Bringing Network Virtualization to VMware

Environments with NSX

Rajiv Krishnamurthy, VMware

Manish Mittal, VMware

NET5266

#NET5266

2

VMware Solutions

Public Clouds Private Clouds

Hybrid Cloud Seamlessly extend your data center to the public cloud

Virtual Workspace Manage access to services, applications and data for any device

The New Role for IT: IT as a Service

Software-Defined Data Center Virtualize the entire data center

Management and Automation

Storage and Availability Compute Network and Security

3

NSX Has Two Consumption Models

Cloud Management

Network Virtualization

Server Virtualization

Any Application

vCloud Director

vSphere

NSX

vSphere KVM Xen / XenServer

OpenStack Cloudstack Custom

Any Network Hardware

Integrated VMware Stack

Multi-Hypervisor Multi-CMP

NSX

1

2

NSX Optimized for vSphere

NET5584: Deploying VMware NSX Network Virtualization

SEC5582: Multi-site Deployments with Network Virtualization Other NSX Sessions

4

NSX Optimized for vSphere 2013 - Capabilities at a Glance

Rich Networking Services

• Scalable Logical Switching: No Multicast

Dependency

• Physical to Virtual L2 Bridging

• Distributed, Dynamic L3 Routing: OSPF, BGP,

IS-IS

• Distributed Firewall and Logical Load-balancers

Automation & Operations

• API Driven Integration

• Service Composer

• Server Access Monitoring

• Troubleshooting & Visibility

Partner Extensibility

• Advanced NETX Integration

Network Hardware Independent

• Any Network Hardware

• Any Network Topology Any Application

(without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2

Any Network Hardware

Any Cloud Management Platform

Logical

Firewall

Logical

Load Balancer

Logical L3

Logical

VPN

Any Hypervisor

Session Focus: Creating NSX platform and Logical Switching

and Routing services

NET5270: To learn about L4-L7 Services

5

Once You Forget Everything Else Today … Remember This

Routing and Switching in NSX are

designed to achieve Performance and

Scale in Virtual Data Center

2

NSX optimized for vSphere is Easy to

Deploy, Scale and Automate 1

NSX is Production Ready 3

6

VMware NSX Ready in Three Steps

Compute

1 2

Deploy Network Infrastructure

L2 / L3 Fabric

Deploy VMware NSX

NSX Mgmt & Edge Services

NSX

Edge

NSX

Mgmt

Virtual Infrastructure

NSX Infrastructure

3

Consumption of

Applications CMP Portal

Self-Service

Programmatic

Virtual

Network Deployment

Logical Networks

+

7

Demo: NSX Platform

DB-Tier

Logical Switch

Web-Tier

Logical Switch App-Tier

Logical Switch

External

Networks

Provide Basic

Network connectivity

to a 3-Tier App

1

Few Clicks

All in Software

No Physical Configuration

Perimeter (HA, FW, NAT,

VPN, LB Services)

NSX Platform

pre-deployed

Automate Network and

Services creation and

connectivity

2

Rapid repeatable

deployment

Includes Network/

Security Services

REST API

Logical Switch

L2 Bridge Bridged

VLAN

VM

Logical Router

8

NSX Logical Switching

• Multi-tenant segmentation

• VM Mobility requires L2 everywhere

• Large L2 Physical Network Sprawl – STP Issues

• HW Memory (MAC, FIB) Table Limits

• Scalable Multi-tenancy across data center

• Enabling L2 over L3 Infrastructure

• Overlay Based on VXLAN

• Logical Switches span across Physical Hosts

and Network Switches

Challenges Benefits

LOGICAL SWITCHING –Scale the Network 1000X

An

imate

d S

lide

VM

war

e N

SX

L2

L3 Logical Switch 1 Logical Switch 2 Logical Switch 3

9

VM to VM Routed Traffic Flow

NSX Layer 3 Routing: Distributed, Feature-Rich

• Physical Infrastructure Scale Challenges

– Routing Scale

• VM Mobility is a challenge

• Multi-Tenant Routing Complexity

• Traffic hair-pins

• Distributed Routing in Hypervisor

• Dynamic, API based Configuration

• Full featured – OSPF, BGP, IS-IS

• Logical Router per Tenant

• Routing Peering with Physical Switch

Challenges Benefits

SCALABLE ROUTING – Simplifying Multi-tenancy

Controller Cluster

NSX Manager

L2

L2

Tenant A

Tenant B

L2

L2

L2 Tenant C

L2

L2

L2

An

imate

d S

lide

CMP

10

NSX Optimized for vSphere Components

Control Plane NSX Controller

Run-time state

• Manages Logical networks and

overlay transport

• Does not sit in the Data Path

Data Plane

NSX Edge

ESXi VDS

Hypervisor Extension Modules

Firewall Distributed

Logical Router

VXLAN

NSX vSwitch

• VM form factor

• Data Plane for N-S traffic

• Routing and Advanced services

• Intelligent Distributed network

edge

• Line Rate performance

Management

Plane

NSX Manager • Single point of configuration

• REST API and UI interface

CMP Consumption

• Self Service Portal

• Cloud Management

• vCAC, VCD

11

Component Interaction

1 Controller Config

(Logical Switches,

Distributed Logical Routers)

NSX Manager

NSX Controller

vSphere Cluster 1

NSX Edge

vCenter

vSphere Cluster 2 vSphere Cluster N

1 2

VTEPs, Distributed

Logical Routers

2 3 LB, FW, VPN

Configuration etc.

