Networking

10:30 AM
Greg Ferro
Greg Ferro
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%
Repost This

VMware NSX Caution Signs

VMware's network virtualization platform makes a strong bid to be the SDN architecture of choice, but sticky issues must still be resolved.

The VMware NSX network virtualization platform was officially announced to great fanfare last week at VMworld. The overlay architecture means NSX can work with most networking hardware, and the software-based NSX platform represents a significant challenge to incumbent networking vendors, including Cisco.

However, it's far too early to crown VMware as the undisputed champion of the data center. The platform faces challenges that are both technological, including a lack of production-ready support for VTEPs, and organizational, as bringing NSX into a company will have an operational impact on server, networking and data center teams.

Tech Challenges

A network overlay such as NSX makes good sense for traffic that flows from VM to VM within a data center, but there are countless use cases where traffic has to touch a physical network device--be it a switch, load balancer, firewall or other machine.

While an NSX Edge VM can translate from the VXLAN overlay to physical network, the performance isn't great. Therefore, VXLAN Termination End Point (VTEP) features are needed in the physical hardware of the switch. In addition, the switch's operating system must support the Open vSwitch Database (OVSDB) so that NSX can configure the VTEP in a useful way.

diagram

VMware will point to a raft of hardware-based NSX support announced at VMworld. For instance, Arista has announced VTEP support in its newest and most expensive equipment, and also announced that its EOS switch operating system will support OVSDB later this year. HP and Dell also announced NSX support to varying degrees.

Upstart Cumulus Networks announced it will support OVSDB sometime this year, but none of the current "approved third-party hardware" on which Cumulus software runs will support the feature until next year. And while Intel's FM6000 chip set and Broadcom's Trident+ silicon has the hardware support, for the very few switches using these chips, most of them aren't licensed or do not have the software support for VTEP features, much less the OVSDB integration and VMware's blessing.

[Arista announced a trio of networking applications at VMworld. Find out more in "Arista's New Applications Target Network Engineering Problems."]

You'll also notice that Cisco was not among those networking vendors stepping forward with VTEP and OVSDB support. Cisco is driving forward with its own vision for SDN, which includes the Open Network Environment (ONE) and its recently announced Dynamic Fabric Automation, which also makes use of an overlay architecture based on a proprietary encapsulation protocol and Cisco's FabricPath-based fabric. It seems unlikely it will offer NSX integration as a feature any time soon (unless it is dragged kicking and screaming by its customers to the NSX party).

While a lack of Cisco support won't derail NSX, it's going to make it harder for the network virtualization platform to get traction in enterprise data centers.

A second issue that NSX must address is the integration of the overlay and underlay (or physical) network. I've discussed the technical details at length, but, in short, there aren't yet well-defined ways for underlay networks to share state information (such as the overall health of the physical network or trouble such as delay and jitter) with the overlay.

And what about dynamic routing? Ivan Pepelnjak highlighted a few shortcoming in the current demonstration beta that suggest plenty of rough edges remain. Many Cisco customers have implemented proprietary features on their routing cores with EIGRP or specific OSPF extensions. Does NSX have the answers for these customers ?

Organizational and Market Challenges

It's one thing to introduce a new product. It's another thing for customers to integrate that product into their operations. The level of internal change at organizations that would adopt VMware vCloud 5.5 (the management platform for VMware NSX) is not be underestimated.

For example, networking teams must have access to vCenter, security policies must be overhauled and reapproved, and server teams need to understand networking as part of the their build practices. If IT infrastructure groups were unionized, there would demarcation disputes, walk outs and management action plans.

Thus, it's prudent to question whether customer are willing to invest in project resources, not to mention invest in engineers and consultants, to make these changes.

It's also prudent to be concerned about licensing costs, which VMware won't announce until the first beta release in the fourth quarter of 2013. No doubt VMware is talking to customers and closely watching their reactions to judge what pricing the market will bear. Customers showed little tolerance for perceived price increases when VMware attempted to move from per-socket to virtual memory licensing in 2011. At the same time, EMC will want to see increased profits to recoup the billion dollars VMware paid for Nicira.

On the competitive front, VMware isn't the only big vendor promoting the overlay approach. Juniper's Contrail-V and Nuage Networks' VSD (Nuage is backed by Alcatel) are targeting the very largest service and cloud providers. In OpenStack, NSX has many direct competitors such Cisco and IBM in the enterprise, while Midokura and Big Switch offer solutions to the mid-size cloud segment.

Finally, there's the ever-present question of code reliability and stability. VMware briefings are at pains to say that NSX code was ported from existing code base from Nicira, which itself has been tested by early adopters at cloud-scale companies. That sounds reassuring, but to my mind the company is taking these pains because either customers are sensitive to code reliability or there have been challenges internally (or both).

That said, once VMware NSX becomes generally available at the end of this year, questions about its code base can be answered by customers themselves. As Martin Casado put it in an interview with Network Computing, "We've moved outside of fighting with slide decks."

VMware has built a credible SDN platform and described an intriguing product road map. There is much to be excited about--but plenty of time for things to go wrong. Now that the fanfare around NSX's launch has subsided, it's time to examine the product with the cold eye of customer needs. Let's hope VMware can meet its promises because we need the results.

