VMworld 2015: The Future of Network Virtualization with VMware NSX

39

Transcript of VMworld 2015: The Future of Network Virtualization with VMware NSX

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

CONFIDENTIAL 2

What You’ve Done with NSX

CONFIDENTIAL 3

NSX Customers

700+

Production Deployments(adding 25-50 per quarter)

100+

Organizations invested US$1M+ in NSX

65+

What You’re Doing Next

EXPANDED SECURITY

New security partners, integrations, and projects and applications of NSX.

DEEPER INTEGRATION

New infrastructure and operations partners, integrations, and frameworks for IT organizations

APPLICATION CONTINUITY

New functionality to scale deployments across vCenter instances, with the ability to:

• Pool resources from multiple data centers• Recover from disasters faster• Deploy a hybrid cloud architecture

• NSX 6.2 contains over 20 new features• Tested against over 1000 new scenarios

Objectives

Provide the future direction of NSX

and Network Virtualization

Deepen your understanding of the NSX

architecture

Address some misconceptions

about capabilities of NSX

Agenda

1 Network Virtualization: The Story So Far

2 Physical Networks & Bare-metal Workloads

3 Distributed Services

4 Beyond the Data Center – WAN and Multi-DC

5 Summary and Q&A

5CONFIDENTIAL

Major NSX Use-cases

6

Intra-Datacenter Micro-Segmentation

DMZ Anywhere

Secure User Environments

Security

IT Automating IT

Developer Clouds

Multi-tenant Infrastructure

Automation

Disaster Recovery

Metro Pooling

Hybrid Cloud Networking

Application Continuity

CONFIDENTIAL

VMware NSX™ Network Virtualization Components

Cloud Consumption

NSX Manager

NSX Controller

Data Plane

• Self Service Portal

• vRealize Automation, vCloud Director, OpenStack, Custom CMS

• High–Performance Data Plane

• Scale-out Distributed Forwarding Model

• Single configuration portal

• REST API entry-point

• Manages Logical networks

• Run-time state

• Scale out, HA

• Separation of Control and Data Plane

ESXi, KVM, Xen

Distributed Services

• Logical Switch

• Distributed Logical Router

• Firewall

• Load Balancer

HW VTEP NSX Edge

7CONFIDENTIAL

Agenda

8

1 Network Virtualization: The Story So Far

2 Physical Networks & Bare-metal Workloads

3 Distributed Services

4 Beyond the Data Center – WAN and Multi-DC

5 Summary and Q&A

CONFIDENTIAL

NSX with Physical Workloads

VXLAN VLAN

x86-based forwarding

Physical Workloads

VXLAN VLAN

Physical Workloads

Leverages x86

Highest density

and throughput

with partner HW

HW VTEP

9CONFIDENTIAL

VXLAN

Distributed Logical Routing with VTEPs

VXLAN VLAN

Physical View

Logical View

HW VTEP

10

NSX Controller

CONFIDENTIAL

Distributed Logical Routing with VTEPs

Logical Routing

VXLAN VLAN

Physical View

VXLAN

HW VTEP

ARP REPLYARPDATA

11CONFIDENTIAL

Logical Segmentation around Application Boundaries

12

App

DB

DMZ

CONFIDENTIAL

Logical Segmentation around Application Boundaries

13

App

DB

DMZ

CONFIDENTIAL

Consistent Policy for Physical and Virtual

VXLAN VLAN

HW VTEP

Physical View

VXLAN

Logical View

Policy Enforcement Points

Firewall Rules

ACLs

14CONFIDENTIAL

Adding ACL Configuration to VTEP Schema

% git log

commit 770c7df89c2771ba90d3aaa06a9a433a230472c9

Author: Bruce Davie [email protected]

Date: Fri Aug 14 14:14:26 2015 -0700

vtep: add ACLs to VTEP schema

Two new tables are added to the VTEP schema, for ACL entries and

ACLs (which are groups of entries). The physical port table is modified

to allow ACLs to be associated with ports, and the logical router table

is modified to allow ACLs to be attached to logical router ports.

