VMworld 2013
Taruna Gandhi, VMware
Jeremy Hanmer, DreamHost
Funs Kessen, Schuberg Philis
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
5. 5
Provisioning Multi-tier Network Services Today
Compute
Network
DC Services
DB DB
App App
Web Web
Corpnet/Internet
Provisioning is slow
Placement is limited
Mobility is limited
Hardware dependent
Operationally intensive
6. 6
Provisioning Network Virtualization with NSX
Programmatic provisioning
Place any workload anywhere
Move any workload anywhere
Decoupled from hardware
Operationally efficient
Compute
Network
DC Services
7. 7
Provisioning Network Virtualization with NSX
Programmatic provisioning
Place any workload anywhere
Move any workload anywhere
Decoupled from hardware
Operationally efficient
Compute
Network
VMware NSX
DC Services
8. 8
VMware NSX – Networking & Security Capabilities
Any Application
(without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3,
decoupled from the physical network
Logical Routing– Routing between virtual
networks without exiting the software
container
Logical Firewall – Distributed Firewall,
Kernel Integrated, High Performance
Logical Load Balancer – Application Load
Balancing in software
Logical VPN – Site-to-Site & Remote
Access VPN in software
NSX API – RESTful API for integration into
any Cloud Management Platform
Partner Eco-System
10. 10
VMware NSX – Network Virtualization Benefits
VMware NSX Transforms the Operational Model of the Network
Network provisioning time
reduced from 7 days
to 30 sec
Reduce network
provisioning time from
days to seconds
Cost Savings
Reduce operational
costs by 80%
Increase compute asset
utilization upto 90%
Reduce hardware costs
by 40-50%
Operational
Automation
Simplified IP hardware
Choice
Any Hypervisor:
vSphere, KVM, Xen, HyperV
Any CMP:
vCAC, Openstack
Any Network Hardware
Partner Ecosystem
Any hypervisor
Any CMP
with Partner
26. Who Am I?
• Jeremy Hanmer (@fzylogic)
• 13 years of experience with DreamHost
• System Engineer -> Network Engineer ->...
• ... VP Security -> Cloud Architect
• Focusing on OpenStack and Network
Virtualization
28. Why Virtualize?
• Customers deserve it
• Better Security (Isolate customers from one another)
• Live Migration (Zero-downtime maintenance!)
• Replicate their existing IP addressing schemes
• Easier administration
• Live Migration (Hypervisor maintenance becomes easy)
• Much easier to know what’s going on on the network
• Automating VLAN provisioning STINKS and doesn’t scale
• We’re now able to migrate workloads to avoid hot spots
29. Why VMware?
• Confident in their team
• Roadmap (It included IPv6!
I’m told it’s getting close!)
• Easy integration of our own Layer 3 services
• Community presence in OpenStack
is awesome
• Emphasis on ease of troubleshooting
• Super great support from the beginning
31. Physical Network Design
• IPv6 Native
• Storage network is 100% IPv6
• Customers all receive a /64 of public IPv6 space
• Layer 2 domains terminate at the TOR
• OSPF v2/3 running on every switch
• 10G Ethernet to every server
• 40G Ethernet between spines
• Dedicated networks for storage (one frontend, one backend),
NSX, and administration
• Simple!
• VRRP, QFabric, HSRP often cause more problems than they fix
• Debugging Layer 3 is easy. Debugging Layer 2 is not
34. The Future!
• Migrate to NSX’s L3 services
• Just waiting for IPv6 to ship with BGP support
• Get Chef running on the Cumulus gear
• Hasn’t been a priority because of the nearly
identical configs
• Move to a full mesh architecture that wasn’t
possible before
37. 37
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1303
VMware NSX Network Virtualization Platform
Group Discussions:
NET1001-GD
vCloud Networking and Security & NSX for VMware Environments with
Ray Budavari