Post on 11-Aug-2020
© 2014 VMware Inc. All rights reserved.
VMware NSX overview
Geordy Korte
Keep calm and don’t blink!
The Software Defined Datacenter
There are two approaches
Hardware Defined
Data Center (HDDC)
Any Application
HDDC Platform
Integrated x86
Integrated Storage
Vendor Specific
Network
Ve
rtic
al In
teg
ratio
n
Software Defined
Data Center (SDDC)
Any Application
SDDC Platform
Any x86
Any Storage
Any IP network
Data Center Virtualization
OR
Software
Controller
Component requirements
Building an SDDC
A data center network…
Internet
Compute infrastructure….
Internet
Hypervisors and vSwitches…
Internet
NSX | The “Network Hypervisor”
Internet
Virtual Networks – Like Virtual Machines for the Network
Internet
What is a virtual network?
What is a virtual network?
What is a virtual network?
Programmatically Provisioned
Physical Workloads and Legacy VLANs
Security – Complete Isolation
Central Policies, Distributed Enforcement, Move with VMs
Internet
Security Policy Security Policy
Inner workings
Architecture
vCD/vCAC
vCenter Server NSX Manager 1:1
Management Plane
Control Plane
NSX Edge
Distributed
Router
Controller
Data Plane
NSX Edge
Services Router
VXLAN DR DFW Security VXLAN DR DFW Security
1:Many
VXLAN DR DFW Security
Management Plane
Self service and on-demand Provisioning of Infrastructure
Abstracted pool of services (Compute/Storage/Network)
Catalogue of applications
vCD/vCAC
vCenter Server NSX Manager 1:1
Management Plane
Provisioning and
Management of
Compute/Memory
Storage
Virtual Switch
Provisioning and
Management of Network and
Network services
VXLAN Preparation
Logical Network Consumption
Network Services
Configuration
vCD/vCAC vCenter Server NSX Manager
Control Plane
Dynamic Routing
VXLAN – VLAN Bridging
Scale Out
VXLAN - no Multicast
ARP suppression
Distributed Routing
Control Plane
NSX Edge
Distributed
Router
Controller
NSX Edge Distributed Router Controller
Dataplane
Kernel Modules
Message Bus
User World Agent
NAT
DHCP
LB
VPN
Data Plane
NSX Edge
Services Router
ESX Host NSX Edge Services Router
VXLAN DR DFW Security VXLAN DR DFW Security VXLAN DR DFW Security
Communications
vCD/vCAC
vCenter Server NSX Manager
Management Plane
Control Plane
NSX Edge
Distributed
Router
Controller
Data Plane
NSX Edge
Services Router
VXLAN DR DFW Security VXLAN DR DFW Security VXLAN DR DFW Security
vSphere API
REST API vSphere API
REST API
VIX
A
PI
vS
ph
ere
A
PI
REST API
REST API
Messag
e B
us
Distributed Services
….
Firewall
Load Balancer
VPN
Routing
L3 Gateway L3
Gateway
VM VM VM VM VM
Routing & Firewalling • OSPF/eBGP/iBGP
• Virtualization and identity context firewall
Features
• Remove hairpins and bottlenecks
• Line rate performance with distributed scale out architecture
Scale & Performance
• Create on demand networks to speed up application provisioning
Use Cases
L2
L2
Tenant A
Tenant B
L2
L2
L2 Tenant C
L2
L2
L2
Load Balancing
Web 1 Web 3 Web 2
• TCP, HTTP, HTTPS with Stateful HA
• Multiple Virtual IPs each with separate server pool and configurations
• Multiple load balancing algorithms
• Multiple Session Persistence methods
• Configurable health checks
• Application Rules
• SSL Termination with Certificate Management
• Transparent/Full Proxy Mode
• IPv6
Features
• 10Gb/s throughput
• 50,000 CPS
• 1M Concurrent Connections
Scale & Performance
• Per Tenant Cloud LB
• Dynamic VIP for applications
Use Cases
VPN services • Interoperable IPsec tested with major
vendors
• Clients on all major OS (Win, Apple, Linux)
• Remote Authentication via Active Directory, RSA Secure ID, LDAP, Radius
• TCP Acceleration
• Encryption – 3DES, AES128, AES256
• AESNI H/W Offload
• NAT & Perimeter Firewall Traversal
Features
• High Performance – AES-NI acceleration
• 2 Gb/s throughput per tenant
Scale and Performance
• Cloud to Corporate
• Cloud On-boarding
• Remote Office/Branch Office
• Remote Management
Use Cases Internet/
WAN
Internet/
WAN
IP
Transport Network
NSX
Controller Cluster
Northbound REST API
11.1.1.10
Gateway Service
Appliance/VM
Virtual
Network VM1
VM2
VM1
VM2
10.2.2.10
Data Plane
Control Plane
VM1 VM1
VM2
Cloud Management
Platform
1 2
10.1.1.10
VM3
192.168.1.0/24
Corpnet
20.1.1.2
VM3
Corpnet
20.1.1.2
10.97.110.10
VM2
VLAN 9
SRV4 SRV5
VLAN 9
SRV4 SRV5
1 2
Existing
DC
Network(s)
Thank You
gkorte@vmware.com @gekort