Datacenter Transformation with Network
Virtualization: Today and Tomorrow
Allwyn Sequeira, VMware
SEC5828
#SEC5828
2
Agenda
Network & Security Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
3
Enterprise
Data Center
Networking
The Industry Context - Three Major Forces in Networking
- Separation of control, OpenFlow
- X86 programmability
- Centralized management
Research, GOOG, Telco, Nicira
- Interconnect heterogeneous
compute/storage pools
- COTS hybrid server/switch
- L3 to the rack, scale out PODs
AMZN, RAX, FB, Ebay, Nicira
- SDDC: beyond servers
- Net / sec virtualization
- Fast / flat / fat fabrics, UCS
VMW, CSCO, …
N + V = NV leadership!
4
Network Virtualization = SDN+
L2
L3 Virtual
Networks
L2
All the properties of SDN
• Separation of control, forwarding
• Software innovation
• Time to market
• Service extensibility
With the benefits of virtualization
• Agility, efficiency, mobility
• Non-disruptive deployment
• Decoupled from physical
• Hardware independence
Distributed
Forwarding
Manual
Configuration
Network virtualization will leverage the network fabric / SDN controller shift
5
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
6
Enterprise Data Center Security & Networking Today
vSphere
Users
Sites
Backend
Services
- VLANs, ACLs, Firewalls, IDS/IPS, monitoring
- Server A/V Agents, guest security
- App | data | identity aware security, compliance
- DMZ firewall, NAT, DDI
- Site and user VPNs
- Web load balancers, WAF
- Desktop A/V Agents
- DLP, FIM, white listing
DMZ
Web
View
Way too complicated, fragmented, manual! OUCH
7
SDDC & NSX – Enabling App-Cloud
APP
CLOUD
VIRTUAL
PHYSICAL
HYPERVISOR HYPERVISOR HYPERVISOR
SDDC = A better way to build clouds
NSX = Solves SDDC networking & security
8
What Applications and Cloud Consumers Want…
Bridge Physical
L2
L3
Firewall
WAN
Internet
Edge
Apps should be completely un-aware of the underlying infrastructure
That is someone else’s problem i.e. OUR problem
9
NSX: Closing the Gap Between Provider and Consumer
NSX
L2
CMP
Bridge
Physical
WAN
Internet
Edge L3
Firewall
Any Physical Infrastructure
Compute, Storage & Network Hardware Independent
10
On any network On any network
The NSX Requirements
INTERNET
WAN
On ramp, off ramp
& edge services
ESX, KVM, Xen
Non-vSphere
compute clusters
vSphere
vSphere (incl vCenter)
compute clusters
NSX needs to deliver:
L2-L3 Network Services
L4-L7 Network Services
On demand, at scale
Operators Partners
Common model for
provider provisioning,
fault, perf, stats, logs
Common model for
partner service insertion
LAN
Physical
vCloud Suites Open Stack
Consumers
Common consumption
Model for CMPs, apps
11
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
12
VMware NSX – Networking & Security Capabilities
Any Application
(without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3, decoupled from the physical network
Logical Routing– Routing between virtual networks without exiting the software container
Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance
Logical Load Balancer – Application Load Balancing in software
Logical VPN – Site-to-Site & Remote Access VPN in software
NSX API – RESTful API for integration into any Cloud Management Platform
Partner Eco-System
13
Server Virtualization Cloud Infrastructure vCloud
vCloud
VMware’s Network & Security Virtualization Journey
vSwitch
Host 1 Host 2
vSwitch vSwitch vSwitch
Host Y Host Z
Abstract: vSwitch started the network virtualization journey
Pool: NSX Switch with distributed routing & overlays extend diameter
Burst: NSX Edge provides on/off ramp to/from data center
Secure: NSX Firewall is the basis for security virtualization
Automate: NSX Manager, APIs and CMP plugins provide integration
NSX Switch NSX Switch
Overlay
NSX Edge
NSX Firewall
14
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
15
VCNS
vSphere
vCloud Suites
Hardware and Location Independent
VMware: The Two Leading Network Virtualization Stacks
VMware Open stack
KVM, Xen
NVP
Open stack
NSX
16
Network & Security Virtualization – The Journey
1. Abstract
Physical
Virtual
Abstract network &
security functions
3. Automate
Cloud
Operations
Network/Security
Operations
Realize operational
