introduction to vmware nsx and network …...introduction to vmware nsx and network virtualization...
TRANSCRIPT
1Confidential │ ©2019 VMware, Inc.
Tuan Nguyen, Sr Technical Product Manager
Susan Wu, Sr Product Marketing Manager
Varun Santosh, Sr Product Marketing Manager
Introduction to VMware NSX and Network Virtualization
08/2019
Confidential │ ©2019 VMware, Inc.
Agenda
2
SDN 101- What is Network VirtualizationOptional subtitle
NSX-T Use CasesOptional subtitle
Customer Case – IHS MarkitOptional subtitle
NSX-T ArchitectureProblem definition, components, services, and demo
SummaryResources, Q&A
Confidential │ ©2019 VMware, Inc. 3
host3
host2
host1
VDS
VDS
VDS
host6
host5
host4
VDS
VDS
VDS
rack1 rack2
Network Virtualization
Host virtualization
• Several VMs per host– Snapshot, backup
• vMotion
vMotion across racks?
• Stretch Subnet A to the whole data center?
The case for network overlays
VM1 VM2
Subnet A Subnet B
VM1
Logical View
VM2
Subnet A
Subnet A
Subnet A Subnet B
Confidential │ ©2019 VMware, Inc. 4
host3
host2
host1
VDS
VDS
VDS
host6
host5
host4
VDS
VDS
VDS
rack1 rack2
Network Virtualization
How do you:
• Provision physical services
The case for network overlays
VM1
Subnet A
VM1 VM2
Logical View
Subnet A
?
VM2VM1
VM2
VM1 VM2
Subnet A
• Add a new subnet? Delete them?
• Steer traffic through the appliance?
• Overlapping subnets and IP addresses in the same environment?
Confidential │ ©2019 VMware, Inc. 5
N-VDS
N-VDS
N-VDS
N-VDS
N-VDS
N-VDS
rack1 rack2
The Overlay ModelIntroducing the segment (a Virtual L2 Broadcast Domain)
Subnet A Subnet B
VM1
VM2
VM1 VM2
Logical View
IP N.1 IP N.2
VM (vNIC) Location
Mac VM1 TEP A.1
Mac VM2
Segment
TEP: Tunnel End Point
TEP A.1
TEP A.2
TEP A.3
TEP B.1
TEP B.2
TEP B.3TEP A.3 TEP B.3
Segments are instantiated on the hypervisors
N-VDS: NSX Virtual Distributed Switch (NSX data plane)
Segments are extended between hypervisors using IP tunnels
NSX maps the virtual elements to the physical network
What if the workload moves
Confidential │ ©2019 VMware, Inc. 6
NSX Controller
NSX Manager
Private Cloud
NSX-T componentsNSX Architecture
ESXi host
N-VDS
KVM host
N-VDS
NSX EdgeBare MetalServer
NSX
LinuxVM
NSX
WindowsVM
NSX
NSXCloudGW NAT
VMs Containers
VM Cluster (scale out + redundancy)
NSX Manager Appliance
NSX Manager Appliance
NSX Manager Appliance Cloud Service Manager
NSX Container Plugin
vCenter(s)
CMP, Automation
Public Cloud
VMware Cloud on AWS
DataPlane
Transport Nodes:
• Host workloads (VMs, containers) and services
• Switch data plane traffic
ControlPlane
• Maintain and propagate dynamic state within the system
ManagementPlane
• UI/API entry point, Store desired configuration
• Interact with other management components
Confidential │ ©2019 VMware, Inc. 7
NSX Terminology
Transport Node (TN)
Data plane node prepared for NSX and participating in traffic forwarding. Ex: Hypervisor, Edge Node, bare metal server with NSX Agent
NSX Virtual Distributed Switch (N-VDS)
NSX software component that performs switching on a Transport Node (N-VDS typically owns several physical NICs on the Transport Node)
Transport Zone (TZ)
