Saturday, February 9, 2013

vSphere VSS & VDS - Cisco Nexus1000v Feature Comparison

I have been asked or requested, so many times before, while talking to the end user or with some one about the features offered by VMware VSS (Virtual Standard Switch), VDS (VMware Distributed Switch) and Cisco Nexus 1000v VDS and I was thinking to gather as much information as I could and blog about it. So here it is.

I believe that any advanced user, working with VMware environment for few years, is aware of the fact that Nexus 1000v is Cisco's product and it will appear as a VDS inside the vSphere GUI. So by looking at the GUI if the naming convention is not used properly for the VDS than you may interpret as a regular VMware VDS so to avoid the confusion one can check the "Summary" Tab of the VDS to verify the vendor of that VDS and also the version of that VDS.

IBM has released Nexus 5000 VDS about which I have not heard much discussion till date. So in this comparison I am not including IBM VDS.

Have a look at the following Table, which I have tried including possibly every feature offered by the VMware VSS, VMware VDS and Nexus VDS. If I miss something then do leave the comment or get in touch with me and I will update the article.
Feature
VMware vSphere 4.x VSS
VMware vSphere 5.5 VDS
Cisco Nexus 1000V 4.2 (1)-SV2(2.2)
Switching Features
Layer 2 Forwarding
YES
YES
YES
IEEE 802.1Q VLAN tagging
YES
YES
YES
Multicast Support (IGMP V2 and V3 support)
YES
YES
YES
IGMP V3 Snooping
-
-
YES
VMware vMotion
YES
YES
YES
Network VMware vMotion
-
YES
YES
Multi-Nic vMotion Support
-
YES
YES
Physical Switch Connectivity
Virtual Mac Pinning
YES
YES
YES
EtherChannel
YES
YES
YES
Virtual Port Channels
-
-
YES
Link Aggregation Control Protocol (LACP)
-
YES
YES
Static LAG
-
YES
YES
Dynamic LAG
-
YES
YES
Load – Balancing Algorithms
         Virtual Port ID
YES
YES
YES
         Source MAC Address
YES
YES
YES
         Source and destination IP Address
YES
YES
YES
         Source MAC Address
-
YES
YES
         Additional hashing Options
-
YES
YES
         Load Based Teaming
-
YES
-
         Source and Destination port IP
-
YES
YES
        Advanced Port channel
-
YES
YES
IP Hash
YES
YES
YES
Traffic Management Features
Transmit-rate (from Virtual Machine) limiting
YES
YES
YES
Receive-rate (to Virtual Machine) limiting
-
YES
YES
ISCSI Mutipathing
YES
YES
YES
Unicast Flooding Control
-
YES
YES
Quality-of-Service (QoS) marking
Differentiated Serviecs Code Point (DSCP)
-
YES
YES
Type of Service
-
-
YES
Class of Service
-
YES
YES
802.1Q
-
YES
YES
Network IO control (NIOC)
-
YES
YES
Transmit-rate (from Virtual Machine) limiting
YES
YES
YES
Receive-rate (to a Virtual Machine) limiting
-
YES
YES
802.1p
-
YES
YES











Security Features



Port Security
YES
YES
YES
VMware VMsafe Compatible
YES
YES
YES
Private VLANs (PVLANs) 512
-
YES (no limit)
YES(512)
Local PVLAN enforcement
-
YES
YES
PVLAN with Promiscuous Trunk
-
YES
YES
Access Control List (ACLs)
-
YES
YES
Virtual Service Domain
-
-
YES
DHCP Snooping
-
-
YES
IP source Guard
-
-
YES
Dynamic ARP Inspection
-
-
YES
MAC ACL
-
YES
YES
VXLAN
-
YES (no limit)
YES (2048)








Management Features
VMware vCenter Support
YES
YES
YES
VMware vCloud Director Support
YES
YES
YES
vCloud Director Automation Center support
YES
YES
YES
RESTful API
YES
YES
YES
Third-party-Accessible APIs
YES
YES
YES
Network Policy Groups
YES
YES
YES
Multitier Policy Groups
-
-
YES
Packet Capture and Analysis
-
YES
YES
RADIUS and TACACS+
-
-
YES
LLDP
-
YES
-
Network CLI
-
-
YES
Server CLI
YES
YES
-
Configuration and Management Console Interface
vSphere Client
vSphere Web Client/vSphere Client
vCenter and Cisco CLI
Graphical UI
YES
YES
-
Config Backup and Restore
-
YES
YES
Network Rollback and Recovery
-
YES
-
IPv6 for Management
YES
YES
YES




