Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Similar documents
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Agenda Introduce NSX-T: Architecture Switching Routing Firewall Disclaimer This presentation may contain product features that are currently under dev

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

This Presentation Will Discuss 1 NSX Infrastructure Communication 2 Using NSX Central CLI 3 Validating and Populating NSX Controller Tables 4 Controll

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Practical Path to VMware NSX Nimish Desai - NSBU, VMware

NSX Data Center Load Balancing and VPN Services

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cross-vCenter NSX Installation Guide. Update 4 VMware NSX for vsphere 6.4 VMware NSX Data Center for vsphere 6.4

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cross-vCenter NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3

Cross-vCenter NSX Installation Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

Recommended Configuration Maximums. NSX for vsphere Updated on August 08, 2018

NSX Experience Day Axians GNS AG

NSX Administration Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

Recommended Configuration Maximums

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Recommended Configuration Maximums

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Deploying VMware Validated Design Using OSPF Dynamic Routing. Technical Note 9 NOV 2017 VMware Validated Design 4.1 VMware Validated Design 4.

Workload Mobility and Disaster Recovery to VMware Cloud IaaS Providers

NET1821BU THE FUTURE OF NETWORKING AND SECURITY WITH NSX-T Bruce Davie CTO, APJ 2

Disclaimer CONFIDENTIAL 2

Exam Questions VCPN610

Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay

Dell EMC. VxBlock Systems for VMware NSX 6.2 Architecture Overview

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Dell EMC. VxBlock Systems for VMware NSX 6.3 Architecture Overview

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Quick Start Guide (SDN)

Exam Name: VMware Certified Associate Network Virtualization

VMware Cloud Provider Platform

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

2V0-642 vmware. Number: 2V0-642 Passing Score: 800 Time Limit: 120 min.

Parallel to NSX Edge Using VXLAN Overlays with Avi Vantage for both North-South and East-West Load Balancing Using Transit-Net

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Cloud Foundation Real-World Success with Professional Services

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

Securing VMware NSX MAY 2014

Securing VMware NSX-T J U N E 2018

NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3

VMware Validated Design for NetApp HCI

Deploying VMware NSX with OpenStack

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

Building NFV Solutions with OpenStack and Cisco ACI

Layer 4 to Layer 7 Design

vcloud Director Tenant Portal Guide vcloud Director 8.20

Introducing VMware Validated Designs for Software-Defined Data Center

IPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX. Jeremy Duncan Tachyon Dynamics

Introducing VMware Validated Designs for Software-Defined Data Center

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Table of Contents HOL NET

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

Improve Existing Disaster Recovery Solutions with VMware NSX

Parallel to NSX Edge Using Avi Vantage for North-South and East-West Load Balancing

Ordering and deleting Single-node Trial for VMware vcenter Server on IBM Cloud instances

A Practitioner s Guide to Migrating Workloads to VMware Cloud on AWS

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Dedicated Hosted Cloud with vcloud Director

What s New in VMware vcloud Director 8.20

VMware - NSX-vSphere. Dashboards. NSX-vSphere - Overview. Version:

#NET1338BU CONFIDENTIAL

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems

IBM Cloud for vmware Infrastructure design

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Introducing VMware Validated Designs for Software-Defined Data Center

Using Network Virtualization in DevOps environments Yves Fauser, 22. March 2016 (Technical Product Manager VMware NSBU)

vrealize Operations Management Pack for NSX for vsphere 3.5.0

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

vrealize Operations Management Pack for NSX for vsphere 2.0

VMware Integrated OpenStack Quick Start Guide

WHITE PAPER SEPTEMBER 2017 VCLOUD DIRECTOR 9.0. What s New

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

2V VMware Certified Professional 6 - Network Virtualization. Exam Summary Syllabus Questions

Virtual Security Gateway Overview

Cisco UCS Director and ACI Advanced Deployment Lab

Kubernetes Container Networking with NSX-T Data Center Deep Dive

Architecture and Design. Modified on 21 AUG 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

