SlideShare a Scribd company logo

Microservices for Enterprises - Consistent Network & Security services for Containers and VMs

Dhananjay Sampath
Dhananjay Sampath

Talk given by Sai Chaitanya, Gurucharan Shetty at VMware http://www.meetup.com/Microservices-for-Enterprises/events/229702119/

Technology
1 of 18
Download to read offline
© 2015 VMware Inc. All rights reserved. Consistent Network & Security services for Containers and VMs Guru Shetty Sai Chaitanya
The case for Network Virtualization CONFIDENTIAL 2 VM1 Traditional Data Center - Network Architecture - Layer 3 boundary – Aggregation Layer - VLANs in Access Layer and Virtual Switch Layer 3 Layer 2 vSwitch Access Switch Aggregation Switch / Router Baremetal DB
The case for Network Virtualization CONFIDENTIAL 3 Datacenter Network Tunnels (VXLAN, Geneve, STT) VM1 VM2 VM3 VM4 VM5 VM6 Drivers for Virtualized Networking - Cloud – software defined network - Multi-tenancy – with overlapping IP addresses ( typical use cases acquisitions and mergers) - Flexible and programmatic workload placement
The Case for Microsegmentation CONFIDENTIAL 4 Data center 1 Perimeter Security in a Traditional Data Center - Security configuation at Layer 3 boundary - Huge surface exposed for attack – i.e. attack can move laterally throughout the VLAN domain
The Case for Microsegmentation CONFIDENTIAL 5 Datacenter Network Tunnels (VXLAN, Geneve, STT) VM1 VM2 VM3 VM4 VM5 VM6 Security in a Modern Data Center - FW per VM or host - Limits the lateral spread of an attack - Distributed Firewall - In kernel - Line rate performance - FW context moves along with the workload FW per vNIC
Virtual Networking constructs CONFIDENTIAL 6 • Logical Switch • Logical Port • Firewall rule (ACL) • Logical Router • Logical Router Port • Distributed Loadbalancer
The intelligent edge CONFIDENTIAL 7 Hypervisor OVS Openflow OVSDB Coke Pepsi NSX/OVN CMS / Container Orchestrators
What’s new in the Data Center CONFIDENTIAL 8 R VTEP TOR L3 HypervisorHypervisor V1 V 2 C1 C 2 C 3 C 4 OVS OVSVTEP TOR L2 P1 P2 Datacenter Network (Tunnels) - Containers running in VMs - Containers running on Baremetal Servers
Design goals for Container integration CONFIDENTIAL 9 - Unique IP Address per container - No NAT based solution – complex to manage at scale - Avoid overlays on overlays - Poor Performance - Lack of visibility for troubleshooting & monitoring - Security (Firewall) enforcement per container interface - Protect other workloads from a compromised Container - Network segment that spans Baremetal, Containers and VMs - Service Chaining for Containers – e.g. IDS & Distributed Load Balancing
Docker Integration CONFIDENTIAL 10 Hypervisor OVS Datacenter Network Docker Host VM C1 C2 C3 OVS Untrusted Trusted
Docker Integration CONFIDENTIAL 11 Hypervisor OVS Datacenter Network C1 C2 C3 OVS VM OVS C4 C5 C1 C3 C4 S C2 C5 S VM R Extern al Logical Space
Docker Security CONFIDENTIAL 12 Hypervisor OVS Datacenter Network Docker Host VM C1 C2 C3 OVS Distributed Firewall
Docker OpenStack Integration CONFIDENTIAL 13 • docker network create -d openvswitch -- subnet=192.168.1.0/24 foo • docker run --net=foo --name=busybox busybox
Docker OpenStack Integration CONFIDENTIAL 14 OVS HV C 2 C 3 OV S plugin C 1 Docker Neutron OVN Nova Tenant VM
OVN – VM overlays CONFIDENTIAL 15 C1 C2 C3 C4 OVS OVS OVS Tunnels VM VM VM
Kubernetes integration CONFIDENTIAL 16
Cloud Native Apps in Enterprises 17 - Cloud Native technologies will bring “web-scale” like agility and continuous delivery to the enterprise - Customers are deploying next generation apps to either PaaS platforms or Container Clusters - Customers are also refactoring existing apps using Containers and embracing Devops - NSX will integrate with PaaS and Container Orchestration platforms NSX NSX
NSX for cloud-native apps 18 Solution NSX Kubernetes Plugin NSX Docker Plugin K8 Spec Docker Compose Bare metal (Linux) and Virtual Machines (KVM & vSphere) Containers Connectivity Availability Security Enterprise-grade networking and security for cloud-native apps Enables admin to run apps on any cloud – VMware, OpenStack and Public Cloud Single platform for all apps – VM, bare metal and Containers

