VMware NSX Caution Signs
September 04, 2013
The VMware NSX network virtualization platform was officially announced to great fanfare last week at VMworld. The overlay architecture means NSX can work with most networking hardware, and the software-based NSX platform represents a significant challenge to incumbent networking vendors, including Cisco.
However, it's far too early to crown VMware as the undisputed champion of the data center. The platform faces challenges that are both technological, including a lack of production-ready support for VTEPs, and organizational, as bringing NSX into a company will have an operational impact on server, networking and data center teams.
A network overlay such as NSX makes good sense for traffic that flows from VM to VM within a data center, but there are countless use cases where traffic has to touch a physical network device--be it a switch, load balancer, firewall or other machine.
While an NSX Edge VM can translate from the VXLAN overlay to physical network, the performance isn't great. Therefore, VXLAN Termination End Point (VTEP) features are needed in the physical hardware of the switch. In addition, the switch's operating system must support the Open vSwitch Database (OVSDB) so that NSX can configure the VTEP in a useful way.
VMware will point to a raft of hardware-based NSX support announced at VMworld. For instance, Arista has announced VTEP support in its newest and most expensive equipment, and also announced that its EOS switch operating system will support OVSDB later this year. HP and Dell also announced NSX support to varying degrees.
Upstart Cumulus Networks announced it will support OVSDB sometime this year, but none of the current "approved third-party hardware" on which Cumulus software runs will support the feature until next year. And while Intel's FM6000 chip set and Broadcom's Trident+ silicon has the hardware support, for the very few switches using these chips, most of them aren't licensed or do not have the software support for VTEP features, much less the OVSDB integration and VMware's blessing.
[Arista announced a trio of networking applications at VMworld. Find out more in "Arista's New Applications Target Network Engineering Problems."]
You'll also notice that Cisco was not among those networking vendors stepping forward with VTEP and OVSDB support. Cisco is driving forward with its own vision for SDN, which includes the Open Network Environment (ONE) and its recently announced Dynamic Fabric Automation, which also makes use of an overlay architecture based on a proprietary encapsulation protocol and Cisco's FabricPath-based fabric. It seems unlikely it will offer NSX integration as a feature any time soon (unless it is dragged kicking and screaming by its customers to the NSX party).
While a lack of Cisco support won't derail NSX, it's going to make it harder for the network virtualization platform to get traction in enterprise data centers.
A second issue that NSX must address is the integration of the overlay and underlay (or physical) network. I've discussed the technical details at length, but, in short, there aren't yet well-defined ways for underlay networks to share state information (such as the overall health of the physical network or trouble such as delay and jitter) with the overlay.
And what about dynamic routing? Ivan Pepelnjak highlighted a few shortcoming in the current demonstration beta that suggest plenty of rough edges remain. Many Cisco customers have implemented proprietary features on their routing cores with EIGRP or specific OSPF extensions. Does NSX have the answers for these customers ?
Organizational and Market Challenges
It's one thing to introduce a new product. It's another thing for customers to integrate that product into their operations. The level of internal change at organizations that would adopt VMware vCloud 5.5 (the management platform for VMware NSX) is not be underestimated.
For example, networking teams must have access to vCenter, security policies must be overhauled and reapproved, and server teams need to understand networking as part of the their build practices. If IT infrastructure groups were unionized, there would demarcation disputes, walk outs and management action plans.
Thus, it's prudent to question whether customer are willing to invest in project resources, not to mention invest in engineers and consultants, to make these changes.
It's also prudent to be concerned about licensing costs, which VMware won't announce until the first beta release in the fourth quarter of 2013. No doubt VMware is talking to customers and closely watching their reactions to judge what pricing the market will bear. Customers showed little tolerance for perceived price increases when VMware attempted to move from per-socket to virtual memory licensing in 2011. At the same time, EMC will want to see increased profits to recoup the billion dollars VMware paid for Nicira.
On the competitive front, VMware isn't the only big vendor promoting the overlay approach. Juniper's Contrail-V and Nuage Networks' VSD (Nuage is backed by Alcatel) are targeting the very largest service and cloud providers. In OpenStack, NSX has many direct competitors such Cisco and IBM in the enterprise, while Midokura and Big Switch offer solutions to the mid-size cloud segment.
Finally, there's the ever-present question of code reliability and stability. VMware briefings are at pains to say that NSX code was ported from existing code base from Nicira, which itself has been tested by early adopters at cloud-scale companies. That sounds reassuring, but to my mind the company is taking these pains because either customers are sensitive to code reliability or there have been challenges internally (or both).
That said, once VMware NSX becomes generally available at the end of this year, questions about its code base can be answered by customers themselves. As Martin Casado put it in an interview with Network Computing, "We've moved outside of fighting with slide decks."
VMware has built a credible SDN platform and described an intriguing product road map. There is much to be excited about--but plenty of time for things to go wrong. Now that the fanfare around NSX's launch has subsided, it's time to examine the product with the cold eye of customer needs. Let's hope VMware can meet its promises because we need the results.
[Get critical details about overlay networks at Interop New York this October. Network architect Greg Ferro provides an extensive overview in his session "Introduction to Overlay Networking."]