IBM Cloud for VMware Solutions

Transcription:

NET1416BE NSX Logical Routing Yves Hertoghs Pooja Patel #VMworld #NET1416BE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. 2

Objectives NSX for vsphere Understand the different logical routing components and interaction in NSX Find out how high availability routing is performed in NSX Learn how to deploy logical routing NSX-T for heterogeneous hypervisors and new Apps Discover logical routing in NSX-T through a demo 3

Agenda 1 NSX Introduction 2 NSX for vsphere Logical Routing 3 NSX for vsphere deployment topologies 4 NSX-T Logical Routing 5 Summary and Q&A 4

Provides A faithful reproduction of network and security services in software Management APIs, UI Policies, groups, tags Switching Routing/NAT Load Firewalling balancing Endpoint monitoring VPN DHCP DHCP Connectivity to physical networks 5

Agenda 1 NSX Introduction 2 NSX for vsphere Logical Routing 3 NSX for vsphere deployment topologies 4 NSX-T Logical Routing 5 Summary and Q&A 6

NSX Logical Routing Component Distributed Logical Router Hypervisor Kernel Modules (VIBs) Distributed logical router LIF1 LIF2 LIF3 DLR Instance ESXi DLR Control VM Optimized for E-W. Instantiated on ESX hosts LIFs are defined on the Distributed Router to handle VM default gateway traffic Multiple LIFs per DLR instance Multiple DLR instances to isolate separate tenant domains DLR Control VM peers with the Edge Service Gateway and exchanges routing information 7

NSX Logical Routing Component Edge Services Gateway VPN NSX Edge Services Gateway On/Off-Ramp connectivity between logical and physical. - Optimized for N-S Routing Static, OSPF, BGP - Network Services Firewall NAT Load Balancing VPN DHCP DNS 8

NSX Logical Routing Topology view VM1 LIF1 LIF2 LIF3 ESX Host A VM2 LIF1 LIF2 LIF3 ESX Host B Physical view DLR Control VM Distributed logical router Distributed logical router Distributed logical router VMworld 2017 Content: Not for VPN LIF1 LIF2 LIF3 ESX Host C Peering NSX Edge VM VXLAN 5003 VXLAN 5002 VXLAN 5001 External Network VLAN based network publication VLAN External VPN VXLAN 5003 Distributed logical router VXLAN 5001 VXLAN 5002 VM1 VM2 Logical view 9

NSX Logical Routing : Components Interaction OSPF, BGP Data Path 192.168.2.1 192.168.2.2 Forwarding Address External Network 6 Peering VPN NSX Edge (Acting as next hop router) Control Distributed logical router 192.168.2.11 3 DLR Control VM 4 VXLAN VLAN 5 Control 2 1 NSX Mgr Controller Cluster 1 2 3 4 5 Distributed Logical Router created using NSX Manager UI or Rest API. Controller pushes logical router LIF configuration to ESXi hosts OSPF/BGP peering between the NSX Edge and logical router control VM Learnt routes from the NSX Edge are pushed to the Controller f Controller sends the route updates to all ESXi hosts 6 Routing kernel modules on the hosts handle the data path traffic Web App Db 10

Distributed Routing Traffic Flow Same Host DA: vmac SA: MAC1 1 L2 172.16.1.10 VM1 MAC1 IP 4 vsphere Host 172.16.2.10 VM2 DA: 172.16.2.10 SA: 172.16.1.10 Payload MAC2 2 VXLAN 5002 VXLAN 5001 vsphere Distributed Switch 10.10.10.10/24 LIF1 LIF2 vmac Internal LIFs 20.20.20.20/24 DLR 3 LIF2 ARP Table LIF1 : 172.16.1.1 LIF2 : 172.16.2.1 Host 1 Host 2 Routing Table Destination Interface VM IP VM MAC 172.16.2.10 MAC2 Mask Gateway Connect 172.16.1.0 255.255.255.0 0.0.0.0 Direct 172.16.2.0 255.255.255.0 0.0.0.0 Direct vsphere Host DLR Transport Network 11

