© 2014 VMware Inc. All rights reserved.

An Introduction to Network Virtualization

Scott Lowe, VCDX Engineering Architect

10 June 2014

Taking a closer look at VMware NSX

Before We Begin

•  Get involved! Feel free to ask questions or provide constructive feedback.

•  Please silence all mobile devices. •  Feel free to take pictures, record videos, or post social

media updates. Use hashtag #KCVMUG or @MyVMUG. •  This presentation will be available via SpeakerDeck and

SlideShare after the event.

2

Background - The Adoption Curve

2010 2011 2012 1H 2013 2H2013

“Sciencefiction.”

“Plausible.”

“Let the crazies go

first.”

“Help me understand.”

“Get me into production”

VMware NSX Functionality What can I do with VMware NSX?

VMware NSX for vSphere – Networking Capabilities

Any Application (without modification)

Virtual Networks

VMware NSX Network Virtualization

Platform

Any Network Hardware

Any Cloud Management Platform

VMware vSphere

Logical Switching– Layer 2 over Layer 3, without dependencies on the physical network Logical Routing– Routing between virtual networks and physical, East-West and North-South Optimized Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance Logical Load Balancer – Application Load Balancing in software Logical VPN – Site-to-Site & Remote Access VPN in software NSX API – RESTful API for integration into any Cloud Management Platform

Logical Firewall/Routing

•  OSPF/eBGP/iBGP/IS-IS •  Virtualization and identity

context firewall

Features

•  Remove hairpins and bottlenecks in routing and firewalling

•  Line rate performance with distributed scale out architecture

Scale & Performance

•  Create on demand networks to speed up application provisioning

Use Cases

L2

L2

Tenant A

Tenant B

L2

L2

L2 Tenant C

L2

L2

L2

Logical User (SSL) and Site 2 Site (IPSec) VPN

•  Interoperable IPsec tested with major vendors

• Clients on all major OS (Win, Apple, Linux)

• Remote Authentication via Active Directory, RSA Secure ID, LDAP, Radius

•  TCP Acceleration •  Encryption – 3DES, AES128, AES256 •  AESNI H/W Offload • NAT & Perimeter Firewall Traversal

Features

• High Performance – AES-NI acceleration •  2 Gb/s throughput per tenant

Scale and Performance

• Cloud to Corporate • Cloud On-boarding • Remote Office/Branch Office • Remote Management

Use Cases Internet/

WAN IPSEC

Internet/ WAN SSL – VPN

Public Cloud

Logical L2 VPN

•  SSL-based •  Web-proxy Support •  L2 Bridge to Cloud •  Broadcast support

Features

•  High Performance – AES-NI acceleration

•  2 Gb/s throughput per tenant

Scale & Performance

•  Cloud On-boarding •  Cloud Bursting

Use Cases Internet/

WAN L2 VPN

L2 VPN

VM VM VM

The Power of Distribution

The Power of Distribution

Evolving Role of the Physical Network

•  From 2- or 3-tier to spine/leaf

•  Density & bandwidth jump

•  ECMP for layer 3 (and layer 2)

•  Reduce network oversubscription

•  Wire & configure once

•  Uniform configurations

WAN/Internet  

WAN/Internet  

VMware NSX Core Components How does VMware NSX work?

NSX for vSphere Components

Consumption •  Self-service portal •  Cloud management •  vCloud Automation Center

Data Plane

NSX Edge Services Gateway

ESXi

VDS

Hypervisor Kernel Modules

Firewall Distributed Logical Router

VXLAN

NSX vSwitch

•  NSX Edge •  VM form factor •  Data plane for north-south

traffic •  Routing and advanced

services

•  NSX vSwitch •  Distributed network edge •  Line rate performance

Management Plane

NSX Manager •  Single point of configuration •  REST API and UI interface

vCenter Server

Control Plane

NSX Controller •  Manages logical networks •  Run-time state •  Does not sit in the data path •  Control-plane protocol

NSX Edge Logical Router User World Agent

NSX Manager

•  Centralized management plane •  Built for a 1:1 mapping between

itself and a vCenter Server

Features

•  Provides the management UI and API for NSX

•  Secures control plane communications

Role

•  Managers and configures Controller Cluster via REST API and hosts via a message bus.

•  Manages and deploys NSX Controller, NSX edge virtual appliances and the initial vSphere web client plugin

Functionality

NSX Manager vCenter Server

NSX Controllers

• Establishes control plane between hosts

• Distributes VXLAN and Logical Router network information to hosts

Features

• Controllers are clustered for scale out and HA

•  Information is sliced across nodes for resiliency

Scale & Performance

• Remove dependency on Multicast on physical transport

• Suppresses ARP broadcasts across VXLAN segments.

Use Cases

VXLAN

Logical Router

VXLAN

Logical Router

VXLAN

Logical Router

Controller VXLAN

Directory Service MAC table

ARP table

VTEP table

NSX User World Agent • TCP (SSL) client that

communicates with the Controller using the control plane protocol

• Connects to multiple controllers for resiliency

Core features

• Mediator between hypervisor kernel and NSX Controller

• Communicates with the Message Bus Agent to retrieve info from NSX Controller

Modus operandi

• Runs as a service daemon in ESXi

In host function

Controller Cluster Controller Controller Controller

ESXi Host

Kernel Modules

Client Client User World Agent

LR

NSX MGR

Client

VXLAN

NSX vSwitch and NSX Edge

18

ESXi

VDS

Hypervisor Kernel Modules (vSphere VIBs)

Firewall Logical Router VXLAN

NSX vSwitch • NSX vSwitch (VDS) • Modules installed into vSphere

(VXLAN, dFW, LDR, Security)

vSphere Hypervisor

• Dynamic routing with updates to NSX Controller

• Determines active ESXi host for L2 Bridging

NSX Edge Logical Router

• L3-L7 Services – NAT, DHCP, LB, VPN, interface level Firewall

• Dynamic Routing • High Availability • Virtual Machine

NSX Edge Services Gateway

VXLAN Encapsulation

19

Q&A

Thank You Scott Lowe slowe@vmware.com @scott_lowe (Twitter) http://blog.scottlowe.org