VMworld 2013: NSX: Introducing the World to VMware NSX

NSX: Introducing the World to VMware NSX

Milin Desai, VMware

Sachin Thakkar, VMware

NET5847

#NET5847

2 2

Agenda

The Need for Network

Virtualization

VMware NSX Capabilities

VMware NSX Getting started

NSX

Operations

NSX Partner Ecosystem

Putting it all Together

3 3


Virtualization


VMware NSX: Getting started

NSX

Operations



4 4

Customers Want …

Resource

Pools Flexible

IPAM

Zero-trust Security

Micro-Segmentation

Self-Service IT

@ Scale

Elastic Compute

Zones

Extensions to

Public Cloud

5 5

What needs to happen…

Virtual Machine Data Center Network

Operational Model

Decouple from hardware

Create, Delete, Grow, Shrink

Transparent to application

Programmatic Monitoring

Extensible

Can we run Networks like VMs …

6 6

Introducing VMware NSX

Network Virtualization with NSX

L2 Switch L3 Router Firewall Load Balancer

Operational

model of a VM

Hardware

Software

7 7


Virtualization


VMware NSX Getting Started

NSX Operations



8 8

VMware NSX – Networking & Security Capabilities

Any Application (without modification)

Virtual Networks

VMware NSX

Network Virtualization

Platform

Any Network Hardware

Any Cloud Management Platform

Any Hypervisor

Logical Switching– Layer 2 over Layer 3,

decoupled from the physical network

Logical Routing– Routing between virtual

networks and physical without exiting the

software container

Logical Firewall – Distributed Firewall,

Kernel Integrated, High Performance

Logical Load Balancer – Application Load

Balancing in software

Logical VPN – Site-to-Site & Remote

Access VPN in software

NSX API – RESTful API for integration into

any Cloud Management Platform

Partner Eco-System

9 9

VMware NSX Components

Control Plane NSX Controller

Run-time state

• Decouples virtual networks

form physical topology

• Not in Data Path

• Highly Available

Data Plane

NSX Edge

VDS/OVS

Hypervisor Extension Modules

Firewall Distributed

Logical Router VXLAN

NSX vSwitch

• Highly Available VM form factor

• Data Plane for N-S traffic

• Routing and Advanced services

• Intelligent network edge

• Line Rate performance

Management

Plane

NSX Manager • Single point of configuration

• REST API and UI interface

• Highly Available

CMP Consumption

• Self Service Portal

• vCAC, vCD, Openstack,

Cloudstack, Custom Portals

10 10


Virtualization

VMware NSX: Capabilities

VMware NSX: Getting Started

NSX

Operations



11 11

Deploying Network Virtualization with VMware NSX

Compute

1

Leverage existing

Network Infrastructure Any Network Vendor

Any Network Topology

IP Packet Forwarding

Fabric

12 12


Compute

1 2

Leverage existing

Network Infrastructure Deploy VMware NSX

NSX

Edge

NSX

Mgmt

Virtual Infrastructure

NSX Infrastructure

13 13

Demo Simplified one-click deployment:

