101
0

A Migration from Physical to Logical Networking

I would like to review what a data center network would look like before and after network virtualization and the benefits gained.

The network topology shown here is very common between customers, although physically, size and scale of the number of switches, routers, and firewalls can be very different…

Before Network Virtualizaiton:

Screen Shot 2014-09-04 at 10.56.13 PM

This topology has some issues:

  • Physical firewalls can be a serious bottleneck between VLANs.
  • There is no easy method to isolate or protect VM within a VLAN.
  • Actual VLAN creation on the core network can be time consuming, requiring manual configuration, and prone to missconfiguration.
  • Large application L2 domains spread wide across data centers.

After Network Virtualization:

Screen Shot 2014-09-04 at 11.04.30 PM

An NSX enabled network has the following benefits:

  • Everything to the right of the black dotted line can be created/queried/deleted using orchestration or scripts via the NSX RESTful API.
  • It takes only seconds to create new logical switches and routers supporting new tenant networks.
  • Logical Switches and Logical Distributed Routers are vSphere kernel based providing high performance switching and routing at 40Gbos per Hypervisor.
  • Security policy via NSX Service Composer is vSphere kernel based providing high performance firewall at 20Gbps per Hypervisor.
  • Security policy can be applied to isolate or limit access between VM’s on the same logical switch.
  • NSX logical network topology and security policy can easily be reproduced irrespective of the underlying physical network hardware manufacture or topology.
  • The NSX Transport network could easily be implemented using L3 connectivity minimizing L2 across the data center.
  • Edge Service Gateway virtual appliances (SSL VPN, Load Balancing etc) can be created via API to support any application on any network.

Overall, pretty straight forward 😉

Related Posts
vSphere Auto Deploy + NSX
Stateful Firewall and NSX
NSX L2VPN within the Data Center