Defines the boundary for logical networks over the physical infrastructure. (N-VDS on the transport nodes binds to specified Transport Zone)
Logical Segment (LS)
A virtual Layer 2 broad-cast domain created within a Transport Zone
N-VDS N-VDS N-VDS
host host hostNSX Edge
Transport Zone “TZ1”Overlay LS1
Overlay LS2LS not extended to this TN as it is not attached to TZ1
Confidential │ ©2019 VMware, Inc. 8
Register compute manager and create transport zone to deploy N-VDSNSX-T Switching
Screen Capture on the NSX-T Manager UI
NSX Manager
vCenter
web1 web2 app1
OVERLAY_TZ1
Confidential │ ©2019 VMware, Inc. 9
Create logical segments and attach the VMsNSX-T Switching
NSX Manager
vCenter
web1 web2 app1
LS-T1-WEB LS-T1-APP
Screen Capture on the NSX-T Manager UI
OVERLAY_TZ1
Confidential │ ©2019 VMware, Inc. 10
The routing function:• is distributed on the transport nodes• is performed in kernel space of the transport node• is not a VM
NSX-T Logical RoutingInstantiated on every transport node
Transport Node
web1 app1
app1web1
Logical View
segment1 segment2
segment1segment2
Overlay Tunnel
Transport Node 1 Transport Node 2
Physical Implementation
web1 app1
segment1
segment2
Physical Implementation
Confidential │ ©2019 VMware, Inc. 11
NSX-T Logical RoutingCreate logical router and connect the segments
Screen Capture on the NSX-T Manager UI
NSX Manager
vCenter
web1 web2 app1
LS-T1-WEB LS-T1-APP
T1-WEB
OVERLAY_TZ1
T1-APP
DFW-T0
Confidential │ ©2019 VMware, Inc. 12
Switching
NSX-T Network ServicesNSX goes beyond Layer 2
VM1 VM2
Logical View
VM5 VM6
VM3 VM4
VM1 VM2
VM3 VM4
Internet
VM5 VM6
Routing Load Balancing
VPN Firewalling Connect to physical
NAT DHCP Meta Data Proxy
N-VDS
N-VDS
N-VDS
N-VDS
N-VDS
N-VDS
rack1 rack2
TEP A.1
TEP A.2
TEP A.3
TEP B.1
TEP B.2
TEP B.3
Subnet A Subnet B
Proxy
Confidential │ ©2019 VMware, Inc. 13
NSX Cross Cloud SecurityConsistent networking and security for applications
Private Cloud AWS/Azure
web1 web2
Web
db1
DB
web3 web4
Web
AD NTP
Services
DNS
• Consistent security policy across clouds– Granular control over E-W traffic
• Consistent operations control across clouds– Consistent tooling on-prem and in
public clouds
• Visibility across clouds– Network flow and packet visibility
for identifying and troubleshooting issues quickly
• Efficient control over cloud networking– Simplified VPN, dual-homed
tunnels for resiliency
Defines security policiesIT
Cloud Service Manager | NSX Manager
Confidential │ ©2019 VMware, Inc. 14
NSX Cross Cloud SecurityOn-prem security and load balancing
Screen Capture on the NSX-T Manager UI
NSX Manager
web1 web2 db
Web DB
Cloud Service Manager
DFWWP_LB1
DFW_T1_WORDPRESS
DC
Confidential │ ©2019 VMware, Inc. 15
web
Web
AWS/Azure
NSX Cross Cloud SecurityCross cloud security and load balancing
Screen Capture on the NSX-T Manager UI
NSX Manager Cloud Service Manager
DC
web
Web
Confidential │ ©2019 VMware, Inc. 16
Network Automation
Cloud Management
NSX REST API
NSX Manager(s)
vRealize AutomationvRealize Orchestrator
PivotalApplication
Service
Programming Languages Configuration Management
Confidential │ ©2019 VMware, Inc. 17
All companies aresoftware companies
(but most are not operating like it.)