• Rich integration with vSphere Web Client

• Highly available controller cluster

• Automated in-kernel logical networking / firewalling deployment

• Customizable networking configuration

• Static IP Pools

• Physical network multi-pathing

• Transport Zone - multiple control plane modes

HOL SDC-1303

15 15


Compute

1 2

Leverage existing

Network Infrastructure

Deploy VMware NSX

NSX Mgmt & Edge Services

NSX

Edge

NSX

Mgmt

Virtual Infrastructure

NSX Infrastructure

3

Consumption of

Applications

CMP Portal

Self-Service

Programmatic

Virtual

Network Deployment

Logical Networks

+

16 16

NSX supports deployment of complex topologies

VCM

5477

Multiple

Networks

Flat

Network

APP

DATABASE

WEB

WEB APP DATABASE

Automation – Deploy full automation via vCAC, vCD, Openstack or any CMS

NET

5520

17 17

VMware NSX Logical Switching

• Per Application/Multi-tenant segmentation

• VM Mobility requires L2 everywhere

• Large L2 Physical Network Sprawl – STP Issues

• HW Memory (MAC, FIB) Table Limits

• Scalable Multi-tenancy across data center

• Enabling L2 over L3 Infrastructure

• Overlay Based with VXLAN, STT, GRE, etc,

• Logical Switches span across Physical Hosts

and Network Switches

Challenges Benefits

LOGICAL SWITCHING –Scale the Network 1000X

An

imate

d S

lide

VM

war

e N

SX

Logical Switch 1 Logical Switch 2 Logical Switch 3

NET

5266

18 18

Logical Switches NET

5266

19 19

Demo Feature rich L2:

• Dynamic Logical Switch Provisioning & Consumption

• Layer 2 bridge to connect physical networks or machines

• Advanced Layer 2 features (i.e. flow based marking / DSCP etc.)

HOL SDC-1303

HOL SDC-1319

21 21

VM to VM Routed Traffic Flow

VMware NSX Layer 3 Routing: Distributed, Feature-Rich

• Physical Infrastructure Scale

Challenges – Routing Scale

• VM Mobility is a challenge

• Multi-Tenant Routing Complexity

• Traffic hair-pins

• Distributed Routing in Hypervisor

• Dynamic, API based Configuration

• Full featured – OSPF, BGP, IS-IS

• Logical Router per Tenant

• Routing Peering with Physical Switch

Challenges Benefits

SCALABLE ROUTING – Simplifying Multi-tenancy

Controller Cluster

NSX Manager

L2

L2

Tenant A

Tenant B

L2

L2

L2 Tenant C

L2

L2

L2

An

imate

d S

lide

CMP

NET

5266

22 22

Virtual Network – A complete network in software NET

5266

23 23

Demo Advanced L3 in Software:

• Fully distributed logical routing for East-West connectivity.

• Dynamic routing protocols (OSPF / BGP / IS-IS)

HOL SDC-1303

24 24

NSX Logical Routing: Key Takeaways

One hop accelerated East-West traffic

Dynamic routing protocols configured in software

(OSPF / BGP / IS-IS)

Support multi-tier routing topologies

25 25

VMware NSX Firewall: High Performance, Scalable Security

• Centralized Firewall Model

• Static Configuration

• IP Address based Rules

• 40 Gbps per Appliance

• Lack of visibility with encapsulated traffic

• Distributed at Hypervisor Level

• Dynamic, API based Configuration

• VM Name, Identity-based Rules

• Line Rate 15+ Gbps per host

• Full Visibility to encapsulated traffic

Challenges Benefits

PERFORMANCE & SCALE – 1,000+ Hosts 30 Tbps of Firewall

PHYSICAL SECURITY MODEL NSX FIREWALL FOR SDDC

Firewall Mgmt

An

imate

d S

lide

VMware NSX

API

CMP

SEC

5893

26 26

Virtual Network – A complete network in software SEC

5893

28 28

VMware NSX Load Balancing

• Application Mobility

• Multi-tenancy

• Configuration complexity – manual

deployment model

• On-demand load balancer service

• Simplified deployment model for

applications – one-arm or inline

• Layer 7, SSL, …

Challenges Benefits

LOAD BALANCER – Per Tenant Application Availability Model

An

imate

d S

lide

L2

Tenant A

VM1 VM2

VM1 VM3 VM2

L2 L2

L3 Tenant B

NET

5270

30 30


Virtualization



NSX Operations



31 31

Network Virtualization - Operations

Highlights • Overall Logical network health/stats

• VM to VM connectivity

• Per VM flow visibility

• Traffic Analysis – Packet Capture

• Transport / Tunnel health

• Inventory & Fault Management

• Multi-level Logging, Event tracking and Auditing

• Physical network troubleshooting / visibility

• Upgrade Management

NET

5790

Aggregate Operational Views • Statistics collections

• Alarms & Health Monitoring

• Network Performance & Resource Utilization

• Manage & Monitor through infrastructure

management tools such as vCenter Operations

Manager

32 32

Demo An operationalized virtual networking platform:

• Flow Monitoring

• Server Activity Monitoring

• vCenter Operations Manager Integration

34 34


Virtualization



NSX Operations



35 35

NSX Extensibility: Partner Integration

NSX Controller

NSX API

Partner

Extensions Network Security Platform

Network Gateway Services

Application Delivery Services

Security Services

+

Cloud Mgmt Platforms

NET

5522

36 36

NSX Policy Based Management Framework

Network & security services can now be consumed more

efficiently in the Software-Defined Data Center.

Apply.

Apply and visualize

security policies for

workloads, in one place.

Automate.

Automate workflows

across different

services, without

custom integration.

Provision.

Provision and monitor

uptime of different

services, using one

method.

SEC

5749

37 37

NSX Service Composer – Canvas View SEC

5749

38 38


Virtualization



NSX Operations



39 39

VMware NSX – Deployment Use Cases

Self-Service IT

Dev X

Dev A

Test X

Acquisition A

DevOps Cloud

On-boarding M&A

Application specific networking

Flexible IP Address Mgmt

Simplified consumption

Key Capabilities

Examples

Data Center

Automation

Micro-segmentation of App

Simplifying Compute Silos

DMZ Deployments

Programmatic Consumption

Full featured stack

Visibility and ops

Key Capabilities

Examples

Public Clouds

XaaS Clouds

Vertical Clouds

Multi-tenant Deployment

Programmatic L2, L3, Security

Overlapping IP Addressing

Any Hypervisor, Any CMP

Key Capabilities

Examples

40 40

vSphere

X86 Hosts

KVM Xen Server Hyper-V

Line Rate

Bi-directional

Any-to-Any

Physical or

Virtual

Hardware

Software

Hardware

Software

Any Cloud Management Platform

VMware NSX API

Line Rate

Bidirectional

No

Tromboning

Line Rate

Bidirectional

Kernel Integrated

25,000 CPS

2.5 million

Sessions

15 gbps

100K CPS

1M Concurrent

FW, LB, VPN

The New Role of Software Networking

Distributed

Switching

Distributed

Routing

Distributed

Firewall

Edge

Services

VMware NSX Software (Network Hypervisor)

Virtual Networks

Existing Network Infrastructure

41 41

Imagine the Possibilities ..

Install

Network Fabric Spine, Cable Plant

Deploy Infrastructure Services

VMware NSX, CMP

42 42

Build a Flexible Infrastructure

Connect Rack Utilities

Network Uplinks, Power

Auto-provision Top of Rack Switches

Image is loaded, IP, L3 Fabric

Auto-Deploy Hypervisors

Drivers, NSX Components

43 43

Just “Rack N’ Roll”

Deploy Applications from CMP

VMs, Logical Networks and Security

Add Capacity on Demand

44 44

Related Sessions & Resources

Introductory Topics

• NET5184 – Designing your Data Center for Network Virtualization

• NET7388-S – Network Virtualization – Moving Beyond the Obvious

Advanced Topics

• NET5584 – Deploying Network Virtualization

• NET5716 – Advanced NSX Architecture

• NET5266 – Bringing Network Virtualization to VMware Environments with NSX

• NET5270 – Virtualized Network Services Model with NSX

NSX Hands-on Labs

• HOL-SDC-1303

• HOL-SDC-1319

Blogs - http://blogs.vmware.com/networkvirtualization/

Twitter: @VMwareNSX

http://blogs.vmware.com/networkvirtualization/

http://blogs.vmware.com/networkvirtualization/

THANK YOU

NSX: Introducing the World to VMware NSX

Milin Desai, VMware

Sachin Thakkar, VMware

NET5847

#NET5847

Technology

VMworld 2013: NSX: Introducing the World to VMware NSX