High Availability

Active/Standby HA Model How does Active/Standby HA work? Edge High-availability Configurable on Edge Services Gateways & DLR Control VMs. Keepalives + State Sync Information - Exchanged between Active & Standby Edges on a designated HA interface. Declare Dead Timer - Configurable Non-preemptive HA Stateful failover for services: FW - connection tracking LB - Sticky table Routing - Graceful restart extensions to OSPF/BGP plus NSF via FIB sync Standby Active VPNX VMworld 2017 Content: Not for publication HA Interface Standby Active VPN Hypervisor 1 Hypervisor 2 I am No Let Declare response me send on I Dead probes Sending not receiving keep-alives am Waiting... any ACTIVE Timer of on the my from interfaces GARPs. my Expiry peer :( 13

Active/Standby HA Model All N-S traffic handled by the Active NSX Edge. Only active NSX Edge establishes routing adjacencies to the DLR Control VM and the physical router. Anti-affinity & Graceful Restart enabled by default. Stateful services are supported on the NSX Edge pair HA Recommendations Dynamic Routing Timers - OSPF 30/120 BGP 60/180 Dedicate Logical Switch as the HA Interface for DLR Control VMs/ESGs. Declare Dead Timer is configurable and can be tuned down to 6 seconds Active E1-0 VPN External Network.1.2.1.2 VPN Distributed logical router Physical Router 192.168.100.0/24 E1-1 VXLAN VLAN Routing peering Standby 192.168.2.0/24 Active Standby Web 172.16.10.0/24 App 172.16.20.0/24 DB 172.16.30.0/24 14

ECMP HA Model (Up to 8 NSX Edges) North-South traffic is handled by all Active NSX Edges Multiple equal cost paths in the DLR FIB Traffic is hashed based on Src/Dst IP address values HA Recommendations No need to enable Edge HA for each Active Edge. Aggressive Routing Timers for fast failover Asymmetric routing paths Stateful services not supported (Stateful Firewall, NAT, LB, VPN) DFW is supported URPF setting: loose VMworld 2017 E1 X E2 External Network E3.4.5.6 Distributed logical router Routing peerings VXLAN VLAN Physical Routers Content: Not for publication Active Standby E8 Routing peerings Web App DB 15

Comparison of Edge HA Models Bandwidth Stateful Services Availability 2 1 Bandwidth Stateful Services Availability Active/Standby HA Model Single Path (~10 Gbps/Tenant) Supported - NAT, LB, FW, DHCP Convergence with stateful services enabled ECMP Model Up to 8 Paths (~80 Gbps/Tenant) Not Supported *DFW is supported High ~ 3-4 sec with (1,3 sec) timers tuning E1 E2 E1 Active Routing peering VPN Web E3 Distributed logical router App Physical Router VPN Distributed logical router DB Physical Router Routing peerings E2 Standby E8 DLR Control VM Active Standby DLR Control VM Active Standby Web App DB 16

Agenda 1 NSX Introduction 2 NSX for vsphere Logical Routing 3 NSX for vsphere deployment topologies 4 NSX-T Logical Routing 5 Summary and Q&A 18

Enterprise Routing Topology VLAN 20 Edge Uplink NSX ECMP Edges VXLAN 5020 Transit Link Physical Routers Routing peerings E1 E2 E3 E8 External Network Distributed logical router Routing peerings NET1535BE DLR Control VMs FIB update Reference Design for SDDC with NSX & vsphere VXLAN VLAN VM Web1 App1 DB1 WebN AppN DBN VM VM VM VM VM VM VM VM VM VM VM 19

