VMware's NSX End Game Is Hybrid Clouds

Posted by Greg Ferro
March 15, 2013

VMware this week announced NSX, a network virtualization platform that combines its VMware vCloud Network and Security (vCNS) product along with technology from its billion-dollar acquisition of Nicira.

While the initial intent of VMware NSX is to virtualize the data center network, I believe VMware's long-term play is in hybrid and public clouds. Here's how NSX helps VMware get there.

As VMware came to dominate enterprise server virtualization, it turned its attention to the data center network. However, the big networking problem for VMware was that its vSwitch/vSphere Distributed Switch (VDS) model was basically a programmable cabling system. The vSwitch in the ESX hypervisor only connected the virtual server NIC to the physical NIC.

For VMware to be relevant to enterprise data center networks (and network engineers), it needed to improve network programmability so that it could add features such as VLAN instantiation, firewalls and load balancing. It also had to provide gateways that allowed virtual machines to move between private and public clouds.

VMware NSX does just that. It ties together a variety of technologies and protocols that lets it create a virtual abstraction layer that runs on top of physical networks. For instance, VMware has adopted the overlay network model. Network overlays use tunneling protocols such as VXLAN to connect virtual switches in ESX hypervisors. As a result, there is limited interaction with existing physical network.

In addition, VMware is adopting the network controller architecture. A network controller programs software network devices in the hypervisor. NSX transforms the vCNS product into a multipurpose software network appliance for switching, routing and more.

[ Join us at Interop Las Vegas for access to 125+ IT sessions and 300+ exhibiting companies. Register today! ]

VMware is one of several companies promoting controller-based networking. Juniper has Contrail, which has the potential to be far more scalable. Cisco has also announced a controller networking platform, ONE Controller/onePK (scheduled for a mid-2013 release), while Insieme (a Cisco-backed startup) is rumored to be delivering an SDN product later this year. Alcatel Lucent has Nuage Networks delivering an SDN strategy, although the details are not yet public. IBM, HP and NEC also have or have announced controllers.

Given the integration and automation in vCNS, many customers are replacing physical network services with virtual network services. It's clear that the future of most network services is in the hypervisor and that physical network devices will no longer be a growth market.

The Public/Private Prize

VMware NSX checks all the major requirements for a network virtualization platform, including a controller, programmability, and network services such as firewalls and load balancers. The real surprise is its role as a multi-cloud management platform.

Consider this graphic from VMware's NSX announcement:

VMware's NSX Architecture
Source: VMware

The VMware NSX platform has hypervisor vSwitches that can be installed into VMs on other cloud products. Thus, NSX can connect VMs in Amazon EC2, Rackspace or any other public cloud. What VMware really wants you to do, of course, is to connect controllers between your private enterprise cloud and a public cloud run either by a certified VMware partner, or in VMware's own public cloud offering.

In the near future, VMware will need to talk more about how it will address scaling. NSX technology is primarily targeted at multi-tenant and multi-datacenter customers, otherwise known as public clouds. Controller networking needs to have multiple controllers in a single site for scaling and performance and also needs to synchronize with controllers in other data centers to support VM mobility.

Cheap Shots

On a side note, as VMware pushes the boundaries of the data center network, it seems set on alienating network engineers at every opportunity. Consider the subhead of the VMware blog that announced NSX: "Networking is stuck in the past." I've had to put up with the offensive attitude of "networking is in my way" from VMware execs for the last five years, and I'm tired of it.

Networking has already been through the fiery hells of virtualization three times in the last 15 years: once for Virtual LAN in late 1990s, then again when MPLS delivered WAN virtualization in early 2000s (using Virtual Routing & Forwarding; there's that word again), and most recently in late 2000s, when device virtualization became common in network appliances such as firewalls and load balancers.

As we enter the fourth phase of virtual networking technology, I'm not surprised that network engineers are ho-hum about what excites virtualization folks. If VMware wants to win network engineers to its side, it might want to try a change in tone.

Waiting for Delivery

It would seem that VMware has rushed to announce NSX early as possible in light of strong competition from networking vendors. VMware says NSX is "expected to launch in the second half of 2013" which, based on previous VMware networking product delivery, means broader availability late in 2014. Potential customers can add NSX to their technology roadmaps, but don't expect to deploy it until 2015 when it's stable and integrated into the vCloud suite.

In the meantime, expect VMware to promote NSX heavily to ensure customer lock-in and thwart competitors.

However, VMware NSX is just one of many possible networking solutions for hybrid cloud. For instance, Cisco's Nexus 1000V product line already offers many of the features NSX is touting, including hybrid cloud bursting via its InterCloud product.

While VMware's enterprise market may be lucrative, its growth is leveling off. It seems clear that executives see significant potential in the public cloud. Thus, while NSX is an excellent replacement for the limited functionality of vSwitch/vDS inside the data center, and while NSX provides useful network services, the real story with NSX is about VMware's quest to grow its market share in the public cloud.

Greg Ferro is a freelance Network Architect and Engineer. You can email him, follow him on Twitter as @etherealmind. He also has a technical blog at EtherealMind.com and is the co-host of the popular and well known Packet Pushers podcast on data networking. He is nearly as grumpy as Mike Fratto.

Related Reading