on physical switches and a few other features like IP source guard. For those that believe in ACL-based security, VM-FEX (or 802.1BR) is a perfect solution ... but will ACLs on ToR switch really solve your security problems?
- Visibility into inter-VM traffic. This might have been an argument in pre-vSphere 5 days; vSphere 5 has built-in SPAN.
- Increased performance. VM-FEX with hypervisor bypass significantly increases the performance of I/O intensive VMs.
Although these features make VM-FEX highly attractive, it’s still bridging, and the best you can do on a Nexus 5500 (not yet on UCS Fabric Interconnect) is to bridge the VM-generated traffic into the Fabric Path core. As I said, same old, same old; the hypervisor vendors have already moved on.
If you’re new to virtualized networking and would like to understand what this is all about, start with the Introduction to virtualized networking webinar. You’ll find more advanced topics in VMware Networking Deep Dive and Cloud Computing Networking webinars (the latter now includes a 1,5-hour long section on IaaS scalability). All webinars are available as individual recordings or as part of the yearly subscription.
Finally, if you’d like me to review your virtualized data center design or discuss various technology options, check out the ExpertExpress.