© 2014 VMware Inc. All rights reserved.
An Introduction to Network Virtualization
Scott Lowe, VCDX Engineering Architect
10 June 2014
Taking a closer look at VMware NSX
Before We Begin
• Get involved! Feel free to ask questions or provide constructive feedback.
• Please silence all mobile devices. • Feel free to take pictures, record videos, or post social
media updates. Use hashtag #KCVMUG or @MyVMUG. • This presentation will be available via SpeakerDeck and
SlideShare after the event.
2
Background - The Adoption Curve
2010 2011 2012 1H 2013 2H2013
“Sciencefiction.”
“Plausible.”
“Let the crazies go
first.”
“Help me understand.”
“Get me into production”
VMware NSX Functionality What can I do with VMware NSX?
VMware NSX for vSphere – Networking Capabilities
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization
Platform
Any Network Hardware
Any Cloud Management Platform
VMware vSphere
Logical Switching– Layer 2 over Layer 3, without dependencies on the physical network Logical Routing– Routing between virtual networks and physical, East-West and North-South Optimized Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance Logical Load Balancer – Application Load Balancing in software Logical VPN – Site-to-Site & Remote Access VPN in software NSX API – RESTful API for integration into any Cloud Management Platform
Logical Firewall/Routing
• OSPF/eBGP/iBGP/IS-IS • Virtualization and identity
context firewall
Features
• Remove hairpins and bottlenecks in routing and firewalling
• Line rate performance with distributed scale out architecture
Scale & Performance
• Create on demand networks to speed up application provisioning
Use Cases
L2
L2
Tenant A
Tenant B
L2
L2
L2 Tenant C
L2
L2
L2
Logical User (SSL) and Site 2 Site (IPSec) VPN
• Interoperable IPsec tested with major vendors
• Clients on all major OS (Win, Apple, Linux)
• Remote Authentication via Active Directory, RSA Secure ID, LDAP, Radius
• TCP Acceleration • Encryption – 3DES, AES128, AES256 • AESNI H/W Offload • NAT & Perimeter Firewall Traversal
Features
• High Performance – AES-NI acceleration • 2 Gb/s throughput per tenant
Scale and Performance
• Cloud to Corporate • Cloud On-boarding • Remote Office/Branch Office • Remote Management
Use Cases Internet/
WAN IPSEC
Internet/ WAN SSL – VPN
Public Cloud
Logical L2 VPN
• SSL-based • Web-proxy Support • L2 Bridge to Cloud • Broadcast support
Features
• High Performance – AES-NI acceleration
• 2 Gb/s throughput per tenant
Scale & Performance
• Cloud On-boarding • Cloud Bursting
Use Cases Internet/
WAN L2 VPN
L2 VPN
VM VM VM
The Power of Distribution
The Power of Distribution
Evolving Role of the Physical Network
• From 2- or 3-tier to spine/leaf
• Density & bandwidth jump
• ECMP for layer 3 (and layer 2)
• Reduce network oversubscription
• Wire & configure once
• Uniform configurations
WAN/Internet
WAN/Internet
VMware NSX Core Components How does VMware NSX work?
NSX for vSphere Components
Consumption • Self-service portal • Cloud management • vCloud Automation Center
Data Plane
NSX Edge Services Gateway
ESXi
VDS
Hypervisor Kernel Modules
Firewall Distributed Logical Router
VXLAN
NSX vSwitch
• NSX Edge • VM form factor • Data plane for north-south
traffic • Routing and advanced
services
• NSX vSwitch • Distributed network edge • Line rate performance
Management Plane
NSX Manager • Single point of configuration • REST API and UI interface
vCenter Server
Control Plane
NSX Controller • Manages logical networks • Run-time state • Does not sit in the data path • Control-plane protocol
NSX Edge Logical Router User World Agent
NSX Manager
• Centralized management plane • Built for a 1:1 mapping between
itself and a vCenter Server
Features
• Provides the management UI and API for NSX
• Secures control plane communications
Role
• Managers and configures Controller Cluster via REST API and hosts via a message bus.
• Manages and deploys NSX Controller, NSX edge virtual appliances and the initial vSphere web client plugin
Functionality
NSX Manager vCenter Server
NSX Controllers
• Establishes control plane between hosts
• Distributes VXLAN and Logical Router network information to hosts
Features
• Controllers are clustered for scale out and HA
• Information is sliced across nodes for resiliency
Scale & Performance
• Remove dependency on Multicast on physical transport
• Suppresses ARP broadcasts across VXLAN segments.
Use Cases
VXLAN
Logical Router
VXLAN
Logical Router
VXLAN
Logical Router
Controller VXLAN
Directory Service MAC table
ARP table
VTEP table
NSX User World Agent • TCP (SSL) client that
communicates with the Controller using the control plane protocol
• Connects to multiple controllers for resiliency
Core features
• Mediator between hypervisor kernel and NSX Controller
• Communicates with the Message Bus Agent to retrieve info from NSX Controller
Modus operandi
• Runs as a service daemon in ESXi
In host function
Controller Cluster Controller Controller Controller
ESXi Host
Kernel Modules
Client Client User World Agent
LR
NSX MGR
Client
VXLAN
NSX vSwitch and NSX Edge
18
ESXi
VDS
Hypervisor Kernel Modules (vSphere VIBs)
Firewall Logical Router VXLAN
NSX vSwitch • NSX vSwitch (VDS) • Modules installed into vSphere
(VXLAN, dFW, LDR, Security)
vSphere Hypervisor
• Dynamic routing with updates to NSX Controller
• Determines active ESXi host for L2 Bridging
NSX Edge Logical Router
• L3-L7 Services – NAT, DHCP, LB, VPN, interface level Firewall
• Dynamic Routing • High Availability • Virtual Machine
NSX Edge Services Gateway
VXLAN Encapsulation
19
Q&A
Thank You Scott Lowe [email protected] @scott_lowe (Twitter) http://blog.scottlowe.org
Top Related