Recommended

Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
Andrew Randall
 
'Dockerizing' within enterprises
'Dockerizing' within enterprises'Dockerizing' within enterprises
'Dockerizing' within enterprises
Harish Jayakumar
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Andrew Randall
 
Simplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoSimplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project Calico
Andrew Randall
 
MidoNet 101
MidoNet 101MidoNet 101
MidoNet 101
alexbikfalvi
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on Docker
Sanjeev Rampal
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Fawad Khaliq
 
Tap as a service: What you need to know now
Tap as a service: What you need to know nowTap as a service: What you need to know now
Tap as a service: What you need to know now
Fawad Khaliq
 

Recommended

Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
Andrew Randall
 
'Dockerizing' within enterprises
'Dockerizing' within enterprises'Dockerizing' within enterprises
'Dockerizing' within enterprises
Harish Jayakumar
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Andrew Randall
 
Simplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoSimplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project Calico
Andrew Randall
 
MidoNet 101
MidoNet 101MidoNet 101
MidoNet 101
alexbikfalvi
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on Docker
Sanjeev Rampal
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Fawad Khaliq
 
Tap as a service: What you need to know now
Tap as a service: What you need to know nowTap as a service: What you need to know now
Tap as a service: What you need to know now
Fawad Khaliq
 
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
Vietnam Open Infrastructure User Group
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
Cloud Native Day Tel Aviv
 
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Karthik Prabhakar
 
Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Microservices Architectures with Docker Swarm, etcd, Kuryr and NeutronMicroservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Fawad Khaliq
 
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVOpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
Cloud Native Day Tel Aviv
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
LF_OpenvSwitch
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
Sanjeev Rampal
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
Lee Calcote
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about Packet
Packet
 
Unified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack CloudsUnified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack Clouds
PLUMgrid
 
MidoNet Overview - OpenStack and SDN integration
MidoNet Overview - OpenStack and SDN integrationMidoNet Overview - OpenStack and SDN integration
MidoNet Overview - OpenStack and SDN integration
Akhilesh Dhawan
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & Security
Vietnam Open Infrastructure User Group
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDN
MidoNet
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Cloud Native Day Tel Aviv
 
Calico to secure host interfaces
Calico to secure host interfacesCalico to secure host interfaces
Calico to secure host interfaces
D.Rajesh Kumar
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
Cumulus Networks
 
Hands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid
 
OpenStack & OpenContrail in Production
OpenStack & OpenContrail in ProductionOpenStack & OpenContrail in Production
OpenStack & OpenContrail in Production
Edgar Magana
 
Proto kubernetes onswitc_hengines_tue100418
Proto kubernetes onswitc_hengines_tue100418Proto kubernetes onswitc_hengines_tue100418
Proto kubernetes onswitc_hengines_tue100418
inside-BigData.com
 
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017 The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
Xpand IT
 
E book vilesoft erp
E book vilesoft erpE book vilesoft erp
E book vilesoft erp
Vilesoft
 
Clustering Docker with Docker Swarm on openSUSE
Clustering Docker with Docker Swarm on openSUSEClustering Docker with Docker Swarm on openSUSE
Clustering Docker with Docker Swarm on openSUSE
Saputro Aryulianto
 

More Related Content

What's hot

Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Microservices Architectures with Docker Swarm, etcd, Kuryr and NeutronMicroservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Fawad Khaliq
 
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVOpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
Cloud Native Day Tel Aviv
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Cloud Native Day Tel Aviv
 
Hands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid
 
Proto kubernetes onswitc_hengines_tue100418
Proto kubernetes onswitc_hengines_tue100418Proto kubernetes onswitc_hengines_tue100418
Proto kubernetes onswitc_hengines_tue100418
inside-BigData.com
 

What's hot (20)

VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
 
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
 
Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Microservices Architectures with Docker Swarm, etcd, Kuryr and NeutronMicroservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
 
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVOpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about Packet
 
Unified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack CloudsUnified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack Clouds
 
MidoNet Overview - OpenStack and SDN integration
MidoNet Overview - OpenStack and SDN integrationMidoNet Overview - OpenStack and SDN integration
MidoNet Overview - OpenStack and SDN integration
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & Security
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDN
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
 
Calico to secure host interfaces
Calico to secure host interfacesCalico to secure host interfaces
Calico to secure host interfaces
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
 
Hands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
 
OpenStack & OpenContrail in Production
OpenStack & OpenContrail in ProductionOpenStack & OpenContrail in Production
OpenStack & OpenContrail in Production
 
Proto kubernetes onswitc_hengines_tue100418
Proto kubernetes onswitc_hengines_tue100418Proto kubernetes onswitc_hengines_tue100418
Proto kubernetes onswitc_hengines_tue100418
 
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017 The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017
 

Viewers also liked

Ленвендо.Построение системного ландшафта высоконагруженного проекта
Ленвендо.Построение системного ландшафта высоконагруженного проектаЛенвендо.Построение системного ландшафта высоконагруженного проекта
Ленвендо.Построение системного ландшафта высоконагруженного проекта
Lenvendo
 
Docker Swarm: Docker Native Clustering
Docker Swarm: Docker Native ClusteringDocker Swarm: Docker Native Clustering
Docker Swarm: Docker Native Clustering
Docker, Inc.
 

