Abstract image of a woman sitting on books and studying on a laptop

Sdn primer pdf

P
Pooja Patel

This document provides an overview of software defined networking (SDN) and network virtualization. It discusses how SDN separates the control plane from the data plane in networking equipment to provide more agility, speed, and flexibility. Network functions can be virtualized and run in software rather than proprietary hardware. Use cases for SDNs include improving issues in telecommunications networks like vendor lock-in. The document also outlines NSX, VMware's SDN solution, which provides a virtual network that is decoupled from physical hardware and allows distributed network and security services.

Engineering
1 of 53
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Pooja Patel Software Defined Networking & Network Virtualization Primer
The furious pace of technological adoption and innovation is shortening the life cycle of companies and forcing executives to make decisions and commit resources much more quickly. - McKinsey, “Four Global Forces Breaking all Trends,” April 2015 2
Q: How do you use technology as a strategic asset to thrive and grow without having to start over? A: Start to think differently about networking. 3
Problem Statement 4 A lot of virtualization innovation has happened in the data center. Data-Center Networking has had improvements in speeds, density and scale. The underlying architecture is still hardware based, expensive, inflexible, and risk-prone. •  You can’t keep up with the pace of business •  You can’t secure the data center •  You can’t support this new app-driven world Applications Compute Storage Networking The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file
DataCenter Networking 5
The Software Defined Networking Paradigm 6 §  Separate the control-plane from the data-plane in networking equipment. §  Centralize network intelligence and state §  Abstract network infrastructure from applications? WHY? §  Agility §  Speed §  Repeatable application deployments. NEW WAY TO DESIGN, DEPLOY and MANAGE the network & services.
Software Defined Networking 7 Controller Brains of the network. It is the strategic control point in the SDN network. Switches It goes and programs forwarding instructions or “FLOWS’ into the southbound switches/routers. Protocol The SDN protocol used to program these flows or instructions was called OpenFlow. https://en.wikipedia.org/wiki/Open_Networking_Foundation
NOX Controller 8 §  NOX -Original OpenFlow Controller Developed by Nicira(now VMware) Open Sourced in 2008 *Nicira is a part of VMware.
Controller Landscape – Open Source 9Source: SDN Central ✔ ✔ Ovn
Controller Landscape - Commercial 10
Network Function Virtualization 11 §  Network Function Virtualization is decoupling functions of a networking that is being carried out in proprietary hardware appliances and running it in software. Examples DNS, Caching appliances moved to VM form factors. Advantages §  Flexibility §  Cost §  Mobility §  Accelerate Provisioning
Use-cases CONFIDENTIAL 12 The Telco Use-Case Issues: §  Vendor Lock In §  Static placement of gear §  Procure-Design-Deploy-Integrate Cycle §  Innovation
Virtual Edge 13 §  Taking the concepts of SDN and NFV to the WAN and Network Edge.
Network Virtualization 14 Network Virtualization is defined by the ability to create logical, virtual networks that are decoupled from the underlying network hardware. These virtualized networks are programmatically created, provisioned and managed, with the underlying physical network serving as a simple packet-forwarding backplane.
A little bit of history… 1996 2016
Going beyond Server Virtualization
Compute Storage Network Enterprise Applications Enterprise IT Data Center Virtualization Layer The operational model of a VM for the entire data center Programmatically Create Snapshot Store Move Delete Restore
Bridging Two Worlds Software Defined Data Center Approach Traditional Approach
Service Providers Global Financials Retail Healthcare Integrators Media & Communications Transportation Government Education NSX customer momentum
Provides A faithful reproduction of network and security services in software CONFIDENTIAL 20 Management APIs, UI Switching Routing Firewalling Load balancing VPN Connectivity to physical networks Policies, groups, tags Data security Activity monitoring
Network Virtualization Network, storage, compute Virtualization layer Non-Disrupting Deployment
