Introduction to VMware NSX
At VMworld 2013 in San Francisco, VMware introduced VMware NSX, which does for networking what ESX did for servers. Although vSphere simplified the deployment and management of VMs and applications, network administrators had to manually configure physical switches, routers, firewalls, and load balancers to support those VMs and applications. Now, VMWare NSX provides a means to configure and manage all layers of networking from a single pane of glass and assign network policies directly to the VMs. Here are some details
- NSX provides software defined networking.
- NSX provides a network hypervisor that manages network layers 2 through 7 (L2 to L7) services.
- NSX allows us to create scalable networks, supporting multiple tenants, on demand without touching the physical network.
- When applications (VMs) are deployed, updated, or retired, NSX automatically adjusts associated L2 to L7 services.
- Traditionally, single-tier applications required manual switch configuration(L2), multi-tier applications required manual router configuration (L3), externally accessible applications required manual firewall configuration (L4), and critical applications required manual load balancer configuration (L5). Now, all of this could be implemented utilizing NSX and configuring policies.
- This means that when we create new virtual networks, we do not need to touch physical switches / network, routers, firewall, etc.
- NSX is implemented via hypervisors and APIs.
- VMware standard vSwitches and distributed vSwitches are layer 2. So traditionally, packets from one VLAN to another had to be done by the physical switches. With NSX, the hypervisor can perform the routing. So packets between VMs running on the same host should never need to leave the host.
- West Jet airline in Canada is already using this.
- We can hot-migrate VMs from a tradition virtual port group to NSX (V2V network migration)
- NSX also provides networking for application running on physical hosts, which can be hot migrated to NSX networks (like a P2V network migration)
- NSX and its APIs provide the management, control, and data planes for networking. The Control Cluster is the workhorse, which maps the network’s desired state to its current state and communicates it to the control plane agents on each hypervisor.
- The data plane is implemented by the NSX vSwitch (switching, VXLAN, logical routing, firewall) and the NSX Edge (north-south routing)
- The control plane is implemented by the NSX Controller, which decouples the virtual network from the physical network. It is not part of the data path. It is highly available.
- REST APIs and user interfaces are provided by the NSX Manager.
- NSX can be implemented in any existing network, where IP connectivity exists. No physical switch changes are necessary.
- NSX Controllers are easily deployed using the vSphere Web Client, by drilling to Inventory – Network and Security – Installation and clicking on Plus Sign in the NSX Controllers section.
- NSX bits are easily deployed within each ESXi host hypervisor, by drilling to Inventory – Network and Security – Installation – Host Preparation tab and clicking the Install link next to the host cluster.
- After installing NSX on each host, VXLAN can be easily configured by using the Configure link and specifying the vSwitch, VLAN, MTU, and Teaming Policy.
- Logical NSX Switches can be created by drilling to Inventory – Network and Security – Logical Switch and specifying the Name, Transport Zone, and Control Plane Mode.
- Logical switches can then be configured with gateway, logical router, NAT, DHCP, firewall and other services using the Web Client.
For more details