© 2014 VMware Inc. All rights reserved. An Introduction to Network Virtualization Scott Lowe, VCDX Engineering Architect 10 June 2014 Taking a closer look at VMware NSX 

Before We Begin •  Get involved! Feel free to ask questions or provide constructive feedback. •  Please silence all mobile devices. •  Feel free to take pictures, record videos, or post social media updates. Use hashtag #KCVMUG or @MyVMUG. •  This presentation will be available via SpeakerDeck and SlideShare after the event. 2 

Background - The Adoption Curve 2010 2011 2012 1H 2013 2H2013 “Science
 fiction.” “Plausible.” “Let the crazies go first.” “Help me understand.” “Get me into production” 

VMware NSX Functionality What can I do with VMware NSX? 

VMware NSX for vSphere – Networking Capabilities Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Any Network Hardware Any Cloud Management Platform VMware vSphere Logical Switching– Layer 2 over Layer 3, without dependencies on the physical network Logical Routing– Routing between virtual networks and physical, East-West and North-South Optimized Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance Logical Load Balancer – Application Load Balancing in software Logical VPN – Site-to-Site & Remote Access VPN in software NSX API – RESTful API for integration into any Cloud Management Platform 

Logical Firewall/Routing •  OSPF/eBGP/iBGP/IS-IS •  Virtualization and identity context firewall Features •  Remove hairpins and bottlenecks in routing and firewalling •  Line rate performance with distributed scale out architecture Scale & Performance •  Create on demand networks to speed up application provisioning Use Cases L2 L2 Tenant A Tenant B L2 L2 L2 Tenant C L2 L2 L2 

Logical User (SSL) and Site 2 Site (IPSec) VPN •  Interoperable IPsec tested with major vendors •  Clients on all major OS (Win, Apple, Linux) •  Remote Authentication via Active Directory, RSA Secure ID, LDAP, Radius •  TCP Acceleration •  Encryption – 3DES, AES128, AES256 •  AESNI H/W Offload •  NAT & Perimeter Firewall Traversal Features •  High Performance – AES-NI acceleration •  2 Gb/s throughput per tenant Scale and Performance •  Cloud to Corporate •  Cloud On-boarding •  Remote Office/Branch Office •  Remote Management Use Cases Internet/ WAN IPSEC Internet/ WAN SSL – VPN 

Public Cloud Logical L2 VPN •  SSL-based •  Web-proxy Support •  L2 Bridge to Cloud •  Broadcast support Features •  High Performance – AES-NI acceleration •  2 Gb/s throughput per tenant Scale & Performance •  Cloud On-boarding •  Cloud Bursting Use Cases Internet/ WAN L2 VPN L2 VPN VM VM VM 

The Power of Distribution 

The Power of Distribution 

Evolving Role of the Physical Network •  From 2- or 3-tier to spine/leaf •  Density & bandwidth jump •  ECMP for layer 3 (and layer 2) •  Reduce network oversubscription •  Wire & configure once •  Uniform configurations WAN/Internet   WAN/Internet   

VMware NSX 
 Core Components How does VMware NSX work? 

NSX for vSphere Components Consumption •  Self-service portal •  Cloud management •  vCloud Automation Center Data Plane NSX Edge Services Gateway ESXi VDS Hypervisor Kernel Modules Firewall Distributed Logical Router VXLAN NSX vSwitch •  NSX Edge •  VM form factor •  Data plane for north-south traffic •  Routing and advanced services •  NSX vSwitch •  Distributed network edge •  Line rate performance Management Plane NSX Manager •  Single point of configuration •  REST API and UI interface vCenter Server Control Plane NSX Controller •  Manages logical networks •  Run-time state •  Does not sit in the data path •  Control-plane protocol NSX Edge Logical Router User World Agent 

NSX Manager •  Centralized management plane •  Built for a 1:1 mapping between itself and a vCenter Server Features •  Provides the management UI and API for NSX •  Secures control plane communications Role •  Managers and configures Controller Cluster via REST API and hosts via a message bus. •  Manages and deploys NSX Controller, NSX edge virtual appliances and the initial vSphere web client plugin Functionality NSX Manager vCenter Server 

NSX Controllers • Establishes control plane between hosts • Distributes VXLAN and Logical Router network information to hosts Features • Controllers are clustered for scale out and HA • Information is sliced across nodes for resiliency Scale & Performance • Remove dependency on Multicast on physical transport • Suppresses ARP broadcasts across VXLAN segments. Use Cases VXLAN Logical Router VXLAN Logical Router VXLAN Logical Router Controller VXLAN Directory Service MAC table ARP table VTEP table 

NSX User World Agent •  TCP (SSL) client that communicates with the Controller using the control plane protocol •  Connects to multiple controllers for resiliency Core features •  Mediator between hypervisor kernel and NSX Controller •  Communicates with the Message Bus Agent to retrieve info from NSX Controller Modus operandi •  Runs as a service daemon in ESXi In host function Controller Cluster Controller Controller Controller ESXi Host Kernel Modules Client Client User World Agent LR NSX MGR Client VXLAN 

NSX vSwitch and NSX Edge 18 ESXi VDS Hypervisor Kernel Modules (vSphere VIBs) Firewall Logical Router VXLAN NSX vSwitch • NSX vSwitch (VDS) • Modules installed into vSphere (VXLAN, dFW, LDR, Security) vSphere Hypervisor • Dynamic routing with updates to NSX Controller • Determines active ESXi host for L2 Bridging NSX Edge Logical Router • L3-L7 Services – NAT, DHCP, LB, VPN, interface level Firewall • Dynamic Routing • High Availability • Virtual Machine NSX Edge Services Gateway 

VXLAN Encapsulation 19 

Q&A 

Thank You Scott Lowe [email protected] @scott_lowe (Twitter) http://blog.scottlowe.org