VMWare NSX is a network virtualization platform that abstracts physical infrastructure and provides micro-segmentation. It originated from research on software defined networks at Stanford University. NSX was later acquired by VMWare. The latest release is NSX4, which is decoupled from vSphere and supports multiple hypervisors and containers. In CloudStack, NSX provides logical network segmentation and implements network services like DHCP, load balancing, NAT, and firewalls for virtual networks and VPCs through its API integration with the CloudStack management server. A live demo then showed how some of these NSX network functions work for VPCs in CloudStack.
2. Alexandre Mattioli
• Involved in ACS since 2012
• Designed and built a global ACS Cloud
• Cloud Architect at ShapeBlue
• Networking Enthusiast
• Brazilian with a passion for skiing…
Pearl Dsilva
• Contributing to ACS since 2019
• Software Engineer at ShapeBlue
About Us
4. SDN – What is it?
Key characteristics of an SDN:
• Decoupled Control and Data Planes
• Application plane centric
• Abstracted Control Plane
• Programmable network functions
5. SDN Ecosystem
• Cisco ACI & Meraki
• VMWare NSX
• Silverpeak
• Juniper Contrail
• Tungsten Fabric
• Open Daylight
• Cumulus Linux
16. TRANSPORT ZONES
• Network boundary
• Manages which VMs and hosts communicateover an NSX virtual
network
• Dictates which Hosts and VM’s connect to a logic network
• Transport zone 1:N logical switches (segments)
• Types:
• Overlay - Tunneled traffic (Geneve, NVGRE, VXLAN)
• VLAN – Tagged traffic, bridges virtual and physical
26. NETWORKELEMENT- Implementation
<Nsx>Element:
• Representsa networkelement:
Initiatesnetworkservices: Static
NAT,PortForwarding,Load
Balancing, etc.
<Nsx>Resource:
• Handlescommands sent to the
controllerto implementa network
functionality
27. NETWORKELEMENT– NetworkGuru
<Nsx>GuestNetworkGuru:
• Defines virtual network based onNetwork
offering
Handles network lifecycle operations in the
contextof the network element:
• Design – enter network inDB
• Setup– creates segmentin NSX
• Implement– Adds network’s
metadata
• Allocate– creates NIC for the VM in
the Guest network;
Creates DHCP relayconfiguration
<Nsx>PublicNetworkGuru:
Design- Creates NSXPublic Network
Allocate-
• Creates Public NIC in VR using IP from the
System VM reserved“Public”Range
• For VPC: Creates Tier-1 Gateway
• Sets up Source NAT rule onNSX* using an
IP from the NSX“Public” Range
*if using in NAT mode
28. NETWORKPROVIDER – Integration
Provider
Addition of non-OSS dependencies
https://github.com/shapeblue/cloudstack-nonoss
--- maven-dependency @ cloud-plugin-network-nsx
org.apache.cloudstack:cloud-plugin-network-nsx:jar:4.19.0.0-
SNAPSHOT
+- com.vmware:nsx-java-sdk:jar:4.1.0.2.0:compile
+- com.vmware:nsx-gpm-java-sdk:jar:4.1.0.2.0:compile
+- com.vmware:nsx-policy-java-sdk:jar:4.1.0.2.0:compile
+- com.vmware.vapi:vapi-authentication:jar:2.40.0:compile
+- com.vmware.vapi:vapi-runtime:jar:2.40.0:compile
1:1 mapping between a provider and a network
element.
public static final Provider Nsx =
new Provider("Nsx", false);
29. NETWORKPROVIDER – Integration
Dependency Add Provider to Physical network
Add the network element (NSX) dependency
needs to be added to the client/pom.xml
<dependency>
<groupId>
org.apache.cloudstack
</groupId>
<artifactId>
cloud-plugin-network-nsx
</artifactId>
<version>
${project.version}
</version>
</dependency>
list networkserviceproviders
{
"count": 16,
"networkserviceprovider": [
{
...
{
"canenableindividualservice": true,
"id": "f068fc11-5c22-4823-938e-16b1d23e6c5e",
"name": "Nsx",
"physicalnetworkid": "d9f92033-f01e-4464-ad2d-2c0748b5a677",
"servicelist": [
"Dhcp",
"Dns",
"Lb",
"SourceNat",
"StaticNat",
"PortForwarding"
],
"state": "Enabled"
},
36. NETWORKSERVICES
• Source NAT:
• Action: SNAT
• Translated IP: Public IP
• Port Forwarding:
• Action: DNAT
• Translated IP: IP of the VM forwarding
traffic to
• Translated Port / Service: Private Port
• Destination IP: Public IP
• Destination Port: Public Port
• Static (1:1) NAT:
• Action: DNAT
• Destination IP: "Public"IP of the VPC
• Translated IP: IP of the VM forwarding
traffic to
• Firewall:Match Internal Address
37. NETWORKSERVICES
• Load Balancing:
• Add Server Pool
• Name: D$domainID-A$accountID-Z$ZoneID-V$VPCID-LB$LBID-SP$SPID
• Algorithm:Round-robin/LeastConnection/IPHash
• Select Members:
• Add Member
• Name: $VMID
• IP: IP of the VM
• Port: Private Port
• Add Load Balancer
• Name: D$domainID-A$accountID-Z$ZoneID-V$VPCID-LB$LBID
• Size: Small
• Tier1 Gateway: Tier1 GW of the VPC
• Add Virtual Server (L4 TCP/L4 UDP/L7 HTTP)
• Name: D$domainID-A$accountID-Z$ZoneID-V$VPCID-LB$LBID-VS$VSID
• IP Address:"Public"IP
• Ports: Public port
• Load Balancer: LB from above
• Server Pool: Server Pool from above
41. VR Functions
• Provides:DHCP,DNS, passwordand ssh keys
injection, UserData, etc.
• NSX DHCPRelay – forwardsDHCPmessages
to an External DHCPserver- CloudStack VR
• VR uses“Public” IP from the SystemVM
reservedIP range
• VR is outof the datapath
(justlikein a shared network)
VR