High Scale Multi Tenant Topology 2-tier DLR Instance Tenant X Web1 Tenant NSX Edge with HA NAT/LB features Distributed logical router App1 VXLAN Uplinks (or VXLAN Trunk) Tenant 1 VM VM VM VM VM VM VPN VPN DB1 E1 External Network VXLAN 5100 Transit E8 DLR Instance Tenant Y ECMP NSX Edge (Route Aggregation Layer) ECMP Tenant NSX Edge Distributed logical router VXLAN Uplinks (or VXLAN Trunk) Web1 App1 DB1 VM VM VM VM VM VM 20

Cross-VC Multi-site topology vcenter Server A Universal Controller Cluster Site A Control VM w/ Local Egress ULS Transit A External Network Distributed logical router ULS Transit B NET1192BE Site B ULS Web1 Multi-Site Networking and Security with Cross-VC NSX Control VM w/ Local Egress vcenter Server B VM VM ULS App1 VM VM VM VM Universal Transport Zone 21

Agenda 1 NSX Introduction 2 NSX for vsphere Logical Routing 3 NSX for vsphere deployment topologies 4 NSX-T Logical Routing 5 Summary and Q&A 22

Introducing NSX-T

NSX Vision: Driving NSX everywhere Branch offices/edge computing/iot On-premise BARE METAL Cloud End users New app frameworks Security Inherently Secure Infrastructure Automation IT at the Speed of Business Application Continuity Data Center Anywhere 24

Introducing NSX-T NSX common capabilities Software based network virtualization Distributed routing Connectivity to the physical Edge services NOW available across NSX-T Multiple Hypervisors - ESX, KVM Multiple Endpoints Multiple Clouds - Containers, VMs, AWS Instances - On-premise, Hosted or AWS Distributed firewalling API-driven automation NET1863BE NSX-T Advanced Architecture Concepts 25

NSX-T Feature Demo Distributed Routing

NSX-T Distributed Routing ESX Host web VM1 TEP A vsphere Host app VM1 NSX vswitch TEP B KVM Host db VM1 KVM Host VMworld 2017 Content: Not for Tenant1 Logical Router Tenant1-Web 10.114.215.80/29 Logical Topology publication web VM1 app VM1 Tenant1-App 172.16.20.0/24 db VM1 Tenant1-DB 172.16.30.0/24 Transport Network Distributed Routing can also be enabled between containers 27

DEMO 1: NSX-T 28

NSX-T Feature Demo N/S Routing using BGP

Terminology: Two-Tier Routing Tenants/CMP To physical Designed for multi-tenancy and scale Admin Provider Logical Router Tier0 LR Role Attach to the physical routing infrastructure Manual management Tenant Logical Router Tier1 LR Role Per tenant first hop router Cloud Management Platform (CMP) driven management or distribution 30

Terminology: Edge Nodes Edge Nodes are appliances with pools of capacity for handling stateful services that are not distributed. - Peering with physical infrastructure - Services like NAT, DHCP Server, Firewall etc. Edge Nodes are available in 2 form factors Bare Metal & VM - Leverages Linux Foundation Project DPDK for high performance VMworld 2017 Content: Not for publication 31

NSX-T N/S Configuration 1 AS 64520 AS 64530 Arista-1 VLAN 81 Tier0 Logical Router Tenant1 Logical Router ebgp Arista-2 VLAN 86 Edge BM1 standby Edge BM2 VM VM VM VM Tenant1-Web 10.114.215.80/29 Tenant1-App 172.16.20.0/24 Tenant1-DB 172.16.30.0/24 32

NSX-T N/S Configuration Configure BGP 2 AS 64520 AS 64530 Tier0 Logical Router Arista-1 10.114.215.225/30 10.114.215.226/30 Edge BM1 Tenant1 Logical Router ebgp standby Edge BM2 Arista-2 10.14.215.237/30 10.114.215.238/30 VM VM VM VM Tenant1-Web 10.114.215.80/29 Tenant1-App 172.16.20.0/24 Tenant1-DB 172.16.30.0/24 33

