Three reasons why Networking is a pain in the IaaS

11,556 views

Published on

Discussion on why status quo in Networking is not sufficient to meet the demands of the highy agile Private and Public cloud

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total views
11,556
On SlideShare
0
From Embeds
0
Number of Embeds
6,249
Actions
Shares
0
Downloads
91
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Three reasons why Networking is a pain in the IaaS

  1. 1. Three reasons why Networking is a pain in the IaaS, and how to fix it Brad Hedlund VMware NSBU February 2014
  2. 2. #1 Impedance Mismatch ! VM VM VM Abstraction Layer (ESX) Capacity Pool Standard Hardware Virtual Compute Custom Hardware Non-Virtual Network
  3. 3. #1 Network Virtualization :) VM VM (ESX) VM Abstraction Layer (NSX) Capacity Pool Any x86 Any IP Network • NFV • SDN Virtual Compute Virtual Network
  4. 4. Desired State #2 Scripting App XYZ português 3rd Party Scripting English русский 普通话 Network Security App Delivery • Untenable
  5. 5. Desired State #2 Policy Engine App XYZ Open API Network & Security Policy Engine NSX Platform Network Security App Delivery English русский 普通话
  6. 6. #3 Chokepoints Routing FIREWALL FIREWALL Internal VMs VMs VMs VMs VMs VMs External VMs VMs • Performance, or Security? • Redundancies of Redundancy • Lack of visibility VMs VMs VMs VMs
  7. 7. NSX Edge FIREWALL FIREWALL #3 Distributed Services • Reusable HA • Performance • Visibility • Security Internal Network DISTRIBUTED FIREWALL & ROUTER VMs VMs Containers External VMs VMs VMs VMs VMs VMs VMs VMs vSphere VDS + NSX VMs VMs Web App DB Internal Apps Web App DB External Apps
  8. 8. NSX Networking Components Logical Switch DLR Distributed Logical Router Distributed Firewall DFW ESR Edge Services Router VM
  9. 9. World Single Tenant Topology Data Center Routers XYZ VIP ESR Edge VLAN OSPF ABC VIP DLR ESR One-Arm Web VM 10.1.1.0 ABC App XYZ App App DB VM 10.1.2.0 VM 10.1.3.0 Web VM 10.1.9.0 App DB VM 10.1.8.0 VM 10.1.10.0
  10. 10. World Multi Tenant Topology Data Center Routers BGP Edge VLAN Tenant 1 ESR NAT Tenant 2 ESR NAT VPN VPN OSPF OSPF DLR Web VM 10.1.1.0 DLR App DB VM 10.1.2.0 VM 10.1.3.0 Web VM 10.1.1.0 App DB VM 10.1.2.0 VM 10.1.3.0
  11. 11. World Multi Tenant Topology Data Center Routers “Provider” ESR Edge VLAN Tenant 2 Tenant 1 DLR DLR ESR ESR One-Arm One-Arm Web VM 10.1.1.0 App DB VM 10.1.2.0 VM 10.1.3.0 Web VM 10.1.7.0 App DB VM 10.1.8.0 VM 10.1.9.0 … Tenant 9
  12. 12. World Multi Tenant Topology Data Center Routers “Provider” Tenant 1 ESR Edge VLAN ESR ESR DLR DLR Web VM 10.1.1.0 Tenant 2 App DB VM 10.1.2.0 VM 10.1.3.0 Web VM 10.1.1.0 App DB VM 10.1.2.0 VM 10.1.3.0 … Tenant 9
  13. 13. Gradual Migration External Access DMZ Firewalls / Load Balancers Existing vCenter Hypervisors Firewalls / Load Balancers Existing IaaS Internal Access DMZ
  14. 14. Gradual Migration External Access DMZ Firewalls / Load Balancers vCenter 5.5 Hypervisors Firewalls / Load Balancers Existing IaaS Internal Access DMZ
  15. 15. Gradual Migration External Access DMZ vCAC NSX vCenter 5.5 NSX Edge Firewalls / Load Balancers vSphere 5.5 Hypervisors + NSX Hypervisors NSX Edge Firewalls / Load Balancers NSX PoC Existing IaaS Internal Access DMZ
  16. 16. Gradual Migration External Access DMZ vCAC NSX Edge Hypervisors NSX Edge vCenter 5.5 Firewalls / Load Balancers vSphere 5.5 Hypervisors + NSX NSX Firewalls / Load Balancers Existing IaaS IaaS + Internal Access DMZ
  17. 17. Gradual Migration External Access DMZ vCAC NSX Edge NSX vSphere 5.5 Hypervisors + NSX vCenter 5.5 NSX Edge IaaS + Internal Access DMZ
  18. 18. Normalization Infrastructure 1 Infrastructure 2 WEB WEB APP APP DB ABC App Non Disruptive DB ABC App
  19. 19. Questions?

×