Tag Archives: SDDC

Breaking the Status Que with VMware NSX

Before I am going to present you a cutting edge technology called VMware NSX, I would like to step back and give you some broader perspective why is this product so special.

Not long time ago, before server virtualization we use to have a model where every application lived on separate physical machine. We would have separate server for email services, separate server for file services, separate server for web services, we would have a lot of independent machines. You get the point.

If one server would go down, we have service outage and we would need to rebuild server and restore files from backups. It was time consuming process and it required more labor. When we would need to deploy a new application we would need to wait weeks just for hardware. Clearly there were areas to improve.

Few years ago, server virtualization was introduced and it brought huge benefits derived from hardware abstraction. For the first time It decoupled hardware from software. We could run many virtual machines on single physical hardware. And this possibility was accomplished by using software called hypervisor.

Hypervisor is a small piece of software that runs on server and his ultimate role to abstract computing resources. Operating system thinks it speaks directly to hardware but in fact it is really speaking to hypervisor.

Before and After Compute Virtualization

Before and After Compute Virtualization

But this was just the beginning, we could now take many servers and a create cluster. To application or OS this cluster would just look like a giant hardware resource pool which provides CPU, RAM and Storage for consumption. We could start to do things like dynamic resource scheduling, rapid VM provisioning, we would have programmatic way to provision the resources. For the business, it would mean that we can decrease time to deploy new services from days or weeks to minutes. Show me one CEO who would not fall for that.

Virtualization, my friends, change the computing landscape forever. And I am so pleased to share with you that it is happening once again, this time network is the one that will be transformed.

The fundamental idea of network virtualization is to bring network abstraction, to decouple physical infrastructure from applications that run on top of it. Do not be confused, you still need physical switches, but the way how the overall infrastructure is leveraged will be different.

In this world, the underlying physical network provides simple IP transport services, similar as servers provide physical resources to hypervisor. On top of this layer, a network hypervisor manages the use of these physical resources and programmatically presents them to applications for consumption.

Comparing compute to network virtualization

Comparing compute to network virtualization

It would not be feasible to control each hypervisor independently, therefore we need a component that will program this abstraction layer centrally. And this component is called controller. We moved from distributed model, where every device thinks for itself to central based control. Think of this component as the brain of the network, the master mind.

We can interact with this master mind in multiple ways. It provides an Application Programming Interface. There are two types North-bound API and South-Bound API. The first one is used for application calls such as create a logical network, create a logical switch, change firewall rules. The second is use when controller need to command network components such as virtual switches in hypervisor.

Network Controller it the Brain from Pinky  & Brain

Network Controller it the Brain from Pinky & Brain

See, in this way, controller can program any arbitrary topology. The magic is than executed at hypervisor which is running on every server. You can build multi-tier networks with API calls, instead of going to each device and type complex CLI commands.

You must the thinking, you can program the hypervisor vSwitch but what about the undelaying transport infrastructure? How will my Cat 6k5 know that I am create a new virtual network? And the thing is it wont.

Hypervisors will tunnel traffic to create overlay between each other so the transport network will be spared of complexity of our new virtual network. Underlay would just route packets from one hypervisor to another.

VXLAN tunnels create an overlay network

VXLAN tunnels create an overlay network

VMware NSX is a product that can help you realize a vision of software defined network. It is a network virtualization platform and it very extensible. In a nutshell it can help you create complex virtual networks in software through API calls.

You can create simple logical switches that span across your entire data center, virtual distributed routers that can route packet right at the hypervisor level, distributed virtual firewall and many others. You can “literarily” encapsulate entire Data Center infrastructure and move it around the globe, without ever needing to change your current application itself.

Example of 3 tier application using virtual network

Example of 3 tier application using a virtual network

VMware is not alone in this big game, it has partners that can bring additional services and capabilities, such as deep application level inspection, vulnerability assessment or other higher level services.

I will draw the line in the sand here and leave the possibilities to your imagination.

You can expect more posts to come covering this platform in near future, meanwhile enjoy this video about NSX.