Home > Blogs > The Network Virtualization Blog

Deploying VMware NSX on Cisco Nexus 9000 & Cisco UCS Infrastructure

As VMware NSX gains broader adoption, we have heard many customer requests for guidance to help them run NSX on top of the latest Cisco infrastructure, namely Cisco UCS and Nexus 9000 series switches.

With customers choosing the benefits of VMware NSX along with the Software Defined Data Center (SDDC), the underlying hardware (Ethernet fabric, x86 compute, etc) provides reliable, resilient capacity, but the configuration, state and advanced features move to faster, more flexible software. The requests were for deploying NSX with Cisco infrastructure running in a standard IP-based fabric with the Nexus 9000’s in standalone mode (NX-OS Mode), as opposed to the proprietary ACI Mode. As with any IP fabric, VMware NSX works great with Nexus 9000 as the underlay. The combination of VMware NSX and Nexus 9000 in standalone mode enables the benefits customers have chosen to embrace with the SDDC.

We had previously put out a design guide on deploying VMware NSX with Cisco UCS and Nexus 7000 to help deploy NSX in current environments. Today we are putting out a new reference design for deploying VMware NSX with Cisco UCS and Nexus 9000 infrastructure, providing an easy path to the SDDC while incorporating the latest Cisco hardware.

The reference architecture along with the VMware NSX for vSphere Network Virtualization Design Guide provides guidance for network virtualization architects interested in deploying VMware NSX for vSphere for network virtualization with Cisco UCS blade servers and Cisco Nexus 9000 Series switches. It discusses the fundamental building blocks of NSX with VMware ESXi, recommended configurations with Cisco UCS and connectivity of Cisco UCS to Nexus 9000 switches.

VMware NSX on Nexus 9000

click to enlarge

VMware sees these requests as a clear indication that customers have voted clearly for the software-defined data center. Along the way, we have had many customers adopt and deploy NSX to virtualize their networks, such as Columbia Sportswear, WestJet, IlliniCloud, Synergent, JOIN Experience, TradeStation, USDA, NTT communications, PayPal, eBay, McKesson, Medtronic…I think you get the picture.

And whether the underlying network is old Cisco, new Cisco, or no Cisco, we will continue to help with valuable resources such as this to help customers succeed.

Nikhil

VCDX-NV Interview: Ron Flax On The Importance Of Network Virtualization

Ron Flax is the Vice President of August Schell, a reseller of VMware products and IT services company that specializes in delivering services to commercial accounts and the federal government, particularly intelligence and U.S. Department of Defense. RonFlaxRon is a VCDX-NV certified network virtualization professional and a VMware vExpert. We spoke with Ron about network virtualization and the NSX career path.

***

The most exciting thing about network virtualization, I think, is the transformative nature of this technology. Networks have been built the same way for the last 20 to 25 years. Nothing has really changed. A lot of new features have been built, a lot of different technologies have come around networks, but the fundamental nature of how networks are built has not changed. But VMware NSX, because it’s a software-based product, has completely altered everything. It enables a much more agile approach to networks: the ability to automate the stand-up and tear-down of networks; the ability to produce firewalling literally at the virtual network interface. And because things are done at software speed, you can now make changes to the features and functions of networking products at software speed. You no longer have to deal with silicon speed. It’s very, very exciting. With a software-based approach, you can just do so much more in such a small amount of time.

What we’re hearing from customers, at this point, is that they’re very interested to learn more. They’re at a phase where they’re ready to get their hands dirty, and they really want to understand it better. What’s driving a lot of adoption today is security, it is our foot in the door. When you speak with customers about the security aspects, the micro-segmentation capabilities, you may not even have to get to a virtual network discussion. Once you get the security aspect deployed, customers will see it in action and then a few weeks later will say, ‘Hey, you know, can you show me how the new router works?’ or ‘Can you show me how other features of NSX work?’ That’s when you can start to broaden your approach. So these compelling security stories like micro-segmentation or distributed firewalling get you in and get the deployment started, but ultimately it’s the flexibility of being able to deliver networks at speed, in an agile way, through software, through automation, that’s the home run.

