VMware Network Virtualization Design Guide. January 2013

Size: px
Start display at page:

Download "VMware Network Virtualization Design Guide. January 2013"

Transcription

1 ware Network Virtualization Technical WHITE PAPER January 2013

2 ware Network Virtualization Table of Contents Intended Audience Overview Components of the ware Network Virtualization Solution vsphere Distributed Switch... 5 Logical Network (VXLAN) vcloud Networking and Security Edge... 6 vcloud Networking and Security Manager vcloud Director VXLAN Technology Overview Standardization Effort Encapsulation VXLAN Packet Flow Intra-VXLAN Packet Flow Inter-VXLAN Packet Flow Network Virtualization Design Considerations...12 Physical Network Network Topologies with L2 Configuration in the Access Layer Network Topologies with L3 Configuration in the Access Layer Logical Network Scenario 1 Greenfield Deployment: Logical Network with a Single Physical L2 Domain Scenario 2 Logical Network: Multiple Physical L2 Domains Scenario 3 Logical Network: Multiple Physical L2 Domains with vmotion Scenario 4 Logical Network: Stretched Clusters Across Two Datacenters Managing IP Addresses in Logical Networks Scaling Network Virtualization Consumption Models In vcloud Director In vcloud Networking and Security Manager Using API Troubleshooting and Monitoring Network Health Check VXLAN Connectivity Check Unicast and Broadcast Tests Monitoring Logical Flows IPFIX Port Mirroring Conclusion TECHNICAL WHITE PAPER / 2

3 ware Network Virtualization Intended Audience This document is targeted toward virtualization and network architects interested in deploying ware network virtualization solutions. Overview The IT industry has gained significant efficiency and flexibility as a direct result of virtualization. Organizations are moving toward a virtual datacenter (VDC) model, and flexibility, speed, scale and automation are central to their success. Although compute and memory resources are pooled and automated, networks and network services, such as security, have not kept pace. Traditional network and security operations not only reduce efficiency but also limit the ability of businesses to rapidly deploy, scale and protect applications. ware vcloud Networking and Security offers a network virtualization solution to overcome these challenges. Application Application Application Workload Workload Workload x86 Environment L2, L3, L4-7 Network Services Virtual Machine Virtual Machine Virtual Machine Virtual Network Virtual Network Virtual Network Server Hypervisor Requirement: x86 Decoupled Network Virtualization Platform Requirement: IP Transport Physical Compute and Memory Physical Network Figure 1. Server and Network Virtualization Analogy Figure 1 draws an analogy between compute and network virtualization. Just as ware vsphere abstracts compute capacity from the server hardware to create virtual pools of resources, network virtualization abstracts the network into a generalized pool of network capacity. The unified pool of network capacity can then be optimally segmented into logical networks directly attached to specific applications. Customers can create logical networks that span physical boundaries, optimizing compute resource utilization across clusters and pods. Unlike legacy architectures, logical networks can be scaled without reconfiguring the underlying physical hardware. Customers can also integrate network services such as firewalls, VPNs and load balancers and deliver them exactly where they are needed. Single pane of glass management for all these services further reduces the cost and complexity of datacenter operations. TECHNICAL WHITE PAPER / 3

4 ware Network Virtualization The ware network virtualization solution addresses the following key needs in today s datacenter: Increasing compute utilization by pooling compute clusters Enabling noncontiguous cluster expansion Leveraging capacity across multiple racks in the datacenter Overcoming IP-addressing challenges when moving workloads Avoiding VLAN sprawl in large environments Enabling multitenancy at scale without encountering VLAN scale limitations By adopting network virtualization, customers can effectively address these issues as well as realize the following business benefits: Drive faster provisioning of network and services, enabling business agility Improve infrastructure utilization, leading to significant CapEx savings Increase compute utilization by 30 percent by efficiently pooling compute resources Increase network utilization by 40 percent due to compute pooling and improved traffic management Decouple logical networks from physical networks, providing complete flexibility Isolate and segment network traffic at scale Provide multitenancy without increasing the administrative burden Automate repeatable network and service provisioning workflows, translating to 30 percent or more in OpEx savings on network operations alone Components of the ware Network Virtualization Solution There are several components bundled in the vcloud Networking and Security suite, plus several components of the core vsphere layer, used to deploy ware network virtualization: 1. ware vsphere Distributed Switch 5.1 (VDS) 2. ware vsphere logical network (VXLAN) 3. ware vcloud Networking and Security Edge ware vcloud Networking and Security Manager ware vcloud Director 5.1 (not part of the vcloud Networking and Security suite) 6. ware vcenter Server 5.1 (not part of the vcloud Networking and Security suite; shown as part of item 4 in Figure 2) TECHNICAL WHITE PAPER / 4

5 ware Network Virtualization 5 VCD 3 ware L3 Edge 4 vshield Manager/ vcenter 2 Logical Network (VXLAN) Physical IP Network 1 Figure 2. ware VXLAN Solution Components vsphere Distributed Switch VDS abstracts the physical network and provides access-level switching in the vsphere hypervisor. It is central to network virtualization because it enables logical networks that are independent of physical constructs such as VLAN. Keep in mind the following key points: VDS facilitates massive scale, with support for up to 500 physical hosts. Multiple features such as Port Mirroring, NetFlow/IPFIX, Configuration Backup and Restore, Network Health Check, QoS, LACP, and so on, provide a comprehensive toolkit for traffic management, monitoring and troubleshooting within a virtual network. For specific feature details, refer to the What s New in ware vsphere 5.1 Networking white paper at Logical Network (VXLAN) ware network virtualization is built using Virtual extensible Local Area Network (VXLAN) overlay networking technology, an industry standard that ware developed jointly with major networking vendors. Logical network enables the following capabilities: Creation over existing IP networks of a flexible logical layer 2 (L2) overlay network that works on existing physical network infrastructure without the need to rearchitect any of the datacenter networks Communication (east west and north south) while maintaining isolation between tenants Application workloads that are agnostic of the overlay network and transparently perform all L2-to-VXLAN translations in the host See the following sections for more details on VXLAN technology, architecture components and packet flows. TECHNICAL WHITE PAPER / 5

6 ware Network Virtualization vcloud Networking and Security Edge vcloud Networking and Security Edge serves as a VXLAN gateway, translating traffic between the logical network and a physical VLAN- or IP-based network. In addition, it provides services to the logical network such as DHCP, NAT, routing (static routing), firewall, VPN and load balancing. It is deployed in a virtual appliance form factor, supports full active standby HA functionality and can support up to 9GBps of traffic. The following are key points to consider for vcloud Networking and Security Edge VXLAN gateway and network services offered in network virtualization: It acts as an L3 gateway to translate between VXLAN and physical networks and is primarily used for north south traffic. It provides inter-vxlan routing. Each VXLAN segment requires a separate vcloud Networking and Security Edge interface to ensure isolation. It is available in three sizes: compact, full and x-large; it offers options to scale up for higher performance or scale out using multiple virtual appliances. vcloud Networking and Security Edge firewall services can be applied on a per VXLAN segment basis. In multitenant deployments, individual pools of IP per tenant can be provided using vcloud Networking and Security Edge DHCP services. vcloud Networking and Security Manager vcloud Networking and Security Manager is the centralized network and security management component of the vcloud Networking and Security product suite. It is installed from an open virtualization appliance (OVA) file as a virtual machine by using ware vsphere Client. Keep in mind the following important points about vcloud Networking and Security Manager: Using the vcloud Networking and Security Manager user interface, administrators can install, configure and maintain network and network services components. vcloud Networking and Security Manager exposes APIs that can be used to integrate with existing cloud management systems or for scripts. These are also termed as northbound APIs. vcloud Director requires vcloud Networking and Security Manager to offer simple workflows for consumption of virtual networks and services. ware vcenter Server plug-in for vcloud Networking and Security Manager enables customers to perform VXLAN configuration from vcenter Server as part of the Network Virtualization tab. vcloud Director The vcloud Director virtual datacenter container is a highly automatable abstraction of the pooled virtual infrastructure. Network virtualization is fully integrated in vcloud Director workflows, enabling rapid self-service provisioning within the context of the application workload. vcloud Director uses vcloud Networking and Security Manager in the backend to provision network virtualization elements. vcloud Director is not part of vcloud Networking and Security; it is a separate purchased component. It is not mandatory for deploying a network virtualization solution, but it is highly recommended to achieve the complete operational flexibility and agility discussed previously. See consumption models for all available consumption choices for ware network virtualization. TECHNICAL WHITE PAPER / 6

