Editor's note:VMware is the September winner of the SearchNetworking.com Network Innovation Award. VMware has added...
a vast array of features to its vSphere networking and vCloud Networking strategies that could forever change the way IT organizations network virtual environments and the cloud.
Only last year, VMware would not have been considered a networking company, yet this year it has been dubbed by the press a key Cisco competitor.
The hype has mostly spun from VMware's $1.2 billion acquisition of network virtualization innovator Nicira. But just as notably, over the past couple of years, VMware went from having a small set of hypervisor-based networking features to a complex portfolio that includes distributed switching, overlay technology for Layer 2 over Layer 3 networking, and cloud networking that integrates into the overall cloud management stack.
VMware's networking technology will change the role of the network and its engineers in virtualization and the cloud. Where the network was once the bottleneck to the server virtual environment, it is now seen as the central artery for the virtual world, and network pros are key players.
It is for these new networking features and the role of transforming the network in virtualization that SearchNetworking recognizes VMware's vSphere, vSphere Distributed Switch and vCloud Network and Security for its September Network Innovation Award. In this Q&A, Milin Desai, VMware's director of product management, networking, details the inner workings of VMware's networking strategy.
Please outline the basic components of VMware networking.
Milin Desai: VMware networking delivers software defined networking via network virtualization. The ability to decouple the network from underlying physical constructs enables us to provide the same properties of agility and scale in the network similar to what virtualization did to compute. The key components of the solution are:
- The VMware vSphere Distributed Switch, which abstracts the physical network and provides access-level switching in the VMware vSphere hypervisor.
- The VMware vCloud Network and Security solution, which furthers the constructs of network virtualization by enabling logical networks independent of physical constructs like VLANs. Logical networks are created using an open, industry-standard protocol called VXLAN, which is independent of physical network topology and allows the creation of logical networks aligned with compute boundaries.
- A rich set of logical network services delivered in software over any x86 hardware. The Edge Gateway, part of vCloud Networking and Security, delivers load balancing, firewalling, VPN, NAT and DHCP in a virtual appliance form factor per tenant/application. In addition, a distributed firewall provides security closest to the workload at the virtual NIC with scalable rule management, leveraging not only IP-level rules but also allowing the use of vCenter objects.
- The vCloud Ecosystem Framework allows the insertion of third-party services such as application delivery, WAN optimization and intrusion prevention in these logical networks at the virtual machine or on a per tenant/application basis. This includes not just data plane orchestration, but also management plane orchestration to provide consistent and uniform ways for services provisioning and consumption at the vCloud level.
- VShield Manager, which provides the management plane to orchestrate these logical network [services] via REST APIs or via a vCenter-based UI plug-in. These network constructs can be orchestrated alongside compute and storage to deliver virtual data centers that can be backed by multi-cluster compute, multiple tiers of storage and logical network, and security services via VMware vCloud Director in a matter of minutes.
How does the vSphere Distributed Switch play a role in centralized provisioning of the virtual network?
Desai: A single VMware vSphere Distributed Switch provides a uniform virtual access switch across up to 500 hosts. Once in place, it enables the creation of logical networks with a rich set of switching services providing connectivity and live mobility across the hosts, while maintaining network metadata as the virtual machine moves. It simplifies provisioning of workloads and networks, and provides immense cost savings from an operational point of view by reducing the number of touch points for provisioning.
VMware announced new features to its vSphere Distributed Switch at VMworld this year. What are those new features, and what challenges do they address?
Desai: This year's release of VMware vSphere Distributed Switch focuses on three key areas: virtualization operations management, network operations and scale.
Virtualization Operations Management: This includes the Network Health Check feature, which proactively reports on virtual and physical network configuration inconsistencies. This year's release focuses on VLAN, MTU [maximum transmission unit], and teaming issues across virtual and physical.
