NET1510 Introduction to NSX-T Architecture or …...Dimitri Desmidt –[email protected] Andrew...

Dimitri Desmidt – [email protected] Voltmer – [email protected]

NET1510

#VMworld #NET1510BU

Introduction to NSX-T Architecture

VMworld 2017 Content: Not fo

r publication or distri

bution

#NET1510BU CONFIDENTIAL

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2



bution


NSX Vision: NSX Everywhere Managing Security and Connectivity for many Heterogeneous End Points

End users

Branch offices/Edge computing/IOT

Cloud

vCloud AirNetwork

New app frameworks

On-premise

BARE METAL

Automation

IT at the Speed of Business

Security

Inherently Secure Infrastructure

Application Continuity

Data Center Anywhere



bution


Agenda

1 NSX Architecture

2 NSX Network & Security Services

3 NSX Management & Operations Tools

4 NSX Use Cases

4



bution


Agenda

5

1 NSX Architecture



4 NSX Use CasesVMworld 2017 Content: N

ot for publicatio

n or distribution


Transport Nodes

NSX Manager

NSX Controllers

NSX Architecture and Components

6

Cloud Consumption• Self Service Portal

• OpenStack, Custom

Data Plane

• High Performance Data Plane

• Scale-out Distributed Forwarding Model

Management Plane (MP) Node – VM form factor

• Concurrent configuration portal

• REST API entry-point

• GUI

Central Control Plane (CCP) Nodes- VM form factor

• Programs data

• Control-Plane Protocol

• Separation of Control and Data Plane

ESXi(+ kernel modules)

Control Plane

Management Plane

NSX Edge(L3 + Adv

Services)

Physical Infrastructure

Hypervisors

L2 Bridge(L2 Overlay-

VLAN)

KVM(+ kernel modules)

VPN



bution


CCP Node CCP Node CCP Node

Manager

NSX Operations Workflow

7

User makes a configuration

Transport

Node

MPA LCP

Transport

Node

MPA LCP

Transport

Node

MPA LCP

XConfiguration is “persisted”

Configuration is pushed to Central Control Plane

Configuration is realized by Local Control Plane



bution


Logical View

NSX Architecture

8

Quick Demo

Tenant1-LS1 Tenant1-LS2

Physical View

Rack2

(KVM)

Rack1

(ESXi)

Rack3

(Edges)

External

NSX Mgr

NSX Ctrl

Physical

Router



bution

NSX Architecture Demo



bution


Agenda

10

1 NSX Architecture




ot for publicatio

n or distribution


NSX Network & Security Services

11

Faithful Reproduction of Network & Security Services in Software

Distributed Centralized

Switching

Routing

Firewall

Firewall

Routing Load Balancing

Bridging to Physical



bution



12

Advanced Network and Security Topologies

VM1 VM2

NAT

VM1 VM2L2 Overlay/VLAN

Bridging

VM1 VM2 VM3

Firewalling

VM1 VM2

LB-Pool

Load Balancing

Routing

VM1 VM2 VM3

Switching

VM4

Switching

One-Arm

LB

In-Line

LB

NSX API & UI



bution



13

Quick Demo

13

Logical View

Tenant1-LS1

10.1.1.0/24

Tenant1-LS2

10.1.2.0/24

Physical

Router

Tenant1-LR1(Tier-1)

.1 .1

VM

.3

VM

.3

VM

.2

VM

.2

Note: One Cloud Management Platform (OpenStack) is used to create those

different Network & Security

Physical View

Rack2

(KVM)

Rack1

(ESXi)

Rack3

(Edges)

External

NSX Mgr

NSX Ctrl

Physical

Router



bution

NSX Network and Security Services Demo



bution



15

More Information . . .

NSX-T Advanced Architecture ConceptsThe Future of Networking and Security with

NSX-T

Session: NET1863BU

Francois Tallet and Dimitri Desmidt

Deep dive into NSX architecture including

design, performance and high-availability

capabilities.

Wednesday, August 30th

10:00 am to 11:00 am

Session: NET1821BU

Bruce Davie - CTO VMware

A view into the future of NSX and how it can

address a variety of modern use cases.

Tuesday, August 29th

11:30 am to 12:30 pm



bution


Agenda

16

1 NSX Architecture




ot for publicatio

n or distribution


Visibility

Statistics

Backup / Restore

Management

Tools

Upgrade

Without visibility

all features are useless!



bution


Troubleshooting Tools

In depth logging

with support for

logging analytic

tools

View logical and

physical traffic

paths between

virtual machines

Find quickly

logical topology

between virtual

machines

Capture specific

traffic for deeper

analysis



bution


NSX Management & Operations Tools

19

Quick Demo

19

Logical View

Tenant1-LS1

10.1.1.0/24

Tenant1-LS2

10.1.2.0/24

Physical

Router

Tenant1-LR1(Tier-1)

.1 .1

VM

.3

VM

.3

VM

.2

VM

.2

Physical View

Rack2

(KVM)

Rack1

(ESXi)

Rack3

(Edges)

