Category Archives: NSX

My VCP-NV Experience

I am pleased to announce that I successfull passed the VMware VCPN610 exam on 26.10.2014 and received a VCP-NV certificate. It was a long hard journey and I would like to share my experience how I prepared for the actual exam.

VCP-NV Certificate

When VMware announced first their new certification path covering network virtualization, it was no question that I will persue this path. I was so excited. Since there is no offcial free courseware available to prepare for the actual exam I did the hard way, reading through the offical exam blueprint which was about 25 pages long.

Then, expanding on blueprint, I started to research each topic in more detail. It really help that blueprint itself will direct you to right resource. However I wanted to know far more, not just the product it self but also the story behind it. I read various publications from Martin Casado and his friends tracing back to Stanford where the idea begun. It was a long time before VMware bough Nicira in 2012 for 1.2B dollars. Nicira was created by Martin and they had product called Nicira Network Virtualization Platform, which eventually became NSX flavor for multi hypervisor support. Just looking at this investment you can see how big is NSX for VMware at the moment, and trust me software defined networking is just beginning to shape our networks..

Besides official technical resources, what really helped fill the gaps were many sessions from this years VMware World, convering anything from Distributed Swtich deep dive to explaining various NSX components and services in greater detail. You can find these sessions on youtube. I already had some previous knowledge about vSphere but book from Chris Wahl – Networking for VMware Administrators helped me reinforce the core networking topics in vSphere. I highly recommend this book for either network admins seeking more information about VMware and for server admins seeking to know more about networking.

Networking for VMware Administrators

Great publication for 2 VMware Experts

The essenatial resources, and I am very thankfull for that were the VMware Hands on Labs, which are free and allow you to play with the technology it self and look under the hood. Nothing is hidden. Depending on your previous experience I recommend to go throug these follovings labs:

If you check the blueprint you can notice that thera are quite a large number of topics. My tip for exam VCPN610 is to know the core foundation of NSX and that includes

  • Familiarity with core VMware products – vSphere, ESXi, vCNS, vCAC,
  • Difference between Standard Virtual Switch and Distributed Virtual Switch
  • What are VMkernel port, portgroup, uplink ports,
  • Difference between south-north and east-west traffic patterns
  • Difference between underlay and overlay network
  • NSX architecture, components and services and their relationships
  • Differenct between tradional 3-Tier network architecture and Leaf-Spine
  • Data, Control and Management Plane of NSX
  • NSX Maxims – how many VXLAN supports, how many NSX Edges can you run…
  • Physical network requirements, what is VTEP

There are lot more topic to cover, however during the exam I found these the be the most important. There are very generous pre-requesties for this exam. If you are currently a Cisco CCNA or CCNP certified in Routing and Switching or Data Center Track you can sit the exam till 28.02.2015. After that date you need to sit of an official course to be qualified to take the exam.

If you think that this new technology is something you are interested in and want to expand your knowledge skills in software defined networking this track is the right choice. Stay tuned for more articles covering NSX that may help you toward you goal.

Breaking the Status Que with VMware NSX

Before I am going to present you a cutting edge technology called VMware NSX, I would like to step back and give you some broader perspective why is this product so special.

Not long time ago, before server virtualization we use to have a model where every application lived on separate physical machine. We would have separate server for email services, separate server for file services, separate server for web services, we would have a lot of independent machines. You get the point.

If one server would go down, we have service outage and we would need to rebuild server and restore files from backups. It was time consuming process and it required more labor. When we would need to deploy a new application we would need to wait weeks just for hardware. Clearly there were areas to improve.

Few years ago, server virtualization was introduced and it brought huge benefits derived from hardware abstraction. For the first time It decoupled hardware from software. We could run many virtual machines on single physical hardware. And this possibility was accomplished by using software called hypervisor.

Hypervisor is a small piece of software that runs on server and his ultimate role to abstract computing resources. Operating system thinks it speaks directly to hardware but in fact it is really speaking to hypervisor.

Before and After Compute Virtualization

Before and After Compute Virtualization

But this was just the beginning, we could now take many servers and a create cluster. To application or OS this cluster would just look like a giant hardware resource pool which provides CPU, RAM and Storage for consumption. We could start to do things like dynamic resource scheduling, rapid VM provisioning, we would have programmatic way to provision the resources. For the business, it would mean that we can decrease time to deploy new services from days or weeks to minutes. Show me one CEO who would not fall for that.

Virtualization, my friends, change the computing landscape forever. And I am so pleased to share with you that it is happening once again, this time network is the one that will be transformed.

The fundamental idea of network virtualization is to bring network abstraction, to decouple physical infrastructure from applications that run on top of it. Do not be confused, you still need physical switches, but the way how the overall infrastructure is leveraged will be different.

In this world, the underlying physical network provides simple IP transport services, similar as servers provide physical resources to hypervisor. On top of this layer, a network hypervisor manages the use of these physical resources and programmatically presents them to applications for consumption.

Comparing compute to network virtualization

Comparing compute to network virtualization

It would not be feasible to control each hypervisor independently, therefore we need a component that will program this abstraction layer centrally. And this component is called controller. We moved from distributed model, where every device thinks for itself to central based control. Think of this component as the brain of the network, the master mind.

We can interact with this master mind in multiple ways. It provides an Application Programming Interface. There are two types North-bound API and South-Bound API. The first one is used for application calls such as create a logical network, create a logical switch, change firewall rules. The second is use when controller need to command network components such as virtual switches in hypervisor.

Network Controller it the Brain from Pinky  & Brain

Network Controller it the Brain from Pinky & Brain

See, in this way, controller can program any arbitrary topology. The magic is than executed at hypervisor which is running on every server. You can build multi-tier networks with API calls, instead of going to each device and type complex CLI commands.

You must the thinking, you can program the hypervisor vSwitch but what about the undelaying transport infrastructure? How will my Cat 6k5 know that I am create a new virtual network? And the thing is it wont.

Hypervisors will tunnel traffic to create overlay between each other so the transport network will be spared of complexity of our new virtual network. Underlay would just route packets from one hypervisor to another.

VXLAN tunnels create an overlay network

VXLAN tunnels create an overlay network

VMware NSX is a product that can help you realize a vision of software defined network. It is a network virtualization platform and it very extensible. In a nutshell it can help you create complex virtual networks in software through API calls.

You can create simple logical switches that span across your entire data center, virtual distributed routers that can route packet right at the hypervisor level, distributed virtual firewall and many others. You can “literarily” encapsulate entire Data Center infrastructure and move it around the globe, without ever needing to change your current application itself.

Example of 3 tier application using virtual network

Example of 3 tier application using a virtual network

VMware is not alone in this big game, it has partners that can bring additional services and capabilities, such as deep application level inspection, vulnerability assessment or other higher level services.

I will draw the line in the sand here and leave the possibilities to your imagination.

You can expect more posts to come covering this platform in near future, meanwhile enjoy this video about NSX.