VMware today is introducing its NSX network virtualization solution, melding the best of VMware virtualization with Nicira capabilities. An open API enables broad support from networking industry partners for the new NSX platform.
“VMware had been working on technologies that were tied into vCenter for vSphere virtualization customers only and focused on Layer 4 through 7 services,” Martin Casado, VMware CTO for networking, told Enterprise Networking Planet. “NSX is a hypervisor-independent, cloud management-independent network virtualization platform for Layer 2 through 7.”
Distributed Firewall and Load Balancer
The NSX offering includes a new virtual distributed firewall capability that goes beyond the vShield capability that VMware vSphere has been providing on server virtualization. In Casado’s view, the NSX firewall is a net-new implementation for a virtual firewall.
“The NSX distributed firewall is a full stateful firewall,” Casado explained.
Casado said that the goal with NSX is to provide a full set of L4-7 features, though he stressed that VMware is not trying to supplant traditional networking vendors. For example, the NSX firewall is distributed at the edge of the virtual network for intra-data center communication. The NSX firewall is not trying to compete on a feature-by-feature basis with traffic in and out of data centers.
As part of the NSX strategy, VMware is embracing a set of open APIs that enable its partner ecosystem to tap into an NSX network.The hardware integration program, known as vTap, enables NSX to control top-of-rack switches from compliant vendors.
“The way we talk to those switches is via the OVS-DB (Open Virtual Switch database) protocol,” Casado said.
NSX provides a global cluster of controllers that manages the network state. The NSX controller provides management and visibility into the virtual network.
From a deployment perspective, NSX can leverage the open source Open vSwitch technology that is part of the mainline Linux kernel that Casado’s team was instrumental in building.
As it turns out, NSX can use any number of encapsulation technologies, including OpenFlow and VXLAN, to enable and create a virtual overlay on top of an existing physical network.
“We use whatever mechanism is available to get packets across the fabric,” Casado said. “We use the collection of encapsulation technologies to create the customer-facing virtual network abstraction.”
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist