vmworld 2013: nsx: introducing the world to vmware nsx
DESCRIPTION
VMworld 2013 Milin Desai, VMware Sachin Thakkar, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshareTRANSCRIPT
NSX: Introducing the World to VMware NSX
Milin Desai, VMware
Sachin Thakkar, VMware
NET5847
#NET5847
2 2
Agenda
The Need for Network
Virtualization
VMware NSX Capabilities
VMware NSX Getting started
NSX
Operations
NSX Partner Ecosystem
Putting it all Together
3 3
The Need for Network
Virtualization
VMware NSX Capabilities
VMware NSX: Getting started
NSX
Operations
NSX Partner Ecosystem
Putting it all Together
4 4
Customers Want …
Resource
Pools Flexible
IPAM
Zero-trust Security
Micro-Segmentation
Self-Service IT
@ Scale
Elastic Compute
Zones
Extensions to
Public Cloud
5 5
What needs to happen…
Virtual Machine Data Center Network
Operational Model
Decouple from hardware
Create, Delete, Grow, Shrink
Transparent to application
Programmatic Monitoring
Extensible
Can we run Networks like VMs …
6 6
Introducing VMware NSX
Network Virtualization with NSX
L2 Switch L3 Router Firewall Load Balancer
Operational
model of a VM
Hardware
Software
7 7
The Need for Network
Virtualization
VMware NSX Capabilities
VMware NSX Getting Started
NSX Operations
NSX Partner Ecosystem
Putting it all Together
8 8
VMware NSX – Networking & Security Capabilities
Any Application (without modification)
Virtual Networks
VMware NSX
Network Virtualization
Platform
Any Network Hardware
Any Cloud Management Platform
Any Hypervisor
Logical Switching– Layer 2 over Layer 3,
decoupled from the physical network
Logical Routing– Routing between virtual
networks and physical without exiting the
software container
Logical Firewall – Distributed Firewall,
Kernel Integrated, High Performance
Logical Load Balancer – Application Load
Balancing in software
Logical VPN – Site-to-Site & Remote
Access VPN in software
NSX API – RESTful API for integration into
any Cloud Management Platform
Partner Eco-System
9 9
VMware NSX Components
Control Plane NSX Controller
Run-time state
• Decouples virtual networks
form physical topology
• Not in Data Path
• Highly Available
Data Plane
NSX Edge
VDS/OVS
Hypervisor Extension Modules
Firewall Distributed
Logical Router VXLAN
NSX vSwitch
• Highly Available VM form factor
• Data Plane for N-S traffic
• Routing and Advanced services
• Intelligent network edge
• Line Rate performance
Management
Plane
NSX Manager • Single point of configuration
• REST API and UI interface
• Highly Available
CMP Consumption
• Self Service Portal
• vCAC, vCD, Openstack,
Cloudstack, Custom Portals
10 10
The Need for Network
Virtualization
VMware NSX: Capabilities
VMware NSX: Getting Started
NSX
Operations
NSX Partner Ecosystem
Putting it all Together
11 11
Deploying Network Virtualization with VMware NSX
Compute
1
Leverage existing
Network Infrastructure Any Network Vendor
Any Network Topology
IP Packet Forwarding
Fabric
12 12
Deploying Network Virtualization with VMware NSX
Compute
1 2
Leverage existing
Network Infrastructure Deploy VMware NSX
NSX
Edge
NSX
Mgmt
Virtual Infrastructure
NSX Infrastructure
13 13
Demo Simplified one-click deployment:
• Rich integration with vSphere Web Client
• Highly available controller cluster
• Automated in-kernel logical networking / firewalling deployment
• Customizable networking configuration
• Static IP Pools
• Physical network multi-pathing
• Transport Zone - multiple control plane modes
HOL SDC-1303
15 15
Deploying Network Virtualization with VMware NSX
Compute
1 2
Leverage existing
Network Infrastructure
Deploy VMware NSX
NSX Mgmt & Edge Services
NSX
Edge
NSX
Mgmt
Virtual Infrastructure
NSX Infrastructure
3
Consumption of
Applications
CMP Portal
Self-Service
Programmatic
Virtual
Network Deployment
Logical Networks
+
16 16
NSX supports deployment of complex topologies
VCM
5477
Multiple
Networks
Flat
Network
APP
DATABASE
WEB
WEB APP DATABASE
Automation – Deploy full automation via vCAC, vCD, Openstack or any CMS
NET
5520
17 17
VMware NSX Logical Switching
• Per Application/Multi-tenant segmentation
• VM Mobility requires L2 everywhere
• Large L2 Physical Network Sprawl – STP Issues
• HW Memory (MAC, FIB) Table Limits
• Scalable Multi-tenancy across data center
• Enabling L2 over L3 Infrastructure
• Overlay Based with VXLAN, STT, GRE, etc,
• Logical Switches span across Physical Hosts
and Network Switches
Challenges Benefits
LOGICAL SWITCHING –Scale the Network 1000X
An
imate
d S
lide
VM
war
e N
SX
Logical Switch 1 Logical Switch 2 Logical Switch 3
NET
5266
18 18
Logical Switches NET
5266
19 19
Demo Feature rich L2:
• Dynamic Logical Switch Provisioning & Consumption
• Layer 2 bridge to connect physical networks or machines
• Advanced Layer 2 features (i.e. flow based marking / DSCP etc.)
HOL SDC-1303
HOL SDC-1319
21 21
VM to VM Routed Traffic Flow
VMware NSX Layer 3 Routing: Distributed, Feature-Rich
• Physical Infrastructure Scale
Challenges – Routing Scale
• VM Mobility is a challenge
• Multi-Tenant Routing Complexity
• Traffic hair-pins
• Distributed Routing in Hypervisor
• Dynamic, API based Configuration
• Full featured – OSPF, BGP, IS-IS
• Logical Router per Tenant
• Routing Peering with Physical Switch
Challenges Benefits
SCALABLE ROUTING – Simplifying Multi-tenancy
Controller Cluster
NSX Manager
L2
L2
Tenant A
Tenant B
L2
L2
L2 Tenant C
L2
L2
L2
An
imate
d S
lide
CMP
NET
5266
22 22
Virtual Network – A complete network in software NET
5266
23 23
Demo Advanced L3 in Software:
• Fully distributed logical routing for East-West connectivity.
• Dynamic routing protocols (OSPF / BGP / IS-IS)
HOL SDC-1303
24 24
NSX Logical Routing: Key Takeaways
One hop accelerated East-West traffic
Dynamic routing protocols configured in software
(OSPF / BGP / IS-IS)
Support multi-tier routing topologies
25 25
VMware NSX Firewall: High Performance, Scalable Security
• Centralized Firewall Model
• Static Configuration
• IP Address based Rules
• 40 Gbps per Appliance
• Lack of visibility with encapsulated traffic
• Distributed at Hypervisor Level
• Dynamic, API based Configuration
• VM Name, Identity-based Rules
• Line Rate 15+ Gbps per host
• Full Visibility to encapsulated traffic
Challenges Benefits
PERFORMANCE & SCALE – 1,000+ Hosts 30 Tbps of Firewall
PHYSICAL SECURITY MODEL NSX FIREWALL FOR SDDC
Firewall Mgmt
An
imate
d S
lide
VMware NSX
API
CMP
SEC
5893
26 26
Virtual Network – A complete network in software SEC
5893
28 28
VMware NSX Load Balancing
• Application Mobility
• Multi-tenancy
• Configuration complexity – manual
deployment model
• On-demand load balancer service
• Simplified deployment model for
applications – one-arm or inline
• Layer 7, SSL, …
Challenges Benefits
LOAD BALANCER – Per Tenant Application Availability Model
An
imate
d S
lide
L2
Tenant A
VM1 VM2
VM1 VM3 VM2
L2 L2
L3 Tenant B
NET
5270
30 30
The Need for Network
Virtualization
VMware NSX: Capabilities
VMware NSX: Getting Started
NSX Operations
NSX Partner Ecosystem
Putting it all Together
31 31
Network Virtualization - Operations
Highlights • Overall Logical network health/stats
• VM to VM connectivity
• Per VM flow visibility
• Traffic Analysis – Packet Capture
• Transport / Tunnel health
• Inventory & Fault Management
• Multi-level Logging, Event tracking and Auditing
• Physical network troubleshooting / visibility
• Upgrade Management
NET
5790
Aggregate Operational Views • Statistics collections
• Alarms & Health Monitoring
• Network Performance & Resource Utilization
• Manage & Monitor through infrastructure
management tools such as vCenter Operations
Manager
32 32
Demo An operationalized virtual networking platform:
• Flow Monitoring
• Server Activity Monitoring
• vCenter Operations Manager Integration
34 34
The Need for Network
Virtualization
VMware NSX: Capabilities
VMware NSX: Getting Started
NSX Operations
NSX Partner Ecosystem
Putting it all Together
35 35
NSX Extensibility: Partner Integration
NSX Controller
NSX API
Partner
Extensions Network Security Platform
Network Gateway Services
Application Delivery Services
Security Services
+
Cloud Mgmt Platforms
NET
5522
36 36
NSX Policy Based Management Framework
Network & security services can now be consumed more
efficiently in the Software-Defined Data Center.
