© 2014 VMware Inc. All rights reserved.

VMware NSX overview

Geordy Korte

Keep calm and don’t blink!

The Software Defined Datacenter

There are two approaches

Hardware Defined

Data Center (HDDC)

Any Application

HDDC Platform

Integrated x86

Integrated Storage

Vendor Specific

Network

Ve

rtic

al In

teg

ratio

n

Software Defined

Data Center (SDDC)

Any Application

SDDC Platform

Any x86

Any Storage

Any IP network

Data Center Virtualization

OR

Software

Controller

Component requirements

Building an SDDC

A data center network…

Internet

Compute infrastructure….

Internet

Hypervisors and vSwitches…

Internet

NSX | The “Network Hypervisor”

Internet

Virtual Networks – Like Virtual Machines for the Network

Internet

What is a virtual network?

What is a virtual network?

What is a virtual network?

Programmatically Provisioned

Physical Workloads and Legacy VLANs

Security – Complete Isolation

Central Policies, Distributed Enforcement, Move with VMs

Internet

Security Policy Security Policy

Inner workings

Architecture

vCD/vCAC

vCenter Server NSX Manager 1:1

Management Plane

Control Plane

NSX Edge

Distributed

Router

Controller

Data Plane

NSX Edge

Services Router

VXLAN DR DFW Security VXLAN DR DFW Security

1:Many

VXLAN DR DFW Security

Management Plane

Self service and on-demand Provisioning of Infrastructure

Abstracted pool of services (Compute/Storage/Network)

Catalogue of applications

vCD/vCAC

vCenter Server NSX Manager 1:1

Management Plane

Provisioning and

Management of

Compute/Memory

Storage

Virtual Switch

Provisioning and

Management of Network and

Network services

VXLAN Preparation

Logical Network Consumption

Network Services

Configuration

vCD/vCAC vCenter Server NSX Manager

Control Plane

Dynamic Routing

VXLAN – VLAN Bridging

Scale Out

VXLAN - no Multicast

ARP suppression

Distributed Routing

Control Plane

NSX Edge

Distributed

Router

Controller

NSX Edge Distributed Router Controller

Dataplane

Kernel Modules

Message Bus

User World Agent

NAT

DHCP

LB

VPN

Data Plane

NSX Edge

Services Router

ESX Host NSX Edge Services Router

VXLAN DR DFW Security VXLAN DR DFW Security VXLAN DR DFW Security

Communications

vCD/vCAC

vCenter Server NSX Manager

Management Plane

Control Plane

NSX Edge

Distributed

Router

Controller

Data Plane

NSX Edge

Services Router

VXLAN DR DFW Security VXLAN DR DFW Security VXLAN DR DFW Security

vSphere API

REST API vSphere API

REST API

VIX

A

PI

vS

ph

ere

A

PI

REST API

REST API

Messag

e B

us

Distributed Services

….

Firewall

Load Balancer

VPN

Routing

L3 Gateway L3

Gateway

VM VM VM VM VM

Routing & Firewalling • OSPF/eBGP/iBGP

• Virtualization and identity context firewall

Features

• Remove hairpins and bottlenecks

• Line rate performance with distributed scale out architecture

Scale & Performance

• Create on demand networks to speed up application provisioning

Use Cases

L2

L2

Tenant A

Tenant B

L2

L2

L2 Tenant C

L2

L2

L2

Load Balancing

Web 1 Web 3 Web 2

• TCP, HTTP, HTTPS with Stateful HA

• Multiple Virtual IPs each with separate server pool and configurations

• Multiple load balancing algorithms

• Multiple Session Persistence methods

• Configurable health checks

• Application Rules

• SSL Termination with Certificate Management

• Transparent/Full Proxy Mode

• IPv6

Features

• 10Gb/s throughput

• 50,000 CPS

• 1M Concurrent Connections

Scale & Performance

• Per Tenant Cloud LB

• Dynamic VIP for applications

Use Cases

VPN services • Interoperable IPsec tested with major

vendors

• Clients on all major OS (Win, Apple, Linux)

• Remote Authentication via Active Directory, RSA Secure ID, LDAP, Radius

• TCP Acceleration

• Encryption – 3DES, AES128, AES256

• AESNI H/W Offload

• NAT & Perimeter Firewall Traversal

Features

• High Performance – AES-NI acceleration

• 2 Gb/s throughput per tenant

Scale and Performance

• Cloud to Corporate

• Cloud On-boarding

• Remote Office/Branch Office

• Remote Management

Use Cases Internet/

WAN

Internet/

WAN

IP

Transport Network

NSX

Controller Cluster

Northbound REST API

11.1.1.10

Gateway Service

Appliance/VM

Virtual

Network VM1

VM2

VM1

VM2

10.2.2.10

Data Plane

Control Plane

VM1 VM1

VM2

Cloud Management

Platform

1 2

10.1.1.10

VM3

192.168.1.0/24

Corpnet

20.1.1.2

VM3

Corpnet

20.1.1.2

10.97.110.10

VM2

VLAN 9

SRV4 SRV5

VLAN 9

SRV4 SRV5

1 2

Existing

DC

Network(s)

Thank You

gkorte@vmware.com @gekort