2. The case for Network Virtualization
CONFIDENTIAL 2
VM1
Traditional Data Center
- Network Architecture
- Layer 3 boundary –
Aggregation Layer
- VLANs in Access Layer
and Virtual Switch
Layer 3
Layer 2
vSwitch
Access Switch
Aggregation Switch / Router
Baremetal DB
3. The case for Network Virtualization
CONFIDENTIAL 3
Datacenter Network
Tunnels (VXLAN, Geneve, STT)
VM1 VM2 VM3 VM4 VM5 VM6
Drivers for Virtualized
Networking
- Cloud – software defined
network
- Multi-tenancy – with
overlapping IP addresses (
typical use cases acquisitions
and mergers)
- Flexible and programmatic
workload placement
4. The Case for Microsegmentation
CONFIDENTIAL 4
Data center 1
Perimeter
Security in a Traditional Data
Center
- Security configuation at Layer 3
boundary
- Huge surface exposed for attack –
i.e. attack can move laterally
throughout the VLAN domain
5. The Case for Microsegmentation
CONFIDENTIAL 5
Datacenter Network
Tunnels (VXLAN, Geneve, STT)
VM1 VM2 VM3 VM4 VM5 VM6
Security in a Modern
Data Center
- FW per VM or host
- Limits the lateral spread of
an attack
- Distributed Firewall
- In kernel
- Line rate performance
- FW context moves along
with the workload
FW per
vNIC
8. What’s new in the Data Center
CONFIDENTIAL 8
R
VTEP
TOR L3
HypervisorHypervisor
V1
V
2
C1 C
2
C
3
C
4
OVS OVSVTEP TOR
L2
P1
P2
Datacenter Network (Tunnels)
- Containers running
in VMs
- Containers running
on Baremetal Servers
9. Design goals for Container integration
CONFIDENTIAL 9
- Unique IP Address per container
- No NAT based solution – complex to manage at scale
- Avoid overlays on overlays
- Poor Performance
- Lack of visibility for troubleshooting & monitoring
- Security (Firewall) enforcement per container interface
- Protect other workloads from a compromised Container
- Network segment that spans Baremetal, Containers and VMs
- Service Chaining for Containers – e.g. IDS & Distributed Load Balancing
17. Cloud Native Apps in Enterprises
17
- Cloud Native technologies will bring “web-scale” like agility and continuous delivery to the enterprise
- Customers are deploying next generation apps to either PaaS platforms or Container Clusters
- Customers are also refactoring existing apps using Containers and embracing Devops
- NSX will integrate with PaaS and Container Orchestration platforms
NSX NSX
18. NSX for cloud-native apps
18
Solution
NSX Kubernetes Plugin NSX Docker Plugin
K8 Spec Docker Compose
Bare metal (Linux) and Virtual Machines (KVM & vSphere)
Containers
Connectivity Availability Security
Enterprise-grade networking and security for cloud-native apps
Enables admin to run apps on any cloud – VMware, OpenStack
and Public Cloud
Single platform for all apps – VM,
bare metal and Containers