Signed-off-by: Bruce Davie <[email protected]>

15

Tunnels Are like Cables

Third party

hardwareController

(Copper Cable)

Virtual

STT “Cable”

VXLAN

“Cable”

VXLAN

“Cable”

World

World

16CONFIDENTIAL

Tunnels Are like Cables

Third party

hardwareController

Geneve

GeneveGeneve

(Copper Cable)

Virtual

World

World

17CONFIDENTIAL

Geneve Update

MAC

IP

UDP

Geneve

Options

Inner Eth

Inner IP

Inner L4

Payload

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|Ver| Opt Len |O|C| Rsvd. | Protocol Type |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Virtual Network Identifier (VNI) | Reserved |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Variable Length Options |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Geneve is now supported in the following categories

Software Linux, OVS, OVN

NICs Intel, Broadcom, Mellanox, Netronome

Switch ASICS Broadcom, Mellanox, Cavium, Centec

Monitoring Tools wireshark, tcpdump, libcap

18CONFIDENTIAL

Is It True that You Don’t Get Real Visibility with Network Virtualization?

NSX Provides Highest Level of Visibility

20

vRealize OpsNSX Management Pack

Log InsightNSX Content Pack

SDDC Event Correlation Alerting

Centralized LoggingPer Service Dashboards

Native

Capabilities

Integration with

VMware Tools

Integration with

Partner Ecosystem

NSX API

Syslog

IPFIX

Port Mirroring

SNMP

Traceflow, Port Connections, and more…

Central CLI

CONFIDENTIAL

Demo

CONFIDENTIAL 21

Tech Preview

How do you troubleshoot / diagnose a connectivity issue between two virtual machines?

vRealize

Operations

NSX Manager NSX Controller

Agenda

23

1 Network Virtualization: The Story So Far

2 Physical Networks & Bare-metal Workloads

3 Distributed Services

4 Beyond the Data Center – WAN and Multi-DC

5 Summary and Q&A

CONFIDENTIAL

Why Distributed Services?

24

Scale out of

Network Services

Apply Services at

the vNIC

Unprecedented

Visibility

CONFIDENTIAL

Distributed Services – Efficient, Scale-out

vswitch

Hairpin

Traditional Appliance

Direct VM-VM Path

Distributed Virtual Firewall

NSXvswitch

With NSXThird Party Services

NSXvswitch

Shortest Network Path

25

About Cit rix

Citrix (NASDAQ:CTXS) is the cloud company that enables mobile workstylesempoweringpeople to work and collaborate from anywhere, securely

accessing apps and data on any of the latest devices, as easily as they would in their own office. Citrix solutions help IT and service providers

build clouds, leveraging virtualization and networking technologies to deliver high-performance, elastic and cost-effective cloud services. With

market-leading cloud solutions for mobility, desktop virtualization, networking, cloud platforms, collaboration and data sharing, Citrix helps

organizations of all sizes achieve the speed and agility necessary to succeed in a mobile and dynamic world. Citrix products are in use at more

than 260,000 organizations and by over 100 million users globally. Annual revenue in 2012 was $2.59 billion. Learn more at www.citrix.com

2

cit rix.com0813/PDF

NetScaler Solution Brief

NetScaler Control Center provides a single control point for vCloud

administrators to easily and safely make NetScaler functionality available to

vCloud users. NetScaler Control Center provides:

application deployment workflow

functionality through application templates

while providing cloud administrators a single point of control

appliances and NetScaler VPX virtual appliances

© 2012 Citrix | Confidential – Do Not Distribute

NetScaler Control Center for VMware Network V irtualization

VMware Software Defined Data Center

VMware Virtual Networking

ERP vDC .com vDC CRM vDC

CONFIDENTIAL

NSXvswitch

Distributed Load Balancing

26

Web Tier

App Servers

Database

Load

Balancer

Load

Balancer

Physical ViewLogical View

NSXvswitch

CONFIDENTIAL

27

Distributed Services Performance (FW + Routing)

