Why VMware NSX?

 

                                       Why VMware NSX?

            –  Prashant Pandey, VCAP-NV-2021

 Background: I often get few common questions about VMware NSX, specially from my colleagues & friends from different expertise other than NSX, that...

  • Why VMware NSX is so popular now a days and why organizations are adapting it ?
  • And most importantly... is it replacing or going to replace traditional / Physical networking?  

So, this blog is majorly to target same audience only, where I have tried to discuss few basic points which is going to answer all above queries.


We will agree that main reason to opt for new technology is because it solves existing challenges with some new approach, same case with NSX. It is solving multiple challenges faced with Physical networking or better to say that it is leveraging and utilizing physical networking to fullest.

Below are few basic challenges which we are going to discuss in this blog.

S. No.

Challenge faced with Traditional/Physical Network and how NSX handles the same

1

Initial Hardware cost

During the initial setup, we all know that we need to spend huge amount of money to get Physical network
devices like L2/L3 Switches, Routers, Load Balancers, Firewalls etc.
majority of the scenario we might not be fully utilizing these devices, but we need all of them to build a network.

With NSX where all above functionalities can be achieved via Virtual devices, that are nothing but
a virtual construct/VM which runs over an underlay hardware.
consider it like a Virtual servers running over ESXi host in any vSphere environment.

2

Deployment time

Deployment time has been reduced significantly, spinning up a virtual construct is super easy and quick,

In comparison to get a physical router installed. which usually consist of procurement of device, its physical mount and cabling time also.

3

limited scope of scalability

A traditional Ethernet switch can support up to 2^12 (4096) Ethernet broadcast domains or VLAN numbers.

VXLAN in NSX supports 2^24 Ethernet broadcast domains or VXLAN numbers. That is 16,777,216 Ethernet broadcast domains.

4

Huge Forwarding/Routing
Information Base

To facilitate L2 and L3 functionality, network devices has to maintain/store MAC tables(forwarding information base)
and Routing tables(routing information base), with time when environment scales, size of these tables becomes huge,
which becomes challenging to handle as device can go out of memory.

NSX handles this problem by maintaining these tables at ESX/host level only,
So now physical/underlay Network devices only need to maintain about these ESX and not VMs running over ESX/hosts.

5

Hair pinning while handling
East-West traffic

In any DC majority of the traffic (more than 70%) is East-West only.
With traditional networking any L3 traffic within DC goes till L3 device/Spine and then again comes down causing hair pinning in the network.

NSX handles this issue with the feature OTP stands for Overlay tunneling protocol, which is nothing but L2 over L3.
i.e. encapsulating layer-3 packet with Layer-2, VXLAN & Geneve are two OTP protocols used by NSX-v & NSX-T respectively.

Will discuss about this OTP working in detail in upcoming blogs.

6

East-West traffic Security

In case of any security breach, stopping lateral spread was major challenge,
as the traditional firewall policy does not restrict traffic within same broadcast domain and gets applied on whole subnet.

NSX introduced Micro segmentation, which is based on Zero trust policy, which means we need to write a rule for every communication we need,
rest all traffic are blocked by default including traffic within same broadcast domain.

Will discuss about Micro segmentation in detail in upcoming blogs.

 

Hope above points are valid and helpful to understand the queries like - Why NSX is getting popular.

Now the final question – Is it replacing or going to replace traditional/Physical networking: The answer is NO, not at all… Physical network is the backbone of NSX/Software defined network.

  • With NSX, we are utilizing the physical networking in a better way, since we are virtualizing it, as we did with vSphere in case of compute virtualization.
  • With this approach we can optimize the functionality of Physical networking with multi-tenancy feature, where Physical network is one only, but we can maintain multiple tenants/costumers on it.
  • Each tenant network will act like fully functional personal network only & will be unaware of other network, despite they share physical network, you can think of an example of getting network services from public cloud.
  • Below diagram shows Physical & logical view of NSX setup.

 

 


PS: Any Improvement points or suggestions are welcome.

-----Thank You-----

Prashant Pandey

Comments

Post a Comment

Popular posts from this blog

Decision Factors to choose in between NVDS & CVDS during NSX-T deployments

Image
Decision Factors to choose in between NVDS & CVDS            - Prashant Pandey, VCAP-NV During NSX-T deployment, while preparing Transport nodes we have an option to choose between  NVDS (virtual switch dedicated to NSX tasks) & VDS (existing virtual switch used to manage vCenter environment) There are few design decisions which I have tried to consolidate and capture for easy reference. Decision Factors to choose N-VDS or Converge VDS. N-VDS Converge VDS Supports older version of vSphere, prior to 7.0 Requires vSphere 7.0 or more. Requires free pNics for uplinks No free pNics are required , can use original VDS uplinks only. Can only be managed in NSX and not in vCenter. Can be centralized managed in vCenter. Available with older version of NSX-T, prior to 3.0 Available with NSX-T 3.0 onwards ...
Read more

NSX-v to NSX-T workload migration with Network Coexistence via L2Bridge

Image
NSX-v to NSX-T workload migration with Network Co-existence - L2Bridging - Prashant Pandey , VCAP-NV   Use case -L2bridge is one of major use-case of workload migration from NSX-v to NSX-T along with network co-existence. Summary - There are mainly 3 use-cases for the workload migration from NSX-v to NSX-T . 1. Subnet based Migration - Shut one subnet at NSX-v  and add & advertise the same from NSX-T Pros - Easy to migrate, no addition VLAN requirement at physical network. Cons – No flexibility at Application level migration, it has be entire subnet in one go, might not be feasible in most of the production environment.   2. Network Co-existence with VMware HCX tool – Supports Network stretch with L2E feature. Pros – Network Co-existence can be achieved with ease. Cons – Separate license requires, includes extra cost.   3. Network Co-existence with L2Bridging - Supports Network stretch with layer 2 bridging feature. Pros – Netwo...
Read more

Independent Bridging : NSX-v to NSX-T In-Parallel Migration use case.

Image
                    Independent Bridging : NSX-v to NSX-T In-Parallel Migration use case. –  Prashant Pandey, VCAP-NV-2021 Agenda NSX-v to NSX-T workload migration using NSX Independent bridging option. •          Different Available Migration Approaches – High level •          Independent Bridging approach – In detail •          Customer use-case discussion – Why independent Bridging ? •          L2Bridging Readiness •          Validation & Testing Why Migrate to NSX-T ? NSX for vSphere (NSX-V) has already been out of general support since Jan/2022 & will be out of technical guidance from Jan/2023 onwards. Top of mind question for customers who have adopted NSX-V is - how do I upgrade my NSX-V based data center to...
Read more