Network, storage, compute Virtualization layer “Network hypervisor” Virtual Data Centers Network Virtualization Non-Disrupting Deployment
The Power of Distributed Services Switching Routing Firewalling/ACLs Load Balancing Network and security services now distributed in the hypervisor
Switching Routing Firewalling/ACLs Load Balancing High throughput rates East-west firewalling Native platform capability The Power of Distributed Services
Sdn primer pdf
Web Tier App Tier DB Tier L2 Switch L3 Subnet L3 Subnet AllSoftwareConstruct Physical Network NAT Internet The next-generation networking model L2 Switch L2 Switch L3 Subnet
NSX Components Cloud Consumption §  Self Service Portal §  vRealize Automation, OpenStack, Custom CMS Data Plane NSX Edge ESXi Hypervisor Kernel Modules Distributed Services §  High – Performance Data Plane §  Scale-out Distributed Forwarding Model Management Plane NSX Manager §  Single configuration portal §  REST API entry-point Control Plane NSX Controller §  Manages Logical networks §  Control-Plane Protocol §  Separation of Control and Data Plane FirewallDistributed Logical Router Logical Switch LogicalNetworkPhysical Network 27 CMP
Physical view: VMs in a single logical switch 28 Logical switch 5001 Transport subnet A 192.168.150.0/24 192.168.150.51 192.168.150.52 192.168.250.51 172.16.10.11 172.16.10.12 172.16.10.13 V M1 V M2 V M3 vSphere distributed switch Physical network
Traffic flow on a VXLAN-backed VDS 29 vSphere distributed switch Assume VM1 sends some traffic to VM2: L2 frame L2 frame VXLAN overlay L2 frame Host A Host B IP/UDP/VXLAN IP fabric 1 VM1 sends L2 frame to local VTEP VTEP adds VXLAN, UDP and IP headers 2 Physical transport network forwards as a regular IP packet3 Destination hypervisor VTEP de-encapsulates frame4 L2 frame delivered to VM25
Traffic flow on a VXLAN-backed VDS 30 vSphere distributed switch VXLAN overlay Host A Host B IP fabric In this setup, VM1 and VM2 are on different hosts but belong to the same logical switch When these VMs communicate, a VXLAN overlay is established between the two hosts
Logical view: VMs with distributed routing 31 172.16.10.1 192.168.10.0/29 192.168.10.1 Distributed logical router service Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 172.16.20.12172.16.20.11 App LS 172.16.20.0/24 172.16.20.1
A Traditional “Virtual Switch”
Traditional Layer 3 Routing?
A Virtual Network?
A Virtual Network?
Non-Disruptive Deployment
Programmatically Provisioned
Network & Security Services Distributed to the Virtual Switch Physical Network becomes high-speed IP backplane
Native Isolation 192.168.2.10 192.168.2.10 192.168.2.11 192.168.2.11
Non-Disruptive Deployment
The Power of Distributed Network & Security Services & Policies
Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Little or no lateral controls inside perimeter Internet Internet Insufficient Operationally Infeasible
Why traditional approaches are operationally infeasible… 43 Internet Perimeter Firewalls •  Create firewall rules before provisioning •  Update Firewall rules when move or change •  Delete firewall rules when app decommissioned •  Problem increases with more East-West traffic
How an SDDC approach makes micro-segmentation feasible 44 Internet Security Policy Perimeter Firewalls Cloud Management Platform
NSX Distributed Firewalling Performance 45 20Gbps Per Host of Firewall Performance with Negligible CPU Impact
Intelligent grouping Groups defined by customized criteria Operating System Machine Name Application Tier Services Security PostureRegulatory Requirements
NSX partner ecosystem Physical Infrastructure Security Operations Application Delivery
Web App DB Application Continuity Across Domains 48 DC1 DC2
49 AUTOMATION Automating IT processes to deliver IT at the speed of business SECURITY Architecting security as an inherent part of the data center infrastructure APPLICATION CONTINUITY Enabling applications and data to reside and be accessible anywhere Primary NSX Use Cases
DataCenter Networking Landscape 50 Source: Gartner
Service Providers Global Financials Retail Healthcare Integrators Media & Communications Transportation Government Education NSX customer momentum
52 §  Connect & Engage virtualizeyournetwork.com communities.vmware.com §  Learn vmware.com/go/NVtraining §  Contribute https://vmware.github.io/
THANK YOU! Email: poojap@vmware.com Twitter Handle @poozza

