Tom Hollingsworth

Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

VMware's NSX End Game

While I was at VMworld last week, NSX was the talk of the town. Server folks were excited that VMware was addressing a pain point for them in the build-out of applications. Network people were nervous because they were unsure what this meant for them in the long run. Almost everyone was talking about who VMware would (and more importantly wouldn't) be partnering with to bring NSX to the realm of switches.

This last point had me a bit confused at first. Why would a physical switch need to integrate with NSX to decapsulate packets? Aren't all communications in NSX essentially host-to-host? Thanks to the power of the Internet, I had my answer in a few minutes. That answer then really got me thinking about what VMware's end game is for network integration.

More Insights


More >>

White Papers

More >>


More >>

NSX agents on Top of Rack (ToR) switches have nothing to do with network integration at layer 2. It has everything to do with service enablement. Right now, if you want to pass traffic for a particular VM through a load balancer or firewall, you have to ensure the traffic path for that conversation transits those devices. That means a transparent bump in the wire or a layer 3 hop that forces the traffic through that device before coming back to the target host.

With NSX, I can encapsulate that traffic in a vWire, or a VXLAN tunnel, and send it hurtling toward the destination. If I want to make that traffic hit a physical switch or load balancer, I need to push the traffic out of the vWire somehow. As of today, that's done by loading an agent on a ToR switch and decapsulating the traffic there. Then, the switch pushes the traffic to the service appliance before sending it on its merry way.

[NSX makes a strong play for SDN, but there are drawbacks. Find out more in "VMware NSX Caution Signs."]

That's not what VMware wants in the end. VMware would be much happier having direct integration between the host and the service appliance. Rather than running an agent on the ToR switch for decapsulation, VMware would rather have the agent run directly on the firewall or load balancer. That way, a particular service policy in NSX could push traffic to the appropriate device and ensure delivery and compliance without disturbing the underlying network. The physical switching plant serves as a simple transmission network, not unlike the electrical power infrastructure.

This also makes it easy for VMware to integrate that device as a virtual resource down the road. If there is an agent on the physical firewall to decode NSX vWires, then having an agent running on a virtual instance of the same software is easy to do as well.

Eventually, VMware would rather have the virtual appliance running as a service instance that can be called rather than a full-fledged network function virtualization (NFV) device. A service plugin for NSX is much easier to configure than traffic rules pointing packets to a physical or virtual host with a routing table.

There are already instances of this starting to come into play for the VMware partner vendors. I talked to Silver Peak right before VMware. Reps showed me their Agility WAN optimization software and its integration with NSX. Rather than go through the traditional configuration that requires layer 3 hops and complicated logical wiring diagrams, Silver Peak has partnered with VMware to offload the traffic to an Agility instance running in concert with NSX. This is a point-and-click configuration for virtualization admins today. It enables service generation and configuration with a minimum of effort.

Silver Peak is aiming for a service-oriented approach to WAN optimization in the future. They want to handle everything for their customers without a second thought. VMware would like that too.

Imagine an "app store" approach to service instantiation. If you want to use Palo Alto firewalls with Silver Peak WAN optimization but use the standard NSX load balancer, you would be able to configure it all with a few clicks. If you don't have the Silver Peak software locally, the vApp Store would go out and download it after prompting you to setup a payment structure for the service. You could provision an entire enterprise network overlay with a few clicks and a credit card. NSX takes care of the gory details of configuring traffic redirection on the back end. The partner vendors are happy to be getting service revenue. Everyone is happy.

VMware wants to involve service platforms in NSX to give customers choice. The underlay transport is less important to them. Whether it be HP, Arista, or Cisco it will all function just like the electrical grid or the interstate highway system. It's all just a transport interconnection for higher level services. ToR switch agents are a means to an end, not the end goal. When more service platforms start integrating NSX agents, you'll see VMware start to integrate them more fully into NSX offerings in the future.

Would you use a third-party plugin for your NSX services? Do you think that NSX integration with the underlay network is the way forward for VMware? Let me know in the comments below.

[Emerging technologies are transforming networks. Don't miss Greg Ferro's workshop "Building Your Network for the Next 10 Years" at Interop New York this October to get insights into the technology foundations of the next-generation data center.]

Tom Hollingsworth, CCIE #29213, is a former VAR network engineer with 10 years of experience working with primary education and the problems they face implementing technology solutions. He has worked with wireless, storage, and server virtualization in addition to routing and switching. Recently, Tom has switched careers to focus on technology blogging and social media outreach as a part of Gestalt IT media. Tom has a regular blog at and can be heard on various industry podcasts pontificating about the role technology will play in the future.

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers