vmworld 2013: multi-site deployments with network virtualization
DESCRIPTION
VMworld 2013 Dimitri Desmidt, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshareTRANSCRIPT
Multi-site Deployments with Network Virtualization
Dimitri Desmidt, VMware
SEC5582
#SEC5582
2
Agenda
Why Enterprise has multiple sites?
Challenges with physical network when building multiple sites
How Network Virtualization can help?
How Network Virtualization works with multiple sites?
Demo
3
Agenda
Why Enterprise has multiple sites?
Challenges with physical network when building multiple sites
How Network Virtualization can help?
How Network Virtualization works with multiple sites?
Demo
4
Why Enterprise Has Multiple Sites?
Business Continuity
5
Why Enterprise Has Multiple Sites?
Performance
• Scale
• Speed
6
Why Enterprise Has Multiple Sites?
And also … just happens
• Acquisitions
• Specific Data Center per department
• Burst "to the Cloud"
Important Note:
However those applications hosted in different data centers need to access
common services (backup, centralized report/log servers, etc) hosted in one
data center.
7
Agenda
Why Enterprise has multiple sites?
Challenges with physical network when building multiple sites
How Network Virtualization can help?
How Network Virtualization works with multiple sites?
Demo
8
Challenges With Physical Network When Building Multiple Sites
We all live in 1 world
This brings challenges
to humans
• Timezone
• Language
• Culture
• etc
So do Apps!
Multi-DC brings challenges too
• To Network
• To Storage replication
DMZ
App
DB
Storage
DMZ
App
DB
Storage
WAN DC1 DC2
9
Agenda
Why Enterprise has multiple sites?
Challenges with physical network when building multiple sites
How Network Virtualization can help?
How Network Virtualization works with multiple sites?
Demo
10
DMZ
App
DB
Storage
WAN
DMZ
App
DB
Storage
How Network Virtualization Can Help?
What if…
"Virtual secured*
L2 wire"
between those 2
"Virtual Ports"
*: security rules +
traffic encrypted
between DC
(IPSEC)
"Virtual Port"
on those 2
subnets/VLAN
Important Note:
No requirement on
the physical fabric!
DC2 DC1
11
DMZ
App
DB
Storage
WAN
How Network Virtualization can help?
What if…
"Virtual Port"
on those 2
subnets/VLAN
"Virtual secured*
L3 wire"
between those 2
"Virtual Ports"
*: security rules +
traffic encrypted
between DC
(IPSEC)
Important Note:
No requirement on
the physical fabric!
DC2 DC1
DNS / DHCP
Mail syslog
12
WAN
DMZ
App
DB
Storage
How Network Virtualization Can Help?
What if… Important Note:
No requirement on
the physical fabric!
Cloud Provider Customer1
"Virtual Port"
on those 2
subnets/VLAN
"Virtual secured*
L2 wire"
between those 2
"Virtual Ports"
*: security rules +
traffic encrypted
between DC
(IPSEC)
13
So is stretching VLANs the same as Network Virtualization?
Obviously not (at least for VMware!)
Network Virtualization offers the ability to move all the network
services in an abstraction/software layer completely decoupled
from the physical infrastructure
• Network services are: L2, L3, NAT, FW, SLB, VPN, QoS
And as importantly
• Can be fully orchestrated/automated
• So it can be integrated in any Cloud Management Platform solution managing
the 3 elements of a Cloud: Compute/Storage/Network
14
Agenda
Why Enterprise has multiple sites?
Challenges with physical network when building multiple sites
How Network Virtualization can help?
How Network Virtualization works with multiple sites?
Demo
15
DC1 DC2
How Network Virtualization works with multi-sites
VLAN 101
VM VM
VM
VLAN 102
VLAN 103 VLAN 201
VM VM
VM
VLAN 202
VLAN 203
WAN
802.1Q 802.1Q
NSX
Controller
Cluster
NSX
Gateways
16
How Network Virtualization is different from "legacy" approach?