DEMO 2: BGP 34

NSX-T N/S Configuration Redistribution 3 AS 64520 AS 64530 Tier0 Logical Router Arista-1 Edge BM1 Tenant1 Logical Router ebgp standby Edge BM2 Arista-2 Route Redistribution: Redistribute NSX connected, NSX static VM VM VM VM Tenant1-Web 10.114.215.80/29 Tenant1-App 172.16.20.0/24 Tenant1-DB 172.16.30.0/24 35

DEMO 3: BGP Cont 36

NSX-T N/S Configuration BFD 4 AS 64520 AS 64530 Tier0 Logical Router Arista-1 10.114.215.225/30 10.114.215.226/30 Edge BM1 Tenant1 Logical Router ebgp standby Edge BM2 Arista-2 10.14.215.237/30 10.114.215.238/30 BFD Configuration VM VM VM VM Tenant1-Web 10.114.215.80/29 Tenant1-App 172.16.20.0/24 Tenant1-DB 172.16.30.0/24 37

DEMO 4: BFD 38

NSX-T Feature Demo Fast convergence

NSX-T N/S Configuration Convergence AS 64520 AS 64530 Tier0 Logical Router Arista-1 10.114.215.225/30 10.114.215.226/30X Edge BM1 Tenant1 Logical Router ebgp standby Edge BM2 Arista-2 10.14.215.237/30 10.114.215.238/30 VM VM VM VM Tenant1-Web 10.114.215.80/29 Tenant1-App 172.16.20.0/24 Tenant1-DB 172.16.30.0/24 40

DEMO 5: Fast Convergence VMworld 2017 Content: Not for publication 41

NSX-T Routing feature-set BGP ebgp multihop Aggregate IP Prefix-list Route-map Set: AS path prepending, weight, MED, community Performance DPDK based Edge node Fast convergence: BFD northbound, sub-second BFD timers on BM 42

Want to try out NSX-T? SPL182601U VMware NSX-T Getting Started SPL182602U VMware NSX-T - NSX-T with Kubernetes 43

Agenda 1 NSX Introduction 2 NSX for vsphere Logical Routing 3 NSX for vsphere deployment topologies 4 NSX-T Logical Routing 5 Summary and Q&A 44

Key Takeaways NSX Logical Routing enables communication between workloads belonging to different subnets. Distributed Routing optimizes traffic flows for E-W communication. Edges handle N-S communication to the physical network & provide network services. Two models for High Availability - Active-Standby and ECMP model These building blocks are now available on NSX-T across multiple hypervisors, VMs, containers and public cloud. VMworld 2017 Content: Not for publication 45

Relevant Sessions and References Sessions NET1535BE NET1536BE NET2542BE NET1192BE NET1863BE References Reference Design for SDDC with NSX and vsphere: Part 1 & 2 Deep Dive into Operationalizing NSX for vsphere Multisite Networking and Security with Cross-VC NSX NSX-T Advanced Architecture Concepts NSX for vsphere Network Virtualization Design Guide (Ver 3.0) https://communities.vmware.com/docs/doc-27683 46

Questions?

Where to get started Engage and Learn Join VMUG for exclusive access to NSX vmug.com/vmug-join/vmug-advantage Connect with your peers communities.vmware.com Find NSX Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization Try VMworld 2017 Experience Dozens of Unique NSX Sessions Spotlights, breakouts, quick talks & group discussions Visit the VMware Booth Product overview, use-case demos Visit Technical Partner Booths Integration demos Infrastructure, security, operations, visibility, and more Content: Not for publication Meet the Experts Join our Experts in an intimate roundtable discussion Take Free Hands-on Labs Test drive NSX yourself with expert-led or self-paces hands-on labs labs.hol.vmware.com Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining 50

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback