SlideShare una empresa de Scribd logo

NSX for vSphere Logical Routing Deep Dive

P
Pooja Patel

This is an NSX for vSphere Logical Routing presentation presented at VMworld 2016 Barcelona

Tecnología
1 de 44
NSX for vSphere Logical Routing Deep Dive Pooja Patel, VMware, Inc. NET8131R #NET8131R
Growing NSX Momentum A rapid journey of customer adoption across industries 1700+ Customers 8 out of VMware’s top 10 deals in Q216 included NSX 100% YoY growth Consistent year-to-year Q216
Security Inherently secure infrastructure Automation IT at the speed of business Application continuity Data center anywhere NSX customer use cases Micro-segmentation DMZ anywhere Secure end user IT automating IT Multi-tenant infrastructure Developer cloud Disaster recovery Cross cloud Multi data center pooling
• This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 4
Agenda 5 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex - Routing Connectivity
Provides 6 A faithful reproduction of network and security services in software Management APIs, UI Switching Routing/NAT FirewallingLoad balancing VPN Connectivity to physical networksPolicies, groups, tags DHCP DHCP Activity monitoring
NSX Components 7 LogicalNetworkPhysical Network Cloud Consumption  Self Service Portal  vRealize Automation, OpenStack, Custom CMS CMP  High – Performance Data Plane  Scale-out Distributed Forwarding Model Data Plane NSX Edge ESXi Hypervisor Kernel Modules Distributed Services Firewall Distributed Logical Router Logical Switch VPN Control Plane NSX Controller  Manages Logical networks  Control-Plane Protocol  Separation of Control and Data Plane Management Plane NSX Manager  Single configuration portal  REST API entry-point vSphere Web Client DLR Control VM
Agenda 8 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex - Routing Connectivity
Tenant C L2 L2 L2 vRealize Automation  Physical Infrastructure Scale Challenges – Routing Scale  Multi-Tenant Routing Complexity  Traffic hair-pins  Distributed Routing in Hypervisor  Logical Router per tenant  Programmatic Consumption Challenges Benefits NSX Logical Routing: Distributed, Feature-Rich 9 Tenant B L2 L2 L2 L2 L2 Tenant A
NSX Logical Routing Component – Distributed Logical Router  Optimized for E-W.  Distributed Logical Router instance is instantiated on ESX hosts.  LIFs(Logical Interfaces) are defined on the Distributed Router to handle VM default gateway traffic.  Multiple LIFs per DLR instance.  Multiple DLR instances are supported to isolate separate tenant domains.  DLR Control VM peers with the Edge VM and exchanges routing information.  Control VM is also used in software L2 bridging for placement and high- availability on bridge. 10 DLR Control VM DLR Instance ESXi Hypervisor Kernel Modules (VIBs) Distributed Logical Router LIF1 LIF2 LIF3
NSX Logical Routing Component – Edge Services Gateway 11 NSX Edge Services Gateway VPN  On/Off-Ramp connectivity between logical and physical. - Optimized for N-S Routing Static, OSPF, BGP - Network Services NAT Edge Firewall Load Balancing VPN DHCP DNS - Internal, Uplink, Trunk Interfaces
Edge Services Gateway - Sizing  VM form factor - 4 sizing options.  Edge form factor can be changed after initial deployments via UI/API.  Resource reservation is done for CPU/Memory for NSX Edge VMs during creation from 6.2.3. 12 NSX Edge Services Gateway Form Factor vCPU Memory (MB) Usage X-Large 6 8192 L7 Load Balancing *dedicated core for LB Quad- Large 4 2048 High throughput ECMP or High Performance Firewall Large 2 1024 Small/Medium DC or multi-tenant Compact 1 512 Small Deployments, POCs and single service use VPN
External Network NSX Logical Routing – Topology view 13 Physical view DLR Logical view VPN External VM2 VXLAN 5001 VXLAN 5002 VXLAN 5003 ESX Host A LIF1 LIF2 LIF3 ESX Host B LIF1 LIF2 LIF3 ESX Host C LIF1 LIF2 LIF3 NSX Edge VM DLR instance DLR instance DLR instance DLR Control VM VM1 VM2 Peering VLAN based network VPN VM1 VXLAN 5003 VLAN VXLAN 5001 VXLAN 5002
Centralized Routing for East-West Communication Hair Pinning 14 vSphere Host VDS1 Transport Network 10.10.10.10/24 vSphere Host VXLAN 5001 20.20.20.20/24 NSX Services Edge GW VM VXLAN 5002 Compute Rack 1 Edge/Mgmt. Rack 1 7 2 3 4 5 6 Frame sent over VXLAN transport Network to the Gateway IP of Green Logical Switch VM1 on Green Logical Switch (172.16.1.10) communicates with VM2 on Red Logical Switch(172.16.2.10) Frame delivered to the destination VTEP (20.20.20.20) Packet delivered to the Gateway Interface for Routing After the Routing decision, the frame is sent to the VM2 on Red Logical Switch Packet delivered to the destination 172.16.1.10 172.16.2.10 .1 .1 Frame delivered to the destination VTEP (10.10.10.10) VDS2 VPN VM1 VM2
NSX Logical Routing : Components Interaction 15 NSX Edge (Acting as next hop router) Web App Distributed Logical Router Instance 192.168.2.1 192.168.2.2 Forwarding Address 192.168.2.11 DLR Control VM Data Path Control Controller Cluster Control NSX Mgr Distributed Logical Router is created using NSX Manager UI or Rest API.1 OSPF/BGP peering between the NSX Edge and logical router control VM3 Learnt routes from the NSX Edge are pushed to the Controller for distribution4 Controller sends the route updates to all ESXi hosts 5 Routing kernel modules on the hosts handle the data path traffic6 1 3 4 5 6 Controller pushes logical router LIF configuration to ESXi hosts 2 2 OSPF, BGP Db VXLAN VLAN VPN Peering External Network
Distributed Routing Traffic Flow Same Host 16 vSphere Host vSphere Distributed Switch vSphere Host VXLAN 5001 VXLAN 5002 Host 1 Host 2 1 2 LIF1 : 172.16.1.1 LIF2 : 172.16.2.1 LIF2 – ARP Table VM IP VM MAC 172.16.2.10 MAC2 DA: vMAC SA: MAC1 PayloadL2 IP DA: 172.16.2.10 SA: 172.16.1.10 MAC1 MAC2 LIF1 LIF2 vMAC Internal LIFs Destination Interface Mask Gateway Connect 172.16.1.0 255.255.255.0 0.0.0.0 Direct 172.16.2.0 255.255.255.0 0.0.0.0 Direct Routing Table 3 4 10.10.10.10/24 20.20.20.20/24 Transport Network 172.16.1.10 172.16.2.10 VM1 VM2
Distributed Routing Traffic Flow From External Networks (Ingress) 17 VDS2 vSphere Host VDS1 vSphere Host VXLAN 5001 NSX Edge GW VXLAN 5003 Host 1 Host 2 Uplink 172.16.1.10 MAC1 5 12 3 4 6 192.168.2.0/24 Transit Network .1 The Packets are forwarded to Transit Network LIF configured on Logical Router After route lookup, the packet is encapsulated in VXLAN header and sent to the VTEP where VM1 172.16.1.10 resides Edge GW routes the traffic to the next hop router interface 192.168.2.2 Packet delivered to the destination LIF2 LIF1 vMAC LIF2 : 172.16.1.1 (I) LIF1 : 192.168.2.2 (U) Internal Networks 10.10.10.10/24 20.20.20.20/24 .2.1 4 Destination Network Next Hop 172.16.1.0/24 192.168.2.2 VM1 VPN Device on the External Network (192.168.100.10) communicates with VM1 on Green Logical Switch (172.16.1.10) External Networks VXLAN Transport Network 192.168.100.10
Agenda 18 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment topologies 5 Summary and QA Annex - Routing Connectivity
19 Logical Routing High Availability (HA) DLR Control VM External Network NSX Edge Distributed Routing E1 Physical Router Active Standby E2 Web DB DLR App Active/Standby HA Model VPN VPN VPN ECMP HA Model 2 … E8E3E1 Physical Router E2 Web DB DLR App DBWeb App VM VM VM VMVM VM 1 Active Standby Active/Standby HA Model
I am ACTIVE  Active/Standby HA Model 20 HA Interface How does Active/Standby HA work?  Edge High-availability – Configurable on Edge Services Gateways & DLR Control VMs.  Keepalives + State Sync Information - Exchanged between Active & Standby Edges on a designated HA interface.  Declare Dead Timer - Configurable  Non-preemptive HA  Stateful failover for services: • FW - connection tracking LB - Sticky table DHCP- Lease Information Routing- FIB information 1 Active StandbyStandby Hypervisor 1 Hypervisor 2 VPN VPNVPNVPN X Declare Dead Timer Expiry Let me send probes on my interfaces… No response on any of the interfaces :( Sending GARPs. Waiting...... I am not receiving keep-alives from my peer Active
Active/Standby HA Model 21 DLR Physical Router VXLAN VLAN Active Standby .2 .1 .2 .1 E1-1E1-0 192.168.100.0/24 192.168.2.0/24 Routing peering 1 Active VPN Standby VPN External Network  All N-S traffic is handled by the Active NSX Edge. Only active NSX Edge establishes routing adjacencies to the DLR Control VM and the physical router.  Anti-affinity & Graceful Restart are enabled by default.  Stateful services are supported on the NSX Edge pair FW, Load-Balancing, NAT, DHCP  HA Recommendations Dynamic Routing Timers - OSPF 30/120 BGP 60/180 Dedicate Logical Switch as the HA Interface for DLR Control VMs/ESGs. Declare Dead Timer is configurable and can be tuned down to 6 seconds Web 172.16.1.0/24 App 172.16.2.0/24 DB 172.16.3.0/24
Active/Standby HA Model 22 DLR Physical Router VXLAN VLAN Active Standby .2 .1 .2 .1 E1-1E1-0 192.168.100.0/24 192.168.2.0/24 Routing peering 1 Active VPN Standby VPN External Network ESXi Host DLR instance route table DB 172.16.3.0/24 App 172.16.2.0/24 Web 172.16.1.0/24
DLR 23 Physical Router E1-1 Failed Active Routing peering VXLAN VLAN Active/Standby HA Model – ESG Failure Active Standby .2 .1 .2 .1 192.168.100.0/24 192.168.2.0/24 Routing peering 1 Web 172.16.1.0/24 DB 172.16.3.0/24 App 172.16.2.0/24 VPN E1-0 X VPN DLR External Network ESXi Host DLR instance route table
24 Logical Routing High Availability (HA) DLR Control VM External Network NSX Edge Distributed Routing E1 Physical Router Active Standby E2 Web DB DLR App Active/Standby HA Model VPN VPN VPN ECMP HA Model 2 … E8E3E1 Physical Router E2 Web DB DLR App Active Standby Active/Standby HA Model DBWeb App VM VM VM VMVM VM 1
ECMP HA Model (Up to 8 NSX Edges) 25 E3E1 Physical Routers E2 … External Network Routing peerings VXLAN VLAN Routing peerings E8 2 Web DBApp DLR … External Network …. North-South traffic is handled by all Active NSX Edges Multiple equal cost paths in the DLR FIB Traffic is hashed based on Src/Dst IP address values … .4 .5 .6
ECMP HA Model (Up to 8 NSX Edges) 26 DLR E3 E8E1 … Routing peerings VXLAN VLAN Routing peerings E2 2 Web DBApp Physical Routers External Network X North-South traffic is handled by all Active NSX Edges • Multiple equal cost paths in the DLR FIB • Traffic is hashed based on Src/Dst IP address values HA Recommendations • No need to enable Edge HA for each Active Edge. • Aggressive Routing Timers for fast failover • Asymmetric routing paths – Stateful services not supported(Stateful Edge Firewall, NAT). • DFW is supported • Set URPF setting to loose .4 .5 .6
DLR 27 Physical Router E2 Active Routing peering VXLAN VLAN DLR Control VM – Failure and Recovery Active Standby .1 192.168.100.0/24 192.168.2.0/24 Routing peering 2 Web DBApp E1 DLR External Network .3 .2 .4 .2 .3 X HA Recommendations: Incase of aggressive OSPF/BGP routing timers for ECMP • Static summary route to reach logical networks with DLR Forwarding Address as next hop. • Floating static route with higher admin distance to be injected on each ESG. • ESG to redistribute static to Physical. Dual Failure Scenario Ensure DLR Control VMs and ESGs are on separate ESX hosts. Aggressive OSPF/BGP routing timers – Adjacency will flap incase of DLR Control VM failure.
Comparison of Edge HA Models Active/Standby HA Model Bandwidth Single Path (~10 Gbps/Tenant) Stateful Services Supported - NAT, LB, FW, DHCP Availability Convergence with stateful services enabled ECMP Model Bandwidth Up to 8 Paths (~80 Gbps/Tenant) Stateful Services Not Supported *DFW is supported Availability High ~ 3-4 sec with (1,3 sec) timers tuning E1 Physical Router Active Standby E2 Routing peering Web DB DLR App Active Standby DLR Control VM … E8E3E1 Physical Router E2 Routing peerings Web DB DLR App Active Standby DLR Control VM VPN VPN 1 2
Agenda 29 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex – Routing Connectivity
VLAN 20 Edge Uplink Physical Routers NSX ECMP Edges VXLAN 5020 Transit Link DLR Instance 30 Enterprise Routing Topology … Reference Design for SDDC with NSX & vSphere NET7857 … E1 E2 E3 E8 DLR Control VMs Routing peerings FIB update Routing peerings VXLAN VLAN Web1 App1 DB1 WebN AppN DBN External Network VM VM VM VM VM VMVM VMVM VM VM VM
VLAN 20 Edge Uplink Physical Routers NSX ECMP Edges VXLAN 5020 Transit Link DLR Instance 31 Enterprise Routing Topology + L2 Bridging … E1 E2 E3 E8 DLR Control VMs Routing peerings FIB update Routing peerings VXLAN VLAN Web1 App1 DB1 External Network VM VM VM VMVMVM L2 Bridging  The hypervisor on which Active DLR Control VM is placed is designated as Bridge Host with Active Bridge Instance.  DLR Control VM only used for placement and HA of bridge instance (not in datapath).  L2 Bridging – VNI to VLAN mapping. DB Server DB Server
Multi Tenant Routing Topology 32 Tenant 9 DLR Instance 9 Tenant 1 NSX Edge VXLAN 5021 Transit Link VXLAN 5029 Transit Link …  Can be deployed by Enterprises, SPs and hosting companies.  Upto 9 tenants (as 10vNICs on the Edge VM)  No support for overlapping IP addresses between Tenants connected to the same NSX Edge. ECMP Routing peerings Routing peering Web1 App1 DB1 Web1 App1 DB1 External Network DLR Instance 1 VM VM VM VM VM VM VM VM VM VMVM VM
Multi Tenant Routing Topology 33 NSX Edge VXLAN Trunk  Use of Trunk interface on the NSX Edge (in addition to Internal and Uplink).  Allows up to 200 sub-interfaces on a single vNIC and establish peering with a separate DLR instance.  Routing protocols are supported over sub- interfaces. Routing peerings Tenant 1 Tenant 2 Tenant 200 Single vNIC Web1 VM VM VM App1 VM VM DB1 VM External Network Web1 App1 DB1 VM VM VM VMVM VM
High Scale Multi Tenant Topology – 2-tier 34 Tenant 1 … Tenant NSX Edge with HA NAT/LB features ECMP NSX Edge X-Large (Route Aggregation Layer) ECMP Tenant NSX Edge VXLAN Uplinks (or VXLAN Trunk) VXLAN Uplinks (or VXLAN Trunk) VXLAN 5100 Transit … E1 E8 Web1 App1 DB1 VM VM VM VMVM VM DLR Instance 9 Web1 App1 DB1 VM VM VM VMVM VM External Network
Cross-VC Multi-site topology CONFIDENTIAL 35 ULS App1 Universal Distributed Logical Router Instance VM VM VM VM VM VM ULS Web1 Site A Site B vCenter Server A vCenter Server B Universal Controller Cluster NET7854R Multi-Site Networking and Security with Cross-VC NSX – Part 1 & 2 Universal Transport Zone External Network Control VM w/ Local Egress Control VM w/ Local Egress ULS Transit A ULS Transit B
Topologies Comparison Topology Characteristics Enterprise One DLR for all apps DFW for VM to VM security Typically no NAT ECMP Edges Multitenant Up to 9 tenants w/o trunk Up to 200 tenants w/ trunk DLR per tenant No overlapping IP High scale multitenant DLR and Edge per tenant 2-tier of Edges Tenant IP scheme can overlap Note: These topologies can be stretched across VC boundaries by using Cross-VC NSX.
Agenda 37 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex – Routing Connectivity
Key Takeways  Logical Routing in NSX enables communication between workloads belonging to different subnets. • Distributed Logical Routers optimize traffic flows for E-W communication. • Edge Services Gateways handle N-S communication to the physical network & provide network services.  Two models for High Availability - Active-Standby and ECMP model  Multiple logical topologies can be built using UI/programmatically by combining NSX Distributed Routing and Edge Services Gateway components.  Logical Routing now extends across vCenter boundaries. 38
Relevant Sessions and References  Sessions  References NSX for vSphere Network Virtualization Design Guide (Ver 3.0) https://communities.vmware.com/docs/DOC-27683 39 NET9029 NSX Logical Load Balancing: From Basics to Fine Art NET7857 NET7858 Reference Design for SDDC with NSX and vSphere: Part 1 & 2 NET7865 Operational Best Practices for VMware NSX NET7854 NET7861 Multisite Networking and Security with Cross-vCenter NSX: Part 1 & 2
Questions? poojap@vmware.com 40
NSX partner ecosystem Physical Infrastructure Security Application Delivery Operations and Visibility 44 DYNAMIC INSERTION OF PARTNER SERVICES
Learn Connect & Engage communities.vmware.com NSX Product Page & Technical Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization VMware NSX on YouTube youtube.com/user/vmwarensx Where to get started Experience 30+ Unique NSX Sessions Breakouts, quick talks & group discussions Visit the VMware Booth Use case demos, chat with NSX experts Visit NSX Technical Partner Booths Integration demos – EPSec & NetX, Hardware VTEP, Ops & Visibility Test Drive NSX with free Hands-on Labs Expert-led or Self-paced. labs.hol.vmware.com Use NSX Proactive Support Service Optimize performance based on data monitoring and analytics to help resolve problems, mitigate risk and improve operational efficiency. vmware.com/consulting Take Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep Dive

Recomendados

An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowAniekan Akpaffiong
 
IaaS
IaaSIaaS
IaaSKenny Huang Ph.D.
 
WebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overviewWebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overviewChris Sparshott
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0MohamedAzizKandil1
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery ManagerJürgen Ambrosi
 
VMWARE ESX
VMWARE ESXVMWARE ESX
VMWARE ESXYogeshwaran R
 
VMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationVMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationRabbah Adel Ammar
 

Recomendados

An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowAniekan Akpaffiong
 
IaaS
IaaSIaaS
IaaSKenny Huang Ph.D.
 
WebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overviewWebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overviewChris Sparshott
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0MohamedAzizKandil1
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery ManagerJürgen Ambrosi
 
VMWARE ESX
VMWARE ESXVMWARE ESX
VMWARE ESXYogeshwaran R
 
VMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationVMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationRabbah Adel Ammar
 
Websphere Application Server V8.5
Websphere Application Server V8.5Websphere Application Server V8.5
Websphere Application Server V8.5IBM WebSphereIndia
 
Azure Migrate
Azure MigrateAzure Migrate
Azure MigrateMustafa
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentationaleyeldean
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expertdlfrench
 
VMware Workspace One
VMware Workspace OneVMware Workspace One
VMware Workspace OneJürgen Ambrosi
 
Azure migration
Azure migrationAzure migration
Azure migrationArnon Rotem-Gal-Oz
 
Lift & Shift to Azure
Lift & Shift to AzureLift & Shift to Azure
Lift & Shift to AzureJochen Kirstätter
 
Vce vxrail-customer-presentation new
Vce vxrail-customer-presentation newVce vxrail-customer-presentation new
Vce vxrail-customer-presentation newJennifer Graham
 
Core Concept: Software Defined Everything
Core Concept: Software Defined EverythingCore Concept: Software Defined Everything
Core Concept: Software Defined EverythingThanakrit Lersmethasakul
 
SD WAN
SD WANSD WAN
SD WANBri Molina
 
V mware v-sphere & vsa presentation
V mware v-sphere & vsa presentationV mware v-sphere & vsa presentation
V mware v-sphere & vsa presentationBusiness Computer Associates, Inc
 
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxcloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxVitNguyn252054
 
Hyper-Converged Infrastructure: Concepts
Hyper-Converged Infrastructure: ConceptsHyper-Converged Infrastructure: Concepts
Hyper-Converged Infrastructure: ConceptsNick Scuola
 
Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStackShapeBlue
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere零壹科技股份有限公司
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1Sanjeev Kumar
 
Introduction to openshift
Introduction to openshiftIntroduction to openshift
Introduction to openshiftMamathaBusi
 
App Modernization
App ModernizationApp Modernization
App ModernizationPT Datacomm Diangraha
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platformLuis Cabaceira
 
Pivotal Cloud Foundry + NSX
Pivotal Cloud Foundry + NSXPivotal Cloud Foundry + NSX
Pivotal Cloud Foundry + NSXPooja Patel
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 

Más contenido relacionado

La actualidad más candente

Websphere Application Server V8.5
Websphere Application Server V8.5Websphere Application Server V8.5
Websphere Application Server V8.5IBM WebSphereIndia
 
Azure Migrate
Azure MigrateAzure Migrate
Azure MigrateMustafa
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentationaleyeldean
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expertdlfrench
 
Vce vxrail-customer-presentation new
Vce vxrail-customer-presentation newVce vxrail-customer-presentation new
Vce vxrail-customer-presentation newJennifer Graham
 
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxcloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxVitNguyn252054
 
Hyper-Converged Infrastructure: Concepts
Hyper-Converged Infrastructure: ConceptsHyper-Converged Infrastructure: Concepts
Hyper-Converged Infrastructure: ConceptsNick Scuola
 
Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStackShapeBlue
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1Sanjeev Kumar
 
Introduction to openshift
Introduction to openshiftIntroduction to openshift
Introduction to openshiftMamathaBusi
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platformLuis Cabaceira
 

La actualidad más candente (20)

Websphere Application Server V8.5
Websphere Application Server V8.5Websphere Application Server V8.5
Websphere Application Server V8.5
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu Introduction
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentation
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expert
 
VMware Workspace One
VMware Workspace OneVMware Workspace One
VMware Workspace One
 
Azure migration
Azure migrationAzure migration
Azure migration
 
Lift & Shift to Azure
Lift & Shift to AzureLift & Shift to Azure
Lift & Shift to Azure
 
Vce vxrail-customer-presentation new
Vce vxrail-customer-presentation newVce vxrail-customer-presentation new
Vce vxrail-customer-presentation new
 
Core Concept: Software Defined Everything
Core Concept: Software Defined EverythingCore Concept: Software Defined Everything
Core Concept: Software Defined Everything
 
SD WAN
SD WANSD WAN
SD WAN
 
V mware v-sphere & vsa presentation
V mware v-sphere & vsa presentationV mware v-sphere & vsa presentation
V mware v-sphere & vsa presentation
 
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxcloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
 
Hyper-Converged Infrastructure: Concepts
Hyper-Converged Infrastructure: ConceptsHyper-Converged Infrastructure: Concepts
Hyper-Converged Infrastructure: Concepts
 
Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStack
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1
 
Introduction to openshift
Introduction to openshiftIntroduction to openshift
Introduction to openshift
 
App Modernization
App ModernizationApp Modernization
App Modernization
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platform
 

Destacado

Pivotal Cloud Foundry + NSX
Pivotal Cloud Foundry + NSXPivotal Cloud Foundry + NSX
Pivotal Cloud Foundry + NSXPooja Patel
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
Docker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker SwarmDocker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker SwarmElton Stoneman
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...
VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...
VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...thephuck
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
Pairing VMware vCenter Site Recovery Manager with virtual SAN
Pairing VMware vCenter Site Recovery Manager with virtual SANPairing VMware vCenter Site Recovery Manager with virtual SAN
Pairing VMware vCenter Site Recovery Manager with virtual SANthephuck
 
XenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsXenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsTim Mackey
 
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014Amazon Web Services
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
もう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlockもう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlockGaku Takahashi
 

Destacado (20)

Pivotal Cloud Foundry + NSX
Pivotal Cloud Foundry + NSXPivotal Cloud Foundry + NSX
Pivotal Cloud Foundry + NSX
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e Design
 
Docker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker SwarmDocker Swarm Is Dead: Long Live Docker Swarm
Docker Swarm Is Dead: Long Live Docker Swarm
 
Sdn primer pdf
Sdn primer pdfSdn primer pdf
Sdn primer pdf
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
 
VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...
VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...
VMworld 2014 - BCO1152 - vCenter Site Recovery Manager: Architecting a DR Sol...
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
Pairing VMware vCenter Site Recovery Manager with virtual SAN
Pairing VMware vCenter Site Recovery Manager with virtual SANPairing VMware vCenter Site Recovery Manager with virtual SAN
Pairing VMware vCenter Site Recovery Manager with virtual SAN
 
XenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsXenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud Environments
 
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSX
 
もう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlockもう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlock
 

Similar a NSX for vSphere Logical Routing Deep Dive

VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization toolDaljeet Singh Randhawa
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 
Logical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxLogical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxAnwarAnsari40
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With ContrailOpenStack Korea Community
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationBayu Wibowo
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PROIDEA
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 

Similar a NSX for vSphere Logical Routing Deep Dive (20)

VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization tool
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
Logical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxLogical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptx
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDN
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
MidoNet 101
MidoNet 101MidoNet 101
MidoNet 101
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Opencontrail network virtualization
Opencontrail network virtualizationOpencontrail network virtualization
Opencontrail network virtualization
 

Último

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

NSX for vSphere Logical Routing Deep Dive

  • 1. NSX for vSphere Logical Routing Deep Dive Pooja Patel, VMware, Inc. NET8131R #NET8131R
  • 2. Growing NSX Momentum A rapid journey of customer adoption across industries 1700+ Customers 8 out of VMware’s top 10 deals in Q216 included NSX 100% YoY growth Consistent year-to-year Q216
  • 3. Security Inherently secure infrastructure Automation IT at the speed of business Application continuity Data center anywhere NSX customer use cases Micro-segmentation DMZ anywhere Secure end user IT automating IT Multi-tenant infrastructure Developer cloud Disaster recovery Cross cloud Multi data center pooling
  • 4. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 4
  • 5. Agenda 5 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex - Routing Connectivity
  • 6. Provides 6 A faithful reproduction of network and security services in software Management APIs, UI Switching Routing/NAT FirewallingLoad balancing VPN Connectivity to physical networksPolicies, groups, tags DHCP DHCP Activity monitoring
  • 7. NSX Components 7 LogicalNetworkPhysical Network Cloud Consumption  Self Service Portal  vRealize Automation, OpenStack, Custom CMS CMP  High – Performance Data Plane  Scale-out Distributed Forwarding Model Data Plane NSX Edge ESXi Hypervisor Kernel Modules Distributed Services Firewall Distributed Logical Router Logical Switch VPN Control Plane NSX Controller  Manages Logical networks  Control-Plane Protocol  Separation of Control and Data Plane Management Plane NSX Manager  Single configuration portal  REST API entry-point vSphere Web Client DLR Control VM
  • 8. Agenda 8 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex - Routing Connectivity
  • 9. Tenant C L2 L2 L2 vRealize Automation  Physical Infrastructure Scale Challenges – Routing Scale  Multi-Tenant Routing Complexity  Traffic hair-pins  Distributed Routing in Hypervisor  Logical Router per tenant  Programmatic Consumption Challenges Benefits NSX Logical Routing: Distributed, Feature-Rich 9 Tenant B L2 L2 L2 L2 L2 Tenant A
  • 10. NSX Logical Routing Component – Distributed Logical Router  Optimized for E-W.  Distributed Logical Router instance is instantiated on ESX hosts.  LIFs(Logical Interfaces) are defined on the Distributed Router to handle VM default gateway traffic.  Multiple LIFs per DLR instance.  Multiple DLR instances are supported to isolate separate tenant domains.  DLR Control VM peers with the Edge VM and exchanges routing information.  Control VM is also used in software L2 bridging for placement and high- availability on bridge. 10 DLR Control VM DLR Instance ESXi Hypervisor Kernel Modules (VIBs) Distributed Logical Router LIF1 LIF2 LIF3
  • 11. NSX Logical Routing Component – Edge Services Gateway 11 NSX Edge Services Gateway VPN  On/Off-Ramp connectivity between logical and physical. - Optimized for N-S Routing Static, OSPF, BGP - Network Services NAT Edge Firewall Load Balancing VPN DHCP DNS - Internal, Uplink, Trunk Interfaces
  • 12. Edge Services Gateway - Sizing  VM form factor - 4 sizing options.  Edge form factor can be changed after initial deployments via UI/API.  Resource reservation is done for CPU/Memory for NSX Edge VMs during creation from 6.2.3. 12 NSX Edge Services Gateway Form Factor vCPU Memory (MB) Usage X-Large 6 8192 L7 Load Balancing *dedicated core for LB Quad- Large 4 2048 High throughput ECMP or High Performance Firewall Large 2 1024 Small/Medium DC or multi-tenant Compact 1 512 Small Deployments, POCs and single service use VPN
  • 13. External Network NSX Logical Routing – Topology view 13 Physical view DLR Logical view VPN External VM2 VXLAN 5001 VXLAN 5002 VXLAN 5003 ESX Host A LIF1 LIF2 LIF3 ESX Host B LIF1 LIF2 LIF3 ESX Host C LIF1 LIF2 LIF3 NSX Edge VM DLR instance DLR instance DLR instance DLR Control VM VM1 VM2 Peering VLAN based network VPN VM1 VXLAN 5003 VLAN VXLAN 5001 VXLAN 5002
  • 14. Centralized Routing for East-West Communication Hair Pinning 14 vSphere Host VDS1 Transport Network 10.10.10.10/24 vSphere Host VXLAN 5001 20.20.20.20/24 NSX Services Edge GW VM VXLAN 5002 Compute Rack 1 Edge/Mgmt. Rack 1 7 2 3 4 5 6 Frame sent over VXLAN transport Network to the Gateway IP of Green Logical Switch VM1 on Green Logical Switch (172.16.1.10) communicates with VM2 on Red Logical Switch(172.16.2.10) Frame delivered to the destination VTEP (20.20.20.20) Packet delivered to the Gateway Interface for Routing After the Routing decision, the frame is sent to the VM2 on Red Logical Switch Packet delivered to the destination 172.16.1.10 172.16.2.10 .1 .1 Frame delivered to the destination VTEP (10.10.10.10) VDS2 VPN VM1 VM2
  • 15. NSX Logical Routing : Components Interaction 15 NSX Edge (Acting as next hop router) Web App Distributed Logical Router Instance 192.168.2.1 192.168.2.2 Forwarding Address 192.168.2.11 DLR Control VM Data Path Control Controller Cluster Control NSX Mgr Distributed Logical Router is created using NSX Manager UI or Rest API.1 OSPF/BGP peering between the NSX Edge and logical router control VM3 Learnt routes from the NSX Edge are pushed to the Controller for distribution4 Controller sends the route updates to all ESXi hosts 5 Routing kernel modules on the hosts handle the data path traffic6 1 3 4 5 6 Controller pushes logical router LIF configuration to ESXi hosts 2 2 OSPF, BGP Db VXLAN VLAN VPN Peering External Network
  • 16. Distributed Routing Traffic Flow Same Host 16 vSphere Host vSphere Distributed Switch vSphere Host VXLAN 5001 VXLAN 5002 Host 1 Host 2 1 2 LIF1 : 172.16.1.1 LIF2 : 172.16.2.1 LIF2 – ARP Table VM IP VM MAC 172.16.2.10 MAC2 DA: vMAC SA: MAC1 PayloadL2 IP DA: 172.16.2.10 SA: 172.16.1.10 MAC1 MAC2 LIF1 LIF2 vMAC Internal LIFs Destination Interface Mask Gateway Connect 172.16.1.0 255.255.255.0 0.0.0.0 Direct 172.16.2.0 255.255.255.0 0.0.0.0 Direct Routing Table 3 4 10.10.10.10/24 20.20.20.20/24 Transport Network 172.16.1.10 172.16.2.10 VM1 VM2
  • 17. Distributed Routing Traffic Flow From External Networks (Ingress) 17 VDS2 vSphere Host VDS1 vSphere Host VXLAN 5001 NSX Edge GW VXLAN 5003 Host 1 Host 2 Uplink 172.16.1.10 MAC1 5 12 3 4 6 192.168.2.0/24 Transit Network .1 The Packets are forwarded to Transit Network LIF configured on Logical Router After route lookup, the packet is encapsulated in VXLAN header and sent to the VTEP where VM1 172.16.1.10 resides Edge GW routes the traffic to the next hop router interface 192.168.2.2 Packet delivered to the destination LIF2 LIF1 vMAC LIF2 : 172.16.1.1 (I) LIF1 : 192.168.2.2 (U) Internal Networks 10.10.10.10/24 20.20.20.20/24 .2.1 4 Destination Network Next Hop 172.16.1.0/24 192.168.2.2 VM1 VPN Device on the External Network (192.168.100.10) communicates with VM1 on Green Logical Switch (172.16.1.10) External Networks VXLAN Transport Network 192.168.100.10
  • 18. Agenda 18 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment topologies 5 Summary and QA Annex - Routing Connectivity
  • 19. 19 Logical Routing High Availability (HA) DLR Control VM External Network NSX Edge Distributed Routing E1 Physical Router Active Standby E2 Web DB DLR App Active/Standby HA Model VPN VPN VPN ECMP HA Model 2 … E8E3E1 Physical Router E2 Web DB DLR App DBWeb App VM VM VM VMVM VM 1 Active Standby Active/Standby HA Model
  • 20. I am ACTIVE  Active/Standby HA Model 20 HA Interface How does Active/Standby HA work?  Edge High-availability – Configurable on Edge Services Gateways & DLR Control VMs.  Keepalives + State Sync Information - Exchanged between Active & Standby Edges on a designated HA interface.  Declare Dead Timer - Configurable  Non-preemptive HA  Stateful failover for services: • FW - connection tracking LB - Sticky table DHCP- Lease Information Routing- FIB information 1 Active StandbyStandby Hypervisor 1 Hypervisor 2 VPN VPNVPNVPN X Declare Dead Timer Expiry Let me send probes on my interfaces… No response on any of the interfaces :( Sending GARPs. Waiting...... I am not receiving keep-alives from my peer Active
  • 21. Active/Standby HA Model 21 DLR Physical Router VXLAN VLAN Active Standby .2 .1 .2 .1 E1-1E1-0 192.168.100.0/24 192.168.2.0/24 Routing peering 1 Active VPN Standby VPN External Network  All N-S traffic is handled by the Active NSX Edge. Only active NSX Edge establishes routing adjacencies to the DLR Control VM and the physical router.  Anti-affinity & Graceful Restart are enabled by default.  Stateful services are supported on the NSX Edge pair FW, Load-Balancing, NAT, DHCP  HA Recommendations Dynamic Routing Timers - OSPF 30/120 BGP 60/180 Dedicate Logical Switch as the HA Interface for DLR Control VMs/ESGs. Declare Dead Timer is configurable and can be tuned down to 6 seconds Web 172.16.1.0/24 App 172.16.2.0/24 DB 172.16.3.0/24
