VMworld 2013: Real-world Deployment Scenarios for VMware NSX

40
Real-world Deployment Scenarios for VMware NSX Taruna Gandhi, VMware Jeremy Hanmer, DreamHost Funs Kessen, Schuberg Philis NET5525 #NET5525

description

VMworld 2013 Taruna Gandhi, VMware Jeremy Hanmer, DreamHost Funs Kessen, Schuberg Philis Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

Transcript of VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Page 1: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Real-world Deployment Scenarios for VMware NSX

Taruna Gandhi, VMware

Jeremy Hanmer, DreamHost

Funs Kessen, Schuberg Philis

NET5525

#NET5525

Page 2: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

2

Agenda

VMware NSX Overview

Network Virtualization for Mission Critical Workloads

at Schuberg Philis

Network Virtualization in DreamCompute using

Commodity Hardware

Q&A

Page 3: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

3

The Business Wants to Go FAST!

NSX is all about speed.

Hot, nasty, bad ass speed.

- Ricky Bobby

Page 4: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

4

Provisioning Multi-tier Network Services Today

Page 5: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

5

Provisioning Multi-tier Network Services Today

Compute

Network

DC Services

DB DB

App App

Web Web

Corpnet/Internet

Provisioning is slow

Placement is limited

Mobility is limited

Hardware dependent

Operationally intensive

Page 6: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

6

Provisioning Network Virtualization with NSX

Programmatic provisioning

Place any workload anywhere

Move any workload anywhere

Decoupled from hardware

Operationally efficient

Compute

Network

DC Services

Page 7: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

7

Provisioning Network Virtualization with NSX

Programmatic provisioning

Place any workload anywhere

Move any workload anywhere

Decoupled from hardware

Operationally efficient

Compute

Network

VMware NSX

DC Services

Page 8: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

8

VMware NSX – Networking & Security Capabilities

Any Application (without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2

Any Network Hardware

Any Cloud Management Platform

Logical

Firewall

Logical

Load Balancer

Logical L3

Logical

VPN

Any Hypervisor

Logical Switching– Layer 2 over Layer 3,

decoupled from the physical network

Logical Routing– Routing between virtual

networks without exiting the software

container

Logical Firewall – Distributed Firewall,

Kernel Integrated, High Performance

Logical Load Balancer – Application Load

Balancing in software

Logical VPN – Site-to-Site & Remote

Access VPN in software

NSX API – RESTful API for integration into

any Cloud Management Platform

Partner Eco-System

Page 9: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

9

VMware NSX – Networking & Security Capabilities

Rich Networking & Security Services Scalable Logical Switching

Physical to Virtual L2 Bridging

Dynamic L3 Routing: OSPF, BGP, IS-IS

Logical Services:

Firewall, Identity-based Firewall, Load-balancing,

VPN (IPSec, SSL, L2VPN)

Automation & Operations API Driven Integration

Service Composer for Security Workflows

Server Access Monitoring

Troubleshooting & Visibility

Partner Extensibility Physical ToR L2 Integration

Security Services – IDS / IPS, AV, Vulnerability

Mgmt

Network Services – Load Balancers, WAN

Optimization

Any Application (without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2

Any Network Hardware

Any Cloud Management Platform

Logical

Firewall

Logical

Load Balancer

Logical L3

Logical

VPN

Any Hypervisor

Page 10: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

10

VMware NSX – Network Virtualization Benefits

VMware NSX Transforms the Operational Model of the Network

Network provisioning time reduced from 7 days to 30 sec

Reduce network provisioning time from

days to seconds

Cost Savings

Reduce operational costs by 80%

Increase compute asset utilization upto 90%

Reduce hardware costs by 40-50%

Operational Automation

Simplified IP hardware

Choice

Any Hypervisor: vSphere, KVM, Xen, HyperV

Any CMP: vCAC, Openstack

Any Network Hardware Partner Ecosystem

Any hypervisor

Any CMP with Partner

Page 11: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

11

Results Speak Louder Than Slideware

Page 12: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 13: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Page 14: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 15: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Page 16: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 17: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 18: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 19: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 20: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 21: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 22: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 24: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

–•••

–••

–––––

••

–––

Page 25: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 26: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Who Am I?

• Jeremy Hanmer (@fzylogic)

• 13 years of experience with DreamHost

• System Engineer -> Network Engineer ->...

• ... VP Security -> Cloud Architect

• Focusing on OpenStack and Network Virtualization

Page 27: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

DreamCompute’s

Networking Requirements •

Page 28: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Why Virtualize?

• Customers deserve it

• Better Security (Isolate customers from one another)

• Live Migration (Zero-downtime maintenance!)

• Replicate their existing IP addressing schemes

• Easier administration

• Live Migration (Hypervisor maintenance becomes easy)

• Much easier to know what’s going on on the network

• Automating VLAN provisioning STINKS and doesn’t scale

• We’re now able to migrate workloads to avoid hot spots

Page 29: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Why VMware?

• Confident in their team

• Roadmap (It included IPv6! I’m told it’s getting close!)

• Easy integration of our own Layer 3 services

• Community presence in OpenStack is awesome

• Emphasis on ease of troubleshooting

• Super great support from the beginning

Page 30: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Why Cumulus? •

Page 31: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Physical Network Design • IPv6 Native

• Storage network is 100% IPv6

• Customers all receive a /64 of public IPv6 space

• Layer 2 domains terminate at the TOR

• OSPF v2/3 running on every switch

• 10G Ethernet to every server

• 40G Ethernet between spines

• Dedicated networks for storage (one frontend, one backend), NSX, and administration

• Simple!

• VRRP, QFabric, HSRP often cause more problems than they fix

• Debugging Layer 3 is easy. Debugging Layer 2 is not

Page 32: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Rack Architecture •

••

Page 33: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Virtualization Workflow

••••

AKA: Why this is all so awesome

Page 34: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

The Future!

• Migrate to NSX’s L3 services

• Just waiting for IPv6 to ship with BGP support

• Get Chef running on the Cumulus gear

• Hasn’t been a priority because of the nearly identical configs

• Move to a full mesh architecture that wasn’t possible before

Page 35: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

“Pics or It Didn’t Happen!”

Page 37: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

37

Other VMware Activities Related to This Session

HOL:

HOL-SDC-1303

VMware NSX Network Virtualization Platform

Group Discussions:

NET1001-GD

vCloud Networking and Security & NSX for VMware Environments with

Ray Budavari

NET5525

Page 38: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

THANK YOU

Page 39: VMworld 2013: Real-world Deployment Scenarios for VMware NSX
Page 40: VMworld 2013: Real-world Deployment Scenarios for VMware NSX

Real-world Deployment Scenarios for VMware NSX

Taruna Gandhi, VMware

Jeremy Hanmer, DreamHost

Funs Kessen, Schuberg Philis

NET5525

#NET5525