7 ware Network Virtualization VXLAN Technology Overview Standardization Effort VXLAN is an Internet Engineering Task Force (IETF) Internet draft formulated in collaboration with leading networking vendors including Cisco, Arista and Broadcom. It provides a framework for creating L2 overlay networks over L3 networks. Each L2 overlay network is called a VXLAN segment (or virtual wire ) and is uniquely identified by a 24-bit segment ID. This enables customers to create up to 16 million unique VXLAN segments, each of which is an isolated logical network. Encapsulation VXLAN makes use of an encapsulation or tunneling method to carry the L2 overlay network traffic on top of L3 networks. A special kernel module running on the vsphere hypervisor host along with a vmknic acts as the virtual tunnel endpoint (VTEP). Each VTEP is assigned a unique IP address that is configured on the vmknic virtual adapter associated with the VTEP. The VTEP on the vsphere host handles all encapsulation and deencapsulation of traffic for all virtual machines running on that host. A VTEP encapsulates the MAC and IP packets from the virtual machines with a VXLAN+UDP+IP header and sends the packet out as an IP unicast or multicast packet. The latter mode is used for broadcast and unknown destination MAC frames originated by the virtual machines that must be sent across the physical IP network. Figure 3 shows the VXLAN frame format. The original packet between the virtual machines communicating on the same VXLAN segment is encapsulated with an outer Ethernet header, an outer IP header, an outer UDP header and a VXLAN header. The encapsulation is done by the source VTEP and is sent out to the destination VTEP. At the destination VTEP, the packet is stripped of its outer header and is passed on to the destination virtual machine if the segment ID in the packet is valid. Outer MAC DA Outer MAC SA Outer 8021.Q Outer IP DA Outer IP SA Outer UDP VXLAN Header 8 bytes Inner MAC DA Inner MAC SA Optional Inner 8021.Q Original Ethernet Payload CRC VXLAN Encapsulation Original Ethernet Frame Figure 3. VXLAN Frame Format The destination MAC address in the outer Ethernet header can be the MAC address of the destination VTEP or that of an intermediate L3 router. The outer IP header represents the corresponding source and destination VTEP IPs. The association of the virtual machine s MAC to the VTEP s IP is discovered via source learning. More details on the forwarding table are provided in the VXLAN Packet Flow section. The outer UDP header contains source port, destination port and checksum information. The source port of the UDP header is a hash of the inner Ethernet frame s header. This is done to enable a level of entropy for ECMP/load balancing of the virtual machine to virtual machine traffic across the VXLAN overlay. The VXLAN header is an 8-byte field that has 8 bits to indicate whether the VXLAN Network Identifier (VNI) is valid, 24 bits for the VXLAN Segment ID/VXLAN VNI and the remaining 24 bits reserved. TECHNICAL WHITE PAPER / 7

8 ware Network Virtualization VXLAN Packet Flow The following flow pattern describes the handling of ARP on a VXLAN segment (for the purposes of discussion, it is a typical ARP packet from a virtual machine (MAC1) connected to a logical L2 network VXLAN 5001): Figure 4 shows two virtual machines connected to a logical L2 network. The virtual machines don t detect any difference in communicating to the external world. They continue to use standard IP protocol to communicate with the destination. The traffic flows through the VTEP interface defined on the host. Each logical L2 network is associated with an IP multicast group. In this example, VXLAN 5001 is associated with IP multicast group address ( ), and both vsphere hosts (VTEPs) have joined that multicast group. The ARP broadcast frame from the virtual machine is encapsulated within an IP multicast frame by the VTEP on which the virtual machine is running. The multicast frame is then sent to the multicast group associated with a logical L2 network segment ID. The multicast frame is received by the target VTEPs. The destination VTEPs then validate the logical L2 network segment ID, deencapsulate the packet, and forward it if there are virtual machines on that host that are connected to this L2 network. The destination virtual machine then responds to the ARP request with a unicast packet. The VTEP on the host on which this destination virtual machine is running establishes a point-to-point tunnel with the VTEP where the virtual machine MAC1 is hosted. NOTE: The number of multicast groups supported in the physical infrastructure dictates whether there can be a one-to-one mapping to logical L2 network segment IDs. However, in the scenario where there are more logical networks than multicast groups, mapping of multiple logical networks to one multicast group is supported. Multicast frames are generated only when a broadcast packet is detected on the logical L2 network or if VTEP s forwarding table does not have the mapping of a virtual machine MAC-to-VTEP IP for that MAC address, also called an unknown unicast packet. This is similar to the transparent bridging operation of L2 switches or bridges where the packets are broadcast if there is no entry in the MAC forwarding table that matches the destination MAC address of a frame. After the virtual machine MAC address to VTEP IP address entry has been discovered and updated into the forwarding table, any future requests for communication to that particular virtual machine is handled by the source host VTEP by establishing a point-to-point (stateless) tunnel between destination VTEPs where the virtual machine is hosted. The IP multicast protocol acts as a control plane that helps build the forwarding table with virtual machine MAC address and VTEP IP address mapping. Figure 4 shows the packet encapsulation and a forwarding table entry in one of the VTEPs. VTEP MAC addresses are detected during the multicast packet exchange that occurs when a virtual machine is connected to a virtual wire. No standard ARP request is sent out from the VXLAN kernel module to detect the VTEP MAC address, so there is no proxy ARP configuration requirement on the first hop router. TECHNICAL WHITE PAPER / 8

9 ware Network Virtualization L2 IP Payload L2 IP Payload 1 MAC 1 VXLAN MAC 2 vsphere Distributed Switch VTEP IP vsphere Forwarding Table MAC VTEP IP Segment ID MAC vsphere VTEP IP L2 IP UDP VXLAN L2 IP Payload L2/L3 network infra Figure 4. VXLAN Encapsulation and Forwarding Table Example The next part of this section describes packet flow in the following VXLAN deployments: 1) Intra-VXLAN packet flow; that is, two virtual machines on the same logical L2 network 2) Inter-VXLAN packet flow; that is, two virtual machines on two different logical L2 networks TECHNICAL WHITE PAPER / 9

10 ware Network Virtualization Intra-VXLAN Packet Flow Figure 5 shows two traffic flows: A virtual machine is communicating with another virtual machine on the same logical L2 network (red dotted line). A virtual machine is communicating with an external device on the Internet (green dotted line) VXLAN BLUE / vcloud Networking and Security Edge Gateway External Network /24 Virtual Machine to Virtual Machine communication Virtual Machine to Internet communication Internet Figure 5. VXLAN Traffic Flow Same Logical L2 and External Traffic In the case of virtual machine to virtual machine communication on the same logical L2 network, the following two traffic flow examples illustrate possibilities that are dependent on where the virtual machines are deployed: 1) Both virtual machines are on the same vsphere host. 2) The virtual machines are on two different vsphere hosts. In the first case, traffic remains on one vsphere host; in the second case, the virtual machine packet is encapsulated into a new UDP header by the source VTEP on one vsphere host and is sent over through the external IP network infrastructure to the destination VTEP on another vsphere host. In this process, the external switches and routers do not detect anything about the virtual machine s IP ( / ) and MAC address because they are embedded in the new UDP header. In the scenario where the virtual machine is communicating with the external world, as shown by the green dotted line, it first will send the traffic to gateway IP address ; the vcloud Networking and Security Edge gateway will send unencapsulated traffic over its external-facing interface to the Internet. TECHNICAL WHITE PAPER / 10