[Get critical details about overlay networks at Interop New York this October. Network architect Greg Ferro provides an extensive overview in his session "Introduction to Overlay Networking."]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Etherealmind
50%
50%
Etherealmind,
User Rank: Apprentice
9/24/2013 | 8:06:38 PM
re: VMware NSX Caution Signs
You can bridge between VXLAN and VLAN networks using a vShield Edge appliance but there are practical limits of the amount of traffic this can handle - estimates of 1 to 10 Gbps are common.

For many use cases, hardware will be needed to translate from VXLAN to VLAN with low latency at speed of multiple 10GBE interfaces.

The good news is that you can do both. Whichever suits your budget or requirement.

greg
Rob Parten
50%
50%
Rob Parten,
User Rank: Apprentice
9/18/2013 | 5:06:29 PM
re: VMware NSX Caution Signs
There is no more "Public and Private could" these days, instead, you'll find Hybrid on the rise because companies will find it si cheaper and more more effective to house some applications in house while outsourcing some. VMware already has a solution for this.

Cisco is in a lot of places and I highly doubt Huawei is a challenger. There are plenty of good companies out there who will be at a great advantage because they say the SDN movement years ago. Arista is one of those vendors, Juniper is up and coming. The landscape will change as physical networks provide a commodity service to the more virtualized networks of tomorrow. NO longer will the physical network be the primary means of transporting virtualized traffic among data centers, it will be overlays.

Do you notice a difference in your Internet speed if your provider moves from Cisco core to Juniper core? Nope! Likewise, this will be how people view the physical network of tomorrow.
bharbhi
50%
50%
bharbhi,
User Rank: Apprentice
9/7/2013 | 5:51:22 AM
re: VMware NSX Caution Signs
Interesting point on Performance. Is there any data on what is the performance drop ?. Additionally, was thinking it is better for VTEP to be at servers instead of ToR because of better manageability / debug ability & for stable plumbing network.
David Klebanov
50%
50%
David Klebanov,
User Rank: Apprentice
9/5/2013 | 1:14:37 AM
re: VMware NSX Caution Signs
Hi Greg,

Great analysis! I think what VMware had done in a year since Nicira's acquisition is impressive and to the untrained eye it would seem that they have nailed it. Rather than dive into technicalities of NSX solution, I wanted to echo your points on the organizational transformation and expertise shift, that VMware is pushing through their network virtualization model.

I attended VMworld and it was very obvious that VMware was desperately trying to convince their main audience, i.e. server/virtualization admins, that they have truly created an "easy button". Contrary to what VMware would want to portray, networking is not easy and just because you encapsulated it into virtual container and called it an overlay does not make the sophistication go away... VMware had simply recreated the same networking concepts (and the protocols they were so much against) in the virtual form. If you are a server/virtualization admin and you want to know how NSX really works or what it would take to troubleshoot it, please refer to VMworld 2013 session "NET5790 - Operational Best Practices for NSX in VMware Environments". Welcome to the world of "show ip ospf database"...

What about network admins? Will they be willing to get into the GUIs and CLIs of NSX to configure and troubleshoot it? VMware would say that with network virtualization the balance is shifting and the brainpower that once went into designing and deploying physical networks is now better utilized in the virtual world, so called Virtual Network Admin, after all, you "only" need IP connectivity for successful overlay deployment. Perhaps some organizations will adopt this model, but I personally am doubtful how convincing NSX arguments are for network admins or how many of them would want to undertake the task of managing two separate networks, the physical and the virtual...

All in all, my personal belief is that out of desperation to preserve it's enterprise hypervisor market from shifting away to public cloud providers or being replaced by Openstack with multi-hypervisor strategies, with NSX, VMware is biting more than it can chew. A more gradual and friendly approach towards a hardware vendor that controls 70% of the Data Center switching market would have taken them longer way ;-) Just saying...

Thank you for listening.
David
@DavidKlebanov
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Apprentice
9/4/2013 | 3:27:50 PM
re: VMware NSX Caution Signs
Eventually, sure. And no doubt Cisco has seen the software writing on the wall. But in the near term, enterprise data centers are still mostly Cisco hardware, and what's the commodity challenger? Huawei? A bunch of scale-out 1U white boxes a la Google? I guess it depends on whether you buy the idea that companies will make such drastic changes or just ship it all to the cloud.
Rob Parten
50%
50%
Rob Parten,
User Rank: Apprentice
9/4/2013 | 3:22:20 PM
re: VMware NSX Caution Signs
NSX will help make the network more of a commodity because we're no longer reliant on feature sets. Instead, we just need a strong physical network that is highly available, predictable and uses standards based protocols.

Cisco is trying to be a software company, let's face that fact now, and whether it succeeds or fails and returns to it's core competencies, you're not going to see NSX fail, it must be embraced because the field of networking has been stagnant for over10 years and the traditional way of doing things in the network field has led to the mentality of the network being the bottleneck to bringing apps to market and keeping the business operational, lets face it, it is. Cisco has made mistakes before, this could be one of them.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Apprentice
9/4/2013 | 3:12:16 PM
re: VMware NSX Caution Signs
Do you really think that a lack of or grudging Cisco support (or even specific trash talking) won't give a lot of architects pause about NSF, especially when it's far from the only option?
More Blogs from Commentary
Infrastructure Challenge: Build Your Community
Network Computing provides the platform; help us make it your community.
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
Fight Software Piracy With SaaS
SaaS makes application deployment easy and effective. It could eliminate software piracy once and for all.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
Hot Topics
3
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
3
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
1
Heartbleed Flaw Exploited In VPN Attack
Mathew J. Schwartz 4/21/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed