SlideShare a Scribd company logo

VMworld 2015: VMware NSX Deep Dive

Download as PPTX, PDF
VMworld
VMworld

Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.

Technology
1 of 51
VMware NSX - Deep Dive Jacob Rapp, VMware, Inc NET5560 #NET5560
• This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer CONFIDENTIAL 2
What You’ve Done with NSX CONFIDENTIAL 3 NSX Customers 700+ Production Deployments (adding 25-50 per quarter) 100+ Organizations invested US$1M+ in NSX 65+ What You’re Doing Next EXPANDED SECURITY New security partners, integrations, and projects and applications of NSX. DEEPER INTEGRATION New infrastructure and operations partners, integrations, and frameworks for IT organizations √ APPLICATION CONTINUITY New functionality to scale deployments across vCenter instances, with the ability to: • Pool resources from multiple data centers • Recover from disasters faster • Deploy a hybrid cloud architecture • NSX 6.2 contains over 20 new features • Tested against over 1000 new scenarios
Session Objectives • Provide you with an in-depth understanding of the NSX architecture and components • Understand how networking functions and services are implemented within the NSX platform • Analyze key workflows for configuring virtual network & security services • Provide pointers to reference design sessions and guides CONFIDENTIAL 4
Provides A Faithful Reproduction of Network & Security Services in Software Management APIs, UI Switching Routing Firewalling Load Balancing VPN Connectivity to Physical Networks Policies, Groups, Tags Data Security Activity Monitoring CONFIDENTIAL 5
Physical Workloads Security PoliciesSecurity Groups Logical Switching, Routing, Firewall, Load Balancing Web App Database Web “Standard Web”  Firewall – allow inbound HTTP/S, allow outbound ANY  IPS – prevent DOS attacks, enforce acceptable use Database “Standard Database”  Firewall – allow inbound SQL  Vulnerability Management – Weekly Scan App “Standard App”  Firewall – allow inbound TCP 8443, allow outbound SQL VM VM VM VM VM VM “Default”  Firewall – Access shared services (DNS, AD)  Anti-Virus – Scan Daily Default Creating Sophisticated Application Topologies CONFIDENTIAL 6
Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 7
NSX Architecture and Components Cloud Consumption • Self Service Portal • vCloud Automation Center, OpenStack, Custom Data Plane NSX Edge ESXi Hypervisor Kernel Modules Distributed Services • High – Performance Data Plane • Scale-out Distributed Forwarding Model Management Plane NSX Manager • Single configuration portal • REST API entry-point Control Plane NSX Controller • Manages Logical networks • Control-Plane Protocol • Separation of Control and Data Plane FirewallDistributed Logical Router Logical Switch LogicalNetwork Physical Network … … HW VTEP CONFIDENTIAL 8
NSX Data Plane Components Data Plane Edge Clusters and HW VTEP (Physical-to-Virtual) DFWVXLAN DLRSecurity NSX Edge Service Gateways • VM form factor • Highly Available • Dynamic Routing: • OSPF, IS-IS, BGP • L3-L7 Services: • NAT, DHCP, Load Balancer, VPN, Firewall • vSphere Distributed Switch • VMkernel Modules • Logical Switching (VXLAN) • Distributed Logical Router • Distributed Firewall ESXi Hypervisor Kernel Modules (VIBs) Distributed Firewall Distributed Logical Router Logical Switch vSphere Components DFWVXLAN DLRSecurity DFWVXLAN DLRSecurity … … Compute Clusters HW VTEP • ToR Switch • Bandwidth and physical ports scale- out • VLANs for Physical workloads local to a rack CONFIDENTIAL 9
NSX Control Plane Components • Properties – Virtual Form Factor (4 vCPU, 4GB RAM) – Data plane programming – Control plane Isolation • Benefits – Scale Out – High Availability – VXLAN - no Multicast – ARP Suppression NSX Controllers vSphere Cluster  vSphere HA  DRS with Anti-affinity VM ESXi VM VM Host Agent Data-Path Kernel Modules 10 CONFIDENTIAL 10
Management Plane Components • Runs as a Virtual Machine • Provisioning and Management of Network and Network services • VXLAN Preparation • Logical Network Consumption • Network Services Configuration NSX Manager NSX Manager 1:1 Management Plane vRA/Openstack/Custom vCenter NSX REST APIsvSphere APIs 3rd Party Management Console NSX Manager vSphere Plugin Single Pane of Glass Enabling Automation with NSX and vRANET5362 CONFIDENTIAL 11 OpenStack with NSX Deep Dive NET5836
NSX Component Interaction - Deployment and Configuration 12 Deploy NSX Manager 1 2 5 3 Register with vCenter Deploy NSX Controllers 4 Prepare Hosts Configure and deploy NSX Edge Gateway(s) and network services NSX Manager vSphere Cluster 1 vSphere Cluster 2 vSphere Cluster N NSX Controller vCenter NSX Edge Services GW CONFIDENTIAL
Management Plane Components CONFIDENTIAL 13 Multi-vCenter Local VC Inventory Local VC Inventory Local VC Inventory vCenter & NSX Manager A Universal Object Configuration (NSX UI & API) Universal Configuration Synchronization Universal Controller Cluster Primary Secondary vCenter & NSX Manager B vCenter & NSX Manager H Secondary Universal Logical Switches Universal Distributed Logical Router Universal DFW Multi-VC Solutions with NSXNET5989
Deploying and Configuring VMware NSX Deploy VMware NSX NSX Edge NSX Mgmt Virtual Infrastructure Deploy NSX Manager Deploy NSX Controller Cluster Component Deployment Host Preparation Logical Network Preparation Preparation OneTime Programmatic Virtual Network Deployment Logical Networks + + + Consumption Recurring Deploy Logical Switches per tier Create Bridged Network Logical Network/Security Services Deploy Distributed Logical Router or connect to existing CONFIDENTIAL 14
Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 15
