2. Before We Begin
• Get involved! Feel free to ask questions or provide
constructive feedback.
• Please silence all mobile devices.
• Feel free to take pictures, record videos, or post social
media updates. Use hashtag #KCVMUG or @MyVMUG.
• This presentation will be available via SpeakerDeck and
SlideShare after the event.
2
3. Background - The Adoption Curve
2010
2011
2012
1H 2013
2H2013
“Science
fiction.”
“Plausible.”
“Let the
crazies go
first.”
“Help me
understand.”
“Get me into
production”
5. VMware NSX for vSphere – Networking
Capabilities
Any Application
(without modification)
Virtual Networks
VMware NSX
Network Virtualization
Platform
Any Network Hardware
Any Cloud Management Platform
VMware vSphere
Logical Switching– Layer 2 over Layer 3,
without dependencies on the physical
network
Logical Routing– Routing between virtual
networks and physical, East-West and
North-South Optimized
Logical Firewall – Distributed Firewall,
Kernel Integrated, High Performance
Logical Load Balancer – Application Load
Balancing in software
Logical VPN – Site-to-Site & Remote
Access VPN in software
NSX API – RESTful API for integration into
any Cloud Management Platform
6. Logical Firewall/Routing
• OSPF/eBGP/iBGP/IS-IS
• Virtualization and identity
context firewall
Features
• Remove hairpins and
bottlenecks in routing and
firewalling
• Line rate performance with
distributed scale out
architecture
Scale & Performance
• Create on demand networks
to speed up application
provisioning
Use Cases
L2
L2
Tenant A
Tenant B
L2
L2
L2
Tenant C
L2
L2
L2
7. Logical User (SSL) and Site 2 Site (IPSec) VPN
• Interoperable IPsec tested with major
vendors
• Clients on all major OS (Win, Apple,
Linux)
• Remote Authentication via Active
Directory, RSA Secure ID, LDAP, Radius
• TCP Acceleration
• Encryption – 3DES, AES128, AES256
• AESNI H/W Offload
• NAT & Perimeter Firewall Traversal
Features
• High Performance – AES-NI acceleration
• 2 Gb/s throughput per tenant
Scale and Performance
• Cloud to Corporate
• Cloud On-boarding
• Remote Office/Branch Office
• Remote Management
Use Cases
Internet/
WAN
IPSEC
Internet/
WAN
SSL – VPN
8. Public
Cloud
Logical L2 VPN
• SSL-based
• Web-proxy Support
• L2 Bridge to Cloud
• Broadcast support
Features
• High Performance – AES-NI
acceleration
• 2 Gb/s throughput per tenant
Scale & Performance
• Cloud On-boarding
• Cloud Bursting
Use Cases
Internet/
WAN
L2 VPN
L2 VPN
VM
VM
VM
11. Evolving Role of the Physical Network
• From 2- or 3-tier to spine/leaf
• Density & bandwidth jump
• ECMP for layer 3 (and layer 2)
• Reduce network oversubscription
• Wire & configure once
• Uniform configurations
WAN/Internet
WAN/Internet
13. NSX for vSphere Components
Consumption
• Self-service portal
• Cloud management
• vCloud Automation Center
Data
Plane
NSX Edge
Services
Gateway
ESXi
VDS
Hypervisor Kernel Modules
Firewall
Distributed
Logical Router
VXLAN
NSX vSwitch
• NSX Edge
• VM form factor
• Data plane for north-south
traffic
• Routing and advanced
services
• NSX vSwitch
• Distributed network edge
• Line rate performance
Management
Plane
NSX Manager
• Single point of configuration
• REST API and UI interface
vCenter Server
Control
Plane
NSX Controller
• Manages logical networks
• Run-time state
• Does not sit in the data path
• Control-plane protocol
NSX Edge
Logical Router
User World Agent
14. NSX Manager
• Centralized management plane
• Built for a 1:1 mapping between
itself and a vCenter Server
Features
• Provides the management UI
and API for NSX
• Secures control plane
communications
Role
• Managers and configures
Controller Cluster via REST API
and hosts via a message bus.
• Manages and deploys NSX
Controller, NSX edge virtual
appliances and the initial
vSphere web client plugin
Functionality
NSX Manager
vCenter Server
15. NSX Controllers
• Establishes control plane between
hosts
• Distributes VXLAN and Logical
Router network information to hosts
Features
• Controllers are clustered for scale
out and HA
• Information is sliced across nodes
for resiliency
Scale & Performance
• Remove dependency on Multicast
on physical transport
• Suppresses ARP broadcasts across
VXLAN segments.
Use Cases
VXLAN
Logical Router
VXLAN
Logical Router
VXLAN
Logical Router
Controller
VXLAN
Directory
Service
MAC table
ARP table
VTEP table
16. NSX User World Agent
• TCP (SSL) client that
communicates with the
Controller using the control
plane protocol
• Connects to multiple
controllers for resiliency
Core features
• Mediator between hypervisor
kernel and NSX Controller
• Communicates with the
Message Bus Agent to retrieve
info from NSX Controller
Modus operandi
• Runs as a service daemon in
ESXi
In host function
Controller
Cluster
Controller
Controller
Controller
ESXi
Host
Kernel
Modules
Client
Client
User World
Agent
LR
NSX
MGR
Client
VXLAN