11 ware Network Virtualization Inter-VXLAN Packet Flow In the example shown in Figure 6, there are two logical L2 networks, VXLAN Blue and VXLAN Orange. The virtual machines connected to these networks are isolated from each other. The two networks are assigned with two different subnet IP addresses, /24 and /24. The vcloud Networking and Security Edge gateway acts as the router/gateway between these two isolated logical L2 networks. The traffic flow between the two virtual machines on different logical networks depends on where the virtual machines and vcloud Networking and Security Edge gateway appliance are deployed. The following are possible scenarios: 1) All the virtual machines and the vcloud Networking and Security Edge gateway are on the same vsphere host. 2) The virtual machines are on different vsphere hosts, and the vcloud Networking and Security Edge gateway appliance is deployed on one of the vsphere hosts. 3) All the virtual machines and the vcloud Networking and Security Edge gateway appliance are on different vsphere hosts. The first case is simple to describe because the traffic remains on the same host. The virtual machines direct the traffic to the respective gateway IP address of the logical network subnets and The vcloud Networking and Security Edge gateway receives the traffic on the different interfaces and, based on the firewall rule, makes the routing decision between the two different interfaces. The second and third cases of traffic flow involve the encapsulated packets that traverse the physical network infrastructure before they reach the vcloud Networking and Security Edge gateway, which then routes the packet to the appropriate destination VXLAN Blue /24 VXLAN Orange / vcloud Networking and Security Edge Gateway External Network /24 Internet Virtual Machine to Virtual Machine communication between two VXLANs Figure 6. VXLAN Traffic Flow Different Logical L2 TECHNICAL WHITE PAPER / 11

12 ware Network Virtualization Network Virtualization Design Considerations ware network virtualization can be deployed on top of existing datacenter networks. In this section, we discuss how the logical networks using VXLANs can be deployed over common datacenter network topologies. We first discuss requirements for the physical network, followed by logical network deployment options. Physical Network The physical datacenter network varies across different customer environments in terms of which network topology they use in their datacenter. Hierarchical network design provides the required high availability and scalability to the datacenter network. This section assumes that the reader has some background in various network topologies utilizing traditional L3 and L2 network configurations. Readers are encouraged to look at the design guides from the physical network vendor of choice. We will examine some common physical network topologies and how to enable network virtualization in them. Network Topologies with L2 Configuration in the Access Layer In this topology access layer, switches connect to the aggregation layer over an L2 network. Aggregation switches are the VLAN termination points, as shown in Figure 7. Spanning Tree Protocol (STP) is traditionally used to avoid loops. Routing protocols run between aggregation and core layers. Consume Logical L2 Network VXLAN Fabric vsphere Distributed Switch Deploy VDS VLAN100 VLAN100 Single Subnet L3 Access Layer Enable IGMP Snooping STP Aggregation Layer L2 Trunks L3 Links Enable IGMP Querier Routing Rack 1 Core Layer Rack 10 Figure 7. Datacenter Design L2 Configuration in Access Layer with STP In such deployments with a single subnet (VLAN 100) configured on different racks, enabling network virtualization based on VXLAN requires the following: Enable IGMP snooping on the L2 switches. Enable the IGMP querier feature on one of the L2/L3 switches in the aggregation layer. Increase the end-to-end MTU by a minimum of 50 bytes to accommodate a VXLAN header. The recommended size is 1,550 or jumbo frames. TECHNICAL WHITE PAPER / 12

13 ware Network Virtualization To overcome slower convergence times and lower link utilization limitations of STP, most datacenter networks today use technologies such as Cisco vpc/vss (or MLAG, MCE, SMLT, and so on). From the VXLAN design perspective, there is no change to the previously stated requirements. When the physical topology has an access layer with multiple subnets configured (for example, VLAN 100 in Rack 1 and VLAN 200 in Rack 10 in Figure 8), the aggregation layer must have Protocol-Independent Multicast (PIM) enabled to ensure that multicast routes across multiple subnets are exchanged. All the VXLAN requirements previously discussed apply to leaf and spine datacenter architectures as well. Network Topologies with L3 Configuration in the Access Layer In this topology, access layer switches connect to the aggregation layer over an L3 network. Access switches are the VLAN termination points, as shown in Figure 8. Key advantages of this design are better utilization of all the links using Equal-Cost Multipathing (ECMP) and elimination of STP. From the VXLAN deployment perspective, the following requirements must be met: Enable PIM on access switches. Ensure that during the VXLAN preparation process, no VLAN is configured. This ensures that a VDS doesn t perform VLAN tagging, also called virtual switch tagging (VST) mode. Increase end-to-end MTU by a minimum of 50 bytes to accommodate a VXLAN header. The recommended size is 1,550 or jumbo frames. Consume Logical L2 Network VXLAN Fabric vsphere Distributed Switch Deploy VDS L3 Access Layer L3 Links Routing Enable PIM ECMP Aggregation Layer Rack 1 Core Layer Rack 10 Figure 8. Datacenter Design L3 Configuration in Access Layer with ECMP TECHNICAL WHITE PAPER / 13

14 ware Network Virtualization Logical Network After the physical network has been prepared, logical networks are deployed with VXLAN, with no ongoing changes to the physical network. The logical network design differs based on the customer s needs and the type of compute, network and storage components they have in the datacenter. The following aspects of the virtual infrastructure should be taken into account before deploying logical networks: A cluster is a collection of vsphere hosts and associated virtual machines with shared resources. One cluster can have a maximum of 32 vsphere hosts. A VDS is the datacenter-wide virtual switch that can span across up to 500 hosts in the datacenter. Best practice is to use one VDS across all clusters to enable simplified design and cluster-wide ware vsphere vmotion migration. With VXLAN, a new traffic type is added to the vsphere host: VXLAN transport traffic. As a best practice, the new VXLAN traffic type should be isolated from other virtual infrastructure traffic types. This can be achieved by assigning a separate VLAN during the VXLAN preparation process. A ware vsphere ESXi host s infrastructure traffic, including vmotion migration, ware vsphere Fault Tolerance, management, and so on, is not encapsulated and is independent of the VXLAN-based logical network. These traffic types should be isolated from each other, and enough bandwidth should be allocated to them. As of this release only, ware does not support placing infrastructure traffic such as vmotion migration on VXLAN-based virtual networks. Only virtual machine traffic is supported on logical networks. To support vmotion migrations of workloads between clusters, all clusters should have access to all storage resources. The link aggregation method configured on the vsphere hosts also impacts how VXLAN transport traffic traverses the host NICs. The VDS VXLAN port group s teaming can be configured as failover, LACP active mode, LACP passive mode or static EtherChannel. a. When LACP or static EtherChannel is configured, the upstream physical switch must have an equivalent port channel or EtherChannel configured. b. Also, if LACP is used, the physical switch must have 5-tuple hash distribution enabled. c. Virtual port ID and load-based teaming are not supported with VXLAN. Next, the design in the following three scenarios is discussed. Greenfield deployment A datacenter built from scratch. Brownfield deployment An existing operational datacenter with virtualization. Stretched cluster Two datacenters separated by a short distance. Scenario 1 Greenfield Deployment: Logical Network with a Single Physical L2 Domain In a greenfield deployment, the recommended design is to have a single VDS stretching across all the compute clusters within the same vcenter Server. All hosts in the VDS are placed on the same L2 subnet (single VLAN on all uplinks). In Figure 9, the VLAN 10 spanning the racks is switched not routed creating a single L2 subnet. This single subnet serves as the VXLAN transport subnet, and each host receives an IP address from this subnet, used in VXLAN encapsulation. Multicast and other requirements are met based on the physical network topology. Refer to the L2 configuration in the access layer shown in Figure 9 for details on multicast-related configuration. TECHNICAL WHITE PAPER / 14

15 ware Network Virtualization Logical L2 Network VXLAN Fabric VXLAN 5002 VXLAN 5001 Rack 1 Cluster 1 VLAN 10 vsphere Distributed Switch vsphere vsphere vsphere vsphere Rack 10 Cluster 2 VLAN 10 Legend: VTEP vwire5001 portgroup vwire5002 portgroup Switch Figure 9. Greenfield Deployment One VDS Keep in mind the following key points while deploying: The VDS VXLAN port group must be in the same VLAN across all hosts in all clusters. This configuration is handled through the vcloud Networking and Security Manager plug-in in vcenter Server. VDS, VLAN, teaming and MTU settings must be provided as part of the VXLAN configuration process. A VTEP IP address is assigned either via DHCP or statically via vcenter Server. Virtual machines communicating outside the logical network (to the Internet or to nonlogical networks within the datacenter) require a VXLAN gateway. vmotion Boundary The vmotion boundary, or the workload migration limit, in VXLAN deployment is dictated by the following two criteria: 1) vmotion migration is limited to hosts managed by a single vcenter Server instance. 2) vmotion migration is not possible across two VDS. In this scenario where all the hosts are part of the same VDS, vmotion migration will work across all hosts as long as the shared storage requirement is satisfied across the two clusters. Scenario 2 Logical Network: Multiple Physical L2 Domains In brownfield deployments, clusters are typically deployed with multiple VDS, one per cluster. Each VDS is on a different subnet, terminated on an aggregation router. Logical L2 networks can span across these subnet boundaries. The main difference as compared to scenario 1 is that VXLAN transport traffic is routed instead of being switched in the same subnet. Multicast and ECMP requirements are dependent on the physical topology. Refer to the L3 configuration in the access layer shown in Figure 10 for details on multicast-related configuration. TECHNICAL WHITE PAPER / 15

16 ware Network Virtualization Logical L2 Network VXLAN Fabric VXLAN 5002 VXLAN 5001 Rack 1 Cluster 1 VLAN 10 vsphere vsphere Distributed Switch vsphere vsphere vsphere Distributed Switch vsphere Rack 10 Cluster 2 VLAN 20 Legend: VTEP vwire5001 portgroup Switch vwire5002 portgroup Router Figure 10. Brownfield Deployment Two VDS Keep in mind the following key points while deploying: VTEPs in different subnets can route traffic to each other. A VTEP IP address is assigned either via DHCP or statically via vcenter. Applications running in virtual machines cannot detect the physical topology and are in the same subnet. Virtual machines communicating outside the logical network (to the Internet or to nonlogical networks within the datacenter) require a VXLAN gateway. (See appendix 2 for packet flows.) vmotion Boundary In this two-vds VXLAN deployment, the vmotion boundary is limited to one VDS. The workloads deployed on a logical L2 network cannot be moved to a host connected to a different VDS. However, if workload placement alone is the goal, this design enables the choice of any cluster for the deployment of a workload, even if they are on different physical VLANs. Scenario 3 Logical Network: Multiple Physical L2 Domains with vmotion If vmotion migration across clusters is an important requirement, the following modified design should be used. Here, a single VDS spans across multiple clusters, enabling vmotion migration across clusters. The following are some of the key differences in this design: No VLAN ID is configured during the VXLAN preparation. The VDS will not perform VLAN tagging for the VXLAN traffic going out on the uplinks (no VST). Dedicated uplinks are required on the hosts to carry untagged VXLAN traffic. The physical-switch ports, where the host uplinks are connected, are configured as access ports with appropriate VLAN. For example, as shown in Figure 11, access switch ports of cluster 1 are configured with VLAN 10; those of cluster 2 are configured with VLAN 20. TECHNICAL WHITE PAPER / 16

17 ware Network Virtualization Logical L2 Network VXLAN Fabric VXLAN 5002 VXLAN 5001 Rack 1 Cluster 1 No VST vsphere vsphere vsphere Distributed Switch vsphere vsphere Rack 10 Cluster 2 No VST Legend: VTEP vwire5001 portgroup vwire5002 portgroup VLAN 10 Switch VLAN 20 Router Figure 11. Brownfield Deployment Single VDS to Enable vmotion Migration Because the storage network is parallel and independent of a logical network, it is assumed that both clusters can reach the shared storage. Standard vmotion migration distance limitations and single vcenter requirements still apply. Because the moved virtual machine is still in the same logical L2 network, no IP readdressing is necessary, even though the physical hosts might be on different subnets. Scenario 4 Logical Network: Stretched Clusters Across Two Datacenters Stretched clusters offer the ability to balance workloads between two datacenters. This nondisruptive workload mobility enables migration of services between geographically adjacent sites. A stretched cluster design helps pool resources in two datacenters and enables workload mobility. Virtual machine to virtual machine traffic is within the same logical L2 network, enabling L2 adjacency across datacenters. The virtual machine to virtual machine traffic dynamics are the same as those previously cited. In this section, we will discuss the impact of this design on north south traffic (virtual machine communicating outside the logical L2 network) because that is the main difference as compared to previous scenarios. Figure 12 shows two sites, site A and site B, with two hosts deployed in each site along with the storage and the replication setup. Here all hosts are managed by a single vcenter Server and are part of the same VDS. In general, for stretched cluster design, the following requirements must be met: The two datacenters must be managed by one vcenter Server because the VXLAN scope is limited to a single vcenter Server. vmotion support requires that the datacenters have a common stretched VDS (as in scenario 3). A multiple VDS design, discussed in scenario 2, can also be used, but vmotion migration will not work. TECHNICAL WHITE PAPER / 17

18 ware Network Virtualization After vmotion VXLAN 5002 vsphere Distributed Switch Stretched Cluster WAN Site A IP Network IP Network Site B Internet Storage A FC/IP Storage B Internet LUN (R/W) LUN (R/O) Figure 12. Stretched Cluster In this design, the vcloud Networking and Security Edge gateway is pinned to one of the datacenters (site A in this example). In the vcloud Networking and Security 5.1 release, each VXLAN segment can have only one vcloud Networking and Security Edge gateway. This has the following implications: All north south traffic from the second datacenter (site B) in the same VXLAN (5002) must transit the vcloud Networking and Security Edge gateway in the first datacenter (site A). Also, when a virtual machine is moved from site A to site B, all north south traffic returns to site A before reaching the Internet or other physical networks in the datacenter. Storage must support a campus cluster configuration. These implications raise obvious concerns regarding bandwidth consumption and latency, so an active active multidatacenter design is not recommended. This design is mainly targeted toward the following scenarios: Datacenter migrations that require no IP address changes on the virtual machines. After the migration has been completed, the vcloud Networking and Security Edge gateway can be moved to the new datacenter, requiring a change in external IP addresses on the vcloud Networking and Security Edge only. If all virtual machines have public IP addresses and are not behind vcloud Networking and Security Edge gateway network address translation (NAT), more changes are needed. Deployments that require limited north south traffic. Because virtual machine virtual machine traffic does not require crossing the vcloud Networking and Security Edge gateway, the stretched cluster limitation does not apply. These scenarios also benefit from elastic pooling of resources and initial workload placement flexibility. If virtual machines are in different VXLANs, the limitations do not apply. TECHNICAL WHITE PAPER / 18

