VMware NSX got it’s official launch this week at VMworld. As a measure of how important VMware regards NSX, the first keynote on the first day is Martin Casado doing the official presentation.
My general view is the NSX is the real deal. I have been talking and writing about OpenFlow since May 2011 and many have complained that SDN isn’t important and I should focus on real network issues. Well, it should now be clear that SDN is a serious strategy issue and we might have been ahead of the market.
The Packet Pushers Podcast have a sponsored podcast with Scott Lowe & Brad Hedlund to be published on Sept 9, 2013. There is a lot of information contained in this show and makes a good accompaniment to this post.
Led by Network Services
To understand NSX, you need to change your perspective on networking. I’ve spent my first decade in network connecting stuff together with activities like switching, routing, Ethernet ports, WAN connections and other obvious network stuff.
I’ve spent my second decade in networking doing firewalls, VPNs, application inspection, WAN Acceleration, load balancers at L4 and L7. More recently I’ve been learning about virtual networking and fancy connectivity in Vblocks, Cisco UCS and Storage. Very occasionally I’ve even done some “connecting stuff”.
The point is that “networking” isn’t just about connecting stuff, it’s about delivering services. Connectivity is a service but so are firewall rules, load balancers, routing. These are ‘services’ that I sell to my ‘customer’. It’s no longer enough for an engineer to plug-in a WAN connection or a patch lead, it’s about the value you can bring from other tasks.
NSX adds to your network. An overlay network doesn’t mean less networking, it’s mean more networking, in more places, with more tools and more visibility. By and large, it doesn’t “replace”, it extends and enhances your existing networks.
VMware NSX provides services. It does not provide connectivity
This is somewhat important. You still need a physical network to connect hypervisors but it’s no longer a requirement to have a complex physical network. You might choose to have a complicated network but it is no longer a requirement.
I first wrote about Controller Based Networks for Data Centres in December 2010, when I said:
Given what I understand about VMware vCloud and the network overlays, I think I can see the future of the data centre networking moving towards controller based networks.
It’s turned out that I got this more or less right. Although I was missing many pieces, such as how the controller would integrate with the network devices. In April 2011, I recorded Show 40 – Openflow – Upending the Network Industry and it was all lights and buzzers for me. It was immediately obvious what this might mean for network architectures and operations.
I finally got controller networking better defined in August 2012 when I was finally able to spell more of the architecture with an SDN Compass when it became clear that OpenFlow offered a way to integrate the physical network with the controller. It was later when I realised that networking hardware will take a number of years to become capable of performing dynamic flow management. Existing silicon is not flexible enough to handle a flow managed network and will take some years to develop new switches
NSX is an overlay networking technology
I’ve explained Overlay Networking in a three part series of blog post from a vendor agnostic point of view. People tell me that it is a good introduction to the main technical topics.
NSX is more than a virtual switch, it’s a network device
NSX uses the software agent to replace virtual switch in your hypervisor. The virtual switch operates in the kernel of the VMware ESX hypervisor. And from it’s Open vSwitch roots, NSX operates in the kernel of Linux KVM. And because Microsoft has made their Hyper-V virtual switch extensible it’s expected to operate in kernel mode on Hyper-V in the forseeable future.
This makes NSX available on the same platforms as Cisco 1000V virtual switches (the only other widely available virtual switch).
NSX Works on Any Physical Network, Works Better on a Modern Network
VMware promotes that fact that NSX will work on your existing network. The overlay networking design means that IP connectivity between hypervisors is the minimum network requirement. However start making plans for hardware upgrades because you will need more bandwidth for any serious rollout. Networks based on Spanning Tree or MLAG in the Core are likely to be heavily stressed. Not because of the NSX specifically but because of new traffic patterns and loads in the East/West direction.
Also, the introduction Virtual SAN technology in means that NoSAN technology has reached the SMB market and, I believe, signals the end of FibreChannel in the SMB/Midsize market. Because Virtual SAN promotes the use of SSD for caching on spinning rust drives, network performance is going to become vital sometime in 2015 when this grows beyond the current 8 server maximum.
NSX means Less Project Hassle for Funding Network Upgrades
The NSX agent can perform Layer 3 routing, L2 Switching and Stateful Firewalling. All of these functions are distributed through the entire hypervisor fabric with processing performed in the hypervisor kernel. Each new hardware server adds CPU and memory to the network function. In other words, every time a project buys a server, they are also buying the firewall and routing hardware.
You will still need an Ethernet Fabric to move those frames around the data but the majority of your firewalls, IPS/IPS and load balancers will be moved into the hypervisor. Total win!! No more looking for projects to fund hundreds of thousands of dollars for the F5 upgrade or your next ASA upgrade. No more gambling that the current hardware can handle the load. Instead of fighting for funding I can focus on services.
NSX is a Very Much a Services Platform
The overlay network will deliver routing, switching and firewalls. And with the level of network control that is possible in an overlay network, you can deploy dedicated VM appliances for load balancing, proxy servers, mail gateways, VPN concentrators and IDS/IPS. You don’t need to pony up multiple thousands for custom hardware just to stay within the performance parameters of the problem. Services are the same whether they run on custom hardware or an x86 commodity server.
NSX should be Easier to Operate
In terms of operation, NSX is a controller based network technology. The single, coherent view of the virtual network will provide more information to the network engineer. At the same time, replacing the virtual switch with a true networking device means that offering services to the servers and applications has become much easier.
In particular, visibility of the server is much improved. The NSX controller knows the locations of every virtual server and tracks information about the interfaces of that server. The data are roughly equivalent to SNMP data sets and will provide long term charting and graphing similar to your existing network management tool chain. Importantly, as the server moves within the virtual infrastructure the interface is uniquely identified and visible.
Software Defined Data Centre become practical
If you are using cloud tool chains like OpenStack or vCloud Director, you will now have the ability to really change the way your entire infrastructure works through the use of the Software Defined Data Centres. I’ll talk more about SDDC at the SDDC: Software Defined Data Center Symposium 2013 in September so it’s worth tuning in to learn more.