Upload
kinankazuki104
View
223
Download
0
Embed Size (px)
Citation preview
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
1/38
Advanced Topics & FutureDirections in NetworkVirtualization with NSX
Bruce Davie, VMware, Inc
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
2/38
Disclaimer
• This presentation may contain product features that are currently under develop
• This overview of new technology represents no commitment from VMware to defeatures in any generally available product.
• Features are subject to change, and must not be included in contracts, purchas
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presen
been determined.
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
3/38
Objectives
• Provide an update on latest NSX capabilities
• Provide some insight into future NSX direction
• Deepen your understanding of network virtualization and its value
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
4/38
Overview
• Network Virtualization in One Slide
• Physical Network Integration
• Encapsulations
• Service Chaining
• Multi-site Network Virtualization
• Summary
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
5/38
Network Virtualization – an Analogy
CONFI
Physical Compute & Memory
Hypervisor
Requirement: x86
Virtual
Machine
Virtual
Machine
Virtual
Machine
Application Application Application
x86 Environment
Physical Netwo
Network Virtualization P
Requirement: IP Trans
Virtual
Network
Virtual
Network
Workload Workload
L2, L3, L4-7 Network Se
Decoupled
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
6/38
VLAN
L2
L3
Virtual Network
L2
NSX – Network Virtualization Platform
Physical Network
vSphere Host vSphere Host KVM Xen Server
NSX vSwitch NSX vSwitch Open vSwitch Open vSwitch
Hardware
So
ftware
Controller Cluster
VTEP API
HW Partner
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
7/38
API (OVSDB)
Tunnels (VXLAN)
Controller Cluster
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Logical network
Connecting the Physical to the Virtual
DB
VM MACS
IP Underlay(no mulitcast required)
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
8/38
Distributed Logical Routing (P V)
Hypervisor
vSwitch
Physical ViewLogical View
192.168.2.254192.168.1.254
192.168.1.1192.168.2.1
192.168.1.1
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
9/38
Packet Walk
Hypervisor
vSwitch
192.168.1.1
192.16
ARP: IP=192.168.1.254SRCMAC=VM
ARP: IP=192.168.2.1SRCMAC=HypervisorVNI=2
ARP_REP: IP=192.168.1.254MAC=LogicalRouter_A
ARP: IP=192.168.2.1SRCMAC=LogicalRoute
ARP_REP: IP=192.16MAC=Physical
ARP_REP: IP=192.16MAC=PhysicalVNI=2
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
10/38
Distributed L3
• The other paths (P!V, V!V, P!P) are similar
–
Router’s ARP reply always comes from nearby VTEP or vswitch
–
That node then ARPs toward the ultimate destination
• Note that the LR is fully distributed among VTEPs and vswitches
–
Any E-W traffic will travel directly between hypervisors
– No single device does all routing
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
11/38
VTEP Futures
• BFD health monitoring
–
Mitigate service node failures
–
Provide overlay health monitoring/troubleshooting
• ACL configuration
• QoS – DSCP setting
• Higher layer services (e.g. ADCs)
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
12/38
Handling Elephant Flows
1. Detect Elephants
–
Must be long-lived and high-bandwidth
–
vSwitch ideally suited for task, maybe combine with central control
2. Do something with them:
–
Mark the outer DSCP
– Put them in a queue separated from mice
– Route along their own path or network
–
Convert to mice
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
13/38
Results – flow statistic detection & alternate queue rea
0
1
2
3
4
5
6
7
8
9
10
500
550
600
650
700
750
800
850
900
950
1000
1 11 21 31 41 51 61 71 81 91 101 111 121 131
L
t
)
B a
n d w i d t h ( M b p s )
Time (Secs)
Mice vs Elephants (Detection off)
cumulu
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
14/38
Results – flow statistic detection & alternate queue rea
0
1
2
3
4
5
6
7
8
9
10
500
550
600
650
700
750
800
850
900
950
1000
1 11 21 31 41 51 61 71 81 91 101 111 121 131
L
a t e n c y ( m s )
B a n
d w i d t h ( M b p s )
Time (Secs)
Mice vs Elephants (Detection on)
cumulusn
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
15/38
Tunneling
• Networking people love to argue about tunnel formats
• Primarily a low-level detail of the implementation
• But tunnel format matters:
– Interoperability (HW + SW endpoints)
–
ECMP on current switches
–
Extensibility
– Performance
– Visibility
• Current options (VXLAN, NVGRE, STT) all fall short somewhere
• Enter Geneve (Generic Network Virtualization Encapsulation)
– VMware, Microsoft, Red Hat, Intel (the x86 world)
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
16/38
Tunnels are like cables
Physical
HypervisorHypervisor
WORL
Virtual Netwo
STT
VXLAN VXLAN
Cable Cable
Cable
Copper Cable
Controller Third party hardware
Geneve
Geneve Geneve
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
17/38
Geneve Header
MAC IP
UDP Geneve
Inner Eth Inner IP Inner L4 Payload
Options
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver| Opt Len |O|C| Rsvd. | Protocol
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Virtual Network Identifier (VNI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Variable Length Options
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
18/38
How the Options Are Used
• structure
–
Type is structured to allow vendor-specific options
•
“C” bit indicates “critical” options
• Example use:
–
convey the source or dest of a packet when that info can’t be determined from other fi
• e.g. ARP request from a logical router could be from anywhere physically
• Mirrored packets might be sent somewhere other than dest address
– Indicate traceflow packets
–
Carry logical port info for egress policy
–
State versioning
–
Service chaining
– etc.
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
19/38
What about VXLAN, STT, etc.?