19 ware Network Virtualization Managing IP Addresses in Logical Networks In a large cloud environment with multiple tenants, IP address management is a critical task. In this section, we will focus on IP address management of the virtual machines deployed on the VXLAN logical L2 network. Each logical L2 network created with VXLAN is a separate L2 broadcast domain. This L2 broadcast domain can be associated with a separate subnet using a private IP space or publicly routable IP space. Depending on whether private IP space or publicly routable IP space is used for the assignment to the logical networks, customers must choose either the NAT or the non-nat option on the vcloud Networking and Security Edge gateway. So the IP address assignment depends on whether the virtual machine is connected to a logical L2 network through a NAT or non-nat configuration. Let s take a look at the example with the following two deployments: 1) Using the NAT and DHCP services of the vcloud Networking and Security Edge gateway 2) Not using the NAT and DHCP services of the vcloud Networking and Security Edge gateway With Network Address Translation In deployments where customers have limited IP address space, NAT is used to provide address translation from private IP space to the limited public IP addresses. By utilizing vcloud Networking and Security Edge gateway services, customers can provide individual tenants with the ability to create their own pool of private IP addresses, which ultimately get mapped to the publicly routable external IP address of the external vcloud Networking and Security Edge gateway interface. Figure 13 shows a three-tenant deployment, with each tenant virtual machine connected to separate logical L2 networks. The blue, green and purple virtual wires (VXLAN segments) are connected to the three internal interfaces of the vcloud Networking and Security Edge gateway; the external interface of the vcloud Networking and Security Edge is connected to the Internet via a datacenter router VXLAN /24 VXLAN /24 VXLAN / vcloud Networking and Security Edge Gateway Standard NAT Configuration and DHCP service External Network /24 Internet Figure 13. NAT and DHCP Configuration on vcloud Networking and Security Edge Gateway TECHNICAL WHITE PAPER / 19

20 ware Network Virtualization The following are some configuration details of the vcloud Networking and Security Edge gateway: Blue, green and purple virtual wires (VXLAN segments) are associated with separate port groups on a VDS. Internal interfaces of the vcloud Networking and Security Edge gateway connect to these port groups. The vcloud Networking and Security Edge gateway interface connected to the blue virtual wire is configured with IP Enable DHCP service on this internal interface of vcloud Networking and Security Edge by providing a pool of IP addresses. For example, to All the virtual machines connected to the blue virtual wire receive an IP address from the DHCP service configured on Edge or on the same subnet. The NAT configuration on the external interface of the vcloud Networking and Security Edge gateway allows virtual machines on a virtual wire to communicate with devices on the external network. This communication is allowed only when the requests are initiated by the virtual machines connected to the internal interface of the vcloud Networking and Security Edge. In situations where overlapping IP and MAC address support is required, one vcloud Networking and Security Edge gateway per tenant is recommended. Figure 14 shows an overlapping IP address deployment with two tenants and two separate vcloud Networking and Security Edge gateways. Tenant Tenant VXLAN /24 VXLAN / vcloud Networking and Security Edge Gateway vcloud Networking and Security Edge Gateway External Network /16 IP Core Figure 14. Overlapping IP and MAC Addresses Without Network Address Translation Customers who are not limited by routable IP addresses, have virtual machines with public IP addresses or do not want to deploy NAT can use static routing on vcloud Networking and Security Edge. TECHNICAL WHITE PAPER / 20

21 ware Network Virtualization VXLAN /24 VXLAN /24 VXLAN / vcloud Networking and Security Edge Gateway External Network /24 Internet Figure 15. Routable IP Assignments to the Logical Networks In the deployment shown in Figure 15, the vcloud Networking and Security Edge gateway is not configured with the DHCP and NAT services. However, static routes are set up between different interfaces of the vcloud Networking and Security Edge gateway. Other Network Services In a multitenant environment, vcloud Networking and Security Edge firewall can also be used to segment intertenant and intratenant traffic. vcloud Networking and Security Edge load balancer can be used for load balancing external to internal Web traffic, for example, when multiple Web servers are deployed on the logical network. Static routes must be configured on the upstream router to properly route inbound traffic to the vcloud Networking and Security Edge external interface. vcloud Networking and Security Edge also provides DNS relay functionality to resolve domain names. DNS relay configuration should point to an existing DNS in the physical network. Alternatively, a DNS server can be deployed in the logical network itself. Scaling Network Virtualization In this section, we present the design considerations that can be followed for the different components while planning the scaling of VXLAN networks and associated network services. The following key components and parameters should be taken into account: 1) VDS: One vcenter Server can have 128 VDS. One VDS can span across 500 hosts. One VDS can support 10,000 port groups. Because a new port group is created for every logical L2 network, this number dictates the number of L2 logical networks that can be created. TECHNICAL WHITE PAPER / 21

22 ware Network Virtualization 2) vcloud Networking and Security Edge gateway: Each vcloud Networking and Security Edge gateway can have a maximum of 10 interfaces and can be configured to connect to an internal or external network. The number of logical networks requiring gateway services determines the number of gateway instances that must be deployed based on the 10-interfaces-per-gateway maximum. For example, if one interface per gateway is connected to an external network (leaving 9 for internal networks), the number of gateway instances required for 90 logical L2 networks would be 90/9 that is, 10 vcloud Networking and Security Edge gateway devices. Available in three different sizes, based on capacity. 3) VXLAN Traffic: The planned virtual machine consolidation ratio should take into consideration the amount of virtual machine traffic that VTEP must handle. Meet the bandwidth requirements for the VXLAN traffic by assigning sufficient NICs for the same. To optimally utilize the uplinks, use link aggregation methods on the physical switches. 4) Multicast: Each VXLAN logical network is uniquely identified by a combination of a number called segment ID (determined from a range defined by the user) and the configured multicast group. The multicast group to VXLAN segment ID mapping is handled by the vcloud Networking and Security Manager. There is no need to have one-to-one mapping between the segment ID and the multicast group. In case of a limited number of multicast groups, vcloud Networking and Security Manager maps multiple logical networks (segment IDs) to one multicast group. Consumption Models After the VXLAN configuration has been completed, customers can create and consume logical L2 networks on demand. Depending on the type of vcloud Networking and Security bundle purchased, they have the following three options: 1) Use the vcloud Director interface. 2) Use the vcloud Networking and Security Manager interface. 3) Use REST APIs offered by vcloud Networking and Security products. In vcloud Director vcloud Director creates a VXLAN network pool implicitly for each provider VDC backed by VXLAN prepared clusters. The total number of logical networks that can be created using a VXLAN network pool is determined by the configuration at the time of VXLAN fabric preparation. A cloud administrator can in turn distribute this total number to the various organization VDCs backed by the provider VDC. The quota allocated to an organization VDC determines the number of logical networks (organization VDC/ ware vsphere vapp networks) backed by VXLAN that can be created in that organization VDC. In vcloud Networking and Security Manager Customers who don t have vcloud Director deployment can consume the logical L2 networks through the vcloud Networking and Security Manager Web interface or through the vsphere Client network virtualization plug-in. TECHNICAL WHITE PAPER / 22