3

12

NSX Controller Capabilities

Leverages Nicira NVP technology

Deployment simplicity with integrated

workflows via NSX Manager

Controller loss does not impact

Data Plane

Network visibility and troubleshooting

from a single point

Performs VM Bcast traffic optimization

(ARP) and helps in faster convergence

times. ARP cache is stored locally on

the host and the controller

NSX Optimized for vSphere Controller

Scalable and Highly Available

Controller for Overlays and E-W

Routing

13

NSX vSwitch Capabilities

One click install from NSX Manager –

Installs all Hypervisor modules

All modules provide Line Rate

performance

VXLAN Module – Provides Overlay

transport using VXLAN protocol

Distributed Logical Router Module –

One hop E-W routing with Tenant IP

Address space and data path isolation

Firewall Module – Inline distributed

firewall managed centrally by NSX

Manager

NSX vSwitch

ESXi

VDS

Hypervisor Extension Modules

Firewall Distributed

Logical Router

VXLAN

NSX vSwitch

14

Demo 2 – Building the NSX platform

Deploy VMware NSX

NSX

Edge

NSX

Mgmt

Virtual Infrastructure

Deploy NSX Manager 1

Deploy NSX Controller Cluster 2

Component Deployment

Host Preparation 1

Logical Network Preparation 2

Preparation

O

ne T

ime

Pre-Requisites

• Physical Network –

VLAN, MTU

• vCenter and ESXi 5.5

• VDS

Programmatic

Virtual

Network Deployment

Logical Networks

+ + +

Consumption

Pe

r A

pp

OR

Te

nan

t

Deploy Logical Switch per tier 1

Create Bridged Network 3

Logical Network/Security Services

Deploy Distributed Router 2

Connect to Centralized Router 4

15

Get your hands on NSX at NSX Optimized for vSphere: HOL-SDC-1303

VMware VDS: HOL-SDC-1302

OR Visit the NSX Booth at the Expo

16

Let’s Take a Deeper Look

17

NSX Logical Switching – Replication Modes

• No Physical Network configuration – Quickly Deploy

NSX

• Traffic replicated on the Hypervisor

• Very scalable in most typical DC environments

1 Unicast Mode

NSX Infrastructure

Subnet 1 Subnet 2 Subnet 3

2 Hybrid Mode

NSX Infrastructure

Subnet 1 Subnet 2 Subnet 3

• IGMP Snooping on Top Of Rack (TOR)

