This document summarizes a presentation about VMware's NSX virtualized networking solution. It introduces NSX Edge gateways which provide routing, firewalling, load balancing, and VPN services. It discusses how NSX addresses the needs of cloud computing through automation, standard hardware, and a single management plane. Example use cases are shown. Key features of the NSX Edge including scalable performance are outlined. The document also briefly discusses NSX operations and management tools, and its deployment on VMware vCloud Hybrid Service.
4. 4
L2 Gateway FirewallADC/LB Endpoint
SecurityL3 Gateway VPN
VMware vCD® VMware vCAC®
What is this session about?
Any Network Hardware
NSX Controller & NSX Manager
NSX API
NSX
Edge
Gateway
VMware vSphere® KVM XEN Hyper-V
VM VM VMVM VM VM
5. 5
Drivers – Cloud Scale and Agility
• Rapidly provision at any point in network
• Self-Service with tenant isolation
Cloud requires Automation
• Build for machines – Rest APIs not CLI
• Standard Hardware – x86 not ASICs
Automation needs ability to Reproduce
• Simple feature set – cloud use cases with High Availability & Performance
• Single Management Plane – simplify operations
Replication needs Simplification
Simplify, Reproduce and Automate to achieve Cloud Scale
6. 6
Use Cases
DB
Perimeter NSX Edge
(HA, FW, NAT, VPN, LB Services)
OSPF
Web App
External
Networks
L2 Bridge
Bridged Logical
Switch
Bridged
VLAN
VM
Transit
Logical Switch
VM
Management
VLAN
L2 VPN
Web App DB
Logical Distributed Router
LB
BGP
10. 10
NSX Edge Gateway: Cloud ready integrated network services
….
Firewall
Load Balancer
VPN
Routing
L2/L3 Gateway
L2/L3
Gateway
VM VM VM VM VM
• Integrated L3 – L7 services from
VMware
• Virtual appliance model to allows
cloud agility and scale-out
Overview
• Real time service instantiation
• Support for dynamic service
differentiation per
tenant/application
• Uses x86 compute capacity
Benefits
11. 11
Logical Firewall/Routing
• OSPF/eBGP/iBGP/IS-IS
• Virtualization and identity
context firewall
Features
• Remove hairpins and
bottlenecks
• Line rate performance with
distributed scale out
architecture
Scale & Performance
• Create on demand networks to
speed up application
provisioning
Use Cases
L2
L2
Tenant A
Tenant B
L2
L2
L2
Tenant C
L2
L2
L2
Attend following sessions for more details:
• SEC – 5293
• SEC – 5294
• NET – 5266
19. 19
Logical User (SSL) and Site 2 Site (IPSec) VPN
• Interoperable IPsec tested with major
vendors
• Clients on all major OS (Win, Apple,
Linux)
• Remote Authentication via Active
Directory, RSA Secure ID, LDAP,
Radius
• TCP Acceleration
• Encryption – 3DES, AES128, AES256
• AESNI H/W Offload
• NAT & Perimeter Firewall Traversal
Features
• High Performance – AES-NI
acceleration
• 2 Gb/s throughput per tenant
Scale and Performance
• Cloud to Corporate
• Cloud On-boarding
• Remote Office/Branch Office
• Remote Management
Use Cases
Internet/
WAN
Internet/
WAN
20. 20
Public
Cloud
Logical L2 VPN
• SSL-based
• Web-proxy Support
• L2 Bridge to Cloud
• Broadcast support
Features
• High Performance – AES-NI
acceleration
• 2 Gb/s throughput per tenant
Scale & Performance
• Cloud On-boarding
• Cloud Bursting
Use Cases
Internet/
WAN
VM VM VM
30. 30
About vCloud Hybrid Service (vCHS)
Goals
Support of Thousands of Tenants
Scalable Physical Hardware
Plan for capacity growth
• Traffic flows
• Data usage
Elastic Design (SDDC, SDN)
• Minimize dependencies on proprietary hardware
• Use high bandwidth connections
• Exploit Vmware’s software intelligence to deliver a
complete SDDC
Objectives
Maximize cost effectiveness
Maximize hardware utilization
Public
Clouds
Private
Clouds
Hybrid Cloud
Seamlessly extend your data center to the public cloud
Virtual Workspace
Manage access to services, applications and data for any
device
The New Role for IT: IT as
a Service
Software-Defined Data Center
Virtualize the entire data center
Management and Automation
Storage and
Availability
Compute
Network and
Security
31. 31
vCHS Edge
Why Edge?
• Evaluated leading Hardware and Software vendors to build the service
• Edge was the only multiservice device that can be rapidly deployed, meet
scalability needs and integrate with vCD and vSphere
Features Deployed (vCNS 5.1)
Firewall
• Distributed
scale of
Rules
Load
Balancing
• Web
Server LB
• Dynamic
Per Tenant
VPN
• IPSEC
Tunnel
• SSL VPN
• DCE – L2
VPN
L3 Gateway
• Static
Routes
• Default
Gateway
32. 32
Looking forward – NSX what are we excited about?
Performance and Scalability increases for Firewall, Load Balancer,
Router and VPN
Dynamic routing – Support for BGP
Layer 7 Load balancing – SSL Termination
33. 33
Questions?
To get complete understanding of NSX Optimized for
vSphere checkout
Network Virtualization
• NET5266 - Network Virtualization for vSphere environments with VMware NSX
Integrating 3rd Party Services in NSX
• NET5522: NSX Extensibility: Network and Security Services from 3rd-Party Vendors
NSX Operations and Troubleshooting (Advanced Technical)
• NET5790: Operational Best Practices for NSX in VMware Environments
• NET5654: Troubleshooting VXLAN and Network Services in a Virtualized Environment