I also think clients are excited about being able to deliver services more quickly to their business units. In the space I work in, the U.S. Federal Government, the workforce is typically segmented into a server team, storage team, network team, maybe a virtualization team. They haven’t gotten yet to the point where they have a cloud team, so it’s all kind of meshed together. What tends to happen in these siloed environments is the business, or the end user, is waiting on one of these factions to get their job done before they can deliver services. In a lot of cases it’s become the network team that acts as the long pole in the tent and gets things organized for getting a solution built. If they are the log jam, well…

With network virtualization it’s possible—it’s quite easy, in fact—to bring that capability to the virtualization guy, the server guy, the storage guy, or even the end user if you deliver this as a full Software-Defined Data Center or SDDC. Essentially you create a self-service interface, where the end user can actually build and create their networks for themselves. They no longer have to wait for the storage team to have enough storage, the network team to create the networks etc. They can do it themselves. So that’s a big “aha” moment for a lot of customers, They realize: ”we actually can deliver something secure, that works, and that’s isolated to the business in a reasonable amount of time.”

Seeing this transition made me realize that getting my VCDX-NV was a great opportunity. I just felt like if we were going to be in this market space, if we were going to be considered NSX experts, we had to have at least one person, if not many people, who were officially qualified by VMware. The experience was great. VMware went out of their way to really make a strong impression on us, and to invest in every candidate, to make it so that as many of us as possible would succeed and get through the process. I’m not going to say it wasn’t hard! The process is what it should be. It definitely will test you. But if you’re a network engineer, you’re going to want to learn as much as you can about networks. Certainly if you’re a CCIE and you have those skills, and you’ve passed certification for the physical network and all of the related design concepts. I would strongly advise you to get some form of NSX certification with VMware, even if it’s not the full VCDX-NV. The more you know, the more it’s going to help you. You still need to understand the underpinnings, the physical network, but you have that already, so take advantage. Learning about the software aspects of network virtualization can be instrumental in your job growth, your advancement. It’s going to help you in your career.

At the end of the day, this is technology. Technology changes very rapidly. Anybody who’s been around the technology world knows things change at a very, very quick pace. You can’t rest on your laurels. You have to retool yourself. You have to always retool yourself.

VCDX-NV Interview: Chris Miller Talks VMware NSX Certification

Chris Miller is the principal architect for AdvizeX in Columbus OH. He runs the NSX program from a technical and marketing perspective, including Chris Miller-AdvizeXenterprise pre-sales support and go-to-market strategies.

*** 

I started my career as a traditional Cisco networking guy. I spent 10 to 15 years as a network architect. But I’d been tracking what was going on in the community, with Open Flow and some of the other technologies. When I saw what VMware was doing, it got me pretty excited. I thought, ’It’s pretty revolutionary what’s going on here.’ I immediately jumped on the opportunity to take part in NSX.

In terms of enterprise customers, we weren’t initially seeing a lot of adoption in the market. Then VMware announced the Nicira acquisition, and Cisco announced what they were going to do with ACI, and heads started turning. I realized, you know, here are two of our largest partners putting their investment dollars behind this technology. And then, when I saw what NSX could do, and the benefits it could bring, it was very clear to me that this was the next wave.

What excites me most about network virtualization is that you essentially don’t have to worry about change control as much anymore. Now I can start building my services application to application. Everything is independent. I don’t have to get on the phone with folks and explain everything that I’m doing for every little change. It’s amazing. I am also excited about what this does for the private cloud. I think that the pieces that we’re missing for private cloud are primarily network and storage. We’ve had the compute for some time. This gives us a way to extract the networking pieces with NSX and the storage pieces with VMware. Now we can be hardware independent. Companies have been trying to look like Google and act like Google for years now; I think this is the technology that will finally enable them to do it.  So that is what is exciting, there is a there’s a whole new set of things for us to work on now – like private cloud.

Despite all this possibility, there are still people who aren’t convinced this is going to happen. Whether we like it or not, the industry’s changing. Networking’s changing. Even if you never did any network virtualization, you’re going to have to figure out how to integrate with the cloud—and a key component of that is the network. So us networking guys are going to have to change our skill sets, and we’re going to have to start thinking from a more converged perspective, from a cloud unintelligible perspective. By pursuing the advanced certification, you’re tooling up to understand that, and to be able to deal with what’s coming. So, to anyone who says he or she doesn’t really need to know about network virtualization, I’d say, “Ask mainframe guys how they feel about not needing to know S86.” It’s the same concept.

And getting certified now will have it’s advantages. Look at the CCIE, for example. Companies are seeking the low numbers, right? People will put ‘CCIE-50’ on their resumes. There’s a lot of prestige around that. Five years out, it’s going to be the same for VCDX-NV. So I’d say, if you can get in early, you’re getting in on a cutting-edge new technology; you’re getting a highly sought-after, well-respected certification before anybody else. Worst-case scenario? It builds your resume. Best case? It helps you tool up for the future. You’re either going to adopt, or you’re going to get left behind.

 

VCDX-NV Interview: Greg Stemberger

Greg Stemberger is an IT professional who started working in networking in 2000. Working in network operations at Sprint, he managed some of the Greg-Stemberger-Force3largest enterprise networks in the world as the Managed Services Operations Engineer focused primarily on routing and switching. He managed more than 20,000 Cisco devices in his initial role at Sprint. Greg has three CCIEs: in route/switch, security, and service provider. He’s also a member of the first group of VCDX-NV certified professionals.

What excites you about network virtualization?

Virtualization is actually nothing new to me, to be honest, because I’ve been dealing with multi-tenancy, which really in my mind, started on the WAN side where VPNs were really one of the first early versions of introducing multi-tenancy and segmentation of the network, and leveraging virtualization-type technology on hardware. It’s just fascinating to see how much that’s evolved and taken off in the compute world. Now, we’re coming back together full circle with SDN. The network is now playing catch-up with how much agility and flexibility virtualization has provided to the compute world. I believe I have been doing virtual networking for a number of years now, but obviously it’s morphed into something much more powerful today than it was five, six year ago when I was just doing virtual routing and things along those lines.

As you went through network virtualization training, did anything surprised you?

I’m amazed at how powerful the network functions have become down to compute level. I didn’t fully grasp how much flexibility is possible down to the network level in virtualization. I just assumed that you needed a piece of hardware to do that, a dedicate piece of hardware, but software has come so far that now we could potentially deliver a lot of the same capabilities at very scalable rates down on an x86 fixed platform.

How do you think getting certified in network virtualization will help traditional networking professionals in their career?

I think it’s a natural evolution that more of network intelligence is going to continue to extend into the software realm, because of the power of computing today, and the power that software programming brings. I don’t think anybody can challenge the fact that network virtualization brings so much agility and power to networking that we never had before. Obviously, looking at NSX and understanding what’s possible in terms of software-defined networking is just a great salvation towards understanding the networks of the future.

What would you say to someone who said “I don’t need to learn about network virtualization?”

I would argue that they maybe don’t understand the power that SDN brings to a network environment. I think you start to understand the value of the proposition around SDN when you realize you can streamline the operational efficiencies of how you manage an IT infrastructure from the network down to the compute into one system, and you see how fast services can be either enabled from scratch based on a business need or changed based on a business requirement much more quickly and efficiently.

Does a networking professionals existing skill set diminish in value with network virtualization?

That’s a great question. I get into these conversations a lot with peers of mine. To be honest, I don’t see any risk to the skills that we have today. The network in many ways will still fundamentally rely on some sort of underlying protocol control plane that needs to be understood, especially in regards to how traffic moves between end points or between nodes in the network. Having that strong engineering skill set to understand how the control plane and how the data plane is forwarding packets, which lends itself well to any strong network engineer, is going to be very important moving forward. It’s just that there’s an evolution in our skill set in terms of how we manage and design and implement these networks that’s going to evolve and I think it’s evolving for the better.