Network Operations: This includes Rollback and Recovery features that provide connectivity to the hosts via the management network, which is critical in a virtual environment. This release enables two key things: rollback of the management network to the last known good configuration in case of a misconfiguration by an end user that results in connectivity loss, and simplified hosts level recovery of the management network.
Read more about VMware networking
VMware networking CTO on SDN and OpenFlow
Pre-acquisition, Nicira called itself the VMware of networking
vSphere networking tools can help gain control of virtualization
Five exciting vSphere networking tools
The upgrade also focused on VDS templates/backup and restore features, which include the ability to templatize network configuration and use it to create new instances, or restore it in case of a complete database loss in vCenter. In addition, one-click rollback has been added to revert back to the last known configuration.
Finally, the upgrade focuses on better troubleshooting, which includes the addition of RSPAN/ERSPAN to close the gap in relation to network operators needing a mechanism to get access to packets in the virtual layer. Also enhanced is the support for Netflow supporting IPFIXv10 (aka Netflow v10), enabling the addition of custom fields like VXLAN Virtual Network ID (VNI) that help in better troubleshooting of overlay networks. Lastly, SNMP MIB support for VMware vSphere Distributed Switch allows monitoring of the virtual switching layer with standardized toolsets.
Scale: [Now] a single distributed switch can scale to 500 hosts, support 10,000 networks and 60,000 virtual ports. A single vCenter instance can support up to 128 instances of VMware vSphere Distributed Switch useful in a Remote Office Branch Office scenario (ROBO). In addition, the notion of elastic port groups was introduced, whereby a logical network can be created with a small number of ports and expand as more virtual machines are added to it dynamically.
Along with the above, we also introduced LACP for standards-based link aggregation, SR-IOV for low latency/high performance IO access, and MAC Address Management to avoid duplicate MAC addresses in highly scaled environments.
How does the vSphere Distributed Switch play a role in monitoring and troubleshooting?
Desai: VMware vSphere Distributed Switch has multiple new features that allow comprehensive troubleshooting and monitoring in virtual networks. Multiple port mirroring options, such as SPAN, RSPAN and ERSPAN allow packet analysis to be done at a local or remote analyzer. IPFIX (Netflow v10) with VXLAN templates allows detailed flow analysis of all virtual traffic. SNMP v3 allows for secure inventory management, virtual network mapping and control.
Why the need for network virtualization and software defined networking in a server virtualization environment?
Desai: While compute has been virtualized and pooled, network and security architectures have not kept pace with the virtualization of the data center. They are rigid, complex and create a costly barrier to realizing the full agility of cloud computing. A virtual machine can be provisioned in a matter of minutes, but "surrounding" that virtual machine with all the necessary network and security services still takes days. Current network and security architectures not only reduce efficiency, but also limit the ability of enterprises to rapidly deploy, move, scale and protect applications and data based on business needs.
Network virtualization helps overcome these data center challenges. Just as VMware vSphere abstracted compute capacity from the server hardware to create virtual pools of resources that can be consumed as a service, network virtualization abstracts the network into a generalized pool of network capacity. The unified pool of network capacity can then be optimally segmented into logical networks directly attached to specific applications. Customers can create logical networks that span of physical boundaries, optimizing compute resource utilization across clusters and pods. Unlike legacy architectures, logical networks can be scaled without reconfiguring the underlying physical hardware. Customers can also integrate higher-level services, such as firewalls, VPNs and load balancers, and deliver these services exactly where needed. Single-pane-of-glass management for all these services further reduces the cost and complexity of data center operations.
How will the Nicira technology play into vSphere?
Desai: Network virtualization is already supported by VMware in the current offering of vSphere Nicira, which is designed for multi-hypervisor and non-vCloud environments. VMware and Nicira offerings will be brought together to offer a comprehensive network virtualization solution across any platform in the data center.
In part two of this Q&A with VMware's director of network product marketing, read more VMware networking details related to VXLAN overlays and vCloud features.