benefits of virtualization
2. Pool
Distribute and allocate
to apps, on demand
Virtual
Physical
17
NSX Architecture and Design Pattern D
ATA
C
ON
TR
OL
MG
MT
CMP
CL
OU
D
PH
YS
ICA
L
VIR
TU
AL
OVERLAYS
Hypervisor
vSwitch
Hypervisor
NSX Switch
NSX Manager NSX Manager NSX Manager
NSX API
CMPs & apps consume logical services
The REST API abstracts underlying services
The Manager cluster maps services to controllers
Controller cluster: Manager + agents
Integrated switching, routing, firewalls in hypervisor
Overlays de-couple from physical
Physical: IP connectivity is the only requirement
18
L2-L
3
L4-L
7
Contr
ol
Mgm
t
Product Delivery Summary
VMW CMP Open Stack CLO
UD
P
HY
SIC
AL
VIR
TU
AL
Operations Partners
INTERNET
WAN
LAN
Physical
NSX Edge
Edge
Services
Router
ToR / OVSDB
NSX Controller Cluster
NSX Manager NSX Manager NSX Manager
NSX API
vCAC, Neutron Plugins
Consumption
ESX, KVM, Xen vSphere
NSX Firewall
DFW
NSX Switch
VDR
VDS
NSX Switch
OVS
19
Introducing NSX Partner Brocade
20
Brocade VCS Gateway for NSX — Centralized
© 2013 Brocade Communications
Systems, Inc. Proprietary Information
Easy initial deployment model—no rip and replace
Brocade VDX 6740 Fixed Switch with VCS Fabric Technology
• ASIC support for leading VTEP performance
• Simplicity and resiliency via logical gateway with redundant switches
VMware NSX Controller
LEAF LEAF
Spine
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
SLB
FW
LEAF LEAF LEAF LEAF LEAF LEAF
Spine
Brocade VDX Brocade VDX
Non-VXLAN VXLAN
21
Brocade VCS Gateway for NSX — Distributed
VXLAN gateway a feature of every ToR Brocade VDX 6740 switch
Maximum flexibility for placement of virtual and physical endpoints
Single point of management via VMware NSX integration and Brocade VCS Logical Chassis
Brocade
VDX
Brocade VDX
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
Non-VXLAN VXLAN
VMware NSX Controller
Brocade
VDX
Brocade VDX Brocade VDX
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
Brocade VDX
© 2013 Brocade Communications
Systems, Inc. Proprietary Information
22
Security Virtualization –
The Next Frontier
23
Security Virtualization with NSX Firewall & Edge
Apps / DB Tier DMZ
Users
Sites
Web Servers
• NSX Firewall: Virtualize internal firewalls & endpoint security into the hypervisor
• NSX Edge: Virtualize perimeter networking & security services (per VDC or vApp)
24
Network & Security Virtualization: The App Perspective
App
Owner
Virtualization
Operations
Physical
Infrastructure
25
NSX API and Manager Cluster in Action
26
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
27
VMware NSX – Network Virtualization
VMware NSX Transforms the Operational Model of the Network
• Network provisioning time reduced from days to minutes
Reduce network provisioning time from
days to seconds
Cost Savings
• Reduce opex by 80%
• Increase compute asset utilization upto 90%
• Reduce capex by 40-50%
Operational Automation
Simplified IP hardware
Choice
• Hypervisor: vSphere, KVM
• CMP: vCAC, Openstack
• Any Network Hardware
• Partner Ecosystem
Any hypervisor
Any CMP with Partner
28
Looking Forward: Interconnected SDDCs
• Any service, anywhere, any scale,
on any hardware
• Full API for implementing auto-scale
distributed services
• Leverage the power of virtualization
for next generation network services
Data Center
Data Center
Data Center
Logical Networks & Services
Consistent across multiple data centers
29
In Summary, NSX …
Transforms Networking and Security in the Software-
defined Data Center
Virtualizes networking and security to create efficient,
agile and extensible constructs
Increases operational efficiency and improves utilization
Simplifies operations and enables IT agility to drive business agility and protect business critical applications
Delivers the most extensible platform and broadest set of
ecosystem partners
START YOUR NETWORK & SECURITY VIRTUALIZATION JOURNEY TODAY!
30
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1302
vSphere Distributed Switch from A to Z
HOL-SDC-1303
VMware NSX Network Virtualization Platform
SEC5828
THANK YOU
Datacenter Transformation with Network
Virtualization: Today and Tomorrow
allwyn sequeira, VMware
SEC5828
#SEC5828