NSX Logical Switching • Per Application/Multi-tenant segmentation • VM Mobility requires L2 everywhere • Large L2 Physical Network Sprawl – STP Issues • HW Memory (MAC, FIB) Table Limits • Scalable Multi-tenancy across data center • Enabling L2 over L3 Infrastructure • Overlay Based with VXLAN, etc. • Logical Switches span across Physical Hosts and Network Switches Challenges Benefits VMwareNSX Logical Switch 1 Logical Switch 2 Logical Switch 3 CONFIDENTIAL 16
Logical View: VMs in a Single Logical Switch Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 VM1 VM3VM2 172.16.20.12 VM5 172.16.20.11 VM4 App LS 172.16.20.0/24 CONFIDENTIAL 17
Physical View: VMs in a Single Logical Switch VM1 vSphere Distributed Switch VM2 Logical Switch 5001 VM3 Transport Subnet A 192.168.150.0/24 Physical Network 192.168.150.51 192.168.150.52 192.168.250.51 172.16.10.11 172.16.10.12 172.16.10.13 CONFIDENTIAL 18
IP Fabric Host A Host B vSphere Distributed Switch Traffic Flow on a VXLAN Backed VDS 19 • In this setup, VM1 and VM2 are on different hosts but belong to the same logical switch • When these VMs communicate, a VXLAN overlay is established between the two hosts dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP VXLAN Overlay Logical SW A VM2 CONFIDENTIAL
Host BHost A vSphere Distributed Switch Traffic Flow on a VXLAN Backed VDS • Assume VM1 sends some traffic to VM2: dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP Logical SW A VM2L2 frame L2 frame IP Fabric VXLAN Overlay IP/UDP/VXLANL2 frame VM1 sends L2 frame to local VTEP 1 VTEP adds VXLAN, UDP & IP headers2 Physical Transport Network forwards as a regular IP packet 3 Destination Hypervisor VTEP de-encapsulates frame 4 L2 frame delivered to VM2 5 CONFIDENTIAL 20
NSX for vSphere VXLAN Replication Modes • NSX for vSphere provides three modes of traffic replication (two which are Controller based, and one which is Data Plane based • Unicast Mode – All replication occurs using unicast • Hybrid Mode – Local replication offloaded to physical network, while remote replication occurs via unicast • Multicast Mode – Requires IGMP for a Layer 2 topology and Multicast Routing for L3 topology • All modes require an MTU of 1600 bytes CONFIDENTIAL 21
Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 22
NSX Logical Routing Introduction 23 DLR Kernel Module NSX Edge ESXi Hypervisor Kernel Modules (VIBs) Distributed Logical Router Distributed Logical Routing Optimized for E-W Traffic Patterns Centralized Routing Optimized for N-S Routing vSphere Host LIF1 LIF2 Logical Routing Deep DiveNET5826 CONFIDENTIAL
NSX Routing: Distributed, Feature-Rich • Physical Infrastructure Scale Challenges – Routing Scale • VM Mobility is a challenge • Multi-Tenant Routing Complexity • Traffic hair-pins Challenges • Distributed Routing in Hypervisor • Dynamic, API based Configuration • Full featured – OSPF, BGP, IS-IS • Logical Router per Tenant • Routing Peering with Physical Switch Benefits SCALABLE ROUTING – Simplifying Multi-tenancy L2 L2 Tenant A Tenant B L2 L2 L2 Tenant C L2 L2 L2 CMP CONFIDENTIAL 24
Logical View: VMs in a Single Logical Switch VM1 VM3VM2 VM5VM4 Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 172.16.20.12172.16.20.11 App LS 172.16.20.0/24 CONFIDENTIAL 25
Logical View: VMs with Distributed Routing 172.16.10.1 192.168.10.0/29 192.168.10.1 Distributed Logical Router Service VM1 VM3VM2 VM5VM4 Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 172.16.20.12172.16.20.11 App LS 172.16.20.0/24 172.16.20.1 CONFIDENTIAL 26
Physical View: VMs in a Single Logical Switch VM1 vSphere Distributed Switch VM2 Logical Switch 5001 VM3 Physical Network Transport Subnet A 192.168.150.0/24 192.168.150.51 192.168.150.52 192.168.250.51 172.16.10.11 172.16.10.12 172.16.10.13 CONFIDENTIAL 27
Physical View: Logical Routing VM5 VM1 vSphere Distributed Switch VM2 Logical Switch 5001 VM3 Physical Network VM4 Logical Switch 5002 Controller Management Cluster L3 Control Plane Programming Data Plane Transport Subnet A 192.168.150.0/24 Transport Subnet B 192.168.250.0/24 192.168.150.51 192.168.150.52 192.168.250.51 CONFIDENTIAL 28
NSX Logical Routing : Components Interaction 29 NSX Edge (Acting as next hop router) 172.16.10.0/24 172.16.20.0/24 DLR 192.168.10.1 192.168.10.2 External Network 192.168.10.3 DLR Control VM Data Path Control Controller Cluster Control NSX Mgr Dynamic routing protocol is configured on the logical router instance1 OSPF/BGP peering between the NSX Edge and logical router control VM3 Learnt routes from the NSX Edge are pushed to the Controller for distribution4 Controller sends the route updates to all ESXi hosts 5 Routing kernel modules on the hosts handle the data path traffic6 1 3 4 5 6 Controller pushes new logical router Configuration including LIFs to ESXi hosts 2 2 Peering OSPF, BGP 172.16.30.0/24 CONFIDENTIAL
Distributed East-West Routing Traffic Flow Different Hosts 30 vSphere Host VM1 VDS VXLAN Transport Network VXLAN 5001 VM2 VXLAN 5002 1 4 vSphere Host LIF2 - ARP Table DA: vMAC SA: MAC1 DA: 20.20.20.20 SA: 10.10.10.10 5002 MAC1 MAC2 5 172.16.10.10 2 VM IP VM MAC 172.16.20.10 MAC2 PayloadL2 IP DA: 172.16.20.10 SA: 172.16.10.10 PayloadL2 IP L2 IP UDP VXLAN PayloadL2 IP 172.16.20.10 LIF1 LIF2 vMAC LIF1 LIF2 vMAC Host 1 Host 2 3 10.10.10.10/24 20.20.20.20/24 3 DA: MAC2 SA: vMAC
Example: Enterprise Routing Topology VLAN 20 Core Physical Routers Web1 App1 DB1 Webn Appn DBnWeb2 App2 DB2 VXLAN 5020 Uplink Distributed Routing Routing Peering Routing Peering E3 E8E1 Physical Routers E2 … Core Routing Adjacencies VXLAN VLAN Routing Adjacencies CONFIDENTIAL 31
