Post on 12-Apr-2017
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
CONFIDENTIAL 2
What You’ve Done with NSX
CONFIDENTIAL 3
NSX Customers
700+
Production Deployments(adding 25-50 per quarter)
100+
Organizations invested US$1M+ in NSX
65+
What You’re Doing Next
EXPANDED SECURITY
New security partners, integrations, and projects and applications of NSX.
DEEPER INTEGRATION
New infrastructure and operations partners, integrations, and frameworks for IT organizations
√
APPLICATION CONTINUITY
New functionality to scale deployments across vCenter instances, with the ability to:
• Pool resources from multiple data centers• Recover from disasters faster• Deploy a hybrid cloud architecture
• NSX 6.2 contains over 20 new features• Tested against over 1000 new scenarios
Objectives
Provide the future direction of NSX
and Network Virtualization
Deepen your understanding of the NSX
architecture
Address some misconceptions
about capabilities of NSX
Agenda
1 Network Virtualization: The Story So Far
2 Physical Networks & Bare-metal Workloads
3 Distributed Services
4 Beyond the Data Center – WAN and Multi-DC
5 Summary and Q&A
5CONFIDENTIAL
Major NSX Use-cases
6
Intra-Datacenter Micro-Segmentation
DMZ Anywhere
Secure User Environments
Security
IT Automating IT
Developer Clouds
Multi-tenant Infrastructure
Automation
Disaster Recovery
Metro Pooling
Hybrid Cloud Networking
Application Continuity
CONFIDENTIAL
VMware NSX™ Network Virtualization Components
Cloud Consumption
NSX Manager
NSX Controller
Data Plane
• Self Service Portal
• vRealize Automation, vCloud Director, OpenStack, Custom CMS
• High–Performance Data Plane
• Scale-out Distributed Forwarding Model
• Single configuration portal
• REST API entry-point
• Manages Logical networks
• Run-time state
• Scale out, HA
• Separation of Control and Data Plane
ESXi, KVM, Xen
Distributed Services
• Logical Switch
• Distributed Logical Router
• Firewall
• Load Balancer
HW VTEP NSX Edge
7CONFIDENTIAL
Agenda
8
1 Network Virtualization: The Story So Far
2 Physical Networks & Bare-metal Workloads
3 Distributed Services
4 Beyond the Data Center – WAN and Multi-DC
5 Summary and Q&A
CONFIDENTIAL
NSX with Physical Workloads
VXLAN VLAN
x86-based forwarding
Physical Workloads
VXLAN VLAN
Physical Workloads
Leverages x86
Highest density
and throughput
with partner HW
HW VTEP
9CONFIDENTIAL
VXLAN
Distributed Logical Routing with VTEPs
VXLAN VLAN
Physical View
Logical View
HW VTEP
10
NSX Controller
CONFIDENTIAL
Distributed Logical Routing with VTEPs
Logical Routing
VXLAN VLAN
Physical View
VXLAN
HW VTEP
ARP REPLYARPDATA
11CONFIDENTIAL
Consistent Policy for Physical and Virtual
VXLAN VLAN
HW VTEP
Physical View
VXLAN
Logical View
Policy Enforcement Points
Firewall Rules
ACLs
14CONFIDENTIAL
Adding ACL Configuration to VTEP Schema
% git log
commit 770c7df89c2771ba90d3aaa06a9a433a230472c9
Author: Bruce Davie bdavie@vmware.com
Date: Fri Aug 14 14:14:26 2015 -0700
vtep: add ACLs to VTEP schema
Two new tables are added to the VTEP schema, for ACL entries and
ACLs (which are groups of entries). The physical port table is modified
to allow ACLs to be associated with ports, and the logical router table
is modified to allow ACLs to be attached to logical router ports.
Signed-off-by: Bruce Davie <bdavie@vmware.com>
15
Tunnels Are like Cables
Third party
hardwareController
(Copper Cable)
Virtual
STT “Cable”
VXLAN
“Cable”
VXLAN
“Cable”
World
World
16CONFIDENTIAL
Tunnels Are like Cables
Third party
hardwareController
Geneve
GeneveGeneve
(Copper Cable)
Virtual
World
World
17CONFIDENTIAL
Geneve Update
MAC
IP
UDP
Geneve
Options
Inner Eth
Inner IP
Inner L4
Payload
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver| Opt Len |O|C| Rsvd. | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Virtual Network Identifier (VNI) | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Variable Length Options |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Geneve is now supported in the following categories
Software Linux, OVS, OVN
NICs Intel, Broadcom, Mellanox, Netronome
Switch ASICS Broadcom, Mellanox, Cavium, Centec
Monitoring Tools wireshark, tcpdump, libcap
18CONFIDENTIAL
NSX Provides Highest Level of Visibility
20
vRealize OpsNSX Management Pack
Log InsightNSX Content Pack
SDDC Event Correlation Alerting
Centralized LoggingPer Service Dashboards
Native
Capabilities
Integration with
VMware Tools
Integration with
Partner Ecosystem
NSX API
Syslog
IPFIX
Port Mirroring
SNMP
Traceflow, Port Connections, and more…
Central CLI
CONFIDENTIAL
Demo
CONFIDENTIAL 21
Tech Preview
How do you troubleshoot / diagnose a connectivity issue between two virtual machines?
vRealize
Operations
NSX Manager NSX Controller
Agenda
23
1 Network Virtualization: The Story So Far
2 Physical Networks & Bare-metal Workloads
3 Distributed Services
4 Beyond the Data Center – WAN and Multi-DC
5 Summary and Q&A
CONFIDENTIAL
Why Distributed Services?