More Related Content

PPTX
Pivotal Cloud Foundry + NSX
Pooja Patel
 
PPTX
NSX for vSphere Logical Routing Deep Dive
Pooja Patel
 
PDF
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
PDF
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld
 
PDF
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
Bayu Wibowo
 
PDF
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld
 
PDF
VMware NSX primer 2014
Sanjay Basu
 
PPTX
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat
 
Pivotal Cloud Foundry + NSX
Pooja Patel
 
NSX for vSphere Logical Routing Deep Dive
Pooja Patel
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
Bayu Wibowo
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld
 
VMware NSX primer 2014
Sanjay Basu
 
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat
 

What's hot (20)

PDF
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld
 
PDF
VMUG - NSX Architettura e Design
VMUG IT
 
PDF
REVOLUTION - Transforming the network with Open SDN
Open Networking Summits
 
PDF
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld
 
PPTX
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
Dmitri Kalintsev
 
PDF
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
VMworld
 
PPTX
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld
 
PDF
VMworld 2013: Advanced VMware NSX Architecture
VMworld
 
PPTX
MidoNet Overview - OpenStack and SDN integration
Akhilesh Dhawan
 
PPTX
VMworld 2015: VMware NSX Deep Dive
VMworld
 
PDF
MidoNet 101: Face to Face with the Distributed SDN
MidoNet
 
PDF
VMworld Europe 2014: Advanced Network Services with NSX
VMworld
 
PDF
VMworld 2013: An Introduction to Network Virtualization
VMworld
 
PPTX
VMware nsx network virtualization tool
Daljeet Singh Randhawa
 
PPTX
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
shezy22
 
PDF
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
juet-y
 
PDF
Understanding network and service virtualization
SDN Hub
 
PPTX
Reference design for v mware nsx
solarisyougood
 
PDF
Network Virtualization with VMware NSX
Scott Lowe
 
PDF
The Future of Cloud Networking is VMware NSX
Scott Lowe
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld
 
VMUG - NSX Architettura e Design
VMUG IT
 
REVOLUTION - Transforming the network with Open SDN
Open Networking Summits
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
Dmitri Kalintsev
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
VMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld
 
MidoNet Overview - OpenStack and SDN integration
Akhilesh Dhawan
 
VMworld 2015: VMware NSX Deep Dive
VMworld
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld
 
VMworld 2013: An Introduction to Network Virtualization
VMworld
 
VMware nsx network virtualization tool
Daljeet Singh Randhawa
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
shezy22
 
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
juet-y
 
Understanding network and service virtualization
SDN Hub
 
Reference design for v mware nsx
solarisyougood
 
Network Virtualization with VMware NSX
Scott Lowe
 
The Future of Cloud Networking is VMware NSX
Scott Lowe
 
Ad

Similar to Sdn primer pdf (20)

PPTX
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
Jürgen Ambrosi
 
PDF
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
PDF
Whitepaper: Network Virtualization - Happiest Minds
Happiest Minds Technologies
 
PPTX
MidoNet Differentiation and Overview
Midokura
 
PPTX
How to use SDN to Innovate, Expand and Deliver for your business
Napier University
 
PDF
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
OpenStack Korea Community
 
PPTX
SD-WAN features and proposed in details.pptx
Alsherif95
 
PPTX
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
PDF
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
NetworkCollaborators
 
PPTX
Introduction to SDN: Software Defined Networking
Ankita Mahajan
 
PDF
SDN NFV NV OpenNetwork @ VMUG.IT 20150529
VMUG IT
 
PDF
WWT Software-Defined Networking Guide
Joel W. King
 
PPTX
Software Defined Networks
Shreeya Shah
 
PPTX
TFI2014 Session I - State of SDN - John Giacomoni
Colorado Internet Society (CO ISOC)
 
PDF
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
OpenStack Korea Community
 
PPTX
Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati
buildacloud
 
PPTX
Software_Defined_Networking.pptx
AsfawGedamu
 
PDF
08 sdn system intelligence short public beijing sdn conference - 130828
Mason Mei
 
