Real-world Deployment Scenarios for VMware NSX Taruna Gandhi, VMware Jeremy Hanmer, DreamHost Funs Kessen, Schuberg Philis NET5525 #NET5525
Jun 27, 2015
Real-world Deployment Scenarios for VMware NSX
Taruna Gandhi, VMware
Jeremy Hanmer, DreamHost
Funs Kessen, Schuberg Philis
NET5525
#NET5525
2
Agenda
VMware NSX Overview
Network Virtualization for Mission Critical Workloads
at Schuberg Philis
Network Virtualization in DreamCompute using
Commodity Hardware
Q&A
3
The Business Wants to Go FAST!
NSX is all about speed.
Hot, nasty, bad ass speed.
- Ricky Bobby
4
Provisioning Multi-tier Network Services Today
5
Provisioning Multi-tier Network Services Today
Compute
Network
DC Services
DB DB
App App
Web Web
Corpnet/Internet
Provisioning is slow
Placement is limited
Mobility is limited
Hardware dependent
Operationally intensive
6
Provisioning Network Virtualization with NSX
Programmatic provisioning
Place any workload anywhere
Move any workload anywhere
Decoupled from hardware
Operationally efficient
Compute
Network
DC Services
7
Provisioning Network Virtualization with NSX
Programmatic provisioning
Place any workload anywhere
Move any workload anywhere
Decoupled from hardware
Operationally efficient
Compute
Network
VMware NSX
DC Services
8
VMware NSX – Networking & Security Capabilities
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3,
decoupled from the physical network
Logical Routing– Routing between virtual
networks without exiting the software
container
Logical Firewall – Distributed Firewall,
Kernel Integrated, High Performance
Logical Load Balancer – Application Load
Balancing in software
Logical VPN – Site-to-Site & Remote
Access VPN in software
NSX API – RESTful API for integration into
any Cloud Management Platform
Partner Eco-System
9
VMware NSX – Networking & Security Capabilities
Rich Networking & Security Services Scalable Logical Switching
Physical to Virtual L2 Bridging
Dynamic L3 Routing: OSPF, BGP, IS-IS
Logical Services:
Firewall, Identity-based Firewall, Load-balancing,
VPN (IPSec, SSL, L2VPN)
Automation & Operations API Driven Integration
Service Composer for Security Workflows
Server Access Monitoring
Troubleshooting & Visibility
Partner Extensibility Physical ToR L2 Integration
Security Services – IDS / IPS, AV, Vulnerability
Mgmt
Network Services – Load Balancers, WAN
Optimization
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
10
VMware NSX – Network Virtualization Benefits
VMware NSX Transforms the Operational Model of the Network
Network provisioning time reduced from 7 days to 30 sec
Reduce network provisioning time from
days to seconds
Cost Savings
Reduce operational costs by 80%
Increase compute asset utilization upto 90%
Reduce hardware costs by 40-50%
Operational Automation
Simplified IP hardware
Choice
Any Hypervisor: vSphere, KVM, Xen, HyperV
Any CMP: vCAC, Openstack
Any Network Hardware Partner Ecosystem
Any hypervisor
Any CMP with Partner
11
Results Speak Louder Than Slideware
–
–
–•••
–••
–––––
••
–
–––
Who Am I?
• Jeremy Hanmer (@fzylogic)
• 13 years of experience with DreamHost
• System Engineer -> Network Engineer ->...
• ... VP Security -> Cloud Architect
• Focusing on OpenStack and Network Virtualization
DreamCompute’s
Networking Requirements •
•
•
•
•
•
•
•
•
•
•
Why Virtualize?
• Customers deserve it
• Better Security (Isolate customers from one another)
• Live Migration (Zero-downtime maintenance!)
• Replicate their existing IP addressing schemes
• Easier administration
• Live Migration (Hypervisor maintenance becomes easy)
• Much easier to know what’s going on on the network
• Automating VLAN provisioning STINKS and doesn’t scale
• We’re now able to migrate workloads to avoid hot spots
Why VMware?
• Confident in their team
• Roadmap (It included IPv6! I’m told it’s getting close!)
• Easy integration of our own Layer 3 services
• Community presence in OpenStack is awesome
• Emphasis on ease of troubleshooting
• Super great support from the beginning
Why Cumulus? •
•
•
•
•
•
•
•
•
•
•
•
Physical Network Design • IPv6 Native
• Storage network is 100% IPv6
• Customers all receive a /64 of public IPv6 space
• Layer 2 domains terminate at the TOR
• OSPF v2/3 running on every switch
• 10G Ethernet to every server
• 40G Ethernet between spines
• Dedicated networks for storage (one frontend, one backend), NSX, and administration
• Simple!
• VRRP, QFabric, HSRP often cause more problems than they fix
• Debugging Layer 3 is easy. Debugging Layer 2 is not
Rack Architecture •
•
•
•
•
•
•
•
•
•
•
•
••
•
Virtualization Workflow
••••
AKA: Why this is all so awesome
The Future!
• Migrate to NSX’s L3 services
• Just waiting for IPv6 to ship with BGP support
• Get Chef running on the Cumulus gear
• Hasn’t been a priority because of the nearly identical configs
• Move to a full mesh architecture that wasn’t possible before
“Pics or It Didn’t Happen!”
36
Thoughts & Questions
•Fkessen
•
•
37
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1303
VMware NSX Network Virtualization Platform
Group Discussions:
NET1001-GD
vCloud Networking and Security & NSX for VMware Environments with
Ray Budavari
NET5525
THANK YOU
Real-world Deployment Scenarios for VMware NSX
Taruna Gandhi, VMware
Jeremy Hanmer, DreamHost
Funs Kessen, Schuberg Philis
NET5525
#NET5525