Watch on YouTube
Watch on Vimeo
See how Cisco can bridge Nexus One data center fabrics and Kubernetes environments with a consistent operating model for visibility, policy, and security. This session shows how teams can reduce tool sprawl, speed troubleshooting, strengthen workload protection, and build AI-ready application infrastructure while bringing NetOps, platform, and security teams into shared workflows.
Marcos Hernandez and Camillo Rossi presented the general availability of Isovalent Private Networks over EVPN/VXLAN, marking a deeply integrated collaboration between the Isovalent and Cisco Data Center Networking teams. Isovalent leverages eBPF (Extended Berkeley Packet Filter) technology to embed layer 3 through layer 7 container network interface services directly into the Linux kernel, making it programmable without modifying the core system. The newly announced Isovalent Network for Virtualization brings a virtual private cloud (VPC) experience to Kubernetes, creating isolated private networks with overlapping subnets. This framework stabilizes virtual machine networking by preserving stateful workload identities and real IP addresses across application lifecycles and migrations. Rather than using rigid, centralized gateways, the solution pairs Kubernetes nodes directly with top-of-rack switches using standard BGP unnumbered configurations to advertise EVPN Type 5 host routes, converting the entire Nexus fabric into a massive, highly scalable distributed gateway.
The technical demonstration highlighted how this architecture unifies end-to-end security and visibility while simplifying cross-domain troubleshooting. Through Fabric Security Groups, operators can automatically map Kubernetes endpoint labels to specific Security Group Tags (SGTs) within the fabric, allowing unified security contracts across NX-OS and ACI environments. The presenters demonstrated an application traffic failure, leveraging the real-time, identity-aware kernel telemetry of Isovalent Timescape alongside the Cisco Nexus Dashboard. While Timescape analyzed isolated microservices flows and localized policy drops, Nexus Dashboard tracked the lifecycle of the EVPN routes and ran connectivity analyses using distributed ELAM packet captures to identify misconfigured security tags. Cisco’s future roadmap aims to merge these distinct datasets via Cisco Cloud Control, embedding Timescape’s application-level metadata directly onto Nexus Dashboard’s physical path topologies to establish a single pane of glass for modern infrastructure.
Personnel: Camillo Rossi, Marcos Herrnandez
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