Anything else that you think someone should know?

I guess one interesting thing is that I actually haven’t spent much time on vSphere and or VMware products prior to this. This has actually motivated me to go back and learn vSphere and some of the core virtualization products that VMware brings to the table, because I need to understand those better to really fully grasp what network virtualization and NSX brings to the table. It’s actually a win-win.

 

VMware NSX Ninjas – VMware TAM Services

VMware Technical Account Managers combine deep expertise with insights from successful implementations to provide unparalleled value to Goal-SettingVMware customers’ business. Curtis Miller is a Technical Account Manager for VMware and in this post, which originally appeared on The VMware TAM Blog, he outlines how to help ensure success with VMware NSX TAM Services.

For networking, VMware NSX is a game-changer in the same way VMware vSphere was for data center servers. NSX virtualizes and consolidates legacy networking functionality back into a hypervisor. As a result, adding or changing network capabilities no longer requires the costly replacement of networking gear. It’s all software based—so upgrades are now just a right-click away.

The resulting cost savings are dramatic because network hardware is replaced far less often and used more efficiently. Deployment times and scalability improve substantially because networks can be created in minutes instead of weeks; and if demand falls, those resources can just as easily be reclaimed. Enhanced security via NSX’s micro-segmentation capabilities is another important benefit as well.

Read Curtis’ full blog here: http://blogs.vmware.com/tam/2015/03/ensuring-success-vmware-nsx-tam-services.html

Roger

VCDX-NV Interview: Chris Wahl

Chris Wahl is a Senior Solutions Architect at Ahead, located in Chicago, Ill.  He has more than 14 years of experience as an IT Pro. Chris originally went to school for networking, and has a bachelor’s degree in networking and communications chris-wahl-redmanagement. More recently he’s been doing sys admin work in sys admin engineering, architecture, and data center focused projects. His certifications include VMware VCDX #104, Cisco CCNA data center and CCNP router and switch certifications for which he also teaches classes, and several other VMware, Cisco, Microsoft, and HP certifications. He is also one of the first VCDX-NV certified professionals

What excites you about network virtualization?

I spent quite a few of years managing every type of virtualized infrastructure you can imagine, ranging from very small and medium sized businesses, to a 16,000 person enterprise with over 1,000 virtual machines. In every instance, the roadblock was always the network to the point where in the large deployment that I managed, we would just plan that any network change would take three weeks even if it was just a VLAN on a port. We could pretty much guarantee that it would be about two weeks to make the change, and another week to fix it because it wouldn’t be made correctly. So, the idea of making the physical infrastructure more like plumbing which we can just make work, and then using network virtualization overlay technology is extremely attractive, because it eliminates days and weeks of real world issues that I have run into as a data center focused engineer and completely hated.

How can networking professionals benefit from network virtualization? Why should they not be concerned this will devalue their skills or make them less important?

In my mind, having gone through this as a sys admin originally focused on Novell and microcomputers and mainframes, and then transitioning to Windows and Active Directory, it’s pretty much the same story all over again. You have a base set of skills and experiences that feed into problem solving, the ability to abstract requirements or constraints out of a design. Then there’s that fundamental understanding of how things should be put together, regardless of the operating system or the network in this case. So as a networking professional, it’s more of the same. You’ve been exposed to a number of network architectures from different vendors and the protocols that go with them. None of that is really changing. It’s just that now there are new ways to make that particular piece of the data center better and faster. I actually view this as an opportunity to increase value, make yourself much more integrated in the workflow for the application or the stack, and really offer some ways to differentiate your business or if you’re a consultant your practice from others that don’t ride on this wagon.

As you’ve gone through network virtualization training, has anything surprised you?