• Hardware that supports VXLAN and STT will be around for a long time
• If you’re buying switches today, they’ll support VXLAN
• VXLAN NIC offloads also available today
• Of course we’ll continue to support VXLAN & STT
– Easy for us to support multiple encapsulation types
–
We mix & match STT & VXLAN (and GRE) today
• Geneve goal is that we don’t need another encap for a long time
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
20/38
Service Chaining
• Creating a graph of services (e.g. load balance, firewall, WAN optimize, etc.)
•
Network virtualization provides a natural way to do this in automated manner
– Creating virtual topologies
• Often need to pass metadata along the chain
–
e.g. make the results of a classification step available to a later node
–
Ongoing argument about how to pass this metadata – Geneve provides a reasonable
FirVPN
IPsec/SSL
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
21/38
Service Chaining Example: E-W Firewall & Routing
Logical View
Hypervisor1Hypervisor1
vSwitch
Hypervisor1Hypervisor2
vSwitch
3rd Party FW 3rd Party FW
Ph
Web App
Web App
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
22/38
Multi-Site Network Virtualization
• We support some multi-site scenarios today (see NET1974)
–
E.g. stretched metro cluster
–
Snapshot, clone, restore across locations
• Important to think of the full picture, not just networking
–
E.g. do you want to migrate a VM across the WAN without its data?
– Where does your Cloud Management Platform live? How many CMP instances?
• Lots of distinct use cases! plenty of work ongoing
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
23/38
The Multi-Site Spectrum
Single DCFederation
GeogDisp
Metro AreaDCs
Sub-ms latency
High BW
Low-ms latency
High BW
100-ms
Constra
CONFI
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
24/38
IP/MPLS CORE
PETo Customer Sites
Connecting Virtualized Data Centers to the WAN
Hypervisor Hypervisor
NSXEdge
vSwitch vSwitch
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
25/38
Using “Option B” to Map Logical Networks to MPLS La
NSXEdge
Logical Network Prefixesadvertised in MP-BGP with MPLS
labels
ASBRTo Customer Sites
MPLS Core
Treat interface likeinter-AS (RFC 4364)
MPLS Labelled Packets mappedto/from logical networks
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
26/38
WAN
Multi-site using MP-BGP
Hypervisor HyNSXEdge
vSwitch vSw
HypervisorHypervisorHypervisor
NSXEdge
vSwitchvSwitchvSwitch
MP-BGP
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
27/38
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
28/38
!"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+)!"# %&'()&**+)
Controller State Distribution
• All nodes active
•
Workload sliced among nodes
• Logical network state – semantically rich
!&,+-!&,+.
/+0"+)123+
456
5+)727(+'(
"(&)89+
:&9238*
!+(;&)<
=)8'7>&)(
!+(;&)<
!&,+? !&,+@ !&,+A
%&'()&**+)
%*B7(+)
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
29/38
!"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+) !"# %&'()&**+)!"# %&'()&**+)
Controller State Distribution
!&,+-!&,+.
/+0"+)123+
456
5+)727(+'(
"(&)89+
:&9238*
!+(;&)<
=)8'7>&)(
!+(;&)<
!&,+? !&,+@ !&,+A
%&'()&**+)
%*B7(+)
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
30/38
Summary
• Network virtualization – not just for the bleeding edge
• Physical networks are part of the story
–
Control the physical edge for non-virtualized workloads and north-south traffic
– Communicate with the underlay for congestion/elephant flow mitigation
–
Keep moving up the stack
• Tunneling – a detail, but an important one
• Multi-site
– Consider use case & complete system
–
Some solutions today, more soon
• Exciting times for networking!
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
31/38
Related Sessions
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
32/38
Hands-on Labs
• SDC-1402 vSphere Distributed Switch from A to Z
•
SDC-1403 Introduction to VMware NSX•
SDC-1420 OpenStack with VMware vSphere and NSX
•
SDC-1423 vCloud Suite Basic Networking
• SDC-1424 VMware NSX and SDDC
• SDC-1425 VMware NSX Advanced
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
33/38
Advanced Technical Track - Networking
CONFI
• NET1949 VMware NSX for Docker, Containers & More
• NET1589 Reference Design for SDDC with NSX & vSphere
•
NET1583 NSX for vSphere Logical Routing Deep Dive•
NET1974 Multi-Site Data Center Solutions with VMware NSX
•
NET1966 Operational Best Practices for VMware NSX
•
NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMwa
Group Discussions - Networking
• NET3441-GD vSphere Distributed Switch
• NET3442-GD vCAC and NSX
• NET3443-GD NSX Routing Design Best Practices
•
NET3445-GD NSX Multi Site Deployments
•
NET3444-GD NSX Network Services
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
34/38
Technical Track - Networking
CONFI
• NET1846 Introduction to NSX
• NET1743 VMware NSX – A Technical Deep Dive
•
NET1957 NFV for Telco Infrastructure•
NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX
•
NET1586 Advanced Network Services with NSX
•
NET1560 The NSX Guide to Horizon View
• NSX1883 NSX Performance Overview
• NSX1588 Load Balancer as a Service, using NSX or Partner Solutions
• NET1401 vSphere Distributed Switch Best Practices for NSX
•
NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC
• NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors
• NET2379 Dynamically Configuring Application Specific Network Services for vCAC
• NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
35/38
Thank YouBruce [email protected]
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
36/38
Thank You
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
37/38
Fill out a surveyEvery completed survey is entere
drawing for a $25 VMware compa
gift ce
8/18/2019 VMWorld 2014 - Advanced Topics & Future Directions in Network Virtualization With NSX
38/38
Advanced Topics & FutureDirections in NetworkVirtualization with NSX
Bruce Davie, VMware, Inc