Monitoring and Troubleshooting



VMware Port Mirroring (promiscuous)
YES
YES
YES
Switched Port Analyzer (SPAN)
-
YES
YES
Encapsulated Remote SPAN (ERSPAN)
-
YES
YES
NetFlow ver. 9
-
-
YES
NetFlow ver. 10 (Ipv6, VXLAN flows)
-
YES
-
Network Health Check
-
YES
-




Simple Network Management Protocol (SNMP) V3 Read and Write (V1,V2C)
-
YES
YES
Cisco Discovery Protocol (CDP) v1 and v2
YES
YES
YES
Syslog *
YES
YES
YES
ACL Logging
-
YES
YES
SNMP ACLs
-
-
YES
Network Virtualization



VXLAN support with Multicast
-
YES
YES
VXLAN support without Multicast
-
-
YES
ARP suppression for VXLAN
-
-
YES
L3 Gateway for NV
-
YES
YES
Site-to-Site IPSec VPN
-
YES
YES
Remote Access SSL VPN
-
YES
-




Scalability



Hosts per Switch
500
500
128
Switches per management system (VC)
128
128
32
VXLAN segments
-
10000 (VCNS)
2048
VLAN (no vxlan)
4096
4096
2048
Port Groups/Profiles per Switch
4096
10000
2048
Virtual Ports per host
4096
4096
300
Virtual Ports per Switch
10000
60000
4096
Max Active Virtual ports per Host
1016
1016
300
Max MAC Addresses per Host
No limit
No limit
32000



































































































(NOTE: Above Table is updated for VDS 5.5 so some features which are not shown as supported on VDS 5.5 are fully supported for VDS with NSX so please verify the same.)

* Syslog information is exported and included with VMware ESX/ESXi server events

So you can select the option depending on the features you need. Both VMware and Cisco VDS requires Enterprise + License. Now if you see that I have not included the column for VMware VDS 4.1. The reason behind it, as most of the features available with VDS 5.5 and there are some more features offered with the latest version of VDS so I encourage the reader to use the latest version anyway. Even the Cisco Nexus VDS version is 4.2 (1) - SV2(2.2) which is the latest one.

For configuration of VDS you can refer the online documentation available on www.vmware.com and for Cisco Nexus 1000v VDS you can refer the documentation page here.

I will update the Sheet with NSX 6.0.5 once I get some time so please be waited till then and DO NOT leave the comment for the requesting the same Update :-) but I appreciate any Feedback or comments regarding any features (if missed) or needs an update to the above Table.

Share and Care !!

Enjoy !!

6 comments:

  1. Hi Mandvis,

    that's a very good overview.

    But I think the feature "Multi-Nic vMotion Support" is also supported by n1v.

    I understand this feature in this way, that it enables the usage of more then one vmknic (per host) for vmotion. These vmknics you can allocate to 2 or more vmnics (with usage of port-profiles). In a vmotion event (even for vmotion one VM only) both vmknics and both vmnics are used for transmiting the vmotion data.

    We use this feature in our environment in this way and it works fine. About a bug in vsphere5.1 it's important that the 2 vmknics have IP-adresses from different IP-subnets. Otherwise the traffic is flooded after some minutes. But this is vaild for VDS+n1v.

    Regards
    Hennel

    ReplyDelete
  2. Great information!

    Any chance on updating this with the latest releases from VMware (vSphere 5.5) and Cisco?

    ReplyDelete
  3. Can you please update the same for VMware Version 5.5 vs Nexus 1000v ?

    ReplyDelete
  4. The post is updated now with latest VDS version and Nexus 1000v.

    Please share

    ReplyDelete
  5. VDS 5.5 supports CoS and DSCP. Spoofguard with NSX and vCNS App. VXLAN without multicast with NSX. VXLAN limit is 5000 with vCNS and 10000 with NSX. Not sure why would N1KV not support multi-NIC vMotion and vCAC..

    ReplyDelete
  6. Very Nicely done! I've been looking for this! This will save me hours of research. Thank you so much.

    ReplyDelete