vmworld 2014 - advanced topics & future directions in network virtualization with nsx

8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX

1/38

Advanced Topics & FutureDirections in NetworkVirtualization with NSX

Bruce Davie, VMware, Inc


2/38

Disclaimer

• This presentation may contain product features that are currently under develop

• This overview of new technology represents no commitment from VMware to defeatures in any generally available product.

• Features are subject to change, and must not be included in contracts, purchas

sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presen

been determined.

CONFI


3/38

Objectives

• Provide an update on latest NSX capabilities

• Provide some insight into future NSX direction

• Deepen your understanding of network virtualization and its value

CONFI


4/38

Overview

• Network Virtualization in One Slide

• Physical Network Integration

• Encapsulations

• Service Chaining

• Multi-site Network Virtualization

• Summary

CONFI


5/38

Network Virtualization – an Analogy

CONFI

Physical Compute & Memory

Hypervisor

Requirement: x86

Virtual

Machine

Virtual

Machine

Virtual

Machine

Application Application Application

x86 Environment

Physical Netwo

Network Virtualization P

Requirement: IP Trans

Virtual

Network

Virtual

Network

Workload Workload

L2, L3, L4-7 Network Se

Decoupled


6/38

VLAN

L2

L3

Virtual Network

L2

NSX – Network Virtualization Platform

Physical Network

vSphere Host vSphere Host KVM Xen Server

NSX vSwitch NSX vSwitch Open vSwitch Open vSwitch

Hardware

So

ftware

Controller Cluster

VTEP API

HW Partner


7/38

API (OVSDB)

Tunnels (VXLAN)

Controller Cluster

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Logical network

Connecting the Physical to the Virtual

DB

VM MACS

IP Underlay(no mulitcast required)


8/38

Distributed Logical Routing (P V)

Hypervisor

vSwitch

Physical ViewLogical View

192.168.2.254192.168.1.254

192.168.1.1192.168.2.1

192.168.1.1


9/38

Packet Walk

Hypervisor

vSwitch

192.168.1.1

192.16

ARP: IP=192.168.1.254SRCMAC=VM

ARP: IP=192.168.2.1SRCMAC=HypervisorVNI=2

ARP_REP: IP=192.168.1.254MAC=LogicalRouter_A

ARP: IP=192.168.2.1SRCMAC=LogicalRoute

ARP_REP: IP=192.16MAC=Physical

ARP_REP: IP=192.16MAC=PhysicalVNI=2


10/38

Distributed L3

• The other paths (P!V, V!V, P!P) are similar

–

Router’s ARP reply always comes from nearby VTEP or vswitch

–

That node then ARPs toward the ultimate destination

• Note that the LR is fully distributed among VTEPs and vswitches

–

Any E-W traffic will travel directly between hypervisors

– No single device does all routing

CONFI


11/38

VTEP Futures

• BFD health monitoring

–

Mitigate service node failures

–

Provide overlay health monitoring/troubleshooting

• ACL configuration

• QoS – DSCP setting

• Higher layer services (e.g. ADCs)

CONFI


12/38

Handling Elephant Flows

1. Detect Elephants

–

Must be long-lived and high-bandwidth

–

vSwitch ideally suited for task, maybe combine with central control

2. Do something with them:

–

Mark the outer DSCP

– Put them in a queue separated from mice

– Route along their own path or network

–

Convert to mice

CONFI


13/38

Results – flow statistic detection & alternate queue rea

0

1

2

3

4

5

6

7

8

9

10

500

550

600

650

700

750

800

850

900

950

1000

1 11 21 31 41 51 61 71 81 91 101 111 121 131

L

t

)

B a

n d w i d t h ( M b p s )

Time (Secs)

Mice vs Elephants (Detection off)

cumulu


14/38

Results – flow statistic detection & alternate queue rea

0

1

2

3

4

5

6

7

8

9

10

500

550

600

650

700

750

800

850

900

950

1000

1 11 21 31 41 51 61 71 81 91 101 111 121 131

L

a t e n c y ( m s )

B a n

d w i d t h ( M b p s )

Time (Secs)

Mice vs Elephants (Detection on)

cumulusn


15/38

Tunneling

• Networking people love to argue about tunnel formats

• Primarily a low-level detail of the implementation

• But tunnel format matters:

– Interoperability (HW + SW endpoints)

–

ECMP on current switches

–

Extensibility

– Performance

– Visibility

• Current options (VXLAN, NVGRE, STT) all fall short somewhere

• Enter Geneve (Generic Network Virtualization Encapsulation)

– VMware, Microsoft, Red Hat, Intel (the x86 world)

CONFI


16/38

Tunnels are like cables

Physical

HypervisorHypervisor

WORL

Virtual Netwo

STT

VXLAN VXLAN

Cable Cable

Cable

Copper Cable

Controller Third party hardware

Geneve

Geneve Geneve


18/38

How the Options Are Used

• structure

–

Type is structured to allow vendor-specific options

•

“C” bit indicates “critical” options

• Example use:

–

convey the source or dest of a packet when that info can’t be determined from other fi

• e.g. ARP request from a logical router could be from anywhere physically

• Mirrored packets might be sent somewhere other than dest address

– Indicate traceflow packets

–

Carry logical port info for egress policy

–

State versioning

–

Service chaining

– etc.

CONFI


19/38

What about VXLAN, STT, etc.?

