ipv6 best operational practices of network functions ... · pdf fileipv6 best operational...
TRANSCRIPT
![Page 1: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/1.jpg)
![Page 2: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/2.jpg)
IPv6 Best Operational Practices of Network Functions Virtualization
(NFV) With Vmware NSX
Jeremy Duncan Tachyon Dynamics
![Page 3: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/3.jpg)
Overview
• NSX as it pertains to NFV
• How NSX works
• NSX IPv6 Capabilities & Limitations
• How to deploy IPv6 on NSX
• Using IPv6 on NSX
• IPv6 NSX Demo!
![Page 4: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/4.jpg)
BLUF
• NSX for IPv6 not ready for production…
![Page 5: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/5.jpg)
NSX is NFV
• NSX is Vmware’s answer to Network Functions Virtualization (NFV)
• NSX came from Nicira acquisition • It provides the same capabilities
– Distributed switching – Logical routing – Distributed firewalling – Logical load-balancing – VXLAN tunneling – VPN tunneling services
• Very comparable to OpenStack’s Neutron
![Page 6: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/6.jpg)
NSX is NFV, cont.
• It provides this by pushing networking to the hypervisor and managing it with a controller
NSX
Logical router
Logical switch
Auto-ProvisionedFirewall
Auto-ProvisionedFirewall
Auto-ProvisionedFirewallAuto-Provisioned
Firewall
Logical switch
Logical switchLogical switch
Logical routerLogical router
Logical router
NFV
Controller
ClusterNFV
Manager
![Page 7: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/7.jpg)
How NSX Works
• Prerequisites
– Vmware Vcenter server 5.5+
– Vmware ESXi hypervisor 5.5+
– Vmware Virtual Distributed Switch (vDS)
– All ESXi hosts must:
• Be in a Datacenter Cluster
• Use vDS version 5.5
– Uplinks and vDS MTU 1550+
• 50 bytes for VXLAN
![Page 8: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/8.jpg)
How NSX Works, cont.
• An NSX Manager installs all of the components
– NSX Controllers
– VXLAN transport interfaces
– Distributed firewall
– Edge Services Gateway
• The NSX Controllers install all of the virtual networking on the ESXi hosts in a cluster
![Page 9: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/9.jpg)
How NSX Works, cont.
![Page 10: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/10.jpg)
How NSX Works, cont.
• VXLAN Transport interfaces created
• NFV tools to deploy:
– Logical virtual switches
– Logical virtual firewalls
– Logical virtual routers
– Logical virtual-load balancers
– VPN services
![Page 11: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/11.jpg)
How NSX Works, cont.
ESXi host
Physical layer-2
switch
Virtualfirewall Virtual
firewall
VM1VM2
Logical virtual switch
Vmware vDS
802.1q Trunk:v10 – ESX managementv20 – vMotionv10 – Data VLAN
VLAN 10 – Data Transit VLANVXLAN subnets**all routed internally
Logical virtual router
Gateway for VXLAN subnets-10.0.0.1-192.168.0.1-etc...
Edge Services Gateway
![Page 12: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/12.jpg)
IPv6 Capabilities with NSX
• Edge Services Gateway (ESG) can route all IPv6 traffic over VXLAN Tunnel Interfaces
• Full support for IPv6 firewall rule creation
• IPv6 routing on ESG can support full static routing
• Full support for IPv6 load-balancing
![Page 13: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/13.jpg)
IPv6 Limitations with NSX
• VXLAN “underlay” network is IPv4 only
• Logical virtual router does not support IPv6 addressing or routing
– Edge Services Gateway (ESG) must route all IPv6
• ESG does not have support for IPv6 routing protocols (BGP, OSPFv3, etc)
• ESG does not send Router Advertisements or have DHCPv6 relay functionality
![Page 14: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/14.jpg)
How To Deploy IPv6 on NSX
• Create IPv6-enabled VXLAN Tunnel Interfaces (VTI) on the Edge Services Gateway
• On the Logical Virtual Switch ensure this subnet is added as a VTI in Vcenter
• Attach the VTI to the virtual machine (VM)
• Configure IPv6 firewall rules for each VM
• Configure the IPv6 address on the VM
![Page 15: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/15.jpg)
Using IPv6 on NSX
• Provision a Logical Switch
![Page 16: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/16.jpg)
Using IPv6 on NSX
• Provision an Edge Services Gateway
Uplink Internal
![Page 17: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/17.jpg)
Using IPv6 on NSX
• Configure ESG routing (static)
Default Route
![Page 18: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/18.jpg)
Using IPv6 on NSX
• Configure physical route uplink routing
Static Route for /60
![Page 19: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/19.jpg)
Using IPv6 on NSX
• Attach a virtual machine to the Logical Switch & address with 2001:470:e073:91::/64 subnet
![Page 20: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/20.jpg)
Using IPv6 on NSX
• All happy to Google
![Page 21: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/21.jpg)
Using IPv6 on NSX
• And this is what it all looks like…
ESXi host
Cisco 3750G
Virtualfirewall Virtual
firewall
VM1VM2
Logical virtual switch
NFV
Controller
Cluster
NFV
Manager
Vmware vDS
802.1q Trunk - LACP:v98 – ESX managementv98 – vMotionv90 – Data VLAN
VLAN 5000 – Data Transit VLANVXLAN subnets**all routed internally
Gateway for VXLAN subnets-10.91.0.0/24-200:470:e073:91::/64Edge Services Gateway
Uplink – VLAN 90-10.90.0.4/24-200:470:e073:90::4/64
Cisco 3945
![Page 22: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/22.jpg)
IPv6 with NSX Demo!
• Using the Vcenter Web Console
• Tachyon Dynamics live network!
![Page 23: IPv6 Best Operational Practices of Network Functions ... · PDF fileIPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon](https://reader031.vdocuments.us/reader031/viewer/2022021817/5a9e53527f8b9a2e688d9112/html5/thumbnails/23.jpg)
Questions?
Jeremy Duncan
Tachyon Dynamics
Twitter @nacnud or @TachyonDynamics
Email [email protected]
Website https://www.tachyondynamics.com