Two things stand out. The first is there’s a cardinal rule you can’t route within the hypervisor. With network virtualization you can finally go beyond just Layer 2 switching and really focus on Layer 2/3 routing and offer dynamic flows to the network within a single hypervisor across hypervisors. That to me is huge.  It really opens up a lot of opportunity to go back to the drawing board on the design.  In the same vein, I feel that the ability to do source-based firewalling is extremely impressive. I was just blown away to the fact that we can apply policy basically ACLs at the source port of the Hypervisor and even prevent the VM from putting traffic on the wire if it doesn’t pass policy. That is extremely powerful. When I work with customers, it’s always been a challenge working around firewalls and how we’re going to logically and physically separate the network into these different segments. Firewalling capabilities from with a network virtualization platform puts the whole design on its head. It lets you step back and really reanalyze how you’re doing design and architecture.

What would you say to someone who said “I don’t need to learn about network virtualization?

Well in reality, they may just be bogged down spending 80% of the time keeping the lights on, and I can understand the personal investment that it takes to work on these skills outside of work. A lot of us don’t get the opportunity or the support we would like from our employer to really stretch our legs on these new technologies at work. In addition, some IT shops probably just don’t care. They’re just going to say, we’re not interested in this. I need you to continue being a router or switch jockey because that’s what I hired you to do. My advice would be that’s total nearsightedness; that’s only looking at today’s wants and needs. Network virtualization, it’s a huge game changer. The companies that embrace it are going to be infinitely more dynamic and scalable and able to complete at a whole different level. Therefore network virtualization is going to happen, and getting on the train right now is better than standing in front of the train because you’re going to get hit by it. I would say get on it now while there’s a lot of opportunity to learn and really understand while things are so new. That way when your company says, “Man, we’d really like to do something with network virtualization,” or another opportunity comes up at a different company, you can jump right on it and land with both feet firmly on the ground and start running.

Anything else that you think someone should know?

I would recommend that IT pros not focus too much on the individual technologies, or all of the hype between this vendor and that vendor. I think it’s important for everyone to take a breath, take a step back, look at the ecosystem, look at the open source products that are coming out, look at the vendor products that are coming out and really understand the differences and the similarities. Don’t ask “which product?” Ask “what would benefit my design” and then pick a starting point. Because if you look at SDN and network virtualization, and try to learn everything at once, it’s overwhelming and you’re going to feel like there’s just no way you can learn all of this. But if you pick a starting point of one project or one particular way to implement it, and use that as a landing point to gain education around the technology, it’s going to be a lot easier.

Deploying VMware NSX with Horizon

As part of the recent launch of Horizon 6, Tony Paikeday, senior product line manager, End-User Computing, VMware, takes a look at the value proposition of deploying the VMware NSX network virtualization platform together with Horzon.

VMware NSX

Deploying VMware NSX with Horizon

VMware NSX, deployed with Horizon, offers a better alternative to securing east-west traffic between VMs, turning data center security from a perimeter-centric view to one that gives each individual desktop VM its own virtual network container – creating if you will, a network of “one.” This approach, also known as micro-segmentation, has been an ideal for network teams, but traditionally unachievable due to the cost, and the operational complexity involved. With the number of user VM’s introduced by desktop virtualization, and the sprawl of firewall rules needing to be manually added, deleted or modified every time a new VM is introduced, this has been untenable in the past. With VMware NSX, we have a completely new model for networking and security, delivering virtualization of the network, much as we did for server virtualization – reproducing it in software, with a logical library of networking elements and services including switches, routers, firewalls, load-balancers and more that can be deployed over any existing network.

Read Tony’s full blog post here at http://blogs.vmware.com/euc/2015/03/securing-virtual-desktops-east-west-threats-data-center.html

Roger

Introducing New VCE VxBlock Systems with Integrated VMware NSX

Last month, we outlined VMware’s vision for helping customers achieve one cloud for any application and any device. We believe the prevailing model for cloud adoption will be the hybrid cloud, and the best architecture for achieving the hybrid cloud is through a software-defined data center architecture. The fastest path to building reliable infrastructure for the hybrid cloud is through the use of converged infrastructure systems, and no company has been more successful at delivering on the promise of converged infrastructure than our partner VCE.