Confidential │ ©2019 VMware, Inc. 18
ESX
NSX Evolution
BRANCH
DC
EDGE/IOT
PUBLIC CLOUD
PRIVATE CLOUDvSphere
Confidential │ ©2019 VMware, Inc. 19
vSphere
BRANCH
BRANCH
EDGE/IOT
TELCO/NFV
BRANCH
BRANCHDCDC
DC
EDGE/IOT
Virtual Cloud NetworkNSX Evolution
Tied Together.Everywhere.
vRNI
CLEAR VISIBILITY
Virtual Machines | Containers | Bare Metal
VCN
Confidential │ ©2019 VMware, Inc. 20
NSX – A Powerful Enabler
Service-Defined Firewall
Multi-Cloud Networking
Network Automation
Cloud-Native Networking
Confidential │ ©2019 VMware, Inc. 21
NSX – A Powerful Enabler
Service-Defined Firewall
Multi-Cloud Networking
Network Automation
Cloud-Native Networking
Confidential │ ©2019 VMware, Inc. 22
Bringing it togetherVMware Service-Defined Firewall
Learnthe app at a computeand network level
Lockboth network and compute
Adaptsegments as the application changes
Human Expertise[ Knowledge ]
Machine Learning[ scale ]
PROCESS
PROCESS
PROCESS
OS
PROCESS
PROCESS
PROCESS
OS
svc
svc
Modern App
Distributed Firewall | AppDefenseNSX
NSX INTELLIGENCECLOUD
Confidential │ ©2019 VMware, Inc. 23
Service Defined FirewallSteps to the solution
Understand the complete application
Dynamic, object-based policy
model
Comprehensive threat detection and
intelligence
Distributed policy enforcement
Visibility and Troubleshooting
Confidential │ ©2019 VMware, Inc. 24
SDDC turbo charge Porsche’s infrastructure
Porsche Informatik
“As leading automotive retail group, we are the target of criminal hackers. That’s why the innovative firewall concept part of VMware NSX was so important to us.”
Intrinsic Security : How VMW Infra can turn the tide on Cybersecurity
SEC3412KU | Tues, Aug 27 at 5:30 PM
— Lisa SiegesleitnerSecurity Specialist, Porsche Informatik
Confidential │ ©2019 VMware, Inc. 24
Confidential │ ©2019 VMware, Inc. 25
NSX – A Powerful Enabler
Service-Defined Firewall
Multi-Cloud Networking
Network Automation
Cloud-Native Networking
Confidential │ ©2019 VMware, Inc. 26
Virtualization Layer
NSX Data Center
DATA CENTER
NSX Platform
vSwitch
Workloads
Confidential │ ©2019 VMware, Inc. 27
Seamlessly extend to multiple locationsData Center Extension
Data Center Extension
Compute
Storage
Network
Private Cloud Remote Data Center Public Cloud
NSX Data Center
NSXCloud
NSX Data Center
Benefits• Consistent
networking and security
• Improved application resiliency
• Hardware independence
• End-to-end visibility
Disaster Avoidance and Recovery
Workload Mobility
Confidential │ ©2019 VMware, Inc. 28
DATA CENTER
vSwitch
CLOUD
Native Clouds
VMware Clouds
NSX Data Center
Confidential │ ©2019 VMware, Inc. 29
“With NSX micro-segmentation on VMware Cloud on AWS and the ability to easily and securely interconnect from our legacy systems to VMware Cloud on AWS, we have made a big leap in our digital transformation journey.”
— Néstor RodríguezIT & Change Director, Provident Mexico
VMware helped Provident Mexico with Digital Transformation
Provident MexicoNSX Cloud: Consistently Extend NSX to AWS and Azure
CNET1600BU | Mon, Aug 26 at 3:30 PM
Confidential │ ©2019 VMware, Inc. 29
Confidential │ ©2019 VMware, Inc. 30
NSX – A Powerful Enabler
Service-Defined Firewall
Multi-Cloud Networking
Network Automation
Cloud-Native Networking
Confidential │ ©2019 VMware, Inc. 31
Service Catalog
Cloud Management Platform
Cloud ResourcesNetwork profile
Endpoint Management
Blueprint
Cloud Automation with NSX-T Data CenterDynamically configure NSX-T logical services
NSX-T Services
vRealize Automation –Cloud Automation Services
On Demand Application and Network Delivery
NAT
DHCP
Routing
Distributed Firewall
+ VM VM
VM
VM VM VM
Web
App
Db
Confidential │ ©2019 VMware, Inc. 32
How do you automate infrastructure in an application rollout?Network Infrastructure as Code: API Simplicity
Traditional Network Automation
Config…VLAN (multiple switches)IP subnet (Router)Security Policy (Firewall)NAT service (Router)Load Balancing (ADC)
Standardized API ONE JSON File
POST/GET Logical Switch(~12) POST/GET Tier-1 Router(~2)POST/GET NSGroups(~3)POST DFW-Section(~2)POST EDGE Firewall (~2)POST NAT (~2)POST LB Config (~10)
Automation with NSX
PATCH https://<ip>/policy/api/v1/infrra
{
desired outcomehuman-readable JSON
}
…Taken to a New Level
Scripting
Confidential │ ©2019 VMware, Inc. 33
Network automation use case
IHS MarkitNetwork Automation with NSX-T and vRealize Automation
CNET2588BU | Wed, Aug 28 at 8:30 AM
“When we bring up an application, it’s automatically tagged and associated with the security polices that we’ve created.”
