©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.
Arup DebSenior Specialist Solution Engineer, Networking & Security, Asia Pacific & Japan, VMware
Application Visibility & Troubleshooting the Virtual Cloud Network and NSX
©2019 VMware, Inc.
Agenda
2
Virtual Cloud Network – Apps and Network everywhere
Visibility into VCN with vRealize Network Insight
Discover and Curate Applications
Friend of NetOps – Help troubleshoot an app
3©2019 VMware, Inc.
Virtual Cloud NetworkWhere is the App? What is the Network?
©2019 VMware, Inc. 4
vSphere
BRANCH
BRANCH
EDGE/IOT
TELCO/NFV
BRANCH
BRANCH
DCDC
DC
BRANCH
Virtual Cloud Network (VCN)
Tied Together—Everywhere.
vRealize Network Insight
END-TO-END VISIBILITY
NSX Intelligence
DEEP INSIGHT
©2019 VMware, Inc. 5
Networking
• End-to-End Troubleshooting, Traffic and Path Analytics
• Application Latency and Network Performance
App-Centric Network and Security OperationsEnd-to-End Visibility for Private, Hybrid and Multi-Cloud
Public Clouds(VMC, AWS, Azure …)
Containers(K8s, PKS, OpenShift)
Virtual(SDDC/NSX)
Physical (Network & Firewalls)
Branch and Edge(VeloCloud)
vRealize Network Insight
Security
• Traffic Visibility and Application Modeling
• Operations, Change/Audit and Compliance
Applications
Discovery, Curation and Operations
©2019 VMware, Inc. 6
vRealize Network Insight and vRealize Network Insight Cloud*Discover, Optimize and Troubleshoot App Security and Networking: DC to Cloud to Branch
6
Optimize and Troubleshoot Virtual and Physical Networks
• Reduce MTTR for application-connectivity issues
• Optimize application performance by eliminating network bottlenecks
• Manage and Operate and NSX at scale
Gain Network Visibility
• Visibility for multi/hybrid clouds (NSX, VMC, AWS, Azure) and SD-WAN
• Discover connectivity between the overlay and underlay networks
• Analyze Traffic and Apps across the hybrid and public clouds
Plan, Secure and Migrate Applications
• Discover Apps (VMs, Containers, Clouds), Identify traffic patterns
• Secure, audit and ensure compliance
• Plan app migration across hybrid / multi-cloud
* Formerly Network Insight SaaS
©2019 VMware, Inc. 7
Cisco APIC
Panorama
All Virtual (on-premises or SaaS), Agent-less, Multi-Vendor Solution
vRealize Network Insight: Overlay + Underlay Visibility
AutomationIT AUTOMATING IT | DEVELOPER CLOUD
MULTI-TENANT CLOUD
SecurityMICRO-SEGMENTATION | SECURE END USER DMZ
ANYWHERE
Virtualoverlay
Physicalunderlay
Spine
Leaf
P+V Discovery
and Monitoring
App Visibility and
Troubleshooting
vRNI Flow Visibility Apps
Path: Overlay + Underlay
vCenter, NSX, VeloCloud APIs
Flows
vRNI supports a rich set of underlay vendors:
- Switches: Dell, Cisco (ACI, Nexus), Arista, Juniper …
- Firewalls: Palo Alto, Checkpoint, Cisco ASA, Fortinet …
- Load Balancers: F5 …
- Flows: NetFlow, IPFIX, sFlow
3rd Party Managers
(Cisco APIC, Panorama etc.)
SDWAN
8©2019 VMware, Inc.
App-Centric Network VisibilityDiscover, Curate, Operate
©2019 VMware, Inc. 9
Application awareness is core to our network and security operations strategy
App-Aware Discovery and Operations
NamesTags
(VMs, EC2)
Flows(IPFIX,
Flow Logs) Kubernetes(PKS, K8s, OpenShift)
L4-L7(NSX,
SD-WAN)
CMDB(SNOW)
• Use Names, Tags, K8s, CMDB
• Connectivity, Troubleshooting
• Top Flows, Latencies, Anomalies
• Track changes, ensure compliance
• Include Non-VMware end-points(From underlay NetFlow/sFlow)
• Auto-Baseline Apps
©2019 VMware, Inc. 10
Application centric network operationsDiscover – Names, Tags, CMDB
o Discover Apps
o Names, Tags, CMDB, K8s
o Curate/Approve: Include other end points, Save
o Operate
o Troubleshooting: App and N/W Topology
o Analytics: Top Flows, Latencies, Anomalies
o Security: Traffic Analysis, Planning, Audit
©2019 VMware, Inc. 11
Application centric network operationsCurate
o Discover Apps
o Names, Tags, CMDB, K8s
o Curate/Approve: Include other end points, Save
o Operate
o Troubleshooting: App and N/W Topology
o Analytics: Top Flows, Latencies, Anomalies
o Security: Traffic Analysis, Planning, Audit
©2019 VMware, Inc. 12
Application centric network operationsOperate
o Discover Apps
o Names, Tags, CMDB, K8s
o Curate/Approve: Include other end points, Save
o Operate
o Troubleshooting: App and N/W Topology
o Analytics: Top Flows, Latencies, Anomalies
o Security: Traffic Analysis, Planning, Audit
13©2019 VMware, Inc.