23 ware Network Virtualization Using API In addition to vcloud Director and vcloud Networking and Security Manager, vcloud Networking and Security components can be managed using APIs provided by ware. For detailed information on how to use the APIs, refer to the vcloud Networking and Security 5.1 API Programming Guide at Troubleshooting and Monitoring The following are some of the important tools that customers should use to troubleshoot and monitor the VXLAN network. These tools provide the required visibility into the encapsulated VXLAN traffic and also help manage the overall logical network infrastructure. Network Health Check Network Health Check enables proactive reports on virtual and physical network configuration inconsistencies, reducing operational costs involved in troubleshooting and fixing errors. It checks for the following three parameters: VLAN IDs MTU settings Teaming configuration VXLAN Connectivity Check Unicast and Broadcast Tests The unicast and broadcast tests available through the vcloud Networking and Security Manager enable customers to test the configuration across the virtual and physical infrastructure. They also enable verification that all VTEP configurations are correct and that each VTEP can reach other VTEPs. A gateway address on VTEP is required for this functionality to work. A VTEP IP address must be assigned using DHCP to configure the gateway, because static IP configuration on VTEP via vcenter Server does not enable gateways to be configured. Proxy ARP on upstream gateway/router is not a requirement. Monitoring Logical Flows IPFIX NetFlow v10/ipfix on VDS enables vendors to predefine custom NetFlow records. A new VXLAN template has been predefined to monitor traffic flows in logical networks. With this template, customers can monitor VXLAN flows at virtual machine level granularity. Port Mirroring VDS provides multiple standard port mirroring features such as SPAN, RSPAN and ERSPAN that help in detailed traffic analysis. TECHNICAL WHITE PAPER / 23

24 ware Network Virtualization Conclusion The ware network virtualization solution addresses the current challenges with the physical network infrastructure and brings flexibility, agility and scale through VXLAN-based logical networks. Along with the ability to create on-demand logical networks using VXLAN, the vcloud Networking and Security Edge gateway helps customers deploy various logical network services such as firewall, DHCP, NAT and load balancing on these networks. The operational tools provided as part of the solution help in the troubleshooting and monitoring of these overlay networks. TECHNICAL WHITE PAPER / 24

25 ware, Inc Hillview Avenue Palo Alto CA USA Tel Fax Copyright 2013 ware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. ware products are covered by one or more patents listed at ware is a registered trademark or trademark of ware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: W-WP-NETWORK-VIRT-GUIDE-USLET-101 Docsource: OIC

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor

More information

VMware. NSX Network Virtualization Design Guide

VMware. NSX Network Virtualization Design Guide VMware NSX Network Virtualization Design Guide Table of Contents Intended Audience... 3 Overview... 3 Components of the VMware Network Virtualization Solution... 4 Data Plane... 4 Control Plane... 5 Management

More information

Extending Networking to Fit the Cloud

Extending Networking to Fit the Cloud VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at

More information

VMware vcloud Networking and Security Overview

VMware vcloud Networking and Security Overview VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility

More information

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000 VMware NSX Network Virtualization Design Guide Deploying VMware NSX with Cisco UCS and Nexus 7000 Table of Contents Intended Audience... 3 Executive Summary... 3 Why deploy VMware NSX on Cisco UCS and

More information

What s New in VMware vsphere 5.0 Networking TECHNICAL MARKETING DOCUMENTATION

What s New in VMware vsphere 5.0 Networking TECHNICAL MARKETING DOCUMENTATION What s New in ware vsphere 5.0 TECHNICAL MARKETING DOCUMENTATION v 1.0/Updated April 2011 What s New in ware vsphere 5.0 Table of Contents Introduction.... 3 Network Monitoring And Troubleshooting....

More information

What s New in VMware vsphere 5.5 Networking

What s New in VMware vsphere 5.5 Networking VMware vsphere 5.5 TECHNICAL MARKETING DOCUMENTATION Table of Contents Introduction.................................................................. 3 VMware vsphere Distributed Switch Enhancements..............................

More information

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN-001391-01

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN-001391-01 vsphere 6.0 ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more

More information

VMware vcloud Networking and Security

VMware vcloud Networking and Security VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility

More information

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business

More information

VMware NSX @SoftLayer!!

VMware NSX @SoftLayer!! A VMware@SoftLayer CookBook v1.1 April 30, 2014 VMware NSX @SoftLayer Author(s) & Contributor(s) (IBM) Shane B. Mcelligott Dani Roisman (VMware) Merlin Glynn, mglynn@vmware.com Chris Wall Geoff Wing Marcos

More information

VMware vcloud Air Networking Guide

VMware vcloud Air Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

VXLAN Bridging & Routing

VXLAN Bridging & Routing VXLAN Bridging & Routing Darrin Machay darrin@arista.com CHI-NOG 05 May 2015 1 VXLAN VM-1 10.10.10.1/24 Subnet A ESX host Subnet B ESX host VM-2 VM-3 VM-4 20.20.20.1/24 10.10.10.2/24 20.20.20.2/24 Load

More information

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure W h i t e p a p e r VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure Table of Contents Executive Summary.... 3 Cloud Computing Growth.... 3 Cloud Computing Infrastructure

More information

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Expert Reference Series of White Papers. VMware vsphere Distributed Switches Expert Reference Series of White Papers VMware vsphere Distributed Switches info@globalknowledge.net www.globalknowledge.net VMware vsphere Distributed Switches Rebecca Fitzhugh, VCAP-DCA, VCAP-DCD, VCAP-CIA,

More information

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01 ESXi 5.0 vcenter Server 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN-001074-02

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN-001074-02 vsphere 5.5 ESXi 5.5 vcenter Server 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more

More information

NSX TM for vsphere with Arista CloudVision

NSX TM for vsphere with Arista CloudVision ARISTA DESIGN GUIDE NSX TM for vsphere with Arista CloudVision Version 1.0 August 2015 ARISTA DESIGN GUIDE NSX FOR VSPHERE WITH ARISTA CLOUDVISION Table of Contents 1 Executive Summary... 4 2 Extending

More information

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches Virtual Networking Features of the vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches What You Will Learn With the introduction of ESX, many virtualization administrators are managing virtual

More information

Analysis of Network Segmentation Techniques in Cloud Data Centers

Analysis of Network Segmentation Techniques in Cloud Data Centers 64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

hp ProLiant network adapter teaming

hp ProLiant network adapter teaming hp networking june 2003 hp ProLiant network adapter teaming technical white paper table of contents introduction 2 executive summary 2 overview of network addressing 2 layer 2 vs. layer 3 addressing 2

More information

On-Demand Infrastructure with Secure Networks REFERENCE ARCHITECTURE

On-Demand Infrastructure with Secure Networks REFERENCE ARCHITECTURE REFERENCE ARCHITECTURE Table of Contents Executive Summary.... 3 Audience.... 3 Overview.... 3 What Is an On-Demand Infrastructure?.... 4 Architecture Overview.... 5 Cluster Overview.... 8 Management Cluster...

More information

VMware vcloud Director for Service Providers

VMware vcloud Director for Service Providers Architecture Overview TECHNICAL WHITE PAPER Table of Contents Scope of Document....3 About VMware vcloud Director....3 Platform for Infrastructure Cloud...3 Architecture Overview....3 Constructs of vcloud

More information

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc. White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3

More information

VMware and Brocade Network Virtualization Reference Whitepaper

VMware and Brocade Network Virtualization Reference Whitepaper VMware and Brocade Network Virtualization Reference Whitepaper Table of Contents EXECUTIVE SUMMARY VMWARE NSX WITH BROCADE VCS: SEAMLESS TRANSITION TO SDDC VMWARE'S NSX NETWORK VIRTUALIZATION PLATFORM

More information

Monitoring Hybrid Cloud Applications in VMware vcloud Air

Monitoring Hybrid Cloud Applications in VMware vcloud Air Monitoring Hybrid Cloud Applications in ware vcloud Air ware vcenter Hyperic and ware vcenter Operations Manager Installation and Administration Guide for Hybrid Cloud Monitoring TECHNICAL WHITE PAPER

More information

Cross-vCenter NSX Installation Guide

Cross-vCenter NSX Installation Guide NSX 6.2 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

What s New in VMware vsphere 5.1 Networking

What s New in VMware vsphere 5.1 Networking VMware vsphere 5.1 Networking VMware vsphere 5.1 TECHNICAL MARKETING DOCUMENTATION V 1.01 / UPDATED JUNE 2012 Table of Contents Introduction... 3 VDS Operational Improvements... 3 Network Health Check....