- Andrew HrycajSenior Network Operations Specialist IHS Markit
Confidential │ ©2019 VMware, Inc.
Confidential │ ©2019 VMware, Inc. 34
NSX – A Powerful Enabler
Service-Defined Firewall
Multi-Cloud Networking
Network Automation
Cloud-Native Networking
Confidential │ ©2019 VMware, Inc. 35
InfrastructureOperator
Kubernetes is a Critical Piece of a Container-as-a-Service Stack
Image Registry
Framework Lifecycle Management
Security and Networking
Storage Persistence
Virtual Infrastructure
Physical Infrastructure
Monitoring, Logging, Analytics
Cluster Health Monitoring, Healing and Lifecycle Management
Developer
Scheduling, Orchestration, Service Creation
APPS
Scheduling, Orchestration, Service Creation
Confidential │ ©2019 VMware, Inc. 36
End-to-end, Troubleshooting, Configuration, Metrics
Unified Separate tools
Networking for Containers: Simple, Lightweight, Portable
Patchwork Do-It-Yourself
Single NSX Stack
Layer 4(Sec Policy)
Layer 7
Layer 3
Layer 2
Confidential │ ©2019 VMware, Inc. 37
5.1 million prices changes daily running on Kubernetes + VMs
William Hill Introduction to Container Networking
CNET2604BU | Monday, Aug 26 at 2:30 PM
Confidential │ ©2019 VMware, Inc. 37
“With Kubernetes and VMware NSX-T Data Center on-premises, we can scale out easily for major events like the Grand National, where we see five or six times more load than we would do on a normal Saturday.”— Ben Fairclough
Infrastructure Architect, William HIll
Confidential │ ©2019 VMware, Inc. 38
Driving Value with our NSX Partner Ecosystem
Cloud
Orchestration and Management Operations and Visibility
The picture can't be displayed.
Networking and Security Services
Network Infrastructure
Confidential │ ©2019 VMware, Inc. 39
VMware Networking Customer and Partner Momentum
10,000+ NSX customers
100+ Service Providers Platform for Telco
Networking Community13,000+ certifications issued 31,000+ VMUG-NV members
Confidential │ ©2019 VMware, Inc. 40
Software Defined Networking EverywhereSummary
Multi-VendorMultiple vendors
and multiple generations
Any TopologyL2 end-to-end, Spine/Leaf, L3
aggregation etc.
Heterogenous End-points
VMs, containers, bare metal servers
Cross Hypervisor
ESXi, KVM
Multiple CloudsPrivate, public,
hybrid, and edge clouds
41Confidential │ ©2019 VMware, Inc.
Book Signings at the VMware Booth
VMware Cloud on AWS: Networking and SecurityTuesday, August 27 at 11:30 AM
Network Virtualization for DummiesTuesday, August 27 at 5:00 PM
New Book Launch!
Confidential │ ©2019 VMware, Inc. 42
How to get startedResources
LEARN TRY
nsx.techzone.vmware.com
CONNECT
TRY
@VMwareNSX#runNSX
Learn ConnectTry
Design Guides Demos
Take a Hands-on Lab
Join VMUG, VMware Communities (VMTN)