  • 22. Active/Standby HA Model 22 DLR Physical Router VXLAN VLAN Active Standby .2 .1 .2 .1 E1-1E1-0 192.168.100.0/24 192.168.2.0/24 Routing peering 1 Active VPN Standby VPN External Network ESXi Host DLR instance route table DB 172.16.3.0/24 App 172.16.2.0/24 Web 172.16.1.0/24
  • 23. DLR 23 Physical Router E1-1 Failed Active Routing peering VXLAN VLAN Active/Standby HA Model – ESG Failure Active Standby .2 .1 .2 .1 192.168.100.0/24 192.168.2.0/24 Routing peering 1 Web 172.16.1.0/24 DB 172.16.3.0/24 App 172.16.2.0/24 VPN E1-0 X VPN DLR External Network ESXi Host DLR instance route table
  • 24. 24 Logical Routing High Availability (HA) DLR Control VM External Network NSX Edge Distributed Routing E1 Physical Router Active Standby E2 Web DB DLR App Active/Standby HA Model VPN VPN VPN ECMP HA Model 2 … E8E3E1 Physical Router E2 Web DB DLR App Active Standby Active/Standby HA Model DBWeb App VM VM VM VMVM VM 1
  • 25. ECMP HA Model (Up to 8 NSX Edges) 25 E3E1 Physical Routers E2 … External Network Routing peerings VXLAN VLAN Routing peerings E8 2 Web DBApp DLR … External Network …. North-South traffic is handled by all Active NSX Edges Multiple equal cost paths in the DLR FIB Traffic is hashed based on Src/Dst IP address values … .4 .5 .6
  • 26. ECMP HA Model (Up to 8 NSX Edges) 26 DLR E3 E8E1 … Routing peerings VXLAN VLAN Routing peerings E2 2 Web DBApp Physical Routers External Network X North-South traffic is handled by all Active NSX Edges • Multiple equal cost paths in the DLR FIB • Traffic is hashed based on Src/Dst IP address values HA Recommendations • No need to enable Edge HA for each Active Edge. • Aggressive Routing Timers for fast failover • Asymmetric routing paths – Stateful services not supported(Stateful Edge Firewall, NAT). • DFW is supported • Set URPF setting to loose .4 .5 .6
  • 27. DLR 27 Physical Router E2 Active Routing peering VXLAN VLAN DLR Control VM – Failure and Recovery Active Standby .1 192.168.100.0/24 192.168.2.0/24 Routing peering 2 Web DBApp E1 DLR External Network .3 .2 .4 .2 .3 X HA Recommendations: Incase of aggressive OSPF/BGP routing timers for ECMP • Static summary route to reach logical networks with DLR Forwarding Address as next hop. • Floating static route with higher admin distance to be injected on each ESG. • ESG to redistribute static to Physical. Dual Failure Scenario Ensure DLR Control VMs and ESGs are on separate ESX hosts. Aggressive OSPF/BGP routing timers – Adjacency will flap incase of DLR Control VM failure.
  • 28. Comparison of Edge HA Models Active/Standby HA Model Bandwidth Single Path (~10 Gbps/Tenant) Stateful Services Supported - NAT, LB, FW, DHCP Availability Convergence with stateful services enabled ECMP Model Bandwidth Up to 8 Paths (~80 Gbps/Tenant) Stateful Services Not Supported *DFW is supported Availability High ~ 3-4 sec with (1,3 sec) timers tuning E1 Physical Router Active Standby E2 Routing peering Web DB DLR App Active Standby DLR Control VM … E8E3E1 Physical Router E2 Routing peerings Web DB DLR App Active Standby DLR Control VM VPN VPN 1 2
  • 29. Agenda 29 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex – Routing Connectivity
  • 30. VLAN 20 Edge Uplink Physical Routers NSX ECMP Edges VXLAN 5020 Transit Link DLR Instance 30 Enterprise Routing Topology … Reference Design for SDDC with NSX & vSphere NET7857 … E1 E2 E3 E8 DLR Control VMs Routing peerings FIB update Routing peerings VXLAN VLAN Web1 App1 DB1 WebN AppN DBN External Network VM VM VM VM VM VMVM VMVM VM VM VM
  • 31. VLAN 20 Edge Uplink Physical Routers NSX ECMP Edges VXLAN 5020 Transit Link DLR Instance 31 Enterprise Routing Topology + L2 Bridging … E1 E2 E3 E8 DLR Control VMs Routing peerings FIB update Routing peerings VXLAN VLAN Web1 App1 DB1 External Network VM VM VM VMVMVM L2 Bridging  The hypervisor on which Active DLR Control VM is placed is designated as Bridge Host with Active Bridge Instance.  DLR Control VM only used for placement and HA of bridge instance (not in datapath).  L2 Bridging – VNI to VLAN mapping. DB Server DB Server
  • 32. Multi Tenant Routing Topology 32 Tenant 9 DLR Instance 9 Tenant 1 NSX Edge VXLAN 5021 Transit Link VXLAN 5029 Transit Link …  Can be deployed by Enterprises, SPs and hosting companies.  Upto 9 tenants (as 10vNICs on the Edge VM)  No support for overlapping IP addresses between Tenants connected to the same NSX Edge. ECMP Routing peerings Routing peering Web1 App1 DB1 Web1 App1 DB1 External Network DLR Instance 1 VM VM VM VM VM VM VM VM VM VMVM VM
  • 33. Multi Tenant Routing Topology 33 NSX Edge VXLAN Trunk  Use of Trunk interface on the NSX Edge (in addition to Internal and Uplink).  Allows up to 200 sub-interfaces on a single vNIC and establish peering with a separate DLR instance.  Routing protocols are supported over sub- interfaces. Routing peerings Tenant 1 Tenant 2 Tenant 200 Single vNIC Web1 VM VM VM App1 VM VM DB1 VM External Network Web1 App1 DB1 VM VM VM VMVM VM
  • 34. High Scale Multi Tenant Topology – 2-tier 34 Tenant 1 … Tenant NSX Edge with HA NAT/LB features ECMP NSX Edge X-Large (Route Aggregation Layer) ECMP Tenant NSX Edge VXLAN Uplinks (or VXLAN Trunk) VXLAN Uplinks (or VXLAN Trunk) VXLAN 5100 Transit … E1 E8 Web1 App1 DB1 VM VM VM VMVM VM DLR Instance 9 Web1 App1 DB1 VM VM VM VMVM VM External Network
  • 35. Cross-VC Multi-site topology CONFIDENTIAL 35 ULS App1 Universal Distributed Logical Router Instance VM VM VM VM VM VM ULS Web1 Site A Site B vCenter Server A vCenter Server B Universal Controller Cluster NET7854R Multi-Site Networking and Security with Cross-VC NSX – Part 1 & 2 Universal Transport Zone External Network Control VM w/ Local Egress Control VM w/ Local Egress ULS Transit A ULS Transit B
  • 36. Topologies Comparison Topology Characteristics Enterprise One DLR for all apps DFW for VM to VM security Typically no NAT ECMP Edges Multitenant Up to 9 tenants w/o trunk Up to 200 tenants w/ trunk DLR per tenant No overlapping IP High scale multitenant DLR and Edge per tenant 2-tier of Edges Tenant IP scheme can overlap Note: These topologies can be stretched across VC boundaries by using Cross-VC NSX.
  • 37. Agenda 37 1 NSX Introduction 2 Logical Routing 3 High Availability 4 Deployment Topologies 5 Summary and Q&A Annex – Routing Connectivity
  • 38. Key Takeways  Logical Routing in NSX enables communication between workloads belonging to different subnets. • Distributed Logical Routers optimize traffic flows for E-W communication. • Edge Services Gateways handle N-S communication to the physical network & provide network services.  Two models for High Availability - Active-Standby and ECMP model  Multiple logical topologies can be built using UI/programmatically by combining NSX Distributed Routing and Edge Services Gateway components.  Logical Routing now extends across vCenter boundaries. 38
  • 39. Relevant Sessions and References  Sessions  References NSX for vSphere Network Virtualization Design Guide (Ver 3.0) https://communities.vmware.com/docs/DOC-27683 39 NET9029 NSX Logical Load Balancing: From Basics to Fine Art NET7857 NET7858 Reference Design for SDDC with NSX and vSphere: Part 1 & 2 NET7865 Operational Best Practices for VMware NSX NET7854 NET7861 Multisite Networking and Security with Cross-vCenter NSX: Part 1 & 2
  • 41. NSX partner ecosystem Physical Infrastructure Security Application Delivery Operations and Visibility 44 DYNAMIC INSERTION OF PARTNER SERVICES
  • 42. Learn Connect & Engage communities.vmware.com NSX Product Page & Technical Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization VMware NSX on YouTube youtube.com/user/vmwarensx Where to get started Experience 30+ Unique NSX Sessions Breakouts, quick talks & group discussions Visit the VMware Booth Use case demos, chat with NSX experts Visit NSX Technical Partner Booths Integration demos – EPSec & NetX, Hardware VTEP, Ops & Visibility Test Drive NSX with free Hands-on Labs Expert-led or Self-paced. labs.hol.vmware.com Use NSX Proactive Support Service Optimize performance based on data monitoring and analytics to help resolve problems, mitigate risk and improve operational efficiency. vmware.com/consulting Take Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining

Notas del editor

  1. Let us take a look at the Agenda: -We will first go thru a quick NSX introduction and component overview. We will spend 5-7 minutes on this. In this presentation we will talk specifically about NSX for vSphere -Then we will go into the meat of our presentation and introduce Logical Routing. We will spend the bulk of our time talking about Logical Routing concepts, high-availiability models and deployment topologies. -We will try to dedicate the last 10 minutes to wrap-up and QA. - I really wanted to cover different routing connetivity options but we will run out of time…so I have added them in the annex for your reference.
  2. So what is NSX. NSX is a networking and security platform which provides a variety of services in Software.. Some of the services we provide in software are -Logical Switching -Logical Routing both E-W as well as N-S Routing -Services like NAT -Load balancing ( Both inline and one-arm). We also have DLB in tech-preview. -Firewalling (Both E-W Distributed Firewall and N-S Perimeter Firewalling). -We also have very rich activity monitoring capabilities built in where u can monitor what VMs are being accessed by what users etc. -For remote connectivity, we have VPN services like: SSL VPN, IPSec VPN, L2 VPN etc. We have a dedicated session which talk about Load Balancing and another one on Leveraging NSX for Remote and Branch offices -DHCP services (DHCP relay /DHCP server) Connectivity to physical -> We have virtual L3 gateways which provide on/off ramp functionality from logical overlay network to the physical. -support for software bridges as well as newly introduced HW VTEP functionality.
  3. The first requirment is we need a physical network which can provide a stable/resilient backplane to forward traffic. We are underlay topology agnostic. The only requirement we have is the ability to carry VXLAN packets....we have a 50 byte overhead so MTU needs to be 1550 and above. We use VXLAN overlay technology to extend L2 over L3. Now coming to NSX architecture, we have a DP, CP and a MP So what comprises the data plane? Lets start with the ESX hypervisor and the VDS When we enable NV on an NSX cluster,we go and install what we call VIBs or VMware installation bundles on each hypervisor. . -These VIBs provide Logical Switching, Distributed Routing and Firewalling at a hypervisor level. So instead of one giant centralized router we have these bunch of distributed routers which run inside each ESX host at a kernel level. -We also have the NSX edge - VM form factor and provides a variety of services. Its main function is to act as on/ramp off/ramp from logical network to physical network.It acts as a router and also provides other functionality like NAT, Firewall, Load-balancing, VPN services, DHCP services etc. ####So the ESXi hosts, the VDS and Edge make up a high performance Data-Plane to forward traffic. CP:Consists of a cluster of 3 controllers. the brain of the solution. Controllers build a clear picture of who is connected where, keeps track of VM, Logical Switch , VTEP association and help in distributing ARP and routing info. DLR Control VM peers with the physical and exchanges routing info. MP: Consists of NSX Manager. single config point and entry point to the system for the REST APIs. Tightly coupled with vCenter and accessible via the vSphere Web GUI. -Also used to install NSX and make hypervisors NV ready with secret VIBs and VTEPs. -On top of NSX u can have a CMP to consume and orchestrate NSX . U can also use a Cloud Mgmt system to consume NSX’s networking and security services. Some examples of CMS are vMware’s VRA and Openstack
  4. Let us take a look at the Agenda: -We will first go thru a quick NSX introduction and component overview. We will spend 5-7 minutes on this. -Then we will go into the meat of our presentation and introduce Logical Routing. We will spend the bulk of our time talking about Logical Routing concepts, high-availiability models and deployment topologies. -We will try to dedicate the last 10 minutes to wrap-up and QA.
  5. So what challenges do we have in legacy way of doing things? So what benefits of NSX Logical Routing over traditional legal way of doing things? -BIG CENTRALIZED Router -In traditional NW designs, every time a VM on a segment wants to communicate to a VM on a different segment traffic will need to go to a Big centralized router in the physical network to get routed. That is sub-optimal Paradigm: NSX Distributed Routing is built on the paradigm of pushing the services as close to the application as possible. In our case , we r pushing the services and performing lookups right in the ESX hypervisors where the application is running. So eseentially in our design, we have these small distributed router instances running in each hypervisor so the load is distributed . ###among several hypervisors and we have a huge distributed router. This helps us achieve BETTER SCALABILITY - OPTIMIZATION OF DATA PATH Other advantage we get is Optimization of the data-path. Lets assume u have a VM1 on subnet-1 Web Tier and VM2 on subnet-2 running on DB Tier on the same hypervisor. There is no need to go to the Aggregation switch to get the packet routed and back to the same host. It is Sub-optimal and eats bw. PROGAMMATIC CONSUMPTION. You can now create virtualized networks programmatically very quickly without touching the physical infrastructure. All u do is go to your CMP(like vRealize or Openstack) and say -spin a tenant for me, -spin some apps for this tenant -by the way also spin the virtual network for me . NSX Logical Routing, VXLAN based logical switching. and our other services makes this possible.
  6. So now lets look at the first building block – Distributed Logical Router. It has 2 components – DP Component + CP Component. DP Component is the DLR instance which is pushed on each hypervisor and CP component is the DLR Control VM. We will look at both of these in detail. When a distributed router is provisioned in NSX manager and DLR instance is pushed on all the hypervisors in the NSX domain. This DLR instance will provide E-W routing between the logical-switches attached to it. What are LIF – LIF are logical interfaces defined on DLR instances and assigned IP addresses. They handle VM gateway traffic for the appropriate logical network. Multiple LIFs on each DLR and an ARP table is maintained per LIF. Exactly the same DLR instance and the same LIFs are pushed to each hypervisor. vMAC is the MAC address of the LIF vMAC is same across all the Hosts and it is never seen by the physical network VMs use the vMAC as their default gateway MAC address ARP/MAC timeout on ESX Host 180/300 if no activity. Now what if u want to create multiple tenants and what multiple DLRs to isolate tenant domains. That is possible too. We can create multiple DLR instances DLR Control VM: Now What if VMs need to communicate N-S to the physical network. So we need a way to communicate to the edge router which communicates N-S and exchange routing informariotn. That is the function of the DLR ControL VM. It establishes routing adj with the edge router and exchanges routing info. This way u don’t need each ESX hypervisor to peer with physical and have 1000s of adjacencies. Other function – L2 bridging. DLR Control VM – Optional in small/static topologies. Notes: This 3 minute timeout is controlled by the switch security module which has a 180 second expiry for any addresses learnt through ARP snooping:
  7. -Now let us have a look at the second building block which is the Edge Services Gateway. -Edge services gateway is a VM appliance deployed in VM form factor. -It provides N-S On/Ramp Off-Ramp connectivity between the Logical Networks and the physical networks. It is very versatile and supports a plethora of network services in software like Routing(Static and Dynamic), NAT, Load Baancing, Firewalling, VPN, DHCP, DNS forwarding etc. On the routing side: Dynamic routing as well as static routing for Supports OSPF, BGP. NAT can also be performed on the traffic running on the edge. NSX Edge supports DHCP Relay functionality and can also act as a DHCP server. We also have DNS forwarding capabilities.  
  8. If your sizing needs change, u can change the form factor of an already deployed edge from the NSX Manager UI/Rest Api. Compact: Suitable for small POC environments. Large: Small DCs. Quad-large: ECMP & LB If u need high L7 LB performance, XL is more suited More details can be found in our design guides and reference design session ### 1000mhz per CPU reservation Yes, single dedicated core for haproxy, core 4  in x-large.   Processes, such as config engine, event mananger, affinity to core 5.   Core 0-4 are for network traffic, but from 6.2.0,  I changed nagios processes running on core 0-4, before this version, nagios processes are also running on core 5.  L4 LB (IPVS) is in kernel and running on core 0-4.   As I heard from Mitesh that, from 6.2.3, L2VPN process also affinities to core 4 for x-large.
  9. Now lets put both these pieces together in our topology. Lets look at our logical view first. We have a bunch of VMs which are connected to DLR for E-W routing. IF these VMs want to communicate N-S they have to communicate to the edge which will do VXLAN-VLAN translation and present the traffic to external networks. Now lets look at the physical topology. We have 3 hosts which are a part of our NSX domain. We have 3 logical switches. We haveRouter with 3 logical interfaces LIF1, LIF2 and LIF3 and connect LIF to LS1 , LIF2 to the green network VXLAN 5002 and Purple VXLAN for Transit between DLR and Edge. This DLR is instantiated on all the ESX hosts which are part of this NSX domain. So we now have a lil router running on all these hosts which can route traffic E-W between these 3 networks. Now we create the Edge Gateway and we are going to connect it to two networks – Purple VXLAN network on its internal interface and the External world on its uplink interface. We can establish a Dynamic Routing between the Edge and the external network. And a peering relationship between the DLR Control VM and the Edge. Have 3 ESX hosts. ESX host A Compute ESX Host B Compute ESX Host C Edge and DLR Control VM to outside.
