VMware NSX: Game Changer for Data Center Networks
August 26, 2013
Now that VMware has conquered data center computing via server virtualization, the company is opening a beachhead on the network via its NSX product, which is being officially launched today at VMworld in San Francisco.
VMware NSX is a software-defined network (SDN) that uses controllers and overlay networking. I'll examine just a few of the key aspects of the announcement and how they apply to your data center strategy.
Overlay networking refers to the use of protocols such as VXLAN and STT to create a virtual network between hypervisors. As data flows from the guest VMs and into the network, the Ethernet frames are encapsulated.
I've written previously about the value of overlay networking, but the following are the key points to note about VMware's approach:
First, you only have to configure the physical hypervisor network port once with a single IP address, because the overlay tunnels are sourced from an IP address. Second, it dramatically reduces VLAN consumption. Third, it works on existing data center networks, though it will work better on an Ethernet fabric.
Networks Agents as Software
The foundation of VMware NSX is the software network agent, called a virtual switch, which is based on the Open vSwitch project. NSX replaces VMware's vSwitch and the vShpere Distributed Switch (VDS) to provide true networking. The existing vSwitch/VDS product performs very little real networking--it's more of an automated virtual patch panel. Forget what you know about vSwitch or VDS: NSX replaces and upgrades its capability to become a true networking device.
You can find more about the technology behind overlays in "Network Overlays: An Introduction."
The NSX network agents support switching and routing in the network by selecting the correct tunnels as the forwarding path. This is illustrated in the following diagram showing a full mesh of tunnels between three physical servers.
The upshot is that the network agent can now function as a switch or router, as illustrated below.
VMware NSX will ship with network agents for VMware ESX, Linux KVM hypervisors for CloudStack and OpenStack, and Microsoft Hyper-V. For VMware and Linux, the NSX switch is part of the kernel. Hyper-V uses a guest VM today, but the existence of Microsoft's Hyper-V extensible switch architecture may indicate that NSX should soon have better integration with Hyper-V.
The notion of controller-based networking grew out of research from Stanford University starting in 2005. For the last 30 years, network devices have operated independently and autonomously. Network configuration is regarded as a high-risk activity because of the potential impact of individual changes. This means provisioning new network services or making adjustments to existing configurations is time-consuming and fraught with potentials for mishaps.
A controller provides a central point for configuration of the network. In addition to understanding network state, the controller can be used to expose interfaces, usually in the form of APIs, to applications that require network services. This is a better match for speed and scalability available with server virtualization. It also makes possible an environment where software applications can drive the network for real services and business value.
Another key aspect of controller-based networking is the ability to integrate network automation with server automation. VMware vCenter is a "hypervisor controller" and acts as a central point of administration for the ESX infrastructure. When a site deploys vCloud Director, then integration with the network controller becomes possible.
Consider what this means: For the first time, the network engineer can be fully informed about the servers and applications that are connected to any part of the network. VMware NSX provides visibility into the network adapter in the hypervisor, and knows the server name and the OS. When using VMware vCloud it's also possible to identify which segment of the network the server/s belong to. Of course, centralized logging and encrypted management protocols provides greater security assurance.
Next page: Software Defined Data Centers