A consolidated virtualization approach to deploying distributed cloud networks
23
#ATM16 HPE Data Center Network Virtualization Daryl Wan Consulting Technical Marketing Engineer @ArubaNetworks |
-
Upload
aruba-a-hewlett-packard-enterprise-company -
Category
Technology
-
view
799 -
download
0
Transcript of A consolidated virtualization approach to deploying distributed cloud networks
#ATM16
HPE Data Center Network VirtualizationDaryl WanConsulting Technical Marketing Engineer @ArubaNetworks |
2#ATM16
• Complex and static networking• Network Services added between zones• Difficult to change, scale and expand
Bare Metal Servers
L2 Access Switches
IRF L2/L3 Core Switches
40G Link aggregation & 802.1Q trunks
WAN / Internet
L2 DMZ IRF Switches
L2 External Zone IRF Switches
Application Load Balancers
Firewalls
WAN Routers
Traditional DC Networking
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
3#ATM16
DC Network Virtualization (NV) / Overlay Networking• Simpler, faster, flexible and scalable networking• Services and zones moved to Network Virtualization solutions / Overlay networks• Supports multi-tenancy and different network variations for each tenant• Provides compute and network automation
WAN / Internet
WAN Routers
Tenant 1 Tenant 2 Tenant X
Physical Underlay Network Fabric
Virtual Overlay Networks
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
Bare Metal Servers
4#ATM16
Virtual Extensible Local Area Network (VXLAN) • Provides L2 connectivity over an L3 network• Requires unicast IP (UDP) network connectivity between VXLAN capable devices / VXLAN Tunnel End
Points (VTEPs) • Multicast underlay network typically not required• Allows multi-tenancy to scale beyond 4K VLANs • Overcomes MAC and ARP table limitations in physical network devices
WAN / Internet
WAN Routers
Physical Underlay Network Fabric
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
NV Controller
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
VXLAN Tunnels for Tenant 1
VXLAN Tunnels for Tenant 2
5#ATM16
HPE Network Virtualization Solutions
Virtual Cloud Network HPE-VMware NSX Distributed Cloud Network
Enhanced Neutron Networking
Open source, DevOps Virtualized VMW Enterprises Service Provider/Telcos
De-risk the journey with HPE Trusted Network Transformation Services
DCNVCN
5
Multi DC NFV
Powered by HPE
6#ATM16
Similar Functionality/Benefits
WAN / Internet
WAN Routers
Tenant 1 Tenant 2 Tenant X
Physical Underlay Network Fabric
Virtual Overlay Networks
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
Bare Metal Servers
DCNVCN
Powered by HPE
7#ATM16
HPE Takes The Cloud Infrastructure Market Lead
HPE now leading the market - 13% share
Cloud infrastructure equipment market• $16 billion per quarter (S/S/N)• Growing at 25% year over year
Networking/virtualization provides a foundational prerequisite for “Cloud”
8#ATM16
HPE Helion CloudSystemThe industry’s leading private cloud solution for a hybrid world
#1Private Cloud Solution1
3,000Customers
Storage
Forrester Research ranks HP as a "leader" in the private cloud2
IDC has assessed HP as a Leader in the IDC MarketScape for IaaS in U.S. Government3
Fully-integrated, end-to-end, private cloud solution, built for traditional and cloud native workloads, delivering automation, orchestration and control, across multiple clouds
“HP is the clear leader in private cloud and is the market leader in cloud servers” 1
OpenOpenStack® and Cloud Foundry™ Software
9#ATM16
HPE CloudSystem9.0 (Includes Helion OpenStack) and 5930 Integration
Bare Metal Server 101.1.0.10/24
101.1.0.X/24
OVSDB
NETCONF / SNMP
HP Converged Control
SDN Application
HP VAN SDN Controller
Cloud Controller Cluster with VCN
HypervisorVMVM
VMVM
VMVMOVS
vAPP
ESXi Host
5930 VTEP
VXLAN Overlay Tunnel
• Automation of 5930 VXLAN tunnels
• Bridges virtual (VMs) to physical devices (Bare Metal Servers, WAN routers etc)
10#ATM16
HPE-VMware NSX partnership
The Industry’s first NSX OEM network virtualization lifecycle partnership - simplifying customer’s experience
HPE FlexFabric OVSDB certification with VMware NSX
