By: Nick Marshall
One of the new features in the 3.9.1 release of VMware Cloud Foundation (VCF) is use of Application Virtual Networks (AVNs) to completely abstract the hardware and realize the true value from a software-defined cloud computing model. As an introduction, AVNs are software-defined overlay networks that serve as specialized purpose in the Software-Defined Data Center (SDDC). These networks can span a defined zone of clusters and traverse NSX Edge Service Gateways for their North-South ingress and egress (think of it as the on-ramp to the SDDC) and implements software-defined networking based on NSX in the management domain.
Application Virtual Networks provide the following key benefits:
- Provide a software-defined network topology for applications in VCF.
- NSX edge device for load balancing
- Simplified data mobility and future disaster recovery failover procedures
- Improved security and mobility of management applications
The following post will explain why AVN will serve as a core component of the management domain in VMware Cloud Foundation deployments. VMware Cloud Foundation provides the ability to deploy the full stack vSphere, vSAN, NSX and vRealize Suite as a single package along with SDDC manager. With each release of Cloud Foundation, there have been continual improvements to ensure our customers can take full advantage of what VCF offers for both new deployments and upgrades. As a design principle, VCF needs to be easy to install, easy to run, easy to upgrade, and easy to troubleshoot should something go wrong.
When VMware first introduced NSX, one of the most important features was the ability to stretch layer 2 networks over layer 3 segments without needing to change the underlying physical network. This is one of the core premises of “Software Defined Networking”. NSX allows architects to build simple layer 2 networks that can span racks and geographically dispersed data center facilities.
Being able to stretch layer 2 networks has some obvious, and perhaps some not so obvious, advantages. The primary and arguably the most important advantage is workload mobility. Empowering admins with the ability to move workloads move between data centers without needing to re-IP, update DNS, and in some instances, change application configurations. This enables administrators to more easily perform disaster recovery with a fast RTO, perform non-disruptive data center migrations, and re-balancing workload placement.
Since Cloud Foundation allows different solutions to be implemented at any stage once the deployment is operational, no additional network requirements (such as adding VLAN-backed dvPortGroups) are needed when enabling solutions such as vRealize Suite, Horizon, and PKS. Finally, decoupling the VM networks from the underlying physical VLAN networks allows architects to fully integrate with external cloud providers and seamlessly join both on-premises and off-premises cloud networks.
Within the Cloud Foundation management domain, NSX Edges are deployed and peered (via Border Gateway Protocol – BGP) with the physical network to establish route redistribution to and from the SDDC. There are also new dvPortgroups in vSphere and new logical switches provisioned in NSX and connected to the north/south ECMP (Equal-Cost Multi Path) based on-ramp.
These AVNs have been pre-provisioned for all SDDC management VMs that are able to reside on the overlay network. Using the above as an example, the primary reason the VCF networking was designed this way is to enable future versions of the SDDC management components to failover to another region in the event of a disaster.
Preparing future versions of VCF to support seamless disaster recovery and application mobility are only a sample of the benefits delivered by Application Virtual Networking. Architects can also consider utilizing cross-region AVNs as an example implementation of how to configure mobility and provide disaster recovery for applications in VCF workload domains.
This is the just first phase of the implementation. In the future, Cloud Foundation may transition from NSX-v in the management domain to using NSX-T for both management and workload domains. In order to prepare for this transition with NSX-T, the vRealize Suite solutions in the management domain are deployed on the AVNs backed by NSX-v. This improves both the security and mobility of the management applications and reduces integration effort with existing customer networks.
These important VCF updates prepare the topology for a future transition of the entire management domain to transition to NSX-T in a future release. For more information on the VCF 3.9.1 release, view the release blog, release notes and product documentation.
2 comments have been added so far
Thank You and excellent article, certainly filled in a few gaps for me as I setup VCF.
Glad that this helped. Feel free to reach out for any additional information. /RW