Professional Documents
Culture Documents
Disclaimer
This presentation may contain product features that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these
Features are subject to change, and must not be included in contracts, purchase orders, or
been determined.
CONFIDENTIAL
Objectives
Provide an update on latest NSX capabilities
Provide some insight into future NSX direction
Deepen your understanding of network virtualization and its value
CONFIDENTIAL
Overview
Network Virtualization in One Slide
Physical Network Integration
Encapsulations
Service Chaining
Multi-site Network Virtualization
Summary
CONFIDENTIAL
Application
Workload
Application
Virtual
Machine
Workload
x86 Environment
Virtual
Machine
Workload
Virtual
Machine
Hypervisor
Requirement: x86
Virtual
Network
Decoupled
Virtual
Network
Virtual
Network
Physical Network
CONFIDENTIAL
Controller Cluster
Cloud Management
Platform
L2
L3
L2
Northbound
NSX API
VTEP API
Software
HW Partner
NSX vSwitch
NSX vSwitch
vSphere Host
vSphere Host
Open vSwitch
KVM
Open vSwitch
Xen Server
NSX Edge
Hardware
VLAN
VLAN
Physical Network
Controller Cluster
VM MACS
API (OVSDB)
DB
Tunnels (VXLAN)
vSwitch
vSwitch
vSwitch
Hypervisor
vSwitch
Hypervisor
Hypervisor
Hypervisor
IP Underlay
(no mulitcast required)
PHYMACS
Physical
Workloads
V)
192.168.1.1
192.168.1.254
192.168.2.254
vSwitch
Hypervisor
192.168.1.1
192.168.2.1
Logical View
192.168.2.1
Physical View
Packet Walk
ARP: IP=192.168.1.254
SRCMAC=VM
192.168.1.1
ARP_REP: IP=192.168.1.254
MAC=LogicalRouter_A
vSwitch
Hypervisor
ARP: IP=192.168.2.1
SRCMAC=Hypervisor
VNI=2
ARP_REP: IP=192.168.2.1
MAC=Physical
ARP: IP=192.168.2.1
VNI=2
SRCMAC=LogicalRouter_B
ARP_REP: IP=192.168.2.1
MAC=Physical
192.168.2.1
Distributed L3
The other paths (PV, VV, PP) are similar
Routers ARP reply always comes from nearby VTEP or vswitch
That node then ARPs toward the ultimate destination
CONFIDENTIAL
10
VTEP Futures
BFD health monitoring
Mitigate service node failures
Provide overlay health monitoring/troubleshooting
ACL configuration
QoS DSCP setting
Higher layer services (e.g. ADCs)
CONFIDENTIAL
11
Detect Elephants
vSwitch ideally suited for task, maybe combine with central control
2.
Convert to mice
CONFIDENTIAL
12
10
950
900
850
800
750
700
650
600
550
500
0
1
11
21
31
41
51
61
71
81
Time (Secs)
91
101
111
121
131
Latency ms)
Bandwidth (Mbps)
Elephant
Mice
cumulusnetworks.com
13
10
950
900
850
800
750
700
650
600
550
500
Latency (ms)
Bandwidth (Mbps)
Elephant
Mice
0
1
11
21
31
41
51
61
71
81
Time (Secs)
91
101
111
121
131
cumulusnetworks.com
14
Tunneling
Networking people love to argue about tunnel formats
Primarily a low-level detail of the implementation
But tunnel format matters:
Interoperability (HW + SW endpoints)
ECMP on current switches
Extensibility
Performance
Visibility
CONFIDENTIAL
15
Physical
WORLD
Copper Cable
Controller
Geneve
Geneve
VXLAN
Cable
Hypervisor
VXLAN
Cable
STT
Geneve
Cable
Hypervisor
Geneve Header
MAC
IP
UDP
Geneve
Options
Inner Eth
Inner IP
Inner L4
Payload
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver| Opt Len |O|C|
Rsvd. |
Protocol Type
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Virtual Network Identifier (VNI)
|
Reserved
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Variable Length Options
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CONFIDENTIAL
17
CONFIDENTIAL
18
Geneve goal is that we dont need another encap for a long time
CONFIDENTIAL
19
Service Chaining
VPN
IPsec/SSL
Firewall
Partner
VNF
Creating a graph of services (e.g. load balance, firewall, WAN optimize, etc.)
Network virtualization provides a natural way to do this in automated manner
Creating virtual topologies
CONFIDENTIAL
20
App
Web
App
3rd Party FW
vSwitch
Hypervisor1
3rd Party FW
vSwitch
Hypervisor1
Hypervisor2
Physical View
22
Single DC
Federation
Sub-ms latency
High BW
Metro Area
DCs
Low-ms latency
High BW
Geographically
Dispersed DCs
100-ms latency
Constrained BW
CONFIDENTIAL
23
NSX
Edge
IP/MPLS CORE
To Customer Sites
PE
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
NSX
Edge
MPLS Core
To Customer Sites
ASBR
MPLS Labelled Packets mapped
to/from logical networks
Treat interface like
inter-AS (RFC 4364)
MP-BGP
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
NSX
Edge
WAN
NSX
Edge
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
NSX API
VM
VM
MP-BGP
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
NSX
Edge
WAN
NSX
Edge
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
WebService
API
NSX Controller
NSX Controller
Persistent
Storage
NSX Controller
NSX Controller
Logical
Network
NSX Controller
Controller
Cluster
Node1
Node2
Node3
Node4
Node5
WebService
API
NSX Controller
NSX Controller
Persistent
Storage
NSX Controller
Logical
Network
NSX Controller
NSX Controller
Controller
Cluster
Node1
Node2
Node3
Node4
Node5
Summary
Network virtualization not just for the bleeding edge
Physical networks are part of the story
Control the physical edge for non-virtualized workloads and north-south traffic
Communicate with the underlay for congestion/elephant flow mitigation
Keep moving up the stack
30
Related Sessions
Hands-on Labs
SDC-1402
SDC-1420
SDC-1423
SDC-1424
SDC-1425
SDC-1403
32
NET1583
NET1974
NET1966
NET1592
Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX
NET3444-GD
33
Introduction to NSX
VMware NSX A Technical Deep Dive
NET1957
NET1468
NET1586
NET1560
NSX1883
NSX1588
NET1401
NET2318
NET1581
NET2379
NET2225
CONFIDENTIAL
34
Thank You
Bruce Davie
bdavie@vmware.com
Thank You
NET1674