VMworld 2013: Deploying VMware NSX Network Virtualization

Deploying VMware NSX Network Virtualization

Archish Dalal, VMware

Nikhil Kelshikar, VMware

NET5584

#NET5584

2

Session Objectives

Discuss VMware NSX Network Virtualization deployments

in an environment with multiple hypervisors

Learn about all the NSX components which are required

for deployment

Understand Simple packet flows in a logical network

Observe the deployment workflows

3

Recommended Sessions & Labs

NET5716 – Advanced NSX Architecture

NET5266 – Bringing Network Virtualization to VMware

Environments with NSX

NET5270 – Virtualized Network Services Model with NSX

SEC5582 – Multi-site Deployments with VMware NSX

You can actually test all the workflows in the lab HOL-SDC-1319

4

Agenda

Benefits of Network Virtualization

VMware NSX Architecture

• NSX Features

• NSX System Components

Deployment Steps for VMware NSX

VMware NSX Capability and Workflows

• Demo: Consuming a multi-tier App with VMware NSX

• Demo: Logical to Physical Bridging

• Demo: Operational Visibility

Real-world Customer Use-Cases

5

Agenda



• NSX Features








6

What Is a Virtual Network?

General Purpose Server Hardware

Server Hypervisor

Requirement: x86

Virtual

Machine

Virtual

Machine

Virtual

Machine

Application Application Application

x86 Environment

Decoupled

Hardware

Software

General Purpose Networking Hardware

Network Hypervisor

Requirement: IP Transport

Virtual

Network

Virtual

Network

Virtual

Network

Workload Workload Workload

L2, L3, L4-7 Network Services

7

VMware NSX – Network Virtualization

VMware NSX Transforms the Operational Model of the Network

Network provisioning time reduced from 7 days to 30 sec

Reduce network provisioning time from

days to seconds

Cost Savings

Reduce operational costs by 80%

Increase compute asset utilization up to 90%

Reduce hardware costs by 40-50%

Operational Automation

Simplified IP hardware

Choice

Any Hypervisor: vSphere, KVM, Xen, Hyper-V

Any CMP: vCAC, OpenStack

Any Network Hardware

Partner Ecosystem

Any hypervisor

Any CMP with Partner

8

VMware NSX – Networking & Security Capabilities

Any Application (without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2


Any Cloud Management Platform

Logical

Firewall

Logical

Load Balancer

Logical L3

Logical

VPN

Any Hypervisor

Logical Switching– Layer 2 over Layer 3,

decoupled from the physical network

Logical Routing– Routing between virtual

networks without exiting the software

container

Logical Firewall – Distributed Firewall,

Kernel Integrated, High Performance

Logical Load Balancer – Application

Load Balancing in software

Logical VPN – Site-to-Site & Remote

Access VPN in software

NSX API – RESTful API for integration

into any Cloud Management Platform

Partner Eco-System

9

Agenda



• NSX Features








10

NSX System Architecture Components

NSX Controller Cluster Advanced distributed state management system

manages virtual networks and overlay transport

tunnels

NSX vSwitch Intelligence moves to the edge, in software,

embedded in server hypervisor

Logical Switches Hypervisor to hypervisor high performance, vendor

independent, transport on any physical fabric

architecture

NSX Gateway Supports connection between logical and physical

networks – VLANs, Routing

Network API RESTful web services API opens programmatic

interface to virtual network infrastructure

Any Cloud Management Platform

Overlay Transport

NSX vSwitch

NSX Controller

NSX API

NSX

Gateway


Any Hypervisor

Partner Extensions

NSX Manager

11

VMware NSX Functional System Overview

vSphere Hyper-V* XenServer KVM

vSwitch vSwitch vSwitch vSwitch

Hosts

Data Plane

Operations

UI

Logs/Stats

CMP

Consumption

Tenant UI

API

Control Plane Run-time state

Management Plane API

API, config, etc.

HA, scale-out

Hardware

Gateway

NSX Manager

NSX Controller

12

The Network API

REST APIs enable programmatic consumption of network resources

Consume via any CMP

Basic Network Functions – Create/Delete Network, Create / Delete Ports

Advanced Functions – Security Profiles, L3, NAT, DHCP, QoS, Mirroring, etc.

Self Service User Interface

NVP API

Virtual

Networks

Virtual

Machines

Virtual

Storage

Custom CMS

Storage API Compute API Network API

(Neutron)

Image Mgmt Accounting & Billing Authorization

Virtual

Networks and

Services

Networking API

REST API

13

NSX Distributed Controller Cluster

NSX Controller defines the overlay

network state

Scale-Out Deployment Model

• High-Performance

• High-Availability

Programmatic Interface

• RESTful Web Services API

• CMS Integration

• OpenStack, CloudStack, Home Grown

Does Not sit in the data path

Does not manage devices in the fabric

14

NSX vSwitch

Virtual Switch implemented within Hypervisor

Supports Multiple Hypervisors

• VMware ESXi – NSX vSwitch

• Xen, KVM, etc. – OVS Implementation

Tunnel Termination End-point

• STT, VXLAN, GRE, IPSec support

• Communicates with Controller to build state

• Line rate performance

Supports Switch Standard Functionality

• sFlow

• SPAN, RSPAN

• Traffic Monitoring

• LACP

• QoS Marking (DSCP)