PPTX
Cloud computing and Software defined networking
saigandham1
 
PPTX
Brocade Software Networking Presentation at Interface 2016
Scott Sims
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
Jürgen Ambrosi
 
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
Whitepaper: Network Virtualization - Happiest Minds
Happiest Minds Technologies
 
MidoNet Differentiation and Overview
Midokura
 
How to use SDN to Innovate, Expand and Deliver for your business
Napier University
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
OpenStack Korea Community
 
SD-WAN features and proposed in details.pptx
Alsherif95
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
NetworkCollaborators
 
Introduction to SDN: Software Defined Networking
Ankita Mahajan
 
SDN NFV NV OpenNetwork @ VMUG.IT 20150529
VMUG IT
 
WWT Software-Defined Networking Guide
Joel W. King
 
Software Defined Networks
Shreeya Shah
 
TFI2014 Session I - State of SDN - John Giacomoni
Colorado Internet Society (CO ISOC)
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
OpenStack Korea Community
 
Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati
buildacloud
 
Software_Defined_Networking.pptx
AsfawGedamu
 
08 sdn system intelligence short public beijing sdn conference - 130828
Mason Mei
 
Cloud computing and Software defined networking
saigandham1
 
Brocade Software Networking Presentation at Interface 2016
Scott Sims
 
Ad

Recently uploaded (20)

PDF
[jvmmeetup] next-gen integration with apache camel and quarkus.pdf
Muhammad Edwin
 
PDF
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
RandyClara
 
PDF
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
PDF
Mechanics of materials week 2 rajeshwari
siddarthakattamuru
 
PPTX
AI-Reporting for Emerging Technologies(BS Computer Engineering)
kemuelfajanilan73
 
PDF
Lesson 3 .pdf
Yatru Harsha Hiski
 
PDF
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
PPTX
Wireless sensor networks (WSN) SRM unit 2
jorob10712
 
PPTX
CS6006 - CLOUD COMPUTING - Module - 1.pptx
dharshinidharshu575
 
PDF
MACCAFERRY GUIA GAVIONES TERRAPLENES EN ESPAÑOL
Distribucioneskaled
 
PPTX
CT Generations and Image Reconstruction methods
St.Xaviers Catholic College of Engineering
 
PPTX
Environmental studies, Moudle 3-Environmental Pollution.pptx
PramukhN1
 
PDF
electrical machines course file-anna university
suganyamurali02
 
PDF
Research on ultrasonic sensor for TTU.pdf
mohammadafaneh189
 
PDF
Unit I -OPERATING SYSTEMS_SRM_KATTANKULATHUR.pptx.pdf
HarshDudhatra4
 
PPTX
BBOC407 BIOLOGY FOR ENGINEERS (CS) - MODULE 1 PART 1.pptx
Abhijith L Kotian
 
PDF
VSL-Strand-Post-tensioning-Systems-Technical-Catalogue_2019-01.pdf
junaidhussain07049
 
PPTX
chapter 1.pptx dotnet technology introduction
gautamb639
 
PPTX
Solar energy pdf of gitam songa hemant k
siddarthakattamuru
 
PDF
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
[jvmmeetup] next-gen integration with apache camel and quarkus.pdf
Muhammad Edwin
 
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
RandyClara
 
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
Mechanics of materials week 2 rajeshwari
siddarthakattamuru
 
AI-Reporting for Emerging Technologies(BS Computer Engineering)
kemuelfajanilan73
 
Lesson 3 .pdf
Yatru Harsha Hiski
 
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
Wireless sensor networks (WSN) SRM unit 2
jorob10712
 
CS6006 - CLOUD COMPUTING - Module - 1.pptx
dharshinidharshu575
 
MACCAFERRY GUIA GAVIONES TERRAPLENES EN ESPAÑOL
Distribucioneskaled
 
CT Generations and Image Reconstruction methods
St.Xaviers Catholic College of Engineering
 