Viewers also liked (20)

E book vilesoft erp
E book vilesoft erpE book vilesoft erp
E book vilesoft erp
 
Clustering Docker with Docker Swarm on openSUSE
Clustering Docker with Docker Swarm on openSUSEClustering Docker with Docker Swarm on openSUSE
Clustering Docker with Docker Swarm on openSUSE
 
Ленвендо.Построение системного ландшафта высоконагруженного проекта
Ленвендо.Построение системного ландшафта высоконагруженного проектаЛенвендо.Построение системного ландшафта высоконагруженного проекта
Ленвендо.Построение системного ландшафта высоконагруженного проекта
 
Building Distributed System with Celery on Docker Swarm - PyCon JP 2016
Building Distributed System with Celery on Docker Swarm - PyCon JP 2016Building Distributed System with Celery on Docker Swarm - PyCon JP 2016
Building Distributed System with Celery on Docker Swarm - PyCon JP 2016
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
 
Beyond PaaS v.s IaaS: How to Manage Both
Beyond PaaS v.s IaaS: How to Manage BothBeyond PaaS v.s IaaS: How to Manage Both
Beyond PaaS v.s IaaS: How to Manage Both
 
State of the Cloud DevOps Trends
State of the Cloud DevOps TrendsState of the Cloud DevOps Trends
State of the Cloud DevOps Trends
 
Containers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesContainers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. Kubernetes
 
Microservices Network Architecture 101
Microservices Network Architecture 101Microservices Network Architecture 101
Microservices Network Architecture 101
 
Cisco Global Cloud index Public deck 2013 2018 latam prensa
Cisco Global Cloud index Public deck 2013 2018 latam prensaCisco Global Cloud index Public deck 2013 2018 latam prensa
Cisco Global Cloud index Public deck 2013 2018 latam prensa
 
Introduction to docker swarm
Introduction to docker swarmIntroduction to docker swarm
Introduction to docker swarm
 
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
 
Unleash software architecture leveraging on docker
Unleash software architecture leveraging on dockerUnleash software architecture leveraging on docker
Unleash software architecture leveraging on docker
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
 
Container orchestration
Container orchestrationContainer orchestration
Container orchestration
 
Thrift vs Protocol Buffers vs Avro - Biased Comparison
Thrift vs Protocol Buffers vs Avro - Biased ComparisonThrift vs Protocol Buffers vs Avro - Biased Comparison
Thrift vs Protocol Buffers vs Avro - Biased Comparison
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
 
Docker Swarm: Docker Native Clustering
Docker Swarm: Docker Native ClusteringDocker Swarm: Docker Native Clustering
Docker Swarm: Docker Native Clustering
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 
Development Swarm Cluster
Development Swarm ClusterDevelopment Swarm Cluster
Development Swarm Cluster
 

Similar to Microservices for Enterprises - Consistent Network & Security services for Containers and VMs

Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
Brad Eckert
 
vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01
vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01
vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01
Chrysostomos Christofi
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
Hythamsaadeh
 

Similar to Microservices for Enterprises - Consistent Network & Security services for Containers and VMs (20)

VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
Cisco Virtualized Network Services
Cisco Virtualized Network ServicesCisco Virtualized Network Services
Cisco Virtualized Network Services
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with Docker
 
vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01
vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01
vmwarenetworkingnexus1000vm-fex-v2-140125071045-phpapp01
 
Presentation cisco data center security deep dive
Presentation cisco data center security deep divePresentation cisco data center security deep dive
Presentation cisco data center security deep dive
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
Acronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFAcronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNF
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
 
2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...
 
EYWA Presentation v0.1.27
EYWA Presentation v0.1.27EYWA Presentation v0.1.27
EYWA Presentation v0.1.27
 
Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5
 
04 vsx power-r65
04 vsx power-r6504 vsx power-r65
04 vsx power-r65
 
Logical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxLogical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptx
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesAzure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet Topologies
 
Nexus 1000V Support for VMWare vSphere 6
Nexus 1000V Support for VMWare vSphere 6Nexus 1000V Support for VMWare vSphere 6
Nexus 1000V Support for VMWare vSphere 6
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
 
vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.
 