External

NSX Mgr

NSX Ctrl

Physical

Router



bution

NSX Management and Operations Tools Demo



bution


Agenda

21

1 NSX Architecture




ot for publicatio

n or distribution


Infrastructure Components

NSX in the IaaS Stack

22

Infrastructure treated

as code and

templated

Singular interface for

DevOps Automation

Compute, storage,

networking and

security APIs

APIs abstract

underlying

virtual infrastructure

Web Portal APIs/SDKs CLI Tools

OpenStack Cloud Management Platform

ESXi & KVM

DevOps Automation

vSANNSX

Infrastructure as

CodeContinuous Delivery

Automated

Deployment



bution

NSX with OpenStack for IaaS



bution


OpenStack and Hypervisor Ecosystem

24

The NSX Networking and Security Platform

Open

source

VIO Redhat SUSE / HPEMirantis Canonical

VMware Redhat Canonical

• ESXi 6.0u2• ESXi 6.5

• RHEL 7.2• RHEL 7.3

• Ubuntu 14.04 LTS• Ubuntu 16.04 LTS



bution

Next Generation Apps with Container Networking



bution


Container Networking Challenges

• Micro-services are connected to Private Container

network that only spans the PaaS platform

• Requires ramp nodes and NAT for integrating

physical services – e.g. Firewall, Load Balancer

• No means for a DevOps and security admin to

define, implement & monitor security policy for

Micro-services

• Not possible to apply policy for

Micro-services database traffic due to NAT

Ramp

Node (NAT)

CaaS / PaaS platform

Container Network



bution


The Benefits of NSX Container Networking

27

• A single network fabric that connects VMs and

containers across on-premise and public cloud

• Container Network integrates with data center

network with BGP

• Layer 3 reachability between LB, FW and

Containers

simplifies integration of network services

• NSX enables both the DevOps admin and the

security admin to define & monitor policy for Micro-

services

• Prioritizes security admin policy

CaaS / PaaS platform



bution


Next Generation Application with Containers

28


Container Networking with

NSX-T

Kubernetes Networking

with NSX-T

Session: NET1521BU

Sai Chatanya and Yves

Fauser

An overview of container

networking with NSX.

Monday, August 28th

1:00 pm to 2:00 pm

Session: NET1522BU

Yasen Simeonov and Yves

Fauser

A deep dive into NSX and

Kubernetes.

Monday, August 28th

11:30 am to 12:30 pm

One-Stop Container

Networking

Session: CNA1091BU

Sai Chatanya

Container networking with

CloudFoundry, Kubernetes,

Docker, and More

Monday, August 28th

5:00 pm to 6:00 pm



bution

Public Cloud Networking and Security with NSX



bution


• Managed Service Consumption Model

• Self-service portal for pre and post-pay options

• VMware takes over NSX lifecycle management

• Simplified GUI for policy-driven configuration

and deployment

• Attributes based security policies

• Single pane of glass for management across

VPCs and Cloud Accounts

• Seamless Integration with Cross-cloud

Services Portfolio

VMware NSX Cloud with AWS

30

Consistent networking and security for applications running natively in public clouds



bution


VMware NSX Cloud with AWS

31


Reference Design for SDDC with NSXUsing NSX for Enhanced Networking and

Security for AWS

Session: NET1535BU

Nimish Desai

An overview of container networking with NSX.

Wednesday, August 30th

11:30 am to 12:30 pm

Session: MMC1532BU

Amol Tipnis and Percy Wadia

Discover how NSX can provide enhanced

networking and security in AWS.

Tuesday, August 29th

5:00 pm to 6:00 pm



bution


Join VMUG for exclusive access to NSX

vmug.com/VMUG-Join/VMUG-Advantage

Connect with your peers

communities.vmware.com

Find NSX Resources

vmware.com/products/nsx

Network Virtualization Blog

blogs.vmware.com/networkvirtualization

Where to Get Started

Dozens of Unique NSX Sessions

Spotlights, breakouts, quick talks & group discussions

Visit the VMware Booth

Product overview, use-case demos

Visit Technical Partner Booths

Integration demos – Infrastructure, security, operations,

visibility, and more

Meet the Experts

Join our Experts in an intimate roundtable discussion

Free Hands-on Labs

Test drive NSX yourself with expert-led or self-paces

hands-on labs

labs.hol.vmware.com

Training and Certification

Several paths to professional certifications. Learn

more at the Education & Certification Lounge.

vmware.com/go/nsxtraining

Engage and Learn Experience

Try Take

32



bution

https://www.vmug.com/VMUG-Join/VMUG-Advantage

https://communities.vmware.com/community/vmtn/nsx

http://vmware.com/products/nsx

http://blogs.vmware.com/networkvirtualization

http://labs.hol.vmware.com/

http://www.vmware.com/go/nsxtraining



bution

NET1510 Introduction to NSX-T Architecture or …...Dimitri Desmidt –[email protected] Andrew...

Documents

Transcript of NET1510 Introduction to NSX-T Architecture or …...Dimitri Desmidt –[email protected] Andrew...