More information

Reference Design: Deploying NSX for vsphere with Cisco UCS and Nexus 9000 Switch Infrastructure TECHNICAL WHITE PAPER

Reference Design: Deploying NSX for vsphere with Cisco UCS and Nexus 9000 Switch Infrastructure TECHNICAL WHITE PAPER Reference Design: Deploying NSX for vsphere with Cisco UCS and Nexus 9000 Switch Infrastructure TECHNICAL WHITE PAPER Table of Contents 1 Executive Summary....3 2 Scope and Design Goals....3 2.1 NSX VMkernel

More information

VMDC 3.0 Design Overview

VMDC 3.0 Design Overview CHAPTER 2 The Virtual Multiservice Data Center architecture is based on foundation principles of design in modularity, high availability, differentiated service support, secure multi-tenancy, and automated

More information

Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud

Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches

More information

VMware Virtual SAN 6.2 Network Design Guide

VMware Virtual SAN 6.2 Network Design Guide VMware Virtual SAN 6.2 Network Design Guide TECHNICAL WHITE PAPER APRIL 2016 Contents Intended Audience... 2 Overview... 2 Virtual SAN Network... 2 Physical network infrastructure... 3 Data center network...

More information

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................

More information

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software

More information

Enhancing Cisco Networks with Gigamon // White Paper

Enhancing Cisco Networks with Gigamon // White Paper Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,

More information

NSX Installation and Upgrade Guide

NSX Installation and Upgrade Guide NSX 6.0 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

VMware Virtual SAN Network Design Guide TECHNICAL WHITE PAPER

VMware Virtual SAN Network Design Guide TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER Table of Contents Intended Audience.... 3 Overview.... 3 Virtual SAN Network... 3 Physical Network Infrastructure... 4 Data Center Network... 4 Host Network Adapter.... 5 Virtual

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

White Paper. Advanced Server Network Virtualization (NV) Acceleration for VXLAN

White Paper. Advanced Server Network Virtualization (NV) Acceleration for VXLAN White Paper Advanced Server Network Virtualization (NV) Acceleration for VXLAN August 2012 Overview In today's cloud-scale networks, multiple organizations share the same physical infrastructure. Utilizing

More information

Nutanix Tech Note. VMware vsphere Networking on Nutanix

Nutanix Tech Note. VMware vsphere Networking on Nutanix Nutanix Tech Note VMware vsphere Networking on Nutanix Nutanix Virtual Computing Platform is engineered from the ground up for virtualization and cloud environments. This Tech Note describes vsphere networking

More information

VMware vshield App Design Guide TECHNICAL WHITE PAPER

VMware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide Overview ware vshield App is one of the security products in the ware vshield family that provides protection to applications

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014 Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow

More information

Data Center Networking Designing Today s Data Center

Data Center Networking Designing Today s Data Center Data Center Networking Designing Today s Data Center There is nothing more important than our customers. Data Center Networking Designing Today s Data Center Executive Summary Demand for application availability

More information

Best Practices for Virtual Networking Karim Elatov Technical Support Engineer, GSS

Best Practices for Virtual Networking Karim Elatov Technical Support Engineer, GSS Best Practices for Virtual Networking Karim Elatov Technical Support Engineer, GSS 2009 VMware Inc. All rights reserved Agenda Best Practices for Virtual Networking Virtual Network Overview vswitch Configurations

More information

Software Defined Network (SDN)

Software Defined Network (SDN) Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario

More information

BUILDING A NEXT-GENERATION DATA CENTER

BUILDING A NEXT-GENERATION DATA CENTER BUILDING A NEXT-GENERATION DATA CENTER Data center networking has changed significantly during the last few years with the introduction of 10 Gigabit Ethernet (10GE), unified fabrics, highspeed non-blocking

More information

ConnectX -3 Pro: Solving the NVGRE Performance Challenge

ConnectX -3 Pro: Solving the NVGRE Performance Challenge WHITE PAPER October 2013 ConnectX -3 Pro: Solving the NVGRE Performance Challenge Objective...1 Background: The Need for Virtualized Overlay Networks...1 NVGRE Technology...2 NVGRE s Hidden Challenge...3

More information

Data Center Infrastructure of the future. Alexei Agueev, Systems Engineer

Data Center Infrastructure of the future. Alexei Agueev, Systems Engineer Data Center Infrastructure of the future Alexei Agueev, Systems Engineer Traditional DC Architecture Limitations Legacy 3 Tier DC Model Layer 2 Layer 2 Domain Layer 2 Layer 2 Domain Oversubscription Ports

More information

Using Network Virtualization to Scale Data Centers

Using Network Virtualization to Scale Data Centers Using Network Virtualization to Scale Data Centers Synopsys Santa Clara, CA USA November 2014 1 About Synopsys FY 2014 (Target) $2.055-2.065B* 9,225 Employees ~4,911 Masters / PhD Degrees ~2,248 Patents

More information

VMware NSX for vsphere (NSX-V) Network Virtualization Design Guide

VMware NSX for vsphere (NSX-V) Network Virtualization Design Guide VMware NSX for vsphere (NSX-V) Network Virtualization Design Guide DESIGN GUIDE / 1 Intended Audience... 4 Overview... 4 Introduction to Network Virtualization... 5 Overview of NSX-v Network Virtualization

More information

NSX Installation Guide

NSX Installation Guide NSX 6.2 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Junos Space Virtual Control

Junos Space Virtual Control Proiduct Overview The proliferation of virtual switches in the data center has presented data center operators with a significant challenge namely, how to manage these virtual network elements in conjunction

More information

vshield Quick Start Guide

vshield Quick Start Guide vshield Manager 5.0 vshield App 5.0 vshield Edge 5.0 vshield Endpoint 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

vshield Administration Guide

vshield Administration Guide vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Network Virtualization Solutions

Network Virtualization Solutions Network Virtualization Solutions An Analysis of Solutions, Use Cases and Vendor and Product Profiles October 2013 The Independent Community and #1 Resource for SDN and NFV Tables of Contents Introduction

More information

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure

More information

Creating a VMware Software-Defined Data Center REFERENCE ARCHITECTURE VERSION 1.5

Creating a VMware Software-Defined Data Center REFERENCE ARCHITECTURE VERSION 1.5 Software-Defined Data Center REFERENCE ARCHITECTURE VERSION 1.5 Table of Contents Executive Summary....4 Audience....4 Overview....4 VMware Software Components....6 Architectural Overview... 7 Cluster...

More information

Why Software Defined Networking (SDN)? Boyan Sotirov

Why Software Defined Networking (SDN)? Boyan Sotirov Why Software Defined Networking (SDN)? Boyan Sotirov Agenda Current State of Networking Why What How When 2 Conventional Networking Many complex functions embedded into the infrastructure OSPF, BGP, Multicast,

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,

More information

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane

More information

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

WHITE PAPER. Network Virtualization: A Data Plane Perspective

WHITE PAPER. Network Virtualization: A Data Plane Perspective WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable

More information

VMware vsphere 5.0 Evaluation Guide

VMware vsphere 5.0 Evaluation Guide VMware vsphere 5.0 Evaluation Guide Advanced Networking Features TECHNICAL WHITE PAPER Table of Contents About This Guide.... 4 System Requirements... 4 Hardware Requirements.... 4 Servers.... 4 Storage....

