An Epyc new addition to the UCS Family!

 

Back in February of this year, when I read an article in The Register, announcing that Raghu Nambiar, the then chief technology officer for UCS servers had joined AMD. I didn’t think too much of it, but when I also saw that AMD were, for the first time (in my memory), exhibiting at Cisco Live, My right eyebrow rose in a particular “Roger Moore esque” manner, and I sensed something may well be afoot.

Some of you may well have noticed that even since 2009 there has always been an AMD CPU server qualification policy in Cisco UCS Manager , and several years ago I did bring this up with Cisco, as to why in an exclusively Intel based product would need such a policy, to which, if memory serves, the answer at the time was “never say never”

Well today that “prophecy”  was fulfilled with the announcement of the Cisco UCS C4200 chassis which can house up to 4 x C125 M5 server nodes which are exclusively AMD EPYC based.

C4200

C4200 containing 4 x C125 Server Nodes

Now I know what you are all probably thinking, a modular UCS server? didn’t Cisco already try this with the M-Series which they decided end of life back 2016. But the answer is NO! the M-Series was a completely different beast, which was geared around host “dis-aggregation” with larger numbers of much smaller spec hosts built upon the lower spec Intel XEON E3 CPUs, with shared I/O and shared disks not to mention the M-Series was UCSM managed only.

In contrast the C4200/C125 M5  has the following specs.

C4200 2 Rack Units chassis contains up to 4 x C125 M5 Server nodes
24 drives per C4200, 6 dedicated to each node, 2 of those 6 can be NVMe
2 x AMD EPYC 7100 Series CPUs up to 32 Cores each
Up to 2TB RAM per node
Up to 46.8 TB HDU per node (6 x 7.8 TB SSD)
2 x 2400W PSUs
Optional 4th Gen VIC 10/25/40/50/100Gbps  (to be released later this year.)
Plus the C125 can be managed by UCS Manager, UCS Central, from the Cloud with Cisco Intersight, Stand-a-lone CIMC, or 3rd Party tools.

C125 M5 Rack Server Node

C125 M5 Server Node

If there are 3 words that describe why Cisco have chosen the AMD EPYC CPU along with the modular form factor, they would be Density, Density and Density as it is possible to pack a whopping 128 Cores per Unit of rack space.  The graphic below compares density volumetrics against the UCS C220 rack mount server

2018-05-29 (4)

But all these “speeds and feeds” stats are great, but what business requirements will these new servers address? and what particular workloads or industries will particularly benefit from them? Well as can be seen in the below graphic, Cisco are positioning the C125 for any compute intensive applications or where an exceptional amount of compute density is required, as well as Gaming/E-Gaming. And interestingly Cisco also list High Frequency Trading (HFT) and enterprise High Performance Compute (HPC) as a particular use case for the C125 markets that up until now Cisco had never actively targeted,  Which would explain the addition of the Open Compute Project (OCP) 2.0 Mez slot supporting options such as InfiniBand for ultra low latency networking..

2018-05-29 (7)

Cisco UCS Portfolio

As ever with the Cisco UCS family it’s all about options and Flexability and while there are several “all rounder” options there are definitely sweet spots for certain UCS family members. Bill Shields of Cisco has produced a nice radar diagram below to guide you as to these sweet spots depending what use cases you are looking to address.

As you can see the C125 M5 wins out in the density areas, but if minimal cabling is a priority then Blades are a great option or the S3260 servers for maximum storage. The reality being that a combination of these servers may well be the best overall solution in many cases, hitting that optimised price point for each element of the solution.

 

Sharing that storage!

While Cisco have not announced any Software Defined Storage (SDS) option for the C125 I think it would also make a great Hyperconverged node and as Cisco already have HX Data Platform  in the portfolio it would make great sense to combine the 2. So who knows we may see Cisco “HyperFlex Up” the C125 M5 in the future. But in the meantime there is always the option to run an SDS solution like StorMagic or VMware VSAN if that’s the way you want to go. But of course traditional NAS and SAN solutions are also very valid storage options.

Closing thoughts

For me the big differentiation of Cisco UCS has always been the management Eco system.  It is a huge plus to be able to manage hundreds of servers as easy as one. And having that management platform available on premises or from the cloud and covering the whole UCS family regardless of whether they are blades, rack mounts, modular or Hyper-converged nodes  is a huge Cisco USP.

Links for further reading

For more information and data sheets on the C4200 and C125 click here

Rather than me call out the different pros and cons of AMD vs Intel, prices per watt and Thermal Design Power (TDP) stats etc..  AnandTech do a great job of an independent “Apples with Apples” comparison of how the AMD EPYC CPU compares to the Intel Skylake CPU Here.

As always let me know your thoughts in the comments!

Colin

 

Advertisements
Posted in Product Updates | Tagged , , , , , , | 9 Comments

Cisco HyperFlex 3.0 vSphere Cluster Install

Posted in HyperFlex | Tagged , , , , , , | 2 Comments

Cisco Live Barcelona 2018

In late January I attended Cisco Live Europe in Barcelona, it certainly made a nice change going to a winter Cisco Live without having to bring several layers of clothing.

Like most people I’m generally too busy the rest of the year to make classroom lead training courses so Cisco live for me is a great opportunity to refresh my knowledge and skills, catch up with what’s new and learn first-hand from some of the best techies in the industry.

But just as importantly I get a chance to catch-up with my peers in other firms and chat about what they are up to, as a strong believer in communities, for the most part I don’t see “competitor’s” just “friends who happen to work for other companies”.

A wise man once said “A day without learning, is a day wasted”

So here’s what I got up to at Cisco Live!

Ciscolive Tweetup

Walk-In Self-Paced Labs

One of my favourite resources at Cisco Live is the Walk-In Self-Paced Labs (WISP Labs) these are guided labs many of which are not available on Ciscos dCloud. These maybe an introduction to a recent addition to the Cisco portfolio or a pre-designed scenario on a particular product or solution. As its name suggests you do not need to pre-book these just wander up and pick your lab. Another great aspect of the WISP labs is that the actual author of the lab is there to assist you and answer any questions.

One of the WISP labs I found really useful was on automating Cisco ACI with Python, now I’m no programmer so it was great to have a chance to do a guided lab on tools that are available to bring network programmability skills to the “traditional networker” Tools like the Cobra SDK which is a set of Python utilities for interfacing with the APIC. If you would like to have a play with automating Cisco ACI with tools like Python or Ansible then a great resource is the ACI Programmability lab on Cisco DEVNET Learning Labs.

Hyperflex 3.0

Ciscos UCS based HyperFlex, received a welcome update to version 3.0 under the strap line: Any App, Any Cloud, Any Scale.

Notable updates being around scale, both upwards and downwards as HyperFlex now supports up to 64 nodes per cluster as well as allowing those clusters to be stretched between sites. But just as importantly for those smaller use cases such as remote office/branch office (ROBO), air gapped DMZs, plus anywhere that compute power needs to be closer to users, there is now an option with HyperFlex Edge of a 3 node cluster without the need for the fabric interconnects so a very cost effective solution. While all being centrally managed either on premises or via Cisco cloud offering Intersight.

 

Network Assurance Engine

Working a lot as I do with Cisco ACI I really liked the look of Cisco’s Network Assurance Engine (code name Candid). Now those of you who have worked with Cisco ACI will know that the alerting may not be as human friendly as it could be. Plus it is not always obvious that your Cisco ACI configuration meets both a best practice as well as your own corporate policies and constraints. Well the Network Assurance Engine does just that, by ensuring your Cisco ACI implementation is adhering to both your Security and Networking compliance.

You define your policies, intent and compliancy requirements in very user friendly rules, the Network Assurance Engine then evaluates your Cisco ACI configuration and identifies any policy violations or configuration issues and reports them back in very easily to interpret smart alerts. The smart alerts then hyperlink you to exactly the configuration or lack of that is violating your defined policy and recommends the remedial action.

Network Assurance Engine can also predict the impact of any changes significantly reducing risk of human error or induced network failures. Gone are the days of “I don’t think this will impact production services”

 

Cisco champions tour of the innovation lounge

This was certainly one of the highlights and a great benefit of the Cisco champions program, where the champions, after a briefing about, no cameras, or blogging on the details of what we may see or hear, were given access to the innovation lounge, an area where the actual Cisco engineers were demonstrating the products and concepts currently in development.  Walking round I certainly felt like the children exploring Willy Wonkers chocolate room! with pure imagination and innovation at every turn.

For my part having a keen interest in crypto currencies it was great to see what Cisco was doing around blockchain technology. Like Clouds blockchains can be public, private or community. Anyone can create a blockchain, the open source software is freely available. The essence of a blockchain being that there are no servers only clients and that each have a full copy of the database (distributed ledger) and then by the use of cryptography maintain a consensus that the database has not been tampered with or fraudulently altered.

The demo that was being shown was the use of a distributed ledger (blockchain) for asset tracking, in this case 2 Cisco gbics which looked identical were scanned, one of which was immediately validated by a blockchain lookup but the other declared counterfeit. For the valid gbic every stage (transaction) in its life cycle could then be seen from manufacture to delivery and all stages between. Imagine being able to scan a joint of beef in your local supermarket with your mobile phone and see the complete history of that animal from its birth to putting on the shelf in front of you. Just one use for blockchain technology.

One things for sure blockchain brings a level of trust to digital business unheard of til now.

