Network Virtualization with VMware NSX
It has been a couple of weeks since we attended VMworld 2013 Europe which was held in Barcelona or as the marketing ladies and gentlemen like to refer to it: the DEFY convention.
My biggest takeaway from this convention was VMware NSX. With this product, VMware is unleashing network virtualization onto the world and best of all: it is generally available!
NSX does with the network what virtual machines did with the server farm over 10 years ago. But why do we need it? We can leverage a lot of benefits from deploying virtual machines but when connecting them to the network we lose a lot of these benefits.
Why virtualize the network?
The traditional physical network is not operationally straight forward and efficient, the provisioning is very slow: you have to physically place and plug network devices, create VLANs, create ACL’s, create firewall rules, etc. All of this needs to be done and is typically a manual process.
The VM placement & mobility is limited as we need to have all the network services put into place before you can run your VM there. Additionally network hardware vendors typically place constraints on the features set and interoperability they offer between each other.
These restrains can be solved by turning the network into a software driven model and decouple it from the hardware, as we have done with server virtualization.
How to use VMware NSX
Currently everyone who is running an ESX environment is running a layer 2 (standard or distributed) vSwitch which runs in the hypervisor. The NSX Controller resides on each hypervisor just like the (standard or distributed) vSwitch: NSX communication is performed between hypervisors which allow them to scale out the NSX network and achieve redundancy as we do with the ESX environment. As a side note: NSX can also run on alternative hypervisors: KVM, XEN, etc.
NSX contains out of multiple components as shown in the diagram below:
Tunnels are Key!
Tunnels allow NSX to decouple vSwitches and physical switches. In general you will find the following tunnel types with each a specific goal: STT (Stateless Transport Tunneling Protocol) is optimized for high performance but is hard for physical switches to implement therefor it is used for hypervisor to hypervisor communication. VXLAN (Virtual Extensible LAN) allows us to interconnect devices from different vendors as it is an industry standard.
Network visibility with NSX
NSX dissolves most of the visibility challenges network administrators encounter when tracing VM traffic to troubleshoot connectivity issues. NSX gives us a clean decomposition of the traffic as it separates the physical from the virtual traffic. It also gives us a global view on the logical network state (port stats, drops etc.) and tunnel health through the controller API, like a vSwitch to vSwitch tunnel.
VMware NSX: an enabler
NSX isn’t just about network virtualization: it’s an enabler. The API offers a way to write high level applications that use the NSX platform. For example: An NSX vSwitch can see which user in the guest OS is responsible for which traffic flows; based on this information user based FW rules can be easily monitored, created & adapted and this is where the real power comes from.