More information

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure August 2015 Table of Contents 1 Introduction... 3 Purpose... 3 Products... 3

More information

NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure W h i t e p a p e r NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure Table of contents Executive Summary.... 3 Cloud Computing Growth.... 3 Cloud Computing Infrastructure

More information

Microsegmentation Using NSX Distributed Firewall: Getting Started

Microsegmentation Using NSX Distributed Firewall: Getting Started Microsegmentation Using NSX Distributed Firewall: VMware NSX for vsphere, release 6.0x REFERENCE PAPER Table of Contents Microsegmentation using NSX Distributed Firewall:...1 Introduction... 3 Use Case

More information

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack Solution Overview Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack What You Will Learn Cisco and Canonical extend the network virtualization offered by the Cisco Nexus 1000V

More information

vshield Quick Start Guide

vshield Quick Start Guide vshield Manager 5.0.1 vshield App 5.0.1 vshield Edge 5.0.1 vshield Endpoint 5.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Network Virtualization with Dell Infrastructure and VMware NSX

Network Virtualization with Dell Infrastructure and VMware NSX Network Virtualization with Dell Infrastructure and VMware NSX A Dell-VMware Reference Architecture July 2015 A Dell-VMware Reference Architecture Revisions Date Description Authors 7/09/15 Version 2.0

More information

Brocade One Data Center Cloud-Optimized Networks

Brocade One Data Center Cloud-Optimized Networks POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere

More information

CONNECTING PHYSICAL AND VIRTUAL WORLDS WITH VMWARE NSX AND JUNIPER PLATFORMS

CONNECTING PHYSICAL AND VIRTUAL WORLDS WITH VMWARE NSX AND JUNIPER PLATFORMS White Paper CONNECTING PHYSICAL AND VIRTUAL WORLDS WITH WARE NSX AND JUNIPER PLATFORMS A Joint Juniper Networks-ware White Paper Copyright 2014, Juniper Networks, Inc. 1 Connecting Physical and Virtual

More information

Avaya VENA Fabric Connect

Avaya VENA Fabric Connect Avaya VENA Fabric Connect Executive Summary The Avaya VENA Fabric Connect solution is based on the IEEE 802.1aq Shortest Path Bridging (SPB) protocol in conjunction with Avaya extensions that add Layer

More information

Ethernet Fabrics: An Architecture for Cloud Networking

Ethernet Fabrics: An Architecture for Cloud Networking WHITE PAPER www.brocade.com Data Center Ethernet Fabrics: An Architecture for Cloud Networking As data centers evolve to a world where information and applications can move anywhere in the cloud, classic

More information

SDN v praxi overlay sítí pro OpenStack. 5.10.2015 Daniel Prchal daniel.prchal@hpe.com

SDN v praxi overlay sítí pro OpenStack. 5.10.2015 Daniel Prchal daniel.prchal@hpe.com SDN v praxi overlay sítí pro OpenStack 5.10.2015 Daniel Prchal daniel.prchal@hpe.com Agenda OpenStack OpenStack Architecture SDN Software Defined Networking OpenStack Networking HP Helion OpenStack HP

More information

"Charting the Course...

Charting the Course... Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content

More information

TRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems

TRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems for Service Provider Data Center and IXP Francois Tallet, Cisco Systems 1 : Transparent Interconnection of Lots of Links overview How works designs Conclusion 2 IETF standard for Layer 2 multipathing Driven

More information

Juniper / Cisco Interoperability Tests. August 2014

Juniper / Cisco Interoperability Tests. August 2014 Juniper / Cisco Interoperability Tests August 2014 Executive Summary Juniper Networks commissioned Network Test to assess interoperability, with an emphasis on data center connectivity, between Juniper

More information

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...

More information

vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product?

vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product? CHEAT SHEET INTERNAL USE ONLY VMware vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product? VMware has combined its security and advanced networking

More information

Scalable Approaches for Multitenant Cloud Data Centers

Scalable Approaches for Multitenant Cloud Data Centers WHITE PAPER www.brocade.com DATA CENTER Scalable Approaches for Multitenant Cloud Data Centers Brocade VCS Fabric technology is the ideal Ethernet infrastructure for cloud computing. It is manageable,

More information

Implementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**

Implementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track** Course: Duration: Price: $ 4,295.00 Learning Credits: 43 Certification: Implementing and Troubleshooting the Cisco Cloud Infrastructure Implementing and Troubleshooting the Cisco Cloud Infrastructure**Part

More information

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...

More information

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds February 2011 1 Introduction Today's business environment requires organizations

More information

NSX Administration Guide

NSX Administration Guide NSX 6.1 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Virtual PortChannels: Building Networks without Spanning Tree Protocol

Virtual PortChannels: Building Networks without Spanning Tree Protocol . White Paper Virtual PortChannels: Building Networks without Spanning Tree Protocol What You Will Learn This document provides an in-depth look at Cisco's virtual PortChannel (vpc) technology, as developed

More information

Visibility into the Cloud and Virtualized Data Center // White Paper

Visibility into the Cloud and Virtualized Data Center // White Paper Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.

More information

CloudEngine 1800V Virtual Switch

CloudEngine 1800V Virtual Switch CloudEngine 1800V Virtual Switch CloudEngine 1800V Virtual Switch Product Overview Huawei CloudEngine 1800V (CE1800V) is a distributed Virtual Switch (vswitch) designed by Huawei for data center virtualization

More information

VMware Virtual Networking Concepts I N F O R M A T I O N G U I D E

VMware Virtual Networking Concepts I N F O R M A T I O N G U I D E VMware Virtual Networking Concepts I N F O R M A T I O N G U I D E Table of Contents Introduction... 3 ESX Server Networking Components... 3 How Virtual Ethernet Adapters Work... 4 How Virtual Switches

More information

Pluribus Netvisor Solution Brief

Pluribus Netvisor Solution Brief Pluribus Netvisor Solution Brief Freedom Architecture Overview The Pluribus Freedom architecture presents a unique combination of switch, compute, storage and bare- metal hypervisor OS technologies, and

More information

Building the Virtual Information Infrastructure

Building the Virtual Information Infrastructure Technology Concepts and Business Considerations Abstract A virtual information infrastructure allows organizations to make the most of their data center environment by sharing computing, network, and storage

More information

Palo Alto Networks. Security Models in the Software Defined Data Center

Palo Alto Networks. Security Models in the Software Defined Data Center Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling

More information

Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro

Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro Whitepaper What s wrong with today s clouds? Compute and storage virtualization has enabled

More information

Remote PC Guide Series - Volume 1

Remote PC Guide Series - Volume 1 Introduction and Planning for Remote PC Implementation with NETLAB+ Document Version: 2016-02-01 What is a remote PC and how does it work with NETLAB+? This educational guide will introduce the concepts

More information

Cisco Virtual Topology System: Data Center Automation for Next-Generation Cloud Architectures

Cisco Virtual Topology System: Data Center Automation for Next-Generation Cloud Architectures White Paper Cisco Virtual Topology System: Data Center Automation for Next-Generation Cloud Architectures 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

More information

Multitenancy Options in Brocade VCS Fabrics

Multitenancy Options in Brocade VCS Fabrics WHITE PAPER DATA CENTER Multitenancy Options in Brocade VCS Fabrics As cloud environments reach mainstream adoption, achieving scalable network segmentation takes on new urgency to support multitenancy.

More information