Now, the ability to procure and deploy the VMware NSX network virtualization platform with VCE converged infrastructure is about to get whole lot easier.

Today, VCE launched VCE VxBlock Systems, a new family of converged infrastructure systems that will factory-integrate VMware NSX for software-defined data center deployments. The new VxBlock Systems will include VCE pre-integration, pre-testing and pre-validation of VMware NSX, with seamless component-level updates, ongoing lifecycle assurance, and unified single-call support from VCE.

As I wrote previously, VMware NSX already runs great on existing Vblock Systems. Customers today are deploying VMware NSX with their existing Vblocks, and customers will be able to extend VMware NSX environments across their entire VCE converged infrastructure environment as they move to the new VxBlock Systems.

This solution will be a powerful building block for the software-defined data center, delivering unparalleled IT agility through automation, and unparalleled security through micro-segmentation.

Agility through IT Automation

  • Reduce time to provision multi-tier networking and security services from weeks to minutes.
  • Achieve faster development, testing and deployment of new applications by aligning network and security provisioning with compute and storage provisioning.
  • Streamline IT operations through programmatic creation, provisioning, snapshotting, deleting and restoration of complex software-based networks.
  • Build advanced workflows through cloud management platforms to automate provisioning of networking and security, including switching, routing, firewalling, and load balancing without manually reconfiguring physical network devices.

Unparalleled Security

  • Use micro-segmentation and isolation capabilities of VMware NSX to build security directly into the data center infrastructure.
  • Insert advanced partner services from leading security vendors to improve threat protection, reduce risk and help address their compliance requirements.
  • Achieve better security inside the data center through fine-grained policies that enable firewall controls and advanced security down to the level of the virtual NIC.
  • Create dynamic security policies that are automatically applied when a virtual machine spins up, are moved when a virtual machine is migrated and are removed when a virtual machine is de-provisioned

VMware NSX is the ideal platform for virtualizing the network running on top of VCE converged infrastructure.

Hatem

VMware NSX Webcast – Creating Agile Networks

You may have seen Joey Logano speed to his first Daytona 500 win this week. Keeping your network in racing shape takes a similar level of NSX: Wanna Go Fastpatience, stamina, and quick reflexes. Using VMware NSX network virtualization means that you can unlock the full potential of a Software-Defined Data Center, to create and run entire networks on top of existing network hardware, resulting in faster deployment of workloads, as well as greater agility in the face of increasingly dynamic data centers. Watch this overview to learn how VMware NSX reduces the time to provision multi-tier networking and security services from weeks to seconds to win your race. This one-hour overview of VMware NSX outlines how you can bring virtualization to your existing network, transforming both its operations and economics. You’ll learn how several of the largest service providers, global financial, and enterprise data centers in the world are using NSX to reduce costs and provisioning times to improve agility and establish a new model of network security.

Click here to watch this webcast and find out:

  • What the NSX architecture looks like
  • How switching, routing, firewalling, load-balancing and other services are managed with NSX
  • How overlay networks and logical networks all come together with your physical infrastructure

Roger

Network Virtualization at VMware Partner Exchange 2015

VMware Partner Exchange (PEX) is your one-stop shop when it comes to learning about network virtualization and the technology extends VMware’s vision of the software-defined data center. At this year’s event, we are offering both an executive track and a technical track to help partners build their businesses and advance their knowledge, as you take customers on the path to Virtualizing the Network.

PEX Image

If you are a partner that is new to network virtualization, we have a program/learning path where you can send two people to PEX and to achieve their network virtualization competency by attending the 3-Day NSX Install, Configure and Manage Boot Camp prior to the start of the conference. Participants can then attend the free instructor-led VSP-NV and VTSP-NV boot camps during the conference. Continue reading