  10. So now lets look at what wud happen if there was no Distributed Routing and we did centralized routing? Sub-optimal More latency Using b/w for no reason
  11. Now lets take a deeper look at how components interaction and communication between the various components. DLR is created using NSX manager UI or REST API. What happens as a result of this step is that a DLR ControL VM is created as well as the DLR instance is instantiated on all hypervisors in the TZ but no LIFs are pushed. Then the controller pushes Logical LIF configuration to the ESXi hosts. Talk about Logical Routing -> DLR Control VM Optional topology 1) External nw: needs to know bout subnet to reach logical space. Edge advertises routes to physical. So physical knows the subnets reachable in logical-space. Selectively advertise Web-Tier subnet to physical. 2) Logical space needs to know how traffic should return back to physical VM. Needs to know the gateway. All little routers know that when outside, send traffic to IP address of NSX edge. DP completely bypasses CP.
  12. DR Enabled. The packet reaches the distributed router. DR has two LIFs LIF1 and LIF2. The routing tables shows the destination network as directly connect to the rotuer…so a routing lookup is performed and the packet is put over LIF2. Traffic will be received at the DLR. 2) Route betn LIF1 and LIF2. 3) When route to LIF2 - There is an associated ARP table at every LIF interface. If there was no ARP entry for 172.16.2.10 , DR wud have generated ARP request to populate arp table. ARP timeout.
  13. -When an IP on external network want to communicate with VM on the logical network lets look at ingress. It knows to reach logical network, it needs to get to the Edge uplink. 2 routing lookups. -When traffic is handed to transport network- it is just switched over VXLAN. If we are going in reverse direction ,first lookup wud happen here. And second lookup at service vm. Fundamental thing to remember is: Routing always happens at the ESX host where the Source VM is located.-> Routing happens at entry point and after that we just do switching.
  14. Now that we have looked at all the building blocks in detail, lets look at Deployment & High Availability.
  15. High-availability Design is important so that components are always highly available to resume services rapidly in the event of an outage. . Since the Edge and the DLR control VM run on ESX hosts, there is always a possibility of a host outage so if convergence is important, we shud design for HA. In NSX, we have High-Availability options for both our routing compoents -DLR Control VM -Edge Services Gateway VMs. (DLR isnt in data-path but it is still responsible for exchanging routing updates). So if for any reason the DLR control VM goes down, we have another one in standby taking its place. For the ESG VM, we have 2 options – We have the active/standby model just like the DLR, we also have an ECMP model. The goal there is to have Active-Active HA where all edges are active at the same time. We will discuss each model in detail in the subsequent slides. The nice thing is enabling/disabling HA is a configurable option in the NSX, so it is easy to configure and embedded in the product. ################### High Availability in already embedded and can be configured in the product Elements needing HA are: DLR Control VM -> If it goes down, we have another one which can take over rapidly. Seconf Element: Edge Services Gateway. Same kind of model as the DLR Control VM – Active Standby. Secon model of HA for Edge – ECMP. Goal is to get Active-Active HA….all active at same time. For DLR Control VM – We have the Active/Standby HA model. ################# In the last session, we got feedback that why design with HA? Is High Availiabilty important to u? High Availability Design is very important so that services can resume quickly in the event of an outage. Since the Edge and the DLR control VM run on ESX hosts, there is always a possibility of a host outage so we shud always design for high-availability so that convergence happens and services resume. In NSX, We have HA/redundancy options for both our components: -DLR control VM -ESG VM For the DLR Control VM, we have an Active/Standby HA model (DLR isnt in data-path but it is still responsible for exchanging routing updates). So if for any reason the DLR control VM goes down, we have another one taking its place. For the ESG VM, we have 2 options – We have the active/standby model and we also have an active-active model which provides scale-out We will discuss each model in detail in the subsequent slides. The nice thing is enabling/disabling HA is a configurable option in the NSX, so it is easy to configure. Just explain high level, the next slides are giving the details. The logical topologies don’t need to be designed with HA in mind, NSX will take care of it.
  16. Now lets take a deeper look at the Active-Standby model. In this model, a pair of edge VMs are deployed, one is the Active Edge and the second one is the Standby Edge. By default Anti-affinity rules are configured by the system, so that the Active and the Standby land on different ESX hosts. Keep-alives are exchanged between the Active VM and the Standby VM on a designated HA interface. HA interface - can be a dedicated interface or a shared interface. By default, it is the first internal interface(non Uplink interface) on the ESG. In addition to keep-alives, State information is also synchronized over this HA interface. Information like Firewall Connection tracking, NAT Tables, LB persistence tables and Routing tables, DHCP leases etc are synced. Now lets have a look at what happens in failure Here keep-alies are being exchangec between active/standby. Hypveriso with Active VM fails. Standby see that it isnt receiving keep-alives from peer…so it waits until the declar dead timer expires. Declare Dead Timer is 15 seconds. If the Declare dead timer expires, the peer is declared unreachable. For split brain prevention, Probes are sent on internal and uplink interfaces. If no one replies, standby assumes peer is unreachable. Standby takes over and becomes active and takes over the configuration and sends out GARPs. Now what happens when the old Active recovers. The keepalives resume….and the old Active becomes Standby nad syncs state information from Active. There is non-preemptive HA where we don’t switch back to reduce traffic outage. On DLR Control VM- mechanics is the same, u have to pick an HA interface. Best practice is to choose an HA interface on the transport network for both DLR and ESG control VMs.
  17. Now lets take a look at this topology. We have a DLR with 3 logical switches. We have a DLR Control VM which is peering with the Edge services gateway. ESG is configured with HA enabled. So there is an active ESG and a standby ESG deployed. You can go to the NSX manager to find out which ESG is active and which is standby. Only the active ESG establishes peering relationship with the DLR and the physical. The standby ESG doesnt have any routing protocol setup or an IP address. Let take a look at the routing table on the DR.
  18. In 6.2 we introduced centrali CLI, so u execute commands on different components without sshing into those components. In this screenshot we are looking at the Distributed Router table on a particular hypervisor. You can see the 3 directly connected networks Web App DB zYou can see the default gateway point to the 192.168.2.1 (Forwarding address of the ESG) Let take a look at the routing table on the DR.
  19. Now lets look at the failure scenario. What happens with Edge E1 fails. When the active Edges fails, the standby Edge takes over the IP addresses of the active Edge. Routing peering happens with the standby. edge The adjacency from DLR and physical network perspective is still exactly the same without configuring routing. Gratitiuous ARP The new active Edge send out gratitious ARPs so that the network knows that the IP address has moved from a VM on one host to a VM on another host. State information like Route Entries, DHCP leases and the Connection Tracker table entries is synced…. This is valuable when u r doing services like Firewall/NAT so there is no disruption. <WIP> THE HA addresses are not taken over. Lets take a look at the NSX manager view now. We also execture a show service high availability and see that HA index 1 is now active and peer is unreachable. The keep-alive HA configuration address are on the 140 subnet. This is something which the user picked. U can leave the configuration blank and it will ping an auto-config 169.254 IP range. ######### Now lets look at the failure scenario. What happens with Edge E1 fails. When the active Edges fails, the standby Edge takes over all the IP addresses of the active Edge. Routing peering with standby. The adjacency from DLR and physical network perspective is still exactly the same without configuring routing. The new active Edge send out gratitious ARPs so that the network knows that the IP address has moved from a VM on one host to a VM on another host. State information like Route Entries, DHCP leases and the Connection Tracker table entries is synced…. This is valuable when u r doing services like Firewall/NAT so there is no disruption. Graceful restart is enabled by default. So leave the routing protocol timers to default or higher than the time it takes to transition, so that adjacency doesn’t flap.
  20. Now lets look at the second model which is active-active
  21. In the ECMP HA model, All edges are active (upto 8 edges are supported in ECMP model). NO keep-alives between E1 and E2. They are totally independent of each other. Edge HA not enabled. We don’t need graceful restart. We don’t need anyone to take over…so we recommend aggressive routing timers. We can support equal cost paths from DLR to 8 edges. If you look the In Data-path, we have 8 paths from the DR to the ESGs. DLR instance is seeing 8 entries in the routing-table How do we know which path to take : DR determines that based on a hash. Hash is based on IP source/dest (as any router in the industry). First layer ECMP : DLR to ESG. This is first layer of ECMP Second Level of ECMP: Typically at the Edges: at least 2 NIC on host for redundnacy to two different TORs. On return path: we see exactly the same. We see 8 diff entries for the different paths. We have OSPF configured in this topology hence u see N2