What Have We Seen Thus Far .. 1. NSX architecture 2. An on-demand application deployment 3. Logical switching configuration 4. Understand logical networks 5. Logical routing and possible designs CONFIDENTIAL 32
Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 33
NSX Distributed Firewalling • Centralized Firewall Model • Static Configuration • IP Address based Rules • 40 Gbps per Appliance • Lack of visibility with encapsulated traffic • Distributed at Hypervisor Level • Dynamic, API based Configuration • VM Name, VC Objects, Identity-based Rules • Line Rate ~20 Gbps per host • Full Visibility to encapsulated traffic Challenges Benefits PHYSICAL SECURITY MODEL DISTRIBUTED FIREWALLING Firewall Mgmt VMware NSX API CMP NSX DFW Deep DiveSEC5589 CONFIDENTIAL 34
Distributed Firewall Features VM5 VM1 vSphere Distributed Switch Web-LS1 VM4 App-LS1 Management Cluster192.168.150.51 192.168.150.52 192.168.250.51 VM2 • Firewall rules are enforced at VNIC Level • Policy independent of location (L2 or L3 adjacency) • State persistent across vMotion • Enforcement based on VM attributes like Tags, VM Names, Logical Switch, etc Capabilities CONFIDENTIAL 35
Distributed Firewall Rules VM5 VM1 vSphere Distributed Switch Web-LS1 VM4 App-LS1 Management Cluster192.168.150.51 192.168.150.52 192.168.250.51 VM2 Rules Based on VM Names CONFIDENTIAL 36
Distributed Firewall Rules VM5 VM1 vSphere Distributed Switch Web-LS1 VM4 App-LS1 Management Cluster192.168.150.51 192.168.150.52 192.168.250.51 VM2 Rules Based on Logical Switches CONFIDENTIAL 37
Example Building a Web DMZ Web-Tier App-Tier External Network Source Destination Service Policy Any Web-Tier LS HTTPS Allow Web-VM1 Web-VM2 Block Any Web-Tier LS Block Web-Tier LS App-Tier LS TCP 8443 Allow Any App-Tier LS Block STOP Client to Web HTTPS Traffic Web to App TCP/8443 CONFIDENTIAL 38
External Network VDS Guest VM Partner Services VM vCenter Partner Console DFW Filtering Module Slot 2 Slot 4 Traffic Redirection Module NSX Distributed Firewall Packet Walk 39 DFW, Filtering Module and Traffic Redirection Module CONFIDENTIAL
Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 40
Features Summary NSX Edge Gateway Services Rule configuration with IP, Port ranges, Grouping Objects, VC ContainersFirewall Configuration of IP Pools, gateways, DNS servers and search domains.DHCP IPSec site to site VPN between two Edges or other vendor VPN terminators.Site-to-Site VPN Stretch your layer 2 across datacenters.L2VPN Allow remote users to access the private networks behind Edge GSW.SSL VPN Configure Virtual Servers and backend pools using IP addresses or VC ObjectsLoad Balancing Source and Destination NAT capabilities.Network Address Translation Active-Standby HA capability which works well with vSphere HA.High Availability Static as well as Dynamic Routing protocols support (OSPF, BGP, ISIS)Routing Allow configuring DNS relay and remote syslog servers.DNS/Syslog
NSX Edge Integrated Network Services …. Firewall Load Balancer VPN Routing/NAT DHCP/DNS relay DDI VM VM VM VM VM • Integrated L3 – L7 services • Virtual appliance model to provide rapid deployment and scale-out Overview • Real time service instantiation • Support for dynamic service differentiation per tenant/application • Uses x86 compute capacity Benefits CONFIDENTIAL 42
NSX Load Balancing • Application Mobility • Multi-tenancy • Configuration complexity – manual deployment model • On-demand load balancer service • Simplified deployment model for applications – one-arm or inline • Layer 7, SSL, … Challenges Benefits LOAD BALANCER – Per Tenant Application Availability Model Tenant A VM1 VM2 VM1 VM2 Tenant B NSX Load Balancing Deep Dive NET5612 CONFIDENTIAL 43
NSX L2VPN • Brownfield NSX deployments (VLAN -> VXLAN) • Data Center Migrations (P2V, V2V) • Disaster Recovery & Testing • Cloud Bursting & Onboarding Use Cases • Long Distance / High Latency • Multiple management domains • NSX present only on a single site • Max 1500 byte MTU on WAN Best Fit for L2 extensions with • SSL secured L2 extension over any IP network • Independent of vCenter Server boundaries • Can co-exist with existing default gateway • No specialized hardware required • Supports up to 750Mb/s per Edge • AES-NI supported if available Highlights Internet / WAN Enterprise Internet / WAN Hybrid Cloud Public Cloud Connecting Remote Sites with NSXNET5352
Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 45
VMware NSX – Summary and Takeaways • Faithful reproduction of L2 – L7 network & security services • Services design for scale-out • Central API for provisioning & monitoring • All NSX components designed with resiliency • Extensive 3rd party ecosystem for NSX platform 46CONFIDENTIAL
NSX Ecosystem CONFIDENTIAL 47 Service Insertion “Leverage full automation and service insertion for NSX” NSX aware “Leverage NSX API and metadata to bring a solution” Co-existence “Let’s meet in the network” Works with any switching fabric Works with routing ecosystem using traditional protocols Existing Physical firewall provide security sitting in front of NSX Edge at layer 3 Existing Physical/virtual ADC services can connect to NSX at layer 2 or layer 3
Network Virtualization Next Steps with VMware NSX CONFIDENTIAL 48 virtualizeyournetwork.com The online resource for the people, teams and organizations that are adopting network virtualization communities.vmware.com Connect and engage with network virtualization experts and fellow VMware NSX users vmware.com/go/NVtraining Build knowledge and expertise for the next step in your career labs.hol.vmware.com Test drive the capabilities of VMware NSX
VMware NSX - Deep Dive Jacob Rapp, VMware, Inc NET5560 #NET5560