VMworld 2013: Multi-site Deployments with Network Virtualization
VMworld 2013: Multi-site Deployments with Network Virtualization VMworld 2013: Multi-site Deployments with Network Virtualization
VMworld 2013: Multi-site Deployments with Network Virtualization
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Microservices for Enterprises - Consistent Network & Security services for Containers and VMs

  • 1. © 2015 VMware Inc. All rights reserved. Consistent Network & Security services for Containers and VMs Guru Shetty Sai Chaitanya
  • 2. The case for Network Virtualization CONFIDENTIAL 2 VM1 Traditional Data Center - Network Architecture - Layer 3 boundary – Aggregation Layer - VLANs in Access Layer and Virtual Switch Layer 3 Layer 2 vSwitch Access Switch Aggregation Switch / Router Baremetal DB
  • 3. The case for Network Virtualization CONFIDENTIAL 3 Datacenter Network Tunnels (VXLAN, Geneve, STT) VM1 VM2 VM3 VM4 VM5 VM6 Drivers for Virtualized Networking - Cloud – software defined network - Multi-tenancy – with overlapping IP addresses ( typical use cases acquisitions and mergers) - Flexible and programmatic workload placement
  • 4. The Case for Microsegmentation CONFIDENTIAL 4 Data center 1 Perimeter Security in a Traditional Data Center - Security configuation at Layer 3 boundary - Huge surface exposed for attack – i.e. attack can move laterally throughout the VLAN domain
  • 5. The Case for Microsegmentation CONFIDENTIAL 5 Datacenter Network Tunnels (VXLAN, Geneve, STT) VM1 VM2 VM3 VM4 VM5 VM6 Security in a Modern Data Center - FW per VM or host - Limits the lateral spread of an attack - Distributed Firewall - In kernel - Line rate performance - FW context moves along with the workload FW per vNIC
  • 6. Virtual Networking constructs CONFIDENTIAL 6 • Logical Switch • Logical Port • Firewall rule (ACL) • Logical Router • Logical Router Port • Distributed Loadbalancer
  • 7. The intelligent edge CONFIDENTIAL 7 Hypervisor OVS Openflow OVSDB Coke Pepsi NSX/OVN CMS / Container Orchestrators
  • 8. What’s new in the Data Center CONFIDENTIAL 8 R VTEP TOR L3 HypervisorHypervisor V1 V 2 C1 C 2 C 3 C 4 OVS OVSVTEP TOR L2 P1 P2 Datacenter Network (Tunnels) - Containers running in VMs - Containers running on Baremetal Servers
  • 9. Design goals for Container integration CONFIDENTIAL 9 - Unique IP Address per container - No NAT based solution – complex to manage at scale - Avoid overlays on overlays - Poor Performance - Lack of visibility for troubleshooting & monitoring - Security (Firewall) enforcement per container interface - Protect other workloads from a compromised Container - Network segment that spans Baremetal, Containers and VMs - Service Chaining for Containers – e.g. IDS & Distributed Load Balancing
  • 10. Docker Integration CONFIDENTIAL 10 Hypervisor OVS Datacenter Network Docker Host VM C1 C2 C3 OVS Untrusted Trusted
  • 11. Docker Integration CONFIDENTIAL 11 Hypervisor OVS Datacenter Network C1 C2 C3 OVS VM OVS C4 C5 C1 C3 C4 S C2 C5 S VM R Extern al Logical Space
  • 12. Docker Security CONFIDENTIAL 12 Hypervisor OVS Datacenter Network Docker Host VM C1 C2 C3 OVS Distributed Firewall
  • 13. Docker OpenStack Integration CONFIDENTIAL 13 • docker network create -d openvswitch -- subnet=192.168.1.0/24 foo • docker run --net=foo --name=busybox busybox
  • 14. Docker OpenStack Integration CONFIDENTIAL 14 OVS HV C 2 C 3 OV S plugin C 1 Docker Neutron OVN Nova Tenant VM
  • 15. OVN – VM overlays CONFIDENTIAL 15 C1 C2 C3 C4 OVS OVS OVS Tunnels VM VM VM
  • 17. Cloud Native Apps in Enterprises 17 - Cloud Native technologies will bring “web-scale” like agility and continuous delivery to the enterprise - Customers are deploying next generation apps to either PaaS platforms or Container Clusters - Customers are also refactoring existing apps using Containers and embracing Devops - NSX will integrate with PaaS and Container Orchestration platforms NSX NSX
  • 18. NSX for cloud-native apps 18 Solution NSX Kubernetes Plugin NSX Docker Plugin K8 Spec Docker Compose Bare metal (Linux) and Virtual Machines (KVM & vSphere) Containers Connectivity Availability Security Enterprise-grade networking and security for cloud-native apps Enables admin to run apps on any cloud – VMware, OpenStack and Public Cloud Single platform for all apps – VM, bare metal and Containers