Three reasons why Networking is a pain in the IaaS, and how to fix it

Brad Hedlund

VMware NSBU

February 2014

#1 Impedance Mismatch

Virtual Compute Non-Virtual Network

!Abstraction Layer (ESX)

Capacity Pool

Custom HardwareStandard Hardware

VM VM VM

#1 Network Virtualization

Virtual Compute

:)

Virtual Network

(ESX) Abstraction Layer (NSX)

Capacity Pool

Any IP NetworkAny x86

• NFV• SDN

VM VM VM

#2 Scripting

• Untenable

AppDelivery

SecurityNetwork

3rd Party Scripting

English русский 普通话

App XYZ

Desired State

português

#2 Policy Engine

English русский 普通话

Open API

App XYZ

Desired State

Platform

Network & SecurityPolicy Engine

AppDelivery

SecurityNetwork

NSX

VMsVMs

#3 Chokepoints

• Performance, or Security?

• Redundancies of Redundancy

• Lack of visibility

VMsVMs VMs

VMsVMs

FIREWALLInternal

VMsVMs VMs

VMsVMs

ExternalFIREWALL

Routing

#3 Distributed Services

• Reusable HA

• Performance

• Visibility

• Security

VMsVMs

VMsVMs

VMsVMs

Network

VMsVMs

VMsVMs

VMsVMs

DISTRIBUTED FIREWALL & ROUTER

Web Internal Apps

FIREWALL External

FIREWALL Internal

vSphere VDS + NSX

App DBContainers

Web External AppsApp DB

NSX Edge

NSX Networking Components

ESR

DLR

DFW

Logical Switch

Distributed Logical Router

Distributed Firewall

Edge Services Router VM

Edge VLAN

Single Tenant Topology

ABC App XYZ App

VM VM VM

ESR

VM VM VM

Web App DB Web App DB

DLR

XYZ VIP

10.1.1.0 10.1.2.0 10.1.3.0 10.1.9.0 10.1.8.0 10.1.10.0

World

Data CenterRouters

ESROne-Arm

ABC VIP

OSPF

Edge VLAN

Multi Tenant Topology

VM VM VM

Web App DB

10.1.1.0 10.1.2.0 10.1.3.0

World

Data CenterRouters

DLR

ESR

VM VM VM

Web App DB

10.1.1.0 10.1.2.0 10.1.3.0

DLR

ESRTenant 1 Tenant 2

BGP

NATVPN

NATVPN

OSPFOSPF

Multi Tenant Topology

Tenant 1

VM VM VM

ESR

VM VM VM

Web App DB Web App DB

10.1.1.0 10.1.2.0 10.1.3.0 10.1.7.0 10.1.8.0 10.1.9.0

Edge VLAN

World

Data CenterRouters

DLR DLR

Tenant 2

ESROne-Arm

ESROne-Arm

“Provider”

… Tenant 9

Multi Tenant Topology

Tenant 1

VM VM VM

ESR

Web App DB

10.1.1.0 10.1.2.0 10.1.3.0

Edge VLAN

World

Data CenterRouters

“Provider”

ESR

DLR

Tenant 2

VM VM VM

Web App DB

10.1.1.0 10.1.2.0 10.1.3.0

ESR

DLR

… Tenant 9

Gradual Migration

Hypervisors

External Access DMZ

Internal Access DMZ

Firewalls / Load Balancers

Firewalls / Load Balancers

Existing vCenter

Existing IaaS

Gradual Migration

Hypervisors

External Access DMZ

Internal Access DMZ

Firewalls / Load Balancers

Firewalls / Load Balancers

vCenter 5.5

Existing IaaS

Gradual Migration

Hypervisors

External Access DMZ

Internal Access DMZ

vSphere 5.5 Hypervisors

+ NSX

Firewalls / Load Balancers

Firewalls / Load Balancers

NSX Edge

vCenter 5.5

NSXvCAC

Existing IaaS

NSX Edge

NSX PoC

Gradual Migration

Hypervisors

External Access DMZ

Internal Access DMZ

vSphere 5.5 Hypervisors

+ NSX

Firewalls / Load Balancers

Firewalls / Load Balancers

NSX EdgeNSXvCAC

Existing IaaS

NSX Edge

IaaS +

vCenter 5.5

Gradual MigrationExternal Access DMZ

Internal Access DMZ

vSphere 5.5Hypervisors

+ NSX

NSX EdgeNSXvCAC

NSX Edge

IaaS +

vCenter 5.5

Normalization

DB

APP

WEB

ABC App

Non DisruptiveDB

APP

WEB

ABC App

Infrastructure 1 Infrastructure 2

Questions?