24
Scale out of
Network Services
Apply Services at
the vNIC
Unprecedented
Visibility
CONFIDENTIAL
Distributed Services – Efficient, Scale-out
vswitch
Hairpin
Traditional Appliance
Direct VM-VM Path
Distributed Virtual Firewall
NSXvswitch
With NSXThird Party Services
NSXvswitch
Shortest Network Path
25
About Cit rix
Citrix (NASDAQ:CTXS) is the cloud company that enables mobile workstylesempoweringpeople to work and collaborate from anywhere, securely
accessing apps and data on any of the latest devices, as easily as they would in their own office. Citrix solutions help IT and service providers
build clouds, leveraging virtualization and networking technologies to deliver high-performance, elastic and cost-effective cloud services. With
market-leading cloud solutions for mobility, desktop virtualization, networking, cloud platforms, collaboration and data sharing, Citrix helps
organizations of all sizes achieve the speed and agility necessary to succeed in a mobile and dynamic world. Citrix products are in use at more
than 260,000 organizations and by over 100 million users globally. Annual revenue in 2012 was $2.59 billion. Learn more at www.citrix.com
2
cit rix.com0813/PDF
NetScaler Solution Brief
NetScaler Control Center provides a single control point for vCloud
administrators to easily and safely make NetScaler functionality available to
vCloud users. NetScaler Control Center provides:
application deployment workflow
functionality through application templates
while providing cloud administrators a single point of control
appliances and NetScaler VPX virtual appliances
© 2012 Citrix | Confidential – Do Not Distribute
NetScaler Control Center for VMware Network V irtualization
VMware Software Defined Data Center
VMware Virtual Networking
ERP vDC .com vDC CRM vDC
CONFIDENTIAL
NSXvswitch
Distributed Load Balancing
26
Web Tier
App Servers
Database
Load
Balancer
Load
Balancer
Physical ViewLogical View
NSXvswitch
CONFIDENTIAL
27
Distributed Services Performance (FW + Routing)
10
11
12
13
14
15
16
17
18
19
64 512 1500 32k 64k
Sen
d t
hro
ug
hp
ut
in G
bp
s
TCP Message Size
100 Rules 500 Rules
1000 Rules 5000 Rules
Line rate for message size > 512
Intel Xeon CPU E5-2680 v2 @ 2.80GHz 2 socket, 10 cores per socket (Ivy Bridge)
Logical Switch
Logical Switch
CONFIDENTIAL
Agenda
29
1 Network Virtualization: The Story So Far
2 Physical Networks & Bare-metal Workloads
3 Distributed Services
4 Beyond the Data Center – WAN and Multi-DC
5 Summary and Q&A
CONFIDENTIAL
Beyond the DC
30
Today Tomorrow Future
Multi data center deployment Disaster Recovery Federation and MPLS SD-WAN
CONFIDENTIAL
Multi-DC Options
Stretched Cluster Separate Clusters
or Multi-VC
L2VPN MPLS
Scope Metro Geo Global Global
Latency (max) 10ms 150ms Any Any
Features Seamless Pooling
Across DCs
Logical networks span
DCs
NSX at one or both ends Independent
administration/Federation
Metro Storage required Independent storage L2 extension L3 (L2 possible)
Full NSX semantics
across DCs
Full NSX semantics
across DCs
Multi-tenant WAN
31CONFIDENTIAL
Site ATenant A
Tenant B
Tenant C
NSX API
MP-BGP & MPLS for Multi-site Deployments
NSX API MP-BGP
Site B
eBGP PeeringMP-BGP Control Plane
IP/MPLS
MPLSoGRE
NSX Edge
(ASBR)
NSX Edge
(ASBR)
Tenant A
Tenant B
Tenant C
32CONFIDENTIAL
Go learn more!
Wednesday Keynote
• Hands on Labs!
• Spotlight Sessions: NET6639-S The Next Horizon for Cloud Networking and Security
• SEC6640-S SDDC: Security for the new battlefield
• NET4941 VMware NSX - Deep Dive
• NET5212 NSX Performance
• NET5213 Operational Best Practices for VMware NSX
• NET5252 NSX Management Pack for vRealize Operations Manager
• NET4995 Integrating Physical Workloads and Infrastructure with a NSX Virtual Network
• NET5560 Bridging Virtual and Physical in NSX with OVSDB Standard-Based Hardware
VTEP Integration
• NET5989 - Multi-vCenter Solutions with VMware NSX
• NET4855 - Want Your Apps to Roam Freely? - NSX Solutions for Multi-Site Data Centers
34CONFIDENTIAL
NSX Ecosystem
CONFIDENTIAL 35
Service Insertion“Leverage full automation and
service insertion for NSX”
NSX aware“Leverage NSX API and
metadata to bring a solution”
Co-existence“Let’s meet in the network”
Works with any switching fabric
Works with routing ecosystem using traditional protocols
Existing Physical firewall provide security sitting in front of NSX Edge at layer 3
Existing Physical/virtual ADC services can connect to NSX at layer 2 or layer 3
Network Virtualization Next Steps with VMware NSX
CONFIDENTIAL 36
virtualizeyournetwork.com
The online resource for the people, teams and organizations that are adopting network virtualization
communities.vmware.com
Connect and engage with network virtualization experts and fellow VMware NSX users
vmware.com/go/NVtraining
Build knowledge and expertise for the next step in your career
labs.hol.vmware.com
Test drive the capabilities of VMware NSX