Virtual machines are to help data centers. With virtualization, you can create a physical infrastructure systems with different workloads and quickly move a virtual machine from the server to another server without any interruption in service caused it. You increase productivity. To save the state of a virtual machine in case of failure to quickly recover virtual machines. These are a few of the benefits of virtualization.
Today, the use of virtualization in the data center is inevitable. Due to the wide acceptance and usefulness of the concept of software-defined networking (SDN) was created. Company «VMware» with its product called «NSX» borders virtualization redefined the concept of large-scale real SDN introduced to everyone. Networks, software (Software-Defined Networks) are a new form of network management system network management level and the level of data transmission divided into two parts. In this type of network, management level responsibility for managing and planning for the post are responsible for implementation. Also known as the Forwarding Plane level post responsible for directing traffic to the destination is responsible. SDN makes a centralized view of the network gain. One of the most popular software protocols used in networking, OpenFlow protocol is.
NFV) Network Functions Virtualization) is a new field in the network with the help of a virtual network and software elements can be implemented. The elements, which are separate hardware devices were implemented, devices such as firewalls, routers, switches, Load Balancer and the like. Obviously, purchasing and implementing any of the equipment, costly, time consuming and require a specialist force. That’s why the NFV help network administrators to reduce costs and complexities of their own. NFV is complementary networking software. Company VMware, using these two technologies has launched a product called NSX. It benefits both software and networking technology NFV is together. In 2012, VMware, a company called «Nicira» bought on network virtualization and software-defined networks worked and the birth of this project goes back to that time.
The main task NSX, create and manage a virtual network. As the virtual machine using virtualization platform to create, save, delete and restore using virtual network NSX can also create, save, delete and restore. As a result, a vast amount of data center with the flexibility to implement different settings in less time can be a route to delete, build new path, link backup, and so on. With the NSX, the current hardware is just what you need to implement a software-based data center.
There are now two different versions of the NSX. NSX is the first release for vSphere vSphere environment is suitable for use. The second version, NSX for Multi-Hypervisor that suits cloud environments, as OpenStack (OpenStack) is. A comparison of the two approaches virtualization and network virtualization platform for building virtual machine can be. As shown in the left side of the form, the virtualization hardware, a virtualized hardware is installed. In the higher layers, for software and hardware features of logical virtual machine is created that shows the hardware specifications of a car and can easily be changed. On the right side of Figure 1 is shown how the NSX. NSX consists of a network virtualization platform that simulates the characteristics of a network. On this platform, virtual networks, and virtual networks can service through this layer two to layer seven offered. Services such as switching, routing, firewall, quality of service (QoS) and network load balancing.
Figure 1. Comparison of two different approaches to virtualization
NSX has four components. These components are shown in Figure 2 is to include these components:
- Cloud Consumption
- Management Plane
- Control Plane
- Data Plane
Figure 2. The components of the NSX
Continues to investigate more of these components is discussed.
CMP) Cloud Management Platform) in the figure is shown, according to VMware components not original, but because the REST API by NSX can virtually with any CMP integrated, it is one of the components of the NSX to their account. According to VMware via API layer, NSX-specific modules can be easily created for any cloud environment. According to the company, now NSX for integration with VMware vCloud Automation Center, vCloud Director and OpenStack ready. The company, this feature is called out-of-box integration. To connect with OpenStack through plug-ins that there Neutron, NSX could be integrated with OpenStack.
2- Management Plane
This includes the NSX Manager. Partly with the help of which you can centrally manage the network. Most experts consider this as the management of the SDN mentioned. The NSX Manager, as the «Single point of configuration» found. In Figure 3, shown NSX Manager console is accessed through a browser.
Figure 3. NSX Manager console
NSX Manager as a virtual machine in vCenter runs for the installation should proceed through the OVF installation and configuration is done. According to VMware vCenter for each can be only one NSX Manager. If you have multiple vCenter separate and connect between them, you’ve created an environment vCenter Cross. Usually in such an environment, one main and several NSX NSX Manager Manager is secondary. In such an environment can have a maximum of one NSX Manager primary and seven secondary. The main task of the NSX Manager, establish rules for switches, routers and firewalls Cross vCenter environment is reasonably wide. Secondary task management of network services at the local level and is specific to each vCenter.
3- Control Plane
Control Plane also NSX Controller Cluster has been formed. As is clear from the name of the controller, a distributed management system that performs administrative tasks switches and routers logical. This is no passing traffic controller does its damage, Data Plane and does not affect the flow of passing traffic. NSX Controller sends data to the host network. NSX Controller information that is sent to other parts, is very important because if the wrong information is sent, the network settings will be poured into the entire network will fail. For this reason, the possibility of reduced downtime. VMware To solve this problem, the easiest way to increase redundancy (Redundancy) is used. In this way, instead of implementing an NSX Controller, three NSX Controller and the implementation of their orders to be voted on. If the command to allocate at least two ratings will be implemented, thus, fail a specified NSX Controller and prevent erroneous orders. If the two NSX Controller is used, if their answers are different, can not recognize the correct answer and problem «Split-Brain scenario» arises. With the implementation of this cluster that includes three shows, it also will achieve High Availability. For increased redundancy techniques and familiarity with the methods, the book Design and Analysis of Fault-Tolerant Digital Systems by Barry W.Johnson see. In every cluster, a node as the original NSX Controller there. If you have an original NSX Controller fails, another node in the cluster were selected, and is known as the original NSX Controller. Other nodes in the cluster, must be coordinated and synchronized constantly occur.
