How VMware NSX network virtualization could change networking -- or not
A comprehensive collection of articles, videos and more, hand-picked by our editors
With its NSX network virtualization platform, VMware has a product that could either bring peace or mass destruction...
to the world of data centers.
At VMworld last week, VMware pitched NSX to its core constituency of system and virtualization admins as a tool that can finally get the networking team out of the way. System admins may be happy to hear that, but many networking pros see a potential hostile takeover of their turf, which could create conflict in the data center.
"To me it just feels like the VMware NSX folks are saying the network is the biggest problem," said network engineer and blogger Tom Hollingsworth. "If you are going to blame the network for all the problems that we've been dealing with for years, give us a solution that works with the people who have been trying to fix this the whole time. Don't tell me that I'm the problem and that you'll just fix it and go around me."
Many network engineers fear server admins empowered by NSX will usurp control of the network. Among their chief concerns: all kinds of flows will be flying across the wire and the network team will have no visibility into them.
"There's going to be a lot of animosity," said Josh Barron, a systems engineer at a systems integrator in the Pacific Northwest. But there doesn't have to be, he added.
"VMware can pitch this to network engineers by saying there are things here you don't need to waste your time on," Barron said. "These [virtualization] guys want to get from subnet A to subnet B, and NSX makes it easier to do that without having to run through a lot of networking hoops. If VMware can push it in that direction and make network engineers more comfortable with it, you'll see some adoption of the higher-end features in the NSX stack, and network engineers can get rid of some tedious tasks."
Many systems engineers do see the networking team as being in the way, but they also think hypervisors have lacked some important network functionality -- and NSX addressed that.
"On the systems engineering side, I look at it as a way to extend the missing features that some systems engineers -- who have networking experience -- have always wanted in the hypervisor," Barron said.
Barron is currently helping a large university build a private cloud. This project is extremely complex because the university comprises different schools with different routing and networking requirements.
"Before, we were completely relying on the networking team to span subnets, and they were leery because to get from one part of the cloud to another, we had to go in and out of the hypervisor stack. [With NSX], now we can stay completely within the cloud to make these kinds of routing changes," Barron said.
VMware NSX: A tool for peace, not war
Yet systems teams that use NSX to work around networking teams will be making a big mistake, according to data center network engineer and blogger Matt Oswalt. Instead, they should use it for collaboration.
"The general feeling is that there is still an us-versus-them approach when it comes to networking and servers. I don't think [NSX] will work too well for those who use it as a weapon," Oswalt said. "This is a product that should pull [the networking and systems] silos together and allow them to manage the network together."
VMware has seen the value of this collaboration play out in early customer engagements, according to Martin Casado, chief networking architect for VMware and founder of Nicira, whose Network Virtualization Platform is the basis of NSX. About half the buyers of early versions of the technology have been networking pros, while the other half are server and virtualization pros. But Casado said the most successful NSX projects are the ones where both teams are working side by side.
VMware should pitch NSX as a tool that allows networking engineers to do things differently, Oswalt said. First, they no longer need to deal with a backlog of change tickets from the virtualization admins who are spinning up new virtual machines and moving them everywhere. Instead, they can let the server group deal with those operations while maintaining a certain degree of oversight. Second, and more important, an overlay like NSX allows the networking team to simplify the physical network.
"We can use the overlay to make our underlay much simpler," he said. "We don't have to keep using VLANs [virtual local area networks]. We can convert our networkn into something that is very simple and IP-based. One of the advantages of this is you don't have to mess with Layer 2 as much. The only requirement [from the overlay] is that you have an IP network. That's it. You can make that as Layer 3 or not as Layer 3 as you want."
But pushing Layer 3 all the way to the edge of a physical data center network will require an IT organization to commit to the overlay. When subnets are eliminated from the physical infrastructure, the multi-tenancy and segmentation provided by Layer 2 boundaries are gone, Oswalt said. Collaboration between systems and networking via a tool like NSX becomes essential.
From this perspective, NSX has the potential to make life much more interesting for networking professionals. Instead of responding to tickets from the systems team for such elements as new IP addresses or VLANs, network engineers can focus on building out a robust network fabric, maximizing scale, bandwidth and stability.
Talk it out: Minimize network virtualization disruption
A technology like NSX has the potential to disrupt the operational models of many IT organizations, which highlights even further why collaboration is the way to go.
"It's going to cause problems," said Nick Buraglio, lead network engineer at a large Midwestern university. "You have to have good communications within all your groups. This is where the ITIL stuff is going to cause nothing but headaches, because NSX is blurring the lines between server, network and security. When the networking bits are virtualized, who runs that? The networking folks? The server folks? Do they actually talk?"
Buraglio has seen outages pile up when the server team starts tagging and untagging ports. VMware needs to engage directly with the networking world because tight coordination is the only way that an organization can survive when multiple teams are managing the same pieces of infrastructure, he said.
"VMware needs to get networking folks involved in touching the virtual machine infrastructure so it doesn't cause roadblocks later," Buraglio said. "Roadblocks will happen because [networking pros] don't trust server guys."
A peaceful transition not only helps the customer, but it also makes good business sense, according to Eric Hanselman, research director with New York-based 451 Research.
"We are seeing convergence battles on all fronts within IT," he said. "We saw it years ago with telephony moving into data networks. We've seen it with storage convergence. We've started to see it with compute and networking teams. The winner [inside the IT organization] is going to send their money to either VMware or Cisco. We see that today. It's why Cisco has a thriving Fibre Channel switch business. The storage guys tend to buy Brocade and the networking guys tend to buy Cisco."
Let us know what you think about the story; email: Shamus McGillicuddy, news director.
VMware NSX sparks lots of debate on Twitter
Take our quiz on VMware NSX's features
How does VMware NSX change network virtualization?