Recommended

Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)MD. IFTEKARUL ALAM
 
Software-Defined Data Center Case Study – Financial Institution and VMware
Software-Defined Data Center Case Study – Financial Institution and VMwareSoftware-Defined Data Center Case Study – Financial Institution and VMware
Software-Defined Data Center Case Study – Financial Institution and VMwareVMware
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...VMware Tanzu
 
Application Migrations
Application MigrationsApplication Migrations
Application MigrationsAmazon Web Services
 
POWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTERPOWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTERvivekprajapatiankur
 
VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020VMware Tanzu
 
Datacenter migration using vmware
Datacenter migration using vmwareDatacenter migration using vmware
Datacenter migration using vmwareWilson Erique
 

Recommended

Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)Data Center Infrastructure Management(DCIM)
Data Center Infrastructure Management(DCIM)MD. IFTEKARUL ALAM
 
Software-Defined Data Center Case Study – Financial Institution and VMware
Software-Defined Data Center Case Study – Financial Institution and VMwareSoftware-Defined Data Center Case Study – Financial Institution and VMware
Software-Defined Data Center Case Study – Financial Institution and VMwareVMware
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...VMware Tanzu
 
Application Migrations
Application MigrationsApplication Migrations
Application MigrationsAmazon Web Services
 
POWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTERPOWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTERvivekprajapatiankur
 
VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020VMware Tanzu
 
Datacenter migration using vmware
Datacenter migration using vmwareDatacenter migration using vmware
Datacenter migration using vmwareWilson Erique
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component C/D/H Technology Consultants
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
Nutanix
NutanixNutanix
Nutanixrosslili
 
Data Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesData Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesSlideTeam
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentalsRaju Kumar
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native ApplicationVMUG IT
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesSlideTeam
 
Vmware training presentation
Vmware training presentationVmware training presentation
Vmware training presentationAmit Kapadia
 
Virtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure softwareVirtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure softwareDuncan Epping
 
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSEnd-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSBhuvaneswari Subramani
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAmazon Web Services
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
Multi Tenancy In The Cloud
Multi Tenancy In The CloudMulti Tenancy In The Cloud
Multi Tenancy In The Cloudrohit_ainapure
 
Introducing DevOps
Introducing DevOpsIntroducing DevOps
Introducing DevOpsNishanth K Hydru
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introductionChristian F. Nissen
 
Azure kubernetes service
Azure kubernetes serviceAzure kubernetes service
Azure kubernetes serviceVishwas N
 
App Modernization
App ModernizationApp Modernization
App ModernizationPT Datacomm Diangraha
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 

More Related Content

What's hot

CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component C/D/H Technology Consultants
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
Data Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesData Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesSlideTeam
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentalsRaju Kumar
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native ApplicationVMUG IT
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesSlideTeam
 
Vmware training presentation
Vmware training presentationVmware training presentation
Vmware training presentationAmit Kapadia
 
Virtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure softwareVirtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure softwareDuncan Epping
 
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSEnd-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSBhuvaneswari Subramani
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAmazon Web Services
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
Multi Tenancy In The Cloud
Multi Tenancy In The CloudMulti Tenancy In The Cloud
Multi Tenancy In The Cloudrohit_ainapure
 
Azure kubernetes service
Azure kubernetes serviceAzure kubernetes service
Azure kubernetes serviceVishwas N
 

What's hot (20)

CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Nutanix
NutanixNutanix
Nutanix
 
Data Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesData Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation Slides
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentals
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native Application
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation Slides
 
Vmware training presentation
Vmware training presentationVmware training presentation
Vmware training presentation
 
Virtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure softwareVirtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure software
 
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWSEnd-to-End CI/CD at scale with Infrastructure-as-Code on AWS
End-to-End CI/CD at scale with Infrastructure-as-Code on AWS
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu Introduction
 
Multi Tenancy In The Cloud
Multi Tenancy In The CloudMulti Tenancy In The Cloud
Multi Tenancy In The Cloud
 
Introducing DevOps
Introducing DevOpsIntroducing DevOps
Introducing DevOps
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
Azure kubernetes service
Azure kubernetes serviceAzure kubernetes service
Azure kubernetes service
 
App Modernization
App ModernizationApp Modernization
App Modernization
 

Similar to VMworld 2015: VMware NSX Deep Dive

VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization toolDaljeet Singh Randhawa
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationBayu Wibowo
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Alishezy22
 
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...VMworld
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 VMwareJenn
 
vRA + NSX Technical Deep-Dive
vRA + NSX Technical Deep-DivevRA + NSX Technical Deep-Dive
vRA + NSX Technical Deep-DiveVMUG IT
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 

Similar to VMworld 2015: VMware NSX Deep Dive (20)

VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization tool
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_AliNET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
NET4933_vDS_Best_Practices_For_NSX_Francois_Tallet_Shahzad_Ali
 
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014
 
vRA + NSX Technical Deep-Dive
vRA + NSX Technical Deep-DivevRA + NSX Technical Deep-Dive
vRA + NSX Technical Deep-Dive
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
 

More from VMworld

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld
 
VMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld
 

More from VMworld (20)

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
 
VMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep Dive
 

Recently uploaded

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 

Recently uploaded (20)

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 

VMworld 2015: VMware NSX Deep Dive

  • 1. VMware NSX - Deep Dive Jacob Rapp, VMware, Inc NET5560 #NET5560
  • 2. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer CONFIDENTIAL 2
  • 3. What You’ve Done with NSX CONFIDENTIAL 3 NSX Customers 700+ Production Deployments (adding 25-50 per quarter) 100+ Organizations invested US$1M+ in NSX 65+ What You’re Doing Next EXPANDED SECURITY New security partners, integrations, and projects and applications of NSX. DEEPER INTEGRATION New infrastructure and operations partners, integrations, and frameworks for IT organizations √ APPLICATION CONTINUITY New functionality to scale deployments across vCenter instances, with the ability to: • Pool resources from multiple data centers • Recover from disasters faster • Deploy a hybrid cloud architecture • NSX 6.2 contains over 20 new features • Tested against over 1000 new scenarios
  • 4. Session Objectives • Provide you with an in-depth understanding of the NSX architecture and components • Understand how networking functions and services are implemented within the NSX platform • Analyze key workflows for configuring virtual network & security services • Provide pointers to reference design sessions and guides CONFIDENTIAL 4
  • 5. Provides A Faithful Reproduction of Network & Security Services in Software Management APIs, UI Switching Routing Firewalling Load Balancing VPN Connectivity to Physical Networks Policies, Groups, Tags Data Security Activity Monitoring CONFIDENTIAL 5
  • 6. Physical Workloads Security PoliciesSecurity Groups Logical Switching, Routing, Firewall, Load Balancing Web App Database Web “Standard Web”  Firewall – allow inbound HTTP/S, allow outbound ANY  IPS – prevent DOS attacks, enforce acceptable use Database “Standard Database”  Firewall – allow inbound SQL  Vulnerability Management – Weekly Scan App “Standard App”  Firewall – allow inbound TCP 8443, allow outbound SQL VM VM VM VM VM VM “Default”  Firewall – Access shared services (DNS, AD)  Anti-Virus – Scan Daily Default Creating Sophisticated Application Topologies CONFIDENTIAL 6
  • 7. Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 7
  • 8. NSX Architecture and Components Cloud Consumption • Self Service Portal • vCloud Automation Center, OpenStack, Custom Data Plane NSX Edge ESXi Hypervisor Kernel Modules Distributed Services • High – Performance Data Plane • Scale-out Distributed Forwarding Model Management Plane NSX Manager • Single configuration portal • REST API entry-point Control Plane NSX Controller • Manages Logical networks • Control-Plane Protocol • Separation of Control and Data Plane FirewallDistributed Logical Router Logical Switch LogicalNetwork Physical Network … … HW VTEP CONFIDENTIAL 8
  • 9. NSX Data Plane Components Data Plane Edge Clusters and HW VTEP (Physical-to-Virtual) DFWVXLAN DLRSecurity NSX Edge Service Gateways • VM form factor • Highly Available • Dynamic Routing: • OSPF, IS-IS, BGP • L3-L7 Services: • NAT, DHCP, Load Balancer, VPN, Firewall • vSphere Distributed Switch • VMkernel Modules • Logical Switching (VXLAN) • Distributed Logical Router • Distributed Firewall ESXi Hypervisor Kernel Modules (VIBs) Distributed Firewall Distributed Logical Router Logical Switch vSphere Components DFWVXLAN DLRSecurity DFWVXLAN DLRSecurity … … Compute Clusters HW VTEP • ToR Switch • Bandwidth and physical ports scale- out • VLANs for Physical workloads local to a rack CONFIDENTIAL 9
  • 10. NSX Control Plane Components • Properties – Virtual Form Factor (4 vCPU, 4GB RAM) – Data plane programming – Control plane Isolation • Benefits – Scale Out – High Availability – VXLAN - no Multicast – ARP Suppression NSX Controllers vSphere Cluster  vSphere HA  DRS with Anti-affinity VM ESXi VM VM Host Agent Data-Path Kernel Modules 10 CONFIDENTIAL 10
  • 11. Management Plane Components • Runs as a Virtual Machine • Provisioning and Management of Network and Network services • VXLAN Preparation • Logical Network Consumption • Network Services Configuration NSX Manager NSX Manager 1:1 Management Plane vRA/Openstack/Custom vCenter NSX REST APIsvSphere APIs 3rd Party Management Console NSX Manager vSphere Plugin Single Pane of Glass Enabling Automation with NSX and vRANET5362 CONFIDENTIAL 11 OpenStack with NSX Deep Dive NET5836
  • 12. NSX Component Interaction - Deployment and Configuration 12 Deploy NSX Manager 1 2 5 3 Register with vCenter Deploy NSX Controllers 4 Prepare Hosts Configure and deploy NSX Edge Gateway(s) and network services NSX Manager vSphere Cluster 1 vSphere Cluster 2 vSphere Cluster N NSX Controller vCenter NSX Edge Services GW CONFIDENTIAL
  • 13. Management Plane Components CONFIDENTIAL 13 Multi-vCenter Local VC Inventory Local VC Inventory Local VC Inventory vCenter & NSX Manager A Universal Object Configuration (NSX UI & API) Universal Configuration Synchronization Universal Controller Cluster Primary Secondary vCenter & NSX Manager B vCenter & NSX Manager H Secondary Universal Logical Switches Universal Distributed Logical Router Universal DFW Multi-VC Solutions with NSXNET5989
  • 14. Deploying and Configuring VMware NSX Deploy VMware NSX NSX Edge NSX Mgmt Virtual Infrastructure Deploy NSX Manager Deploy NSX Controller Cluster Component Deployment Host Preparation Logical Network Preparation Preparation OneTime Programmatic Virtual Network Deployment Logical Networks + + + Consumption Recurring Deploy Logical Switches per tier Create Bridged Network Logical Network/Security Services Deploy Distributed Logical Router or connect to existing CONFIDENTIAL 14
  • 15. Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 15
  • 16. NSX Logical Switching • Per Application/Multi-tenant segmentation • VM Mobility requires L2 everywhere • Large L2 Physical Network Sprawl – STP Issues • HW Memory (MAC, FIB) Table Limits • Scalable Multi-tenancy across data center • Enabling L2 over L3 Infrastructure • Overlay Based with VXLAN, etc. • Logical Switches span across Physical Hosts and Network Switches Challenges Benefits VMwareNSX Logical Switch 1 Logical Switch 2 Logical Switch 3 CONFIDENTIAL 16
  • 17. Logical View: VMs in a Single Logical Switch Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 VM1 VM3VM2 172.16.20.12 VM5 172.16.20.11 VM4 App LS 172.16.20.0/24 CONFIDENTIAL 17
  • 18. Physical View: VMs in a Single Logical Switch VM1 vSphere Distributed Switch VM2 Logical Switch 5001 VM3 Transport Subnet A 192.168.150.0/24 Physical Network 192.168.150.51 192.168.150.52 192.168.250.51 172.16.10.11 172.16.10.12 172.16.10.13 CONFIDENTIAL 18
  • 19. IP Fabric Host A Host B vSphere Distributed Switch Traffic Flow on a VXLAN Backed VDS 19 • In this setup, VM1 and VM2 are on different hosts but belong to the same logical switch • When these VMs communicate, a VXLAN overlay is established between the two hosts dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP VXLAN Overlay Logical SW A VM2 CONFIDENTIAL
  • 20. Host BHost A vSphere Distributed Switch Traffic Flow on a VXLAN Backed VDS • Assume VM1 sends some traffic to VM2: dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP Logical SW A VM2L2 frame L2 frame IP Fabric VXLAN Overlay IP/UDP/VXLANL2 frame VM1 sends L2 frame to local VTEP 1 VTEP adds VXLAN, UDP & IP headers2 Physical Transport Network forwards as a regular IP packet 3 Destination Hypervisor VTEP de-encapsulates frame 4 L2 frame delivered to VM2 5 CONFIDENTIAL 20
  • 21. NSX for vSphere VXLAN Replication Modes • NSX for vSphere provides three modes of traffic replication (two which are Controller based, and one which is Data Plane based • Unicast Mode – All replication occurs using unicast • Hybrid Mode – Local replication offloaded to physical network, while remote replication occurs via unicast • Multicast Mode – Requires IGMP for a Layer 2 topology and Multicast Routing for L3 topology • All modes require an MTU of 1600 bytes CONFIDENTIAL 21
  • 22. Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 22
  • 23. NSX Logical Routing Introduction 23 DLR Kernel Module NSX Edge ESXi Hypervisor Kernel Modules (VIBs) Distributed Logical Router Distributed Logical Routing Optimized for E-W Traffic Patterns Centralized Routing Optimized for N-S Routing vSphere Host LIF1 LIF2 Logical Routing Deep DiveNET5826 CONFIDENTIAL
  • 24. NSX Routing: Distributed, Feature-Rich • Physical Infrastructure Scale Challenges – Routing Scale • VM Mobility is a challenge • Multi-Tenant Routing Complexity • Traffic hair-pins Challenges • Distributed Routing in Hypervisor • Dynamic, API based Configuration • Full featured – OSPF, BGP, IS-IS • Logical Router per Tenant • Routing Peering with Physical Switch Benefits SCALABLE ROUTING – Simplifying Multi-tenancy L2 L2 Tenant A Tenant B L2 L2 L2 Tenant C L2 L2 L2 CMP CONFIDENTIAL 24
  • 25. Logical View: VMs in a Single Logical Switch VM1 VM3VM2 VM5VM4 Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 172.16.20.12172.16.20.11 App LS 172.16.20.0/24 CONFIDENTIAL 25
  • 26. Logical View: VMs with Distributed Routing 172.16.10.1 192.168.10.0/29 192.168.10.1 Distributed Logical Router Service VM1 VM3VM2 VM5VM4 Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 172.16.20.12172.16.20.11 App LS 172.16.20.0/24 172.16.20.1 CONFIDENTIAL 26
  • 27. Physical View: VMs in a Single Logical Switch VM1 vSphere Distributed Switch VM2 Logical Switch 5001 VM3 Physical Network Transport Subnet A 192.168.150.0/24 192.168.150.51 192.168.150.52 192.168.250.51 172.16.10.11 172.16.10.12 172.16.10.13 CONFIDENTIAL 27
  • 28. Physical View: Logical Routing VM5 VM1 vSphere Distributed Switch VM2 Logical Switch 5001 VM3 Physical Network VM4 Logical Switch 5002 Controller Management Cluster L3 Control Plane Programming Data Plane Transport Subnet A 192.168.150.0/24 Transport Subnet B 192.168.250.0/24 192.168.150.51 192.168.150.52 192.168.250.51 CONFIDENTIAL 28
  • 29. NSX Logical Routing : Components Interaction 29 NSX Edge (Acting as next hop router) 172.16.10.0/24 172.16.20.0/24 DLR 192.168.10.1 192.168.10.2 External Network 192.168.10.3 DLR Control VM Data Path Control Controller Cluster Control NSX Mgr Dynamic routing protocol is configured on the logical router instance1 OSPF/BGP peering between the NSX Edge and logical router control VM3 Learnt routes from the NSX Edge are pushed to the Controller for distribution4 Controller sends the route updates to all ESXi hosts 5 Routing kernel modules on the hosts handle the data path traffic6 1 3 4 5 6 Controller pushes new logical router Configuration including LIFs to ESXi hosts 2 2 Peering OSPF, BGP 172.16.30.0/24 CONFIDENTIAL
  • 30. Distributed East-West Routing Traffic Flow Different Hosts 30 vSphere Host VM1 VDS VXLAN Transport Network VXLAN 5001 VM2 VXLAN 5002 1 4 vSphere Host LIF2 - ARP Table DA: vMAC SA: MAC1 DA: 20.20.20.20 SA: 10.10.10.10 5002 MAC1 MAC2 5 172.16.10.10 2 VM IP VM MAC 172.16.20.10 MAC2 PayloadL2 IP DA: 172.16.20.10 SA: 172.16.10.10 PayloadL2 IP L2 IP UDP VXLAN PayloadL2 IP 172.16.20.10 LIF1 LIF2 vMAC LIF1 LIF2 vMAC Host 1 Host 2 3 10.10.10.10/24 20.20.20.20/24 3 DA: MAC2 SA: vMAC
  • 31. Example: Enterprise Routing Topology VLAN 20 Core Physical Routers Web1 App1 DB1 Webn Appn DBnWeb2 App2 DB2 VXLAN 5020 Uplink Distributed Routing Routing Peering Routing Peering E3 E8E1 Physical Routers E2 … Core Routing Adjacencies VXLAN VLAN Routing Adjacencies CONFIDENTIAL 31
  • 32. What Have We Seen Thus Far .. 1. NSX architecture 2. An on-demand application deployment 3. Logical switching configuration 4. Understand logical networks 5. Logical routing and possible designs CONFIDENTIAL 32
  • 33. Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 33
  • 34. NSX Distributed Firewalling • Centralized Firewall Model • Static Configuration • IP Address based Rules • 40 Gbps per Appliance • Lack of visibility with encapsulated traffic • Distributed at Hypervisor Level • Dynamic, API based Configuration • VM Name, VC Objects, Identity-based Rules • Line Rate ~20 Gbps per host • Full Visibility to encapsulated traffic Challenges Benefits PHYSICAL SECURITY MODEL DISTRIBUTED FIREWALLING Firewall Mgmt VMware NSX API CMP NSX DFW Deep DiveSEC5589 CONFIDENTIAL 34
  • 35. Distributed Firewall Features VM5 VM1 vSphere Distributed Switch Web-LS1 VM4 App-LS1 Management Cluster192.168.150.51 192.168.150.52 192.168.250.51 VM2 • Firewall rules are enforced at VNIC Level • Policy independent of location (L2 or L3 adjacency) • State persistent across vMotion • Enforcement based on VM attributes like Tags, VM Names, Logical Switch, etc Capabilities CONFIDENTIAL 35
  • 36. Distributed Firewall Rules VM5 VM1 vSphere Distributed Switch Web-LS1 VM4 App-LS1 Management Cluster192.168.150.51 192.168.150.52 192.168.250.51 VM2 Rules Based on VM Names CONFIDENTIAL 36
  • 37. Distributed Firewall Rules VM5 VM1 vSphere Distributed Switch Web-LS1 VM4 App-LS1 Management Cluster192.168.150.51 192.168.150.52 192.168.250.51 VM2 Rules Based on Logical Switches CONFIDENTIAL 37
  • 38. Example Building a Web DMZ Web-Tier App-Tier External Network Source Destination Service Policy Any Web-Tier LS HTTPS Allow Web-VM1 Web-VM2 Block Any Web-Tier LS Block Web-Tier LS App-Tier LS TCP 8443 Allow Any App-Tier LS Block STOP Client to Web HTTPS Traffic Web to App TCP/8443 CONFIDENTIAL 38
  • 39. External Network VDS Guest VM Partner Services VM vCenter Partner Console DFW Filtering Module Slot 2 Slot 4 Traffic Redirection Module NSX Distributed Firewall Packet Walk 39 DFW, Filtering Module and Traffic Redirection Module CONFIDENTIAL
  • 40. Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 40
  • 41. Features Summary NSX Edge Gateway Services Rule configuration with IP, Port ranges, Grouping Objects, VC ContainersFirewall Configuration of IP Pools, gateways, DNS servers and search domains.DHCP IPSec site to site VPN between two Edges or other vendor VPN terminators.Site-to-Site VPN Stretch your layer 2 across datacenters.L2VPN Allow remote users to access the private networks behind Edge GSW.SSL VPN Configure Virtual Servers and backend pools using IP addresses or VC ObjectsLoad Balancing Source and Destination NAT capabilities.Network Address Translation Active-Standby HA capability which works well with vSphere HA.High Availability Static as well as Dynamic Routing protocols support (OSPF, BGP, ISIS)Routing Allow configuring DNS relay and remote syslog servers.DNS/Syslog
  • 42. NSX Edge Integrated Network Services …. Firewall Load Balancer VPN Routing/NAT DHCP/DNS relay DDI VM VM VM VM VM • Integrated L3 – L7 services • Virtual appliance model to provide rapid deployment and scale-out Overview • Real time service instantiation • Support for dynamic service differentiation per tenant/application • Uses x86 compute capacity Benefits CONFIDENTIAL 42
  • 43. NSX Load Balancing • Application Mobility • Multi-tenancy • Configuration complexity – manual deployment model • On-demand load balancer service • Simplified deployment model for applications – one-arm or inline • Layer 7, SSL, … Challenges Benefits LOAD BALANCER – Per Tenant Application Availability Model Tenant A VM1 VM2 VM1 VM2 Tenant B NSX Load Balancing Deep Dive NET5612 CONFIDENTIAL 43
  • 44. NSX L2VPN • Brownfield NSX deployments (VLAN -> VXLAN) • Data Center Migrations (P2V, V2V) • Disaster Recovery & Testing • Cloud Bursting & Onboarding Use Cases • Long Distance / High Latency • Multiple management domains • NSX present only on a single site • Max 1500 byte MTU on WAN Best Fit for L2 extensions with • SSL secured L2 extension over any IP network • Independent of vCenter Server boundaries • Can co-exist with existing default gateway • No specialized hardware required • Supports up to 750Mb/s per Edge • AES-NI supported if available Highlights Internet / WAN Enterprise Internet / WAN Hybrid Cloud Public Cloud Connecting Remote Sites with NSXNET5352
  • 45. Agenda 1 NSX Architecture and Components 2 Switching 3 Routing 4 Distributed Firewall & Micro-Segmentation 5 Services 6 Summary & Next Steps CONFIDENTIAL 45
  • 46. VMware NSX – Summary and Takeaways • Faithful reproduction of L2 – L7 network & security services • Services design for scale-out • Central API for provisioning & monitoring • All NSX components designed with resiliency • Extensive 3rd party ecosystem for NSX platform 46CONFIDENTIAL
  • 47. NSX Ecosystem CONFIDENTIAL 47 Service Insertion “Leverage full automation and service insertion for NSX” NSX aware “Leverage NSX API and metadata to bring a solution” Co-existence “Let’s meet in the network” Works with any switching fabric Works with routing ecosystem using traditional protocols Existing Physical firewall provide security sitting in front of NSX Edge at layer 3 Existing Physical/virtual ADC services can connect to NSX at layer 2 or layer 3
  • 48. Network Virtualization Next Steps with VMware NSX CONFIDENTIAL 48 virtualizeyournetwork.com The online resource for the people, teams and organizations that are adopting network virtualization communities.vmware.com Connect and engage with network virtualization experts and fellow VMware NSX users vmware.com/go/NVtraining Build knowledge and expertise for the next step in your career labs.hol.vmware.com Test drive the capabilities of VMware NSX
  • 49.
  • 50.
  • 51. VMware NSX - Deep Dive Jacob Rapp, VMware, Inc NET5560 #NET5560

