Вы находитесь на странице: 1из 20

An Introduction to Network Virtualization

Taking a closer look at VMware NSX

Scott Lowe, VCDX


Engineering Architect
10 June 2014
2014 VMware Inc. All rights reserved.

Before We Begin
Get involved! Feel free to ask questions or provide

constructive feedback.

Please silence all mobile devices.


Feel free to take pictures, record videos, or post social

media updates. Use hashtag #KCVMUG or @MyVMUG.

This presentation will be available via SpeakerDeck and

SlideShare after the event.

Background - The Adoption Curve


Get me into
production

Help me
understand.
Let the
crazies go
first.
Science
fiction.

2010

Plausible.

2011

2012

1H 2013

2H2013

VMware NSX
Functionality
What can I do with VMware NSX?

VMware NSX for vSphere Networking


Capabilities
Any Application
(without modification)

Virtual Networks
Any Cloud Management Platform

VMware NSX
Network Virtualization
Platform
VMware vSphere

Any Network Hardware

Logical Switching Layer 2 over Layer 3,


without dependencies on the physical
network
Logical Routing Routing between virtual
networks and physical, East-West and
North-South Optimized
Logical Firewall Distributed Firewall,
Kernel Integrated, High Performance
Logical Load Balancer Application Load
Balancing in software
Logical VPN Site-to-Site & Remote
Access VPN in software
NSX API RESTful API for integration into
any Cloud Management Platform

Logical Firewall/Routing
Features
Tenant A

Tenant B

OSPF/eBGP/iBGP/IS-IS
Virtualization and identity
context firewall

L2
L2
L2

Tenant C
L2

L2

L2

L2
L2

Scale & Performance


Remove hairpins and
bottlenecks in routing and
firewalling
Line rate performance with
distributed scale out
architecture
Use Cases
Create on demand networks
to speed up application
provisioning

Logical User (SSL) and Site 2 Site (IPSec) VPN


Features

Internet/
SSL
VPN
WAN

Interoperable IPsec tested with major


vendors
Clients on all major OS (Win, Apple,
Linux)
Remote Authentication via Active
Directory, RSA Secure ID, LDAP, Radius
TCP Acceleration
Encryption 3DES, AES128, AES256
AESNI H/W Offload
NAT & Perimeter Firewall Traversal
Scale and Performance

Internet/
IPSEC
WAN

High Performance AES-NI acceleration


2 Gb/s throughput per tenant
Use Cases
Cloud to Corporate
Cloud On-boarding
Remote Office/Branch Office
Remote Management

Logical L2 VPN
Features
SSL-based
Web-proxy Support
L2 Bridge to Cloud
Broadcast support

L2 VPN

VM

VM

VM

Scale & Performance

Internet/
L2
VPN
WAN

Public
Cloud

High Performance AES-NI


acceleration
2 Gb/s throughput per tenant
Use Cases
Cloud On-boarding
Cloud Bursting

The Power of Distribution

The Power of Distribution

Evolving Role of the Physical Network


From 2- or 3-tier to spine/leaf

WAN/Internet

Density & bandwidth jump


ECMP for layer 3 (and layer 2)
Reduce network oversubscription
Wire & configure once
Uniform configurations

WAN/Internet

VMware NSX
Core Components
How does VMware NSX work?

NSX for vSphere Components

Consumption
NSX Manager

Management
Plane

Control
Plane

NSX Edge
Logical Router

vCenter Server

NSX Controller

User World Agent

NSX vSwitch

Data
Plane

VDS

ESXi

VXLAN

Distributed
Firewall
Logical Router

Hypervisor Kernel Modules

Self-service portal
Cloud management
vCloud Automation Center

Single point of configuration


REST API and UI interface

Manages logical networks


Run-time state
Does not sit in the data path
Control-plane protocol

NSX Edge
Services
Gateway

NSX vSwitch
Distributed network edge
Line rate performance

NSX Edge
VM form factor
Data plane for north-south
trac
Routing and advanced
services

NSX Manager
Features
Centralized management plane
Built for a 1:1 mapping between
itself and a vCenter Server
Role
Provides the management UI
and API for NSX
Secures control plane
communications
Functionality
NSX Manager

vCenter Server

Managers and configures


Controller Cluster via REST API
and hosts via a message bus.
Manages and deploys NSX
Controller, NSX edge virtual
appliances and the initial
vSphere web client plugin

NSX Controllers
Features
Establishes control plane between
hosts
Logical Router

Logical Router

VXLAN

VXLAN

Distributes VXLAN and Logical


Router network information to hosts
Scale & Performance

Logical Router

Controllers are clustered for scale


out and HA

VXLAN

Controller
VXLAN
Directory
Service
MAC
table
ARP table
VTEP table

Information is sliced across nodes


for resiliency
Use Cases
Remove dependency on Multicast
on physical transport
Suppresses ARP broadcasts across
VXLAN segments.

NSX User World Agent

Core features

NSX
MGR

Controller
Cluster

Connects to multiple
controllers for resiliency
Modus operandi

Controller

Controller

Controller

User World
Agent

Client

Client

Client

Kernel
Modules

VXLAN

LR

ESXi
Host

TCP (SSL) client that


communicates with the
Controller using the control
plane protocol

Mediator between hypervisor


kernel and NSX Controller
Communicates with the
Message Bus Agent to retrieve
info from NSX Controller

In host function
Runs as a service daemon in
ESXi

NSX vSwitch and NSX Edge


vSphere Hypervisor
ESXi

NSX vSwitch (VDS)


Modules installed into vSphere
(VXLAN, dFW, LDR, Security)

NSX vSwitch

NSX Edge Logical Router


Hypervisor Kernel Modules
(vSphere VIBs)

VDS

VXLAN

Logical Router

Dynamic routing with updates to NSX


Controller
Determines active ESXi host for L2
Bridging

Firewall

NSX Edge Services Gateway


L3-L7 Services NAT, DHCP, LB,
VPN, interface level Firewall
Dynamic Routing
High Availability
Virtual Machine

18

VXLAN Encapsulation

19

Q&A

Thank You
Scott Lowe
slowe@vmware.com
@scott_lowe (Twitter)
http://blog.scottlowe.org