• Hardware that supports VXLAN and STT will be around for a long time

• If you’re buying switches today, they’ll support VXLAN

• VXLAN NIC offloads also available today

• Of course we’ll continue to support VXLAN & STT

– Easy for us to support multiple encapsulation types

–

We mix & match STT & VXLAN (and GRE) today

• Geneve goal is that we don’t need another encap for a long time

CONFI


20/38

Service Chaining

• Creating a graph of services (e.g. load balance, firewall, WAN optimize, etc.)

•

Network virtualization provides a natural way to do this in automated manner

– Creating virtual topologies

• Often need to pass metadata along the chain

–

e.g. make the results of a classification step available to a later node

–

Ongoing argument about how to pass this metadata – Geneve provides a reasonable

FirVPN

IPsec/SSL

CONFI


21/38

Service Chaining Example: E-W Firewall & Routing

Logical View

Hypervisor1Hypervisor1

vSwitch

Hypervisor1Hypervisor2

vSwitch

3rd Party FW 3rd Party FW

Ph

Web App

Web App


22/38

Multi-Site Network Virtualization

• We support some multi-site scenarios today (see NET1974)

–

E.g. stretched metro cluster

–

Snapshot, clone, restore across locations

• Important to think of the full picture, not just networking

–

E.g. do you want to migrate a VM across the WAN without its data?

– Where does your Cloud Management Platform live? How many CMP instances?

• Lots of distinct use cases! plenty of work ongoing


23/38

The Multi-Site Spectrum

Single DCFederation

GeogDisp

Metro AreaDCs

Sub-ms latency

High BW

Low-ms latency

High BW

100-ms

Constra

CONFI


24/38

IP/MPLS CORE

PETo Customer Sites

Connecting Virtualized Data Centers to the WAN

Hypervisor Hypervisor

NSXEdge

vSwitch vSwitch


25/38

Using “Option B” to Map Logical Networks to MPLS La

NSXEdge

Logical Network Prefixesadvertised in MP-BGP with MPLS

labels

ASBRTo Customer Sites

MPLS Core

Treat interface likeinter-AS (RFC 4364)

MPLS Labelled Packets mappedto/from logical networks


26/38

WAN

Multi-site using MP-BGP

Hypervisor HyNSXEdge

vSwitch vSw

HypervisorHypervisorHypervisor

NSXEdge

vSwitchvSwitchvSwitch

MP-BGP


27/38


28/38

!"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+)!"# %&'()&**+)

Controller State Distribution

• All nodes active

•

Workload sliced among nodes

• Logical network state – semantically rich

!&,+-!&,+.

/+0"+)123+

456

5+)727(+'(

"(&)89+

:&9238*

!+(;&)<

=)8'7>&)(

!+(;&)<

!&,+? !&,+@ !&,+A

%&'()&**+)

%*B7(+)


29/38

!"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+)!"# %&'()&**+)

Controller State Distribution

!&,+-!&,+.

/+0"+)123+

456

5+)727(+'(

"(&)89+

:&9238*

!+(;&)<

=)8'7>&)(

!+(;&)<

!&,+? !&,+@ !&,+A

%&'()&**+)

%*B7(+)


30/38

Summary

• Network virtualization – not just for the bleeding edge

• Physical networks are part of the story

–

Control the physical edge for non-virtualized workloads and north-south traffic

– Communicate with the underlay for congestion/elephant flow mitigation

–

Keep moving up the stack

• Tunneling – a detail, but an important one

• Multi-site

– Consider use case & complete system

–

Some solutions today, more soon

• Exciting times for networking!


31/38

Related Sessions


32/38

Hands-on Labs

• SDC-1402 vSphere Distributed Switch from A to Z

•

SDC-1403 Introduction to VMware NSX•

SDC-1420 OpenStack with VMware vSphere and NSX

•

SDC-1423 vCloud Suite Basic Networking

• SDC-1424 VMware NSX and SDDC

• SDC-1425 VMware NSX Advanced


33/38

Advanced Technical Track - Networking

CONFI

• NET1949 VMware NSX for Docker, Containers & More

• NET1589 Reference Design for SDDC with NSX & vSphere

•

NET1583 NSX for vSphere Logical Routing Deep Dive•

NET1974 Multi-Site Data Center Solutions with VMware NSX

•

NET1966 Operational Best Practices for VMware NSX

•

NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMwa

Group Discussions - Networking

• NET3441-GD vSphere Distributed Switch

• NET3442-GD vCAC and NSX

• NET3443-GD NSX Routing Design Best Practices

•

NET3445-GD NSX Multi Site Deployments

•

NET3444-GD NSX Network Services


34/38

Technical Track - Networking

CONFI

• NET1846 Introduction to NSX

• NET1743 VMware NSX – A Technical Deep Dive

•

NET1957 NFV for Telco Infrastructure•

NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX

•

NET1586 Advanced Network Services with NSX

•

NET1560 The NSX Guide to Horizon View

• NSX1883 NSX Performance Overview

• NSX1588 Load Balancer as a Service, using NSX or Partner Solutions

• NET1401 vSphere Distributed Switch Best Practices for NSX

•

NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC

• NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors

• NET2379 Dynamically Configuring Application Specific Network Services for vCAC

• NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions


35/38

Thank YouBruce [email protected]


36/38

Thank You


37/38

Fill out a surveyEvery completed survey is entere

drawing for a $25 VMware compa

gift ce


38/38

Advanced Topics & FutureDirections in NetworkVirtualization with NSX

Bruce Davie, VMware, Inc

vmworld 2014 - advanced topics & future directions in network virtualization with nsx

Documents