Editor's Notes

  1. Explain each module in little detail.. Showing the value of each feature Port Security : Provides DHCP snooping used by VXLAN module; Port Security – IP spoof guard VXLAN – VTEP ; MTEP – Multicast replication; ARP Proxy Distributed Router – East – West traffic between VXLAN vWires had to go through Edge gateway Distributed Firewall – Better performance Message Bus provides a new communication channel that allows direct communication from NSX manager to the host User World Agent – Communicates with the controller one one side and the kernel modules on the other
  2. TBD: Properties & Benefits (VM, separation of MP/CP/DP, scale-out, no multicast) - Functions: overlay, L2, L3 dataplane programming Provides control plane to distribute Logical Switching and Logical Routing network information to ESXi hosts NSX Controllers are clustered for scale out and high availability Network information is sliced across nodes in a Controller Cluster Removes Dependencies on Multicast from Physical Networks Provides suppression of ARP broadcast traffic in logical networks
  3. Functionality NSX for vSphere centralized management plane 1:1 mapping between an NSX Manager and vCenter Server Provides the management UI and API for NSX Configures Controller Cluster Generates certificates to secure control plane communications Installs Logical Switching, Distributed Routing and Firewall kernel modules on ESXi hosts Operationally: Deploys NSX Controller and NSX Edge Virtual Appliances (OVF) vSphere Web Client Plugin Host configuration includes Distributed Firewall and NSX Edges
  4. NSX Control Plane communication occurs over the management network. The Control plane is protected by: Certificate based authentication SSL NSX Manager generates self-signed certificates for each ESXi Hosts and Controllers These certificates are pushed to the controller and ESXi hosts over secure channels Mutual authentication occurs by verifying these certificates
  5. Ethernet in IP overlay network Entire L2 frame encapsulated in UDP 50+ bytes of overhead 24 bit VXLAN Network Identifier 16 M logical networks VXLAN can cross Layer 3 network boundaries Overlay between ESXi hosts VMs do NOT see VXLAN ID VTEP (VXLAN Tunnel End Point) VMkernel interface which serves as the endpoint for encapsulation/de-encapsulation of VXLAN traffic Technology submitted to IETF for standardization With Cisco, Citrix, Red Hat, Broadcom, Arista and Others
  6. VXLAN traffic uses a vmknic which provides VXLAN Virtual Tunnel End Point (VTEP) functionality A single dvPortGroup per VDS is created for all VTEPs A logical switch is a L2 broadcast domain implemented using VXLAN A dvPortGroup is created for each logical switch Provides local switching & isolation VXLAN logical switches can also span multiple VDS
  7. Support for multiple VXLAN vmknics per host to provide additional options for uplink load balancing DSCP & COS Tag from internal frame copied to external VXLAN encapsulated header Support for Guest VLAN tagging vMotion callback Dedicated TCP/IP stack for VXLAN Ready for VXLAN hardware offloading to network adapters A highly available and secure control plane to distribute VXLAN network information to ESXi hosts Removes dependency on multicast routing/PIM in the physical network Suppress broadcast traffic in VXLAN networks ARP Directory Service & NSX Controller
  8. In Unicast or Hybrid mode, each ESXi host will select one VTEP in every remote segment from its VTEP mapping table as a proxy. This is per VNI (balances load across proxy VTEPs) In Unicast Mode this proxy is called a UTEP – Unicast Tunnel End Point In Hybrid Mode it is an MTEP – Multicast Tunnel End Point This list of UTEPs/MTEPs is then synced to each VTEP If a UTEP or MTEP leaves a VNI the host will be updated by the Controller and then select a new proxy within the segment Optimized Replication – VTEPs perform software replication of BUM traffic to local VTEPs and one UTEP/MTEP per remote segment The VXLAN header format has been updated in NSX for vSphere A new REPLICATE_LOCALLY bit is used in the VXLAN header for Unicast and Hybrid Modes When an UTEP or MTEP receives a unicast frame with the REPLICATE_LOCALLY bit set it is responsible for re-injecting the frame to the local transport network The behavior of the proxy depends on the traffic replication mode UNICAST MODE Source VTEP role Replicates an encapsulated frame to each remote UTEP via unicast Also replicates the frame to each active VTEP in the local segment UTEP role Delivers a copy of the de-encapsulated inner frame to local VMs Sends the replicated frame to all VTEPs in the local segment Unicast Mode has minimal dependencies on physical network, but the overhead increases as environment scales Configurable per VNI during logical switch provisioning Multicast Addresses are not required in Unicast Mode Hybrid Mode Source VTEP role Replicates an encapsulated frame to each remote MTEP via unicast Also replicates the frame locally via multicast MTEP role Delivers a copy of the de-encapsulated inner frame to it’s local VMs Sends the replicated frame to the local segment using the multicast address assigned to the VNI Hybrid Mode leverages the physical network to reduce the overhead of traffic replication. Overhead increases as VXLAN segments are added Again configurable per VNI Multicast Addresses are required in Hybrid Mode To reduce dependencies on the physical network, ESXi hosts will now send IGMP joins & reports An IGMP Querier on the physical network per transport network is still recommended Multicast Mode Source VTEP role Replicate the VXLAN frame locally via multicast L2 multicast will deliver to all local destination VTEPs No UTEP or MTEPs required Multicast routing will handle delivery to all remote segments Multicast Mode is entirely reliant on multicast support in the physical network for local and remote traffic replication Configurable per VNI Multicast Addresses are required
  9. Logical Interfaces (LIFs) on a Distributed Logical Router Instance There are internal LIFs and uplink LIFs VM Default Gateway traffic is handled by LIFs on the appropriate network LIFs are distributed across every hypervisor prepared for NSX Up to 1000 LIFs can be configured per Distributed Logical Router Instance 8 Uplink 992 Internal An ARP table is maintained per LIF vMAC is the MAC address of an internal LIF vMAC is same across all hypervisors and it is never seen by the physical network (only by VMs) pMAC is the MAC address of the dvUplink on each host through which traffic flows to the physical network
  10. The Distributed Logical Router Control Plane is provided by a per instance DLR Control VM and the NSX Controller Supports Dynamic Routing Protocols OSPF BGP Communicates with NSX Manager and Controller Cluster NSX Manager sends LIF information to the Control VM and Controller Cluster Control VM sends Routing updates to the Controller Cluster DLR Control VM and NSX Controller are not in the data path High availability supported through Active-Standby configuration
  11. VMware NSX provides a faithful reproduction of Network & Security Services in Software VXLAN is the overlay technology empowering those virtual networking capabilities Logical Routing allows for communication between virtual workloads belonging to separate IP subnets Distributed Routing optimizes traffic flows for East-West communication inside the Data Center Centralized Routing handles on-ramp/off-ramp communication with the external physical network Multiple logical topologies can be built combining NSX DLR and Edge functional components Each logical routing components can be deployed redundantly to guarantee a fully resilient design
  12. Enterprise topology, optimizes as much E-W traffic as possible by adding as many LIFs on the one DLR instance. Unless L2 spans across all clusters it is still common to uses NSX edge gateway even if it’s aggregating the one Distributed Logical Router instance so that VXLAN LIFs are used.
  13. While we’re focusing on Firewalling here, note that NSX is the security platform offering Antivirus, Intrusion Prevention, Vulnerability Management, Identity and Access Management, Security Policy Management, DLP File Integrity Monitoring and more…
  14. Traffic Redirection rules are configured using Service Composer (within Security Policy definition) or using Partner Security Services (DFW UI - NSX 6.1). Filtering Module is an extension of DFW. Filtering Module rules are configured within Security Policy definition (Service Composer menu). Traffic Redirection Module define which traffic are steered to Partner Services VM: Using Service Composer: ANY -> SG, SG1 -> SG2, SG -> ANY ANY, TCP/UDP destination port, TCP/UDP source port Predefined Services application & protocols (NSX 6.1) Using Partner Security Services (under DFW UI)
  15. Challenges Applications are not mobile as they are tied to a physical LB instance Multi-tenancy ? Configuration automation