Session NET1674
Network virtualization – You decouple the network from the underlying hardware. In software you replicate all of the network functionality (faithful reproduction).
NSX Platform – Support multiple hypervisors (vSphere, KVM, XenServer). To get out of the network you have the NSX Edge, which terminates traffic.
Connecting the physical to the virtual
- Supports third-party hardware. Use physical termination for super high throughput, or services that aren’t yet virtualized. Controller talks to the physical controller via the OVSDB protocol. Open-vSwitch database protocol.
- Uses the IP underlay network (no multicast required)
- Supports VXLAN tunnels to/from the virtual networks to the physical controller
Distributed Logical Rotuing (P-V)
- NSX is now moving up the protocol stack to L3
- Fully distributed implementation of routing among the vSwitch and the ToR switch, depending on packet flow
- Goes through a demo of how a packet routes from a VM to a physical server
VTEP Futures
- Bi-directional Forwarding Detection  health monitoring
- ACL Configuration on physical ports
- QoS – DSCP setting
- Higher layer services (e.g. Application Delivery Controllers)
Handling Elephant Flows
- High bandwidth and long lived flow that can cause congestion on the network
- Detect elephants (count packets per second)
- Do something with them: Mark with DSCP, put them in a separate queue, route along their own path, convert to mice
- Shows a graph where without elephant detection packet latency is 8-9ms for large flow, and 3ms for small flow. With ED on, latency for the mice drops to sub-ms while latency for elephant remains the same.
Tunneling
- Networking people love to argue about this
- Tunnels matter for interop, extensibility, performance, visibility
- Enter Geneve (Generic Network Virtualization Encapsulation): VMware, Microsoft, Red Hat and Intel are onboard with it
- It will take longer for third party hardware to support Geneve
- Goal of Geneve is that we don’t need another encap protocol for a long, long time
- We mix and match STT & VXLAN today
Service Chaining
- Creating a graph of services (.e.g load balance, firewall, WAN optimize, etc.)
- Network virtualization provides a natural way to do this in an automated manner
- Often need to pass metadata along the chain – Geneve provides a reasonable option
- Can selectively redirect packets to a third party processor like a physical Palo Alto firewall or virtual firewall
Multi-site network virtualization
- We support some multi-site scenarios today: e.g. stretched metro cluster
- Snapshot, clone, and restore network changes across locations: Great for DR too
- Shows a slide of a spectrum of options from single DC federation, then Metro area DCs, then geographically dispersed DCs
- Shows a connection from NSX edge to a MPLS core
- Multi-site using MP-BGP – extends a virtual network across the WAN