• Local Transport Subnet replication offloaded to the

TOR

• Recommended for dense deployments or

environments with large BUM traffic 3

Multicast Mode supported for VXLAN

18

Edge Rack

NSX Logical Routing Functional View

L2

L2

L2

Logical Router

Control VMs

Logical Router Instance per host per tenant. Single

In-Kernel Hypervisor Module has multiple instances

Logical Router Control VM: One per Tenant

Router. Serves as routing control plane

L2

L2

L2

WEB DB APP WEB WEB DB APP

Controller Cluster

1K Logical Ports/Logical Router

3K Logical Routers

Line Rate Data Throughput, Microsecond Latency

Infrastructure view

Logical view

Data Center

Edge Router

OSPF/BGP

19

Physical Workload

VL

AN

100

Physical Gateway

Logical to Physical Network L2 Bridging with HA

An

imate

d S

lide

VXLAN 5001

Compute Rack Edge Rack

Logical Router

Control VM Active

Logical Router Control

VM Standby

DLR manages all distributed

routing and bridging

Only 1 Bridge interface per DLR

to avoid loops

Logical Router Service VM pegs

the Bridge interface. Also

provides HA

Create Logical Router 1

Simply specify VLAN by creating

bridge interface on DLR

1:1 mapping between Logical

Network and VLAN

Bridge Interface in Kernel and

learns Physical subnet MAC

addresses

Bridge Logical Network 2

Move workloads to Logical

Networks without impacting

addressing

OR Extend physical subnets into

Logical space

Use Cases 3

20

WAN

Internet

Compute Mgmt and Control Edge Rack

NSX High Availability

An

imate

d S

lide

NSX is ready to handle production

workloads

vSphere Clusters

HA for NSX Components

• NSX Controller: Clustering, Host

level HA. Data plane isolated

• NSX Manager: Storage HA and

Config Backup. There is no runtime

state

• NSX Edge: HA pair with active state

sync and Host level HA

• NSX vSwitch: Distributed nature

isolates impact only to failed host

• Host Failure: Evacuated and

resituated (vMotion) VMs

automatically connected with full

state

Best Practice

• Install Management, Control and

Edge components on fully

redundant physical clusters

21

Network Virtualization – Operations and Visibility

• Overall Logical network

health/stats

• VM to VM connectivity

• Per VM flow visibility

• Traffic Analysis – Packet

Capture

• Transport/Tunnel health

• Inventory/Fault Mgmt

• Multi-level Logging, Event

tracking and Auditing

• Upgrade Management

Cloud Ops or Network Ops

vSwitch

NSX Edge ESXi ESXi ESXi ESXi

vSwitch vSwitch vSwitch vSwitch

L2

Logical Topology

L2

WAN/Internet

What are the key capabilities required for

operating a Logical world?

Controller Cluster

NSX Manager

22

NSX Operations – Capabilities

NSX Optimized for vSphere

Logical Network Health UI: NSX Manager

CLI: Central NSX Controller, NSX Edge

VM to VM connectivity (Logical) NSX Controller Central CLI, Host level CLI

Traffic Flow visibility IPFIX (VDS)

Flow Monitoring

Traffic Analysis per VM RSPAN/ERSPAN (VM Traffic)

Host Packet Capture (Overlay)

Network Inventory, Fault Managerment NSX Manager, SNMP (MIBS for ports, Switch etc)

Multi-level logging, Event tracking &

Auditing

Syslog Export (NSX controller, NSX Manager, NSX

Edge etc.)

Transport (Overlay) Health NSX Manager Connectivity Check

NSX Controller Central CLI, Per host CLI

Upgrade Management NSX Manager (Automated VIB and Controller

upgrades)

API visibility NSX Manager API docs

External Tools Custom, VCOPs, Log Insight

23

Once You Forget Everything Else Today … Remember This

Routing and Switching in NSX are

designed to achieve Performance and

Scale in Virtual Data Center

2

NSX optimized for vSphere is Easy to

Deploy, Scale and Automate 1

NSX is Production Ready 3

24

Thanks

To get complete understanding of NSX Optimized for vSphere

checkout

L4-L7 Advanced Services in NSX

• NET5270: Virtualized Network Services Model with VMware NSX

Integrating 3rd Party Services in NSX

• NET5522: NSX Extensibility: Network and Security Services from

3rd-Party Vendors

NSX Operations and Troubleshooting (Advanced Technical)

• NET5790: Operational Best Practices for NSX in VMware Environments

• NET5654: Troubleshooting VXLAN and Network Services in a

Virtualized Environment

25

Other VMware Activities Related to This Session

HOL:

HOL-SDC-1303

VMware NSX Network Virtualization Platform

NET5266

THANK YOU

Bringing Network Virtualization to VMware

Environments with NSX

Rajiv Krishnamurthy, VMware

Manish Mittal, VMware

NET5266

#NET5266

29

Extra Slides

30

NSX Optimized for vSphere – Switching and Routing

• Multicast Free Control Plane

• Optimized BUM handling (ARP)

• Distributed E-W Routing

• Logical to Physical Bridging

• Dynamic Routing (OSPF, BGP, ISIS)

Features

• 10K VMs

• 3K Distributed Logical Routers

• Line Rate per hypervisor

Scale & Performance

• Decouple from Physical Network

• Cloud Scale with Automation

• Remove network bottlenecks and maximize performance

Use Cases

L2

L3 Virtual Network

L2

VMware Network and Security Virtualization

31

Distributed Logical Router (DLR) with Dynamic Routing

VM

VM

VM VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM • L3 Routing between virtual networks

without leaving virtual space

• Dynamic Routing Protocols for route discovery and advertisement

• Routing Control Plane running in a VM

• Routing Data Plane distributed in Hypervisors

• One Logical Router per Tenant/App

• Automatic instantiation on relevant hypervisors

• Simplified deployment using NSX Manager UI or API

Overview

• 1K+ Logical Switches per Distributed Logical Router Instance

• 3K Distributed Logical Routers

• Line Rate per hypervisor

Scale & Performance

• Optimize routing and data path in Virtual Networks

• Cloud Scale with Automation

Use Cases

32

Why NSX?

VMware NSX Transforms the Operational Model of the Network

• Network provisioning time reduced from 7 days to

30 sec

Reduce network provisioning time from

days to seconds

Cost Savings

• Reduce operational costs by 80%

• Increase compute asset utilization upto 90%

• Reduce hardware costs by 40-50%

Operational Automation

Simplified IP hardware

Choice

• Any Hypervisor: vSphere, KVM, Xen, HyperV

• Any CMP: vCAC, Openstack

• Any Network Hardware

• Partner Ecosystem

Any hypervisor

Any CMP with Partner