• and more

Hypervisor

VM VM VM

Logical

Network State

Transport

Network State

15

Logical Switches and Overlay Transport

Logical Switches define an

“Overlay” Network

“Underlay” or physical network

carries the traffic between hosts

Robust Physical Network

Infrastructure forms the

communication fabric

16





Logical Switches can use

multiple protocols to build

overlay VXLAN, STT, GRE, IPSec





17









Logical Switches can use

multiple protocols to build

overlay VXLAN, STT, GRE, IPSec

Multiple logical switches

can be created

Logical switches provide

multi-tenancy

18

Overlay Tunnels – How it Works

NSX Controller Cluster establishes an overlay network

L2 over L3 tunneling mechanism – VXLAN, STT, GRE

Packets encapsulated with Logical Switch info

Payload IP L2 Payload IP L2

L2 IP Tunnel

Protocol Payload IP L2 L2 IP Tunnel

Protocol Payload IP L2

VM VM VM VM

NSX vSwitch

Physical Network

ESXi

19

Logical Switches – Life of a Packet

vSphere Host XenServer Ubuntu/KVM Redhat/KVM

vSwitch vSwitch vSwitch vSwitch

VM VM VM VM VM VM VM

Multiple Tunneling Protocols

Payload IP L2

L2 IP Tunnel

Protocol Payload IP L2 L2 IP Tunnel

Protocol Payload IP L2

Payload IP L2

QoS Marking (DSCP)

Ingress

(ACL, QoS, FW)

Egress

(ACL, QoS, FW)

Virtual Networks

20

Connecting Physical and Virtual Worlds

VM VM VM VM VM VM VM

Virtual Network Virtual Network

Hypervisor

NSX Gateway

VLAN VLAN

Physical

Virtual

e.g. Hosted Servers

e.g. Cloud Servers

1

1 2

2 3 4

3 4

Bare Metal, Physical Switch

or Virtual Appliance

21

Agenda



• NSX Features








22

NSX Deployment: Build Physical Infrastructure

Compute

1

Deploy Network Infrastructure

Any Fabric

Build a robust network infrastructure

Follow vendor best practices around HA

Fabric topology independence

L2 Fabric or L3 Fabric

Install Compute Hosts with Hypervisor of choice

Host prep includes Virtual Switch Deployment

Identify ToR switches and/or hosts which provide

virtual to physical network connectivity

23

NSX Deployment: Prepare VMware NSX

2

Deploy VMware NSX

NSX Mgmt & Edge Services

NSX

GW

NSX

Mgmt

Virtual Infrastructure

NSX Infrastructure

Deploy NSX Controller

Install multiple copies for scale and HA

Register vSwitches with NSX Controller

Typically automated

Deploy NSX Manager

Prepare NSX Gateway or Physical ToR GW Service

24

NSX Deployment: Consume Applications

Connect CMP to NSX via REST API

vCAC, vCD, OpenStack, CloudStack, etc.

Create application profiles

including VMs, Logical Networks, Firewall, etc.

Deploy applications

Tie logical to physical networks as necessary

3

Consumption of

Applications

CMP

Self-Service

Programmatic Virtual

Network Deployment

Logical Networks

+

25

Deploying Network Virtualization with VMware NSX

Compute

1

Deploy Network Infrastructure

Any Fabric

2

Prepare VMware NSX

NSX Mgmt & Edge Services

NSX

Edge

NSX

Mgmt

Virtual Infrastructure

NSX Infrastructure

3

Consumption

of Applications CMP

Self-Service

Programmatic Virtual

Network Deployment

Logical Networks

+

26

Agenda



• NSX Features








27

Multi-tier Template Deployment

28

Physical/Logical View

29

IP

Transport Network

NSX

Controller Cluster

Northbound REST API

Virtual

Network

How It Will Be Built

IP B

Data Plane Control Plane

VM

Cloud Management

Platform

ESX HV

IP A

Corpnet

10.36.x.x

VM IP C

NSX Edge GW

Corpnet

10.36.x.x

Existing

DC

Network(s)

KVM HV

1 2

VM1

VM2

VM1

VM2 Tier 1

Network

192.168.100.0/24

Tier 2

1 2

VM

VM

30

Demo

31

vCOps Integration

32

Agenda



• NSX Features








33

VMware – Deployment Use Cases

Self-Service IT

Dev X

Dev A

Test X Acquisition

A

DevOps Cloud

On-boarding M&A

Multi-tenancy

Flexible IP Address Mgmt

Simplified consumption

Key Capabilities

Examples

Data Center

Automation

Micro-segmentation of App

Simplifying Compute Silos

DMZ Deployments

Scalable Firewall Capabilities

Rich Network Services L2,L3

Programmatic Consumption

Key Capabilities

Examples

Public Clouds

XaaS Clouds

Vertical Clouds

Multi-tenant Deployment

Security Capabilities

Any Hypervisor, Any CMP

Key Capabilities

Examples

34

Recommended Sessions & Labs

NET5716 – Advanced NSX Architecture

NET5266 – Bringing Network Virtualization to VMware

Environments with NSX

NET5270 – Virtualized Network Services Model with NSX

SEC5582 – Multi-site Deployments with VMware NSX

You can actually test all the workflows in the lab HOL-SDC-1319

Want more of the demo – Visit us at the booth to see NSX in action

35

Other VMware Activities Related to This Session

HOL:

HOL-SDC-1319

VMware NSX for Multi-Hypervisor Environments

Group Discussions:

NET1002-GD

NSX for Multi-Hypervisor Environments with Roberto Mari

THANK YOU

Deploying VMware NSX Network Virtualization

Archish Dalal, VMware

Nikhil Kelshikar, VMware

NET5584

#NET5584

Technology

VMworld 2013: Deploying VMware NSX Network Virtualization