Environmental studies, Moudle 3-Environmental Pollution.pptx
PramukhN1
 
electrical machines course file-anna university
suganyamurali02
 
Research on ultrasonic sensor for TTU.pdf
mohammadafaneh189
 
Unit I -OPERATING SYSTEMS_SRM_KATTANKULATHUR.pptx.pdf
HarshDudhatra4
 
BBOC407 BIOLOGY FOR ENGINEERS (CS) - MODULE 1 PART 1.pptx
Abhijith L Kotian
 
VSL-Strand-Post-tensioning-Systems-Technical-Catalogue_2019-01.pdf
junaidhussain07049
 
chapter 1.pptx dotnet technology introduction
gautamb639
 
Solar energy pdf of gitam songa hemant k
siddarthakattamuru
 
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 

Sdn primer pdf

  • 1. Pooja Patel Software Defined Networking & Network Virtualization Primer
  • 2. The furious pace of technological adoption and innovation is shortening the life cycle of companies and forcing executives to make decisions and commit resources much more quickly. - McKinsey, “Four Global Forces Breaking all Trends,” April 2015 2
  • 3. Q: How do you use technology as a strategic asset to thrive and grow without having to start over? A: Start to think differently about networking. 3
  • 4. Problem Statement 4 A lot of virtualization innovation has happened in the data center. Data-Center Networking has had improvements in speeds, density and scale. The underlying architecture is still hardware based, expensive, inflexible, and risk-prone. •  You can’t keep up with the pace of business •  You can’t secure the data center •  You can’t support this new app-driven world Applications Compute Storage Networking The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file
  • 6. The Software Defined Networking Paradigm 6 §  Separate the control-plane from the data-plane in networking equipment. §  Centralize network intelligence and state §  Abstract network infrastructure from applications? WHY? §  Agility §  Speed §  Repeatable application deployments. NEW WAY TO DESIGN, DEPLOY and MANAGE the network & services.
  • 7. Software Defined Networking 7 Controller Brains of the network. It is the strategic control point in the SDN network. Switches It goes and programs forwarding instructions or “FLOWS’ into the southbound switches/routers. Protocol The SDN protocol used to program these flows or instructions was called OpenFlow. https://en.wikipedia.org/wiki/Open_Networking_Foundation
  • 8. NOX Controller 8 §  NOX -Original OpenFlow Controller Developed by Nicira(now VMware) Open Sourced in 2008 *Nicira is a part of VMware.
  • 9. Controller Landscape – Open Source 9Source: SDN Central ✔ ✔ Ovn
  • 10. Controller Landscape - Commercial 10
  • 11. Network Function Virtualization 11 §  Network Function Virtualization is decoupling functions of a networking that is being carried out in proprietary hardware appliances and running it in software. Examples DNS, Caching appliances moved to VM form factors. Advantages §  Flexibility §  Cost §  Mobility §  Accelerate Provisioning
  • 12. Use-cases CONFIDENTIAL 12 The Telco Use-Case Issues: §  Vendor Lock In §  Static placement of gear §  Procure-Design-Deploy-Integrate Cycle §  Innovation
  • 13. Virtual Edge 13 §  Taking the concepts of SDN and NFV to the WAN and Network Edge.
  • 14. Network Virtualization 14 Network Virtualization is defined by the ability to create logical, virtual networks that are decoupled from the underlying network hardware. These virtualized networks are programmatically created, provisioned and managed, with the underlying physical network serving as a simple packet-forwarding backplane.
  • 15. A little bit of history… 1996 2016
  • 17. Compute Storage Network Enterprise Applications Enterprise IT Data Center Virtualization Layer The operational model of a VM for the entire data center Programmatically Create Snapshot Store Move Delete Restore
  • 18. Bridging Two Worlds Software Defined Data Center Approach Traditional Approach
  • 19. Service Providers Global Financials Retail Healthcare Integrators Media & Communications Transportation Government Education NSX customer momentum
  • 20. Provides A faithful reproduction of network and security services in software CONFIDENTIAL 20 Management APIs, UI Switching Routing Firewalling Load balancing VPN Connectivity to physical networks Policies, groups, tags Data security Activity monitoring
