VMware NSX. What are we solving?

VMware NSX. What are we solving?

NSX has been the acronym on the lips of everyone in the SDN space.  So I have been studying the VMware NSX software defined networking platform in preparation for my VCIX exam in the coming months and I have this few thoughts to share from some of my study materials about this exciting product from VMware, but what is it and what does it mean to your organization?VMware NSX is a network virtualization platform from VMware. The software is reportedly able to operate using any hypervisor and it is a completely non-disruptive solution which can be deployed on any IP network from any vendor – both existing traditional networking models and next generation fabric architectures. The physical network infrastructure already in place is all that is required to deploy a software-defined data center with NSX.

What are We solving?

i. Physical Networks are hard to scale in multi-tenant’s data-center environment i.e. Business Units, Customers and acquisitions can benefit from this type of overlay topology.

ii. Physical networks make VM mobility across data centers tougher when we use complex layer 2 adjacency design.

Logical networks allow for greater automation and ease of provisioning since everything is done in software. (Logical Switching, Firewall, Routing, Load balancing).

iii. Server virtualization, a software abstraction layer (i.e. server hypervisor) reproduces the familiar attributes of an x86 physical server (e.g. CPU, RAM, Disk, NIC) in software. This allows components to be programmatically assembled in any arbitrary combination to produce a unique VM in a matter of seconds.

With NETWORK virtualization, the functional equivalent of a “network hypervisor” reproduces layer 2 to layer 7 networking services (e.g. switching, routing, firewalling, and load balancing) in software. These services can then be programmatically assembled in any arbitrary combination, producing unique, isolated virtual networks in a matter of seconds. With VMware NSX, existing networks are immediately ready to deploy a next generation software defined data center. Customers are using NSX to drive business benefits as shown in the figure below.

The main themes for NSX deployments are Security, IT automation and Application Continuity.

FEATURES OF NSX

Security: NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects and tags, active directory groups, etc. Intelligent dynamic security grouping can drive the security posture within the infrastructure. NSX can be used in conjunction with 3rd party security vendors such as Palo Alto Networks, Checkpoint, Fortinet, or McAffee to provide a complete DMZ like security solution within a cloud infrastructure. NSX has been deployed widely to secure virtual desktops to secure some of the most vulnerable workloads, which reside in the data center to prohibit desktop-to-desktop hacking.

Automation: VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. IT admins can reduce the tasks and cycles required to provision workloads within the datacenter using NSX. NSX is integrated out of the box with automation tools such as vRealize automation, which can provide customers with a one-click deployment option for an entire application, which includes the compute, storage, network, security and L4-L7 services. Developers can use NSX with the OpenStack platform. NSX provides a neutron plugin that can be used to deploy applications and topologies via OpenStack.

Application Continuity: NSX provides a way to easily extend networking and security up to eight vCenter either within or across data center. In conjunction with vSphere 6.0, customers can easily vMotion a virtual machine across long distances and NSX will ensure that the network is consistent across the sites and ensure that the firewall rules are consistent. This essentially maintains the same view across sites. NSX Cross vCenter Networking can help build active – active data centers. Customers are using NSX today with VMware Site Recovery Manager to provide disaster recovery solutions. NSX can extend the network across data centers and even to the cloud to enable seamless networking and security.

COMPONENTS OF NSX

Switching: Logical switching enables extension of a L2 segment / IP subnet anywhere in the fabric independent of the physical network design.

Routing: Routing between IP subnets can be done in the logical space without traffic leaving the hypervisor; routing is performed directly in the hypervisor kernel with minimal CPU / memory overhead. Routing is done by the Distributed Logical Router and one of the features of the Edge Service gateway. It supports Static and Dynamic routing protocols (OSPF, ISIS, BGP). The distributed logical routing (DLR) provides an optimal data path for traffic within the virtual infrastructure (east-west communication). Additionally, the NSX Edge provides an ideal centralized point for seamless integration with the physical network infrastructure to handle communication with the external network (north-south communication) with ECMP-based routing.

 Connectivity to physical networks: L2 and L3 gateway functions are supported within NSX to provide communication between workloads deployed in logical and physical spaces.

Edge Firewall: Edge firewall services are part of the NSX Edge Services Gateway (ESG). The Edge firewall provides essential perimeter firewall protection which can be used in addition to a physical perimeter firewall. The ESG-based firewall is useful in developing PCI zones, multi-tenant environments, or dev-ops style connectivity without forcing the inter-tenant or inter-zone traffic onto the physical network.

 VPN: L2 VPN, IPSEC VPN, and SSL VPN services to enable L2 and L3 VPN services. The VPN services provide critical use-case of interconnecting remote datacenters and users access.

 Logical Load-balancing: L4-L7 load balancing with support for SSL termination. The load-balancer comes in two different form factors supporting inline as well as proxy mode configurations. The load-balancer provides critical use case in virtualized environment, which enables devops style functionalities supporting variety of workload in topological independent manner.

DHCP & NAT Services: Support for DHCP servers and DHCP forwarding mechanisms; NAT services. NSX also provides an extensible platform that can be used for deployment and configuration of 3rd party vendor services. Examples include virtual form factor load balancers (e.g., F5 BIG-IP LTM) and network monitoring appliances (e.g., Gigamon – GigaVUE-VM).Integration of these services is simple with existing physical appliances.

In more post, as i advance in my studies i will go deep on this wonderful product from VMware.

Head, Solutions Architect at Integrated Laynet Technologies Ltd.


VMware Advocacy

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s