Apply.
Apply and visualize
security policies for
workloads, in one place.
Automate.
Automate workflows
across different
services, without
custom integration.
Provision.
Provision and monitor
uptime of different
services, using one
method.
SEC
5749
37 37
NSX Service Composer – Canvas View SEC
5749
38 38
The Need for Network
Virtualization
VMware NSX: Capabilities
VMware NSX: Getting Started
NSX Operations
NSX Partner Ecosystem
Putting it all Together
39 39
VMware NSX – Deployment Use Cases
Self-Service IT
Dev X
Dev A
Test X
Acquisition A
DevOps Cloud
On-boarding M&A
Application specific networking
Flexible IP Address Mgmt
Simplified consumption
Key Capabilities
Examples
Data Center
Automation
Micro-segmentation of App
Simplifying Compute Silos
DMZ Deployments
Programmatic Consumption
Full featured stack
Visibility and ops
Key Capabilities
Examples
Public Clouds
XaaS Clouds
Vertical Clouds
Multi-tenant Deployment
Programmatic L2, L3, Security
Overlapping IP Addressing
Any Hypervisor, Any CMP
Key Capabilities
Examples
40 40
vSphere
X86 Hosts
KVM Xen Server Hyper-V
Line Rate
Bi-directional
Any-to-Any
Physical or
Virtual
Hardware
Software
Hardware
Software
Any Cloud Management Platform
VMware NSX API
Line Rate
Bidirectional
No
Tromboning
Line Rate
Bidirectional
Kernel Integrated
25,000 CPS
2.5 million
Sessions
15 gbps
100K CPS
1M Concurrent
FW, LB, VPN
The New Role of Software Networking
Distributed
Switching
Distributed
Routing
Distributed
Firewall
Edge
Services
VMware NSX Software (Network Hypervisor)
Virtual Networks
Existing Network Infrastructure
41 41
Imagine the Possibilities ..
Install
Network Fabric Spine, Cable Plant
Deploy Infrastructure Services
VMware NSX, CMP
42 42
Build a Flexible Infrastructure
Connect Rack Utilities
Network Uplinks, Power
Auto-provision Top of Rack Switches
Image is loaded, IP, L3 Fabric
Auto-Deploy Hypervisors
Drivers, NSX Components
43 43
Just “Rack N’ Roll”
Deploy Applications from CMP
VMs, Logical Networks and Security
Add Capacity on Demand
44 44
Related Sessions & Resources
Introductory Topics
• NET5184 – Designing your Data Center for Network Virtualization
• NET7388-S – Network Virtualization – Moving Beyond the Obvious
Advanced Topics
• NET5584 – Deploying Network Virtualization
• NET5716 – Advanced NSX Architecture
• NET5266 – Bringing Network Virtualization to VMware Environments with NSX
• NET5270 – Virtualized Network Services Model with NSX
NSX Hands-on Labs
• HOL-SDC-1303
• HOL-SDC-1319
Blogs - http://blogs.vmware.com/networkvirtualization/
Twitter: @VMwareNSX
THANK YOU
NSX: Introducing the World to VMware NSX
Milin Desai, VMware
Sachin Thakkar, VMware
NET5847
#NET5847