Optimize and Troubleshoot ApplicationsAcross NSX (VMs, K8s), SD-WAN
©2019 VMware, Inc. 14
Mean Time to Innocence: Blame Someone Else
©2019 VMware, Inc. 15
Discover, Troubleshoot, Correlate, Analyze, Recommend
DiscoverApplication
Network
Flows/Path
TroubleshootApp Performance
Is it Network or App?
CorrelateApp slowness with network bottleneck
AnalyzeImpact within App Impact across App
(with APM)
RecommendNetwork Mitigation
App Mitigation
©2019 VMware, Inc. 16
Reduce MTTI with vRealize Network InsightUse Case
NSX/Infra Admin
DC/Network Admin
App Owner
3rd Party Manager
• Deploys apps on virtual infra
• Monitors App/API Health, SLA
• Discover Virtual & Physical Infra
• Auto-Group Apps
• Secure, Micro-Segment Apps
• Provision / Manage Underlay
• Monitor health, Plan Capacity
• Stream Network Telemetry (port health, drops, congestion)
Day 0Day 2
(App Degraded)
• App Health Good
• Virtual Infra issues? Ticket!
• App Hotspots Latency Spike
• Check VM –VM Path
• Trace Underlay Issues
• Move chatty VMs to other Leafs
• Check/Fix SFP Errors
• Add LAG/ECMP Members
Physicalunderlay
©2019 VMware, Inc. 17
Virtual Cloud Network (VCN) TroubleshootingRound Trip Time, Latency and Analytics
.
Sender Receiver
Request
Reply
RTT
Why is my app slow?
• Identify latency (RTT) of flows in app tiers
• Latency in accessing the app?
Is there latency in my virtual or physical infrastructure?
• Is it in the Host? (vNIC to vNIC, vNIC to pNIC)
• Is it in the path? (VTEP to VTEP)
Congestion / Packet drops in the underlay?
©2019 VMware, Inc. 18
Flow RTT: NSX IPFIX reports, vRNI computes abnormal flows
Flow Round Trip Time (RTT) and Virtual Infra Latency
Latency Metrics: NSX reports vNIC pNIC latencies, vRNI aggregates/analyzes per pNIC
19©2019 VMware, Inc.
Apps: Branch to Cloud / DCSD-WAN Visibility and Troubleshooting
©2019 VMware, Inc. 20
SD-WAN Visibility and Troubleshooting With VeloCloud integration
Branch Visibility
o Who is talking to whom
o Flows and usage by clients, LOB, edge and app
Edge-to-Data Center Connectivity
o Network topology, end-to-end path visibility
o Troubleshoot Edge to DC, VPN, Gateway, Hub
Analytics and Reporting
o Flow visibility with app info, top talkers
o Data center application usage by branch
o Multi-path metrics
o Business policy violations (wrong link used)
©2019 VMware, Inc. 21
Site Analytics
• Site Visibility
• Apps, VMs, Links, Metrics
• Path & connectivity to other sites, gateway, data center
• Stitching the flows/path from Velo to NSX
• Hybrid WAN visibility (legacy + SD-WAN)
Virtual, Physical, Data center
©2019 VMware, Inc. 22
End-to-End Path Visibility Across DC/WAN/Cloud
Shows all virtual and physical components
End-to-end path from VM → WAN → VM across sites
Path from VM → WAN → SaaS App
©2019 VMware, Inc.
vCenterNSX Manager
NSX Firewall Flows
Physical Infra Config & Metrics
Amazon Web Services VPC Flow Logs
Physical Infra Flows
Virtual Infra Flows
360Networking and Security
Visibility
Most Comprehensive Network & Security Visibility SolutionVisibility Across Virtual, Physical & Multi-Cloud!
©2019 VMware, Inc. 24
How to get started
Resources
LEARN TRY
nsx.techzone.vmware.com
CONNECT
TRY
@VMwareNSX#runNSX
Learn ConnectTry
Design Guides Demos
Take a Hands-on Lab
Join VMUG, VMware Communities (VMTN)
©2019 VMware, Inc.
Thank You!
Confidential │ ©2019 VMware, Inc.
©2019 VMware, Inc. 27