The Industry’s most complete end-to-end services portfolio with decades of networking and VMware expertise
+
HPE VMware NSX OEM Network certification
Differentiated through bridging virtual/physical
One partner capable of delivering SDDC life cycle solutions
HPE branded services
Global end-to-end SDDC and virtualization lifecycle services
11
Network Virtualization Demo (Physical switch automation via Centralized Controller)
12#ATM16
HP Networking Underlay Network
VXLAN Overlay Tunnels
VM2 101.1.0.12/24
VMware NSXv and HPE 5930 Integration (Demo)
Bare Metal 101.1.0.10/24
NSX Controller
NSX Manager
10.10.10.146/24
10.10.10.145/24vCenter
10.10.10.113/24
5930 HW VTEP
VM1 101.1.0.11/24
OVSDB
• Automation of 5930 VXLAN tunnels • Bridges virtual (VMs) to physical devices
(Bare Metal Servers, WAN routers etc)
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
14#ATM16
HPE DCN and 5930 Integration
Underlay Network
HP Virtualized ServicesController (VSC)
HP Virtualized ServicesDirectory (VSD)
HP Virtual Routing & Switching (VRS)Hypervisor
VMVM
VMVM
VMVM
VXLAN Overlay Tunnel
5930 VTEP
Bare Metal 101.1.0.10/24
VM1 101.1.0.11/24
• Automation of 5930 VXLAN tunnels • Bridges virtual (VMs) to physical devices
(Bare Metal Servers, WAN routers etc)
OVSDB
15#ATM16
HPE DCN & Helion OpenStack 2.0 Integration
Underlay Network
HP Virtualized ServicesController (VSC)
HP Virtualized ServicesDirectory (VSD)
HP Virtual Routing & Switching (VRS)
HP Virtual Routing & Switching (VRS)
Compute1 Compute2HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
VXLAN Tunnel
2 main benefits from integration: • Micro-segmentation• Service-insertion
16#ATM16
DCN & Helion OpenStack 2.0 Integration Demo 1: Micro-Segmentation Use Case
Before DCN security policy is active• Internal1 VM is able
to ping and SSH to Internal2 VM
17#ATM16
DCN & Helion OpenStack 2.0 Integration Demo 1: Micro-Segmentation Use Case
DCN security policy• SSH from Internal1
VM to Internal2 VM to be dropped
18#ATM16
DCN & Helion OpenStack 2.0 Integration Demo 1: Micro-Segmentation Use Case
After DCN security policy is updated• SSH from Internal1
VM to Internal2 VM is now dropped
Customers can now enable security policies for VMs even on the same Helion OpenStack virtual network
19#ATM16
DCN & Helion OpenStack 2.0 Integration Demo 2: Service-Insertion Use Case
Before DCN forwarding policy is active• Internal1 VM is able
to ping and SSH to DMZ1 VM via their default gateway router (R1)
• No transit traffic seen on VSR
20#ATM16
DCN & Helion OpenStack 2.0 Integration Demo 2: Service-Insertion Use Case
DCN forwarding policy• Redirect all IPv4
traffic from Internal subnet to DMZ subnet via VSR
21#ATM16
DCN & Helion OpenStack 2.0 Integration Demo 2: Service-Insertion Use Case
After DCN forwarding policy is updated• Internal1 VM is able to
ping and SSH to DMZ1 VM via VSR router (modified path)
• VSR is able to detect transit traffic
Customers can now add on their desired application layer security appliances to inspect and protect traffic between Helion OpenStack subnets
22#ATM16
Existing DC Network
Migrating to HPE Network Virtualization Solutions
Existing Cisco Core
Existing Cisco Aggregation/
Access
Existing Cisco Fabric Extenders / Switches
• Deploy HPE NV Solutions on existing or new HPE servers
• Deploy over existing Cisco/other vendor network• Add 5930 integration
• Deploy new greenfield DC fabric with HPE switches to create a separate failure domain
• L3 ECMP CLOS leaf/spine fabric without spanning tree• Connect new greenfield DC fabric to existing network• Deploy HPE NV Solutions on existing or new HPE servers• Add 5930 integration
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
HypervisorVMVM
VMVM
VMVM
Existing DC networkNew HPE DC Fabric
HPE 5930
HPE NV Software deployed on servers
HPE NV Software deployed on servers
Bare Metal Servers
or New Greenfield DC Fabric
23#ATM16
Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is.
Share your results with friends and receive a free superpower t-shirt.
www.arubatitans.com
Thank you