  • 21. Network Virtualization Network, storage, compute Virtualization layer Non-Disrupting Deployment
  • 22. Network, storage, compute Virtualization layer “Network hypervisor” Virtual Data Centers Network Virtualization Non-Disrupting Deployment
  • 23. The Power of Distributed Services Switching Routing Firewalling/ACLs Load Balancing Network and security services now distributed in the hypervisor
  • 24. Switching Routing Firewalling/ACLs Load Balancing High throughput rates East-west firewalling Native platform capability The Power of Distributed Services
  • 26. Web Tier App Tier DB Tier L2 Switch L3 Subnet L3 Subnet AllSoftwareConstruct Physical Network NAT Internet The next-generation networking model L2 Switch L2 Switch L3 Subnet
  • 27. NSX Components Cloud Consumption §  Self Service Portal §  vRealize Automation, OpenStack, Custom CMS Data Plane NSX Edge ESXi Hypervisor Kernel Modules Distributed Services §  High – Performance Data Plane §  Scale-out Distributed Forwarding Model Management Plane NSX Manager §  Single configuration portal §  REST API entry-point Control Plane NSX Controller §  Manages Logical networks §  Control-Plane Protocol §  Separation of Control and Data Plane FirewallDistributed Logical Router Logical Switch LogicalNetworkPhysical Network 27 CMP
  • 28. Physical view: VMs in a single logical switch 28 Logical switch 5001 Transport subnet A 192.168.150.0/24 192.168.150.51 192.168.150.52 192.168.250.51 172.16.10.11 172.16.10.12 172.16.10.13 V M1 V M2 V M3 vSphere distributed switch Physical network
  • 29. Traffic flow on a VXLAN-backed VDS 29 vSphere distributed switch Assume VM1 sends some traffic to VM2: L2 frame L2 frame VXLAN overlay L2 frame Host A Host B IP/UDP/VXLAN IP fabric 1 VM1 sends L2 frame to local VTEP VTEP adds VXLAN, UDP and IP headers 2 Physical transport network forwards as a regular IP packet3 Destination hypervisor VTEP de-encapsulates frame4 L2 frame delivered to VM25
  • 30. Traffic flow on a VXLAN-backed VDS 30 vSphere distributed switch VXLAN overlay Host A Host B IP fabric In this setup, VM1 and VM2 are on different hosts but belong to the same logical switch When these VMs communicate, a VXLAN overlay is established between the two hosts
  • 31. Logical view: VMs with distributed routing 31 172.16.10.1 192.168.10.0/29 192.168.10.1 Distributed logical router service Web LS 172.16.10.0/24 172.16.10.11 172.16.10.12 172.16.10.13 172.16.20.12172.16.20.11 App LS 172.16.20.0/24 172.16.20.1
  • 38. Network & Security Services Distributed to the Virtual Switch Physical Network becomes high-speed IP backplane
  • 41. The Power of Distributed Network & Security Services & Policies
  • 42. Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Little or no lateral controls inside perimeter Internet Internet Insufficient Operationally Infeasible
  • 43. Why traditional approaches are operationally infeasible… 43 Internet Perimeter Firewalls •  Create firewall rules before provisioning •  Update Firewall rules when move or change •  Delete firewall rules when app decommissioned •  Problem increases with more East-West traffic
  • 44. How an SDDC approach makes micro-segmentation feasible 44 Internet Security Policy Perimeter Firewalls Cloud Management Platform
  • 45. NSX Distributed Firewalling Performance 45 20Gbps Per Host of Firewall Performance with Negligible CPU Impact
  • 46. Intelligent grouping Groups defined by customized criteria Operating System Machine Name Application Tier Services Security PostureRegulatory Requirements
  • 47. NSX partner ecosystem Physical Infrastructure Security Operations Application Delivery
  • 48. Web App DB Application Continuity Across Domains 48 DC1 DC2
  • 49. 49 AUTOMATION Automating IT processes to deliver IT at the speed of business SECURITY Architecting security as an inherent part of the data center infrastructure APPLICATION CONTINUITY Enabling applications and data to reside and be accessible anywhere Primary NSX Use Cases
  • 51. Service Providers Global Financials Retail Healthcare Integrators Media & Communications Transportation Government Education NSX customer momentum
  • 52. 52 §  Connect & Engage virtualizeyournetwork.com communities.vmware.com §  Learn vmware.com/go/NVtraining §  Contribute https://vmware.github.io/