And as you can imagine in a topology where there are no servers and all traffic is peer to peer  (east/west)  with potentially millions of nodes, this will require a complete rethink on application management, control, orchestration and the need to push security and policy right to the edge of the network.

 

Closing keynote:

As a bit of a metal head I grew up listening to bands like Iron Maiden, Metalica and Pantera, so imagine my surprise to hear that the guest keymote speaker was due to be none other than Bruce Dickinson the lead singer with Iron Maiden! Now that was a keynote I was not going to miss. And another awesome benefit was that as a Cisco champion we all had prime reserved ringside seating.

While I had no expectation of what Bruce would be like as a speaker, he was far from the heavy metal stereotype many would expect. A very intelligent, funny and entertaining guy, with some great road stories. He explained that he had always wanted to tour Australia but the logistics of plane hires and getting all the band and kit to the other side of the world was always cost prohibitive. So he decided to train as a pilot, ended up working for commercial airlines for 10 years and then had the idea of renting a jumbo jet in the off season (many jumbos are parked up and stored in off peak seasons) so it was relatively cheap, bundled the whole band, kit and crew in it and flew it himself to Australia, and treated it as their own “flying carpet” The running theme of Bruce’s talk was innovation and entrepreneurialism, as he had developed several business out of renting these “stored aircrafts” he even has a company that manufactures edible drones, that can be flown in to deliver the first aid to a disaster zone even before human aid can get there, all in all a great speaker and I would thoroughly recommend him as a keynote speaker.

Hope to see you all back in Barcelona next year!

Bruce Dickinson

Posted in General | Tagged , , , , , , , , , , | Leave a comment

VMworld 2017 Barcelona

There is a saying that “The early bird catches the worm!” but I say “but it’s the 2nd mouse that gets the cheese!” In short apologies for the lateness of this post 🙂

This year was my first year as a VMware vExpert and through that program VMware kindly offered me a  “blogger pass” to attend VMworld Barcelona.

Having a great interest in software defined networking in general and VMware NSX in particular I was keen to focus on what VMware are doing in this space along with their general Software-Defined Data Center (SDDC) strategy and offerings. So I have picked a couple of topics that were of particular interest to me.

VMware Cloud Foundation:

We are all familiar with vendors like VCE (now Dell EMC Converged Platforms) who create Vblocks, which are fully qualified Converged Infrastructures, where all components of the system, compute, storage, networking and virtualisation are vigorously tested and version controlled to ensure optimal compatibility and performance.  Well VMware have created the VMware Cloud Foundation (VCF) which does the same thing for the whole SDDC whether deploying on a private, public or hybrid cloud.

VCF combines VMware vSphere (Compute), vSAN (Storage) and NSX (Networking and Security) into a tightly integrated stack with automation, upgrades and life cycle management via SDDC Manager.

The benefits and value of adopting a VCF solution include:

  • Accelerated time to market resulting from the reduced design, testing and implementation times.
  • Reduced maintenance and Opex from features like one click automated upgrades.
  • Repeatable solution for multi-site deployments.
  • Validated integration with public cloud providers, allowing mobility of workloads between private and public clouds.

You can either buy a fully pre-built SDDC with all the cloud foundation software pre-loaded, currently available on the Dell EMC VxRack platform or you can build your own as long as long as you adhere to the VMware Cloud Foundation compatibility guide. I’m sure you’ll all be glad to hear that Cisco UCS C240 is on there.

Just like a Vblock has it’s Release Certification Matrix (RCM) a VCF SDDC has its VCF matrix which details the hardware and software combinations that have been validated for that particular version. Valid upgrade paths to later versions are also detailed in the release notes of the particular VCF Version.

vRealize Network Insight:

One of the largest customer concerns when looking to migrate from a traditional “black list” network to a software defined “white list” model, is will my application still work in the new environment?

In the traditional black list model all communication is allowed by default unless specifically blocked by a firewall or access control list, whereas in a software defined “white list” model all traffic is denied by default unless specifically permitted. This means that all flows for all applications need to be known and understood, and those flows allowed in the new software defined environment.

There are of course lots of methods and discovery tools out there that assist with application discovery and dependency mapping, but they all differ greatly in usefulness, functionality and cost.

While at VMworld I have been looking into, and having a play with vRealize Network Insight (vRNI) which was a result of the Arkin acquisition June 2016.

Not part of the vRealize suite but rather an add-on service to VMware NSX and licenced according to the number of NSX CPU licences.

vRNI provides both a day 0 assessment in order to do a “underlay readiness and health check to be confident the underlay network is healthy, happy and NSX ready. vRNI can then be used to analyse and report on all the traffic within the network, automatically group workloads into security groups and then create the required NSX distributed firewall rules required between those security groups.

 

The security advantages of a zero trust/least privilege network are well understood and only allowing the flows you need on a network is certainly the way forward. I am in the process writing a full blog review of vRNI and as such will not elaborate further on it in this post.

 

CCIE Reception

It was also great to see VMware recognising and putting on an event for Cisco CCIEs. In a world of ever growing automation and GUI’s it is a common topic on whether you still need to understand all this “networking stuff” that goes on, often “under the covers” in many cases. As someone who has been involved in many software defined / overlay networking issues my answer to that, is absolutely! Having a good strong foundation of network knowledge and troubleshooting skills will only help you when designing and troubleshooting a network of any description.

 

Highlight

While there were several great sessions and receptions, I guess the highlight of my VMworld was that a small group of “NSX VIPs” were given the opportunity of an open forum round table with VMware CEO Pat Gelsinger, where we could just ask any questions we liked. I was very impressed with Pats technical knowledge regarding many of the products in the VMware portfolio particularly NSX.

One of the topics of discussion was the evolution of NSX-T, (VMware’s NSX offering for multi-cloud, multi-hypervisor, and container environments) and it’s eventual replacement of NSX-V (The VMware only product)

While this transition will certainly be over some time, the majority of R&D and new features will be targeted at NSX-T.

All in all a great experience at VMworld Europe 2017!

 

 

 

 

 

 

 

Posted in SDN, VMware NSX | 1 Comment

Configuring an L3OUT in Cisco ACI

Posted in Cisco ACI | Tagged , , , , , | 2 Comments

Configuring an L2OUT in Cisco ACI

Posted in Cisco ACI | Tagged , , , , | Leave a comment

Adding a Bare Metal Rack Mount into a Cisco ACI Fabric

Posted in Cisco ACI | Tagged , , , , | 1 Comment

Configuring Cisco UCS and VMware with Cisco ACI the Easy Way!

Posted in Cisco ACI | Tagged , , , | 1 Comment

Cisco ACI Upgrade Walkthrough

Posted in Cisco ACI | Tagged , , , , , , | Leave a comment

My Journey with VMware NSX

A few times recently I have been asked how I went about expanding my skill set to include software defined networking solutions after being a “traditional networker” for the past 20 years. So here is my story so far.

Three years or so ago, having achieved my 2nd CCIE, I was looking for my next challenge, Software Defined Networking (SDN) was already gaining momentum and so I looked at what I could do in that space. I already had a fairly good handle on Cisco Application Centric Infrastructure (ACI) but at the time there were no certification tracks geared around Cisco ACI.

VMware NSX seemed the obvious choice, I was already familiar with the Nicira solution prior to the VMware acquisition, along with the fact that NSX being a Network Function Virtualisation (NFV) based solution, uses constructs that are very easy for “traditional networkers” to understand, i.e if you know what a physical router does and how to configure it, then it isn’t much of a departure to understand and configure a distributed logical router (dLR) in NSX, and the same thing goes for NSX logical switches and firewalls.

If you’re familiar with setting up emulators like GNS3 and Cisco VIRL then again you’re already adept at setting up virtual networks so the gap to understanding and configuring NSX really isn’t that much to bridge.

Like most people when trying to learn something new I started playing with NSX in a home lab environment, just a couple of low grade dual core servers with 64GB RAM in each was plenty to create a nested NSX environment, but I quickly found the VMware Hands on Labs (http://labs.hol.vmware.com/HOL/catalogs/catalog/681) were so available and functional that I pretty much just used them instead.

I Progressed to VCP-NV (VCP-Network Virtualisation) and then attended the “NSX Ninja” 2 week boot camp, on the back of which I took and passed (2nd time round) the VCIX-NV (Implementation Expert) an intense 3hr practical assessment on building and troubleshooting an NSX solution.

The NSX Ninja course was great! taught by Paul Mancuso @pmancuso and Chris McCain @hcmccain and gave a great insight into the process of submitting and defending a VCDX-NV (Design Expert) design. VCDX-NV being my main goal for this year which requires the submission of an NSX design and then you defend that design to a panel of experts. The NSX Ninja course was possibly one of the best courses I have ever attended, purely for the amount of interaction and constructive feedback.

Of course what also stood me in great stead was the invaluable experience I had picked up, having spent 3 years working with NSX day in and day out, and having now delivered 3 large production deployments in multi vCenter cross site topologies, as no matter how much training you do, nothing quite burns in that knowledge than working in the field delivering solutions meeting real customer’s business requirements.

As with most expert level certifications it is not reaching the destination that makes you an expert, it’s what you learn and the scars you pick up along the path.

This year I was very proud to be selected as a vExpert and am very much looking forward to participating in the program.

Good luck on your own journeys.

Colin

Posted in SDN, VMware NSX | Tagged , , , , | Leave a comment