VMworld 2013: Real-world Deployment Scenarios for VMware NSX
1 like1,175 views
The document discusses real-world deployment scenarios for VMware NSX, focusing on network virtualization benefits, capabilities, and operational efficiencies. It highlights the speed of provisioning, cost savings, and automation, illustrating how NSX transforms network operations and improves security. The session includes insights from various industry experts on practical applications and the future of network virtualization using NSX.
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
- 1. Real-world Deployment Scenarios for VMware NSX Taruna Gandhi, VMware Jeremy Hanmer, DreamHost Funs Kessen, Schuberg Philis NET5525 #NET5525
- 2. 2 Agenda VMware NSX Overview Network Virtualization for Mission Critical Workloads at Schuberg Philis Network Virtualization in DreamCompute using Commodity Hardware Q&A
- 3. 3 The Business Wants to Go FAST! NSX is all about speed. Hot, nasty, bad ass speed. - Ricky Bobby
- 4. 4 Provisioning Multi-tier Network Services Today
- 5. 5 Provisioning Multi-tier Network Services Today Compute Network DC Services DB DB App App Web Web Corpnet/Internet Provisioning is slow Placement is limited Mobility is limited Hardware dependent Operationally intensive
- 6. 6 Provisioning Network Virtualization with NSX Programmatic provisioning Place any workload anywhere Move any workload anywhere Decoupled from hardware Operationally efficient Compute Network DC Services
- 7. 7 Provisioning Network Virtualization with NSX Programmatic provisioning Place any workload anywhere Move any workload anywhere Decoupled from hardware Operationally efficient Compute Network VMware NSX DC Services
- 8. 8 VMware NSX – Networking & Security Capabilities Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Logical Switching– Layer 2 over Layer 3, decoupled from the physical network Logical Routing– Routing between virtual networks without exiting the software container Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance Logical Load Balancer – Application Load Balancing in software Logical VPN – Site-to-Site & Remote Access VPN in software NSX API – RESTful API for integration into any Cloud Management Platform Partner Eco-System
- 9. 9 VMware NSX – Networking & Security Capabilities Rich Networking & Security Services Scalable Logical Switching Physical to Virtual L2 Bridging Dynamic L3 Routing: OSPF, BGP, IS-IS Logical Services: Firewall, Identity-based Firewall, Load-balancing, VPN (IPSec, SSL, L2VPN) Automation & Operations API Driven Integration Service Composer for Security Workflows Server Access Monitoring Troubleshooting & Visibility Partner Extensibility Physical ToR L2 Integration Security Services – IDS / IPS, AV, Vulnerability Mgmt Network Services – Load Balancers, WAN Optimization Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor
- 10. 10 VMware NSX – Network Virtualization Benefits VMware NSX Transforms the Operational Model of the Network Network provisioning time reduced from 7 days to 30 sec Reduce network provisioning time from days to seconds Cost Savings Reduce operational costs by 80% Increase compute asset utilization upto 90% Reduce hardware costs by 40-50% Operational Automation Simplified IP hardware Choice Any Hypervisor: vSphere, KVM, Xen, HyperV Any CMP: vCAC, Openstack Any Network Hardware Partner Ecosystem Any hypervisor Any CMP with Partner
- 11. 11 Results Speak Louder Than Slideware
- 13. – – – – – –
- 15. – –
- 26. Who Am I? • Jeremy Hanmer (@fzylogic) • 13 years of experience with DreamHost • System Engineer -> Network Engineer ->... • ... VP Security -> Cloud Architect • Focusing on OpenStack and Network Virtualization
- 28. Why Virtualize? • Customers deserve it • Better Security (Isolate customers from one another) • Live Migration (Zero-downtime maintenance!) • Replicate their existing IP addressing schemes • Easier administration • Live Migration (Hypervisor maintenance becomes easy) • Much easier to know what’s going on on the network • Automating VLAN provisioning STINKS and doesn’t scale • We’re now able to migrate workloads to avoid hot spots
- 29. Why VMware? • Confident in their team • Roadmap (It included IPv6! I’m told it’s getting close!) • Easy integration of our own Layer 3 services • Community presence in OpenStack is awesome • Emphasis on ease of troubleshooting • Super great support from the beginning
- 31. Physical Network Design • IPv6 Native • Storage network is 100% IPv6 • Customers all receive a /64 of public IPv6 space • Layer 2 domains terminate at the TOR • OSPF v2/3 running on every switch • 10G Ethernet to every server • 40G Ethernet between spines • Dedicated networks for storage (one frontend, one backend), NSX, and administration • Simple! • VRRP, QFabric, HSRP often cause more problems than they fix • Debugging Layer 3 is easy. Debugging Layer 2 is not
- 33. Virtualization Workflow • • • • AKA: Why this is all so awesome
- 34. The Future! • Migrate to NSX’s L3 services • Just waiting for IPv6 to ship with BGP support • Get Chef running on the Cumulus gear • Hasn’t been a priority because of the nearly identical configs • Move to a full mesh architecture that wasn’t possible before
- 35. “Pics or It Didn’t Happen!”
- 37. 37 Other VMware Activities Related to This Session HOL: HOL-SDC-1303 VMware NSX Network Virtualization Platform Group Discussions: NET1001-GD vCloud Networking and Security & NSX for VMware Environments with Ray Budavari
- 38. THANK YOU
- 40. Real-world Deployment Scenarios for VMware NSX Taruna Gandhi, VMware Jeremy Hanmer, DreamHost Funs Kessen, Schuberg Philis NET5525 #NET5525