"legacy" approach
• Rely on vendor hardware / propriatory
solution
• Add new hardware/protocol
• Chocke points
• Manually driven/configured
• And more importantly, 1 hardware
solution replies to 1 need (such as L2
streching) but will need another
solution for another need (such as L3)
Network Virtualization
• Decoupled from physical
infrastructure
• Simplicity
• Scalability
• Automation
• Same solution covers all network
service needs
17
How Network Virtualization works with multi-sites (Active/Standby)
DC1 DC2
VLAN 100 VLAN 100
Active Standby Standby Standby
VRRP Group 1 VRRP Group 1
Interconnect
VM1-IP@ Internet
VM1-IP@ (NAT) Internet
VM3-IP@ Internet
VM3-IP@ (NAT) Internet
NSX-GW2-IP@
NSX-GW1-IP@
encap[VM3-IP@ Internet]
VM3-IP@ Internet
WAN
Internet
VM VM VM VM
18
How Network Virtualization works with multi-sites (Active/Standby)
DC1 DC2
VLAN 100 VLAN 100
Active Standby Standby Standby
VRRP Group 1 VRRP Group 1
Interconnect
VM1-IP@ VM3-IP@
NSX-GW2-IP@
NSX-GW1-IP@
encap[VM1-IP@ VM3-IP@]
WAN
Internet
VM1-IP@ VM3-IP@
VM VM VM VM
19
VLAN 100 VLAN 100
Active Standby Active Standby
VRRP Group 1 VRRP Group 1
Interconnect
VRRP
Filtering
VRRP
Filtering
VM1-IP@ Internet
VM1-IP@ (NAT) Internet
VM3-IP@ Internet
VM3-IP@ (NAT) Internet
How Network Virtualization works with multi-sites (Active/Active)
DC1 DC2
WAN
Internet
VM VM VM VM
20
How Network Virtualization works with multi-sites (Active/Active)
DC1 DC2
Active Standby Standby
VRRP Group 1 VRRP Group 1
Interconnect
VM1-IP@ VM3-IP@
NSX-GW2-IP@
NSX-GW1-IP@
encap[VM1-IP@ VM3-IP@]
WAN
Internet
VM1-IP@ VM3-IP@
VRRP
Filtering
VRRP
Filtering
VLAN 100 VLAN 100
Active
VM VM VM VM
21
Agenda
Why Enterprise has multiple sites?
Challenges with physical network when building multiple sites
How Network Virtualization can help?
How Network Virtualization works with multiple sites?
Demo
22
Lab
DC1 DC2
VLAN 101 / 10.1.1.0/24 VLAN 201 / 10.1.1.0/24
Active Standby
VLAN 301 / 10.3.1.0/24 VLAN 301 / 10.3.1.0/24
Active Standby
WAN router WAN router
WAN
Internet
Web Server:
40.1.1.100
.1 .1
.11 .12
.11 .12
23
Lab – Virtual L2 between 2 remote VLAN
DC1 DC2
VLAN 101 / 10.1.1.0/24 VLAN 201 / 10.1.1.0/24
VLAN 301 / 10.3.1.0/24 VLAN 301 / 10.3.1.0/24
WAN router WAN router
WAN
Internet
Web Server:
40.1.1.100
VRRP
Filtering
NSX
Controllers
Cluster .1 .1
.11 .12
.11 .12
NSX GW-DC2 NSX GW-DC1 Active Standby Standby Active
24
Lab – Local North/South traffic
DC1 DC2
VLAN 101 / 10.1.1.0/24 VLAN 201 / 10.1.1.0/24
VLAN 301 / 10.3.1.0/24 VLAN 301 / 10.3.1.0/24
WAN router WAN router
WAN
Internet
Web Server:
40.1.1.100
VRRP
Filtering
NSX
Controllers
Cluster .1 .1
.11 .12
.11 .12
NSX GW-DC1 Active Standby
NSX GW-DC2 Active Standby
25
Lab – vMotion support
DC1 DC2
VLAN 101 / 10.1.1.0/24 VLAN 201 / 10.1.1.0/24
VLAN 301 / 10.3.1.0/24 VLAN 301 / 10.3.1.0/24
WAN router WAN router
WAN
Internet
Web Server:
40.1.1.100
VRRP
Filtering
NSX
Controllers
Cluster .1 .1
.11 .12
.11 .12
Active Standby NSX GW-DC1 NSX GW-DC2
Active Standby
26
“Fast is the new better,
Fast is the new cheaper,
Faster is the new faster!”
Chris Launey
28
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1302
vSphere Distributed Switch from A to Z
SEC5582
THANK YOU
Multi-site Deployments with Network Virtualization
Dimitri Desmidt, VMware
SEC5582
#SEC5582