10

11

12

13

14

15

16

17

18

19

64 512 1500 32k 64k

Sen

d t

hro

ug

hp

ut

in G

bp

s

TCP Message Size

100 Rules 500 Rules

1000 Rules 5000 Rules

Line rate for message size > 512

Intel Xeon CPU E5-2680 v2 @ 2.80GHz 2 socket, 10 cores per socket (Ivy Bridge)

Logical Switch

Logical Switch

CONFIDENTIAL

What Is the Role of DPDK in High-performance x86 Forwarding?

Agenda

29

1 Network Virtualization: The Story So Far

2 Physical Networks & Bare-metal Workloads

3 Distributed Services

4 Beyond the Data Center – WAN and Multi-DC

5 Summary and Q&A

CONFIDENTIAL

Beyond the DC

30

Today Tomorrow Future

Multi data center deployment Disaster Recovery Federation and MPLS SD-WAN

CONFIDENTIAL

Multi-DC Options

Stretched Cluster Separate Clusters

or Multi-VC

L2VPN MPLS

Scope Metro Geo Global Global

Latency (max) 10ms 150ms Any Any

Features Seamless Pooling

Across DCs

Logical networks span

DCs

NSX at one or both ends Independent

administration/Federation

Metro Storage required Independent storage L2 extension L3 (L2 possible)

Full NSX semantics

across DCs

Full NSX semantics

across DCs

Multi-tenant WAN

31CONFIDENTIAL

Site ATenant A

Tenant B

Tenant C

NSX API

MP-BGP & MPLS for Multi-site Deployments

NSX API MP-BGP

Site B

eBGP PeeringMP-BGP Control Plane

IP/MPLS

MPLSoGRE

NSX Edge

(ASBR)

NSX Edge

(ASBR)

Tenant A

Tenant B

Tenant C

32CONFIDENTIAL

Summary

33

Differentiation

NSX is mainstream

Innovation and growth

CONFIDENTIAL

Go learn more!

Wednesday Keynote

• Hands on Labs!

• Spotlight Sessions: NET6639-S The Next Horizon for Cloud Networking and Security

• SEC6640-S SDDC: Security for the new battlefield

• NET4941 VMware NSX - Deep Dive

• NET5212 NSX Performance

• NET5213 Operational Best Practices for VMware NSX

• NET5252 NSX Management Pack for vRealize Operations Manager

• NET4995 Integrating Physical Workloads and Infrastructure with a NSX Virtual Network

• NET5560 Bridging Virtual and Physical in NSX with OVSDB Standard-Based Hardware

VTEP Integration

• NET5989 - Multi-vCenter Solutions with VMware NSX

• NET4855 - Want Your Apps to Roam Freely? - NSX Solutions for Multi-Site Data Centers

34CONFIDENTIAL

NSX Ecosystem

CONFIDENTIAL 35

Service Insertion“Leverage full automation and

service insertion for NSX”

NSX aware“Leverage NSX API and

metadata to bring a solution”

Co-existence“Let’s meet in the network”

Works with any switching fabric

Works with routing ecosystem using traditional protocols

Existing Physical firewall provide security sitting in front of NSX Edge at layer 3

Existing Physical/virtual ADC services can connect to NSX at layer 2 or layer 3

Network Virtualization Next Steps with VMware NSX

CONFIDENTIAL 36

virtualizeyournetwork.com

The online resource for the people, teams and organizations that are adopting network virtualization

communities.vmware.com

Connect and engage with network virtualization experts and fellow VMware NSX users

vmware.com/go/NVtraining

Build knowledge and expertise for the next step in your career

labs.hol.vmware.com

Test drive the capabilities of VMware NSX