4- Data Plane
Data Plane includes NSX vSwitch is based VDS) vSphere Distributed Switch) works. Kernel modules NSX, userspace agent, configuration files and installation scripts are included in VIB and after installation, the kernel running vSphere distributed to services such as routing, firewall and VXLAN bridging reasonably be enabled. Figure 4 is a vision of vSphere web client after installing the NSX. Once installed, the Inventory icon called Networking and Security added. After clicking on this icon, you will be redirected to the main page NSX. This page is shown in Figure 5.
4. Added new items at the vSphere Inventory
Figure 5. Home NSX
VIB, stands vSphere Installation Bundle, function almost like ZIP files, with the difference that this format is for vSphere. VXLAN is also an acronym for Virtual Extensible LAN. VXLAN is a network virtualization technology to solve problems created network is not scalable. VXLAN encapsulation techniques (such as VLAN) used by the OSI layer two Ethernet frames that are based on MAC address, the UDP packets will be four layers. For more information on this subject can refer to RFC7348.
Some of the advantages of the NSX vSwitch is as follows:
- Support Overlay using protocols such as VXLAN and network settings for focus
- Facilitate the implementation of a large number of virtual machines
- Features such as Port Mirroring, NetFlow / IPFIX, LACP, backup and restore the entire network settings, check the network health, quality of service (QoS), traffic management and monitoring tools, efficient and very useful for network troubleshooting and finally
Speaking about this software is not limited to the aforementioned topics and issues that are so large and complex that different books written to explain them. That’s why we’re going with practical examples and simple, offer a simpler explanation.
A simple scenario
One of the capabilities of the NSX, the wall of fire. In this scenario, network communications equipment, and it is shown in Figure 6. Two Cisco 2960 ToR switches in the rack, two Aggregation switches, Cisco X4748 layer, two hardware firewall, a number of servers and virtual machines are available. ToR stands for Top of Rack and Rack means is high.
Figure 6. existing equipment to implement NSX
Network engineers are going through a firewall, traffic will be limited to three layers. In this case, the following will occur:
- Network engineers involved must have strict rules for traffic engineering.
- Firewall may cause a bottleneck.
- By increasing the size of the network have a firewall devices more shopping, and this increases the hardware costs (costs Capex) is.
- If you penetrate the firewall, the entire network can be accessed traffic.
- It consumes a lot of bandwidth and network performance will be. For the number five, consider Figure 7. In this way a number of virtual machines that are marked with green color, your IP address is 10.1.0.5/24 and plans to double the number of virtual machines with IP address 10.2.0.8/24 is marked with purple, communication establish communication with the second virtual machine, a virtual machine traffic must pass ToR switches and switches Cisco X4748 pass to reach the firewall. After the receipt firewall, traffic study and determined that access is not allowed and blocked traffic.
- To check traffic, have passed a long way
Some manufacturers of network equipment, products that generate traffic to a virtual machine to another virtual machine to monitor and track the traffic to be monitored over the shorter the time, but still remains the problem of waste bandwidth for it. NSX capability by name (Distributed Firewall (DFW is a firewall distributed there. This feature, when installing plugins NSX Manager vCenter is activated. One of the main advantages of this feature is that the firewall to the virtual machine is given, the this means that any package that the virtual machine is removed or wishes to enter, at the time of departure or arrival DFW check it out. Figure 8, the difference in the structure of the traditional structure of the DFW knows virtual machine number one is not allowed to machine virtual Number to send two traffic. the traffic leaving the virtual machine checks it at the moment and let’s get into the network platform The catalog. With this approach unnecessary network traffic and its performance is more removed, although not to buy hardware and maintenance costs.
Figure 8. Check the traffic out of the virtual machine
If your virtual machine from the server to another server move, it is possible network structure in the new server vary your traffic the firewall hardware in order to get not pass or requires a change to the firewall yourself. Using the NSX DFW, all the rules and policies for traffic you define a virtual machine, by moving it from field to field, move with the virtual machine and the physical structure of your network does not comply.
VMware virtualization is the company’s many products, this time with new virtualization also able to virtualize the network, improve network efficiency and performance in the data center is a great help. NSX, an example of SDN and NFV is combined. With the NSX can SDDC) Software Defined Data Center) access and fixed costs and even reduce your variable. Talk about this software is very interesting and useful, this point does not end. All the cases mentioned above, the precursor to the software and careful examination of the structure and its capabilities beyond the scope of this article. At first glance, this software is very useful, but our minds are still questions to answer on how to use the software they need to be investigated. The first is that the network is virtual, physical infrastructure will certainly need to cross traffic. Now that time is not too much traffic on a physical link, what measures have been taken? Is this software can detect the physical link? How to find the nearest logical path to get to an address and the physical characteristics to be considered? May have questions like these, you also have great importance.That’s why we recommend implementing NSX for more information and physical condition of your network in mind.