  22. Detection: Based on Routing timers. As soon as DLR detects that one Edge is down, it will rehash the packet to all the remaining edges. In failure As DLR detects one Edge is down, it will rehash the packet….it will re-loadbalance the traffic to remaining edges ############### So with aggressive timers, it will take 3 seconds for physical to detect if an Edge is down. Same thing for DLR. North-South traffic is handled by all Active NSX Edges Multiple equal cost paths in the DLR FIB Traffic is hashed based on Src/Dst IP address values Other recommendations No need to enable Edge HA for each Active Edge. Graceful restart on the NSX Edge Services Gateways taking part in ECMP can be disabled. Routing Timers can be made aggressive for faster convergence. vSphere HA should be enabled for the NSX Edge VMs. Active/Active ECMP currently implies stateless behavior. No support for stateful Edge Firewall, Load Balancing or NAT. DFW can be used to protect the tenant VMs in the logical network. Make sure URPF setting is set to loose as return traffic can return from a different ESG.
  23. Now lets talk about DLR Control VM Failure and Recovery. DLR control VM is not in data-path however it does peer with the ESGs and exchanges routing information. DLR control VM can be configured in HA – Active-Standby Model. Now there is a special failure scenario we need to consider for DLR Control VMs especially when aggressive timers come into play with ECMP Edges. If DLR Control VM goes down, the routing adjacency between the DLR Control VM and the ESGs will flap. So the Edges will go ahead and flush their tables and remove all prefixes learnt from the DLR. This will cause N/S traffic to be blackholed. To mitigate this failure, we will add a static route with higher admin distane with the forwarding address of the DLR as next hop and this route will be redistributed upstream to the physical. In my case, I have a static route which summarizes all my logical networks using /16. So if adjacency between DLR and ESG flaps we still have N-S traffic flowing. More discussion can be found in the NSX Design guide. ################ The aggressive setting of routing protocol timers as applied to ECMP mode for faster recovery has an important implication when dealing with the specific failure scenario of the active control VM. This failure would now cause ECMP Edges to bring down the routing adjacencies previously established with the control VM in less than 3 seconds. This means that ECMP Edges flush their forwarding tables, removing all the prefixes originally learned from the DLR. This would cause the north-south communications to stop. To mitigate this failure of traffic, static route with a higher administrative distance than the dynamic routing protocol used between ESG and DLR are needed. This configuration is shown in Figure 113. Read page 133 of DIG 3.0 If routing timers are aggressive for ECMP, we may see a routing flap during a DLR Control VM failure event. Floating static route if Nimish isnt talking about it Type7: N2 Type5: E2 The basic difference between a N type as well as E type is that they belong to two different types of LSAs. Type 5 is E and Type 7 is N. An external route (redistributed from another routing protocol, static route or connected route) will be tagged as a Type 5 LSA (E route). This LSA is circulated throughout the OSPF domain except for Stub, Totally Stubby and Not-so-stubby areas. Stub areas are not allowed to have external routes, which means there should be no ASBR in a Stub area. But if you have a situation where you have to have a ASBR in your Stub area the only solution is to configure the Stub area as Not-So-Stubby Area or NSSA. A route redistributed (from a connected, static or other routing protocol) inside an NSSA area is a Type 7 LSA or N route. This LSA is circulated only within the NSSA area convert lsa 7 into lsa 5 may propagate summarized logical switch address space only
  24. Now lets do a recap of both the models we saw and summarize them. First model is Active Standby Model. Here you have a single path per Edge. Keep-alives r exchanged betwene active and standby U have support to synchrozie state so stateful services are supported. mportant point: Routing timers are default or high and graceful restart is enabled. Synchorizing all service tables. 1) ECMP Model: If u deploy this model u get 8 paths to physical. So 80 G thruput.. U get fast failover using aggressive timers. What u lose is ability to enable Stateful services at this ESG as return paths may be assymetrics and break the stateful firewall. DFW at the workload vNIC/VM level will still work. @@@@@@@@@@@ #Certain stateful services like NAT and Edge Firewalling will break as the return traffic paths may be asymmetric. Stateful firewall will drop your packets #Hence, it is recommended not to configure stateful services like NAT, EdgeFirewall on the Edge which is in ECMP mode. Way more balanced and very fast convergence Distributed firewall is enforced at the vNIC level so it will work fine.
  25. Lets look at some deployment topologies now.
  26. *******Enterprise topology, optimizes as much E-W traffic as possible by adding as many LIFs on the one DLR instance. This is a typical enterprise topology. There’s a single DLR for multiple logical switches /applications to optimize E-W communication for apps. This doesn’t mean that every VM can communicate with each other. We are using security polices (DFW/microsegmentation)to limit this communication. For EdgeTopology: In this example, we are using Active-active. Services like LB are running in One-arm fashion for the Apps. Goal is BW, fast convergence. There is no NAT in this topology. DHCP Relay is supported on DLR ######################## To do: Add another uplink??? Why are there Edges? - doing physical to logical routing, it’s complex and not easy to automate so we only set it up one time. DHCP service: is on DLR(first hop).
  27. This is the same enterprise topology with a variation for L2 Bridging. Lets say u have some physical database hosts which are not on the VXLAN logical switch which need L2 connectivity to your workloads. U can use our L2 Bridging feature to bridge Overlay VNI to VLAN. So how do you configure L2 bridging. U basically configure L2 bridging on the DLR Control VM to bridge a Logical Switch to a VLAN. The hypervisor where the DLR COntroL VM is palced becomes a bridge host and handles the bridging traffic. ControL VM is only for placement. u still get optimized E-W routing alongwith bridging.
  28. Now lets look at the second topology which is a multi-tenant topology. Multiple Instances… If u have multiple tenants or silos, and want to separate them without lots of DFW rules, we can dedicate one DLR instance per Tenant. Here u have one DLR per tenant. Each DLR has its own transit logical switch to connect to the edges. Why only 9 tenants to same nsx edge? => because Edge is a VM and a VM is limited to 10 VNIC U only have 9 vNIcs available on the vNIC to interconnect DLR instances. Other limitation of this topology: no overlapping IP addresses Tenant- 3 tier app. As many tenants on demand dynamically. (Destory create without making any changes to the physical network). @@@@@@ We can still do ECMP between the Edge and the TOR(active-standby)
  29. Now lets say u have more than 10 tenants u want to support on a single edge(u can basically use what we call the trunk interfaace on the ESG) Trunk Interface: We can have multiple sub-interfaces on a single vNIC 200 sub-interfaces We do not support overlapping IP addresses so we can’t use NAT NAT is only on Edge-uplink.
  30. Now lets look at a topology where u want to provide services for the tenant but still leverage equal cost multi-pathing for high thruput to the physical network. #you can have a Dedicated pair of edges per tenant. Two tier edges allow the scaling with administrative control High scale multi-tenancy is enabled with multiple tiers of edge interconnected via VxLAN transit uplink Top tier edge acting as a provider edge manage by cloud(central) admin. Provider edge can scale up to 8 ECMP edges for scalable routing. Second tier edges are provisioned and managed by tenant -Based on tenant requirement tenant edge can be ECMP or stateful -Support for overlapping IP addresses between Tenants connected to different first tier NSX Edges
  31. Now what if you want to stretch logical networks and security policies across multiple vCenters and potentially multiple-sites. We support notion of universal objects. UTZ, ULS which can stretch L2 over L3 over different mgmt boundaries. For Distributed Routing acrros VCs/sites we introduced the concept of a Universal DLR Instance which can provide distributed routing across multiple sites. There is also a notion of Local Egress so that Egress out of the logical networks to the physical networks can be chosen based on a Locale ID. We have 2 full sessions covering this topic which u can attend. But the jist is you have a Universal DLR with Local Egress capabilities. Edges still have to be deployed per site.
  32. Now lets compare and contrast the various models we saw.
  33. This brings us to the end of our presentation. So lets go over some key take-aways
  34. Different components for Logical Routing. Diff HA Models Different Topologies. More information can be found: Design session
  35. Think about NSX as a platform, it is not a point product. Finally, a true platform requires successful participation of a third-party ecosystem. NSX has developed a RICH ecosystem of partners that span across physical to virtual, operations and visibility, app delivery services, and security services categories. This extensible, distributed service platform supports the novel concept of dynamic service chain that provides multiple platform integration points and automates the deployment, orchestration, and scale-out of partner services.