VMware NSX is a software networking and security virtualization platform from VMware that delivers the operational model of a virtual machine for the network. Virtual networks reproduce the Layer2 – Layer7 network model in software, allowing complex multi-tier network topologies to be created and provisioned programmatically in seconds. NSX also provides a new model for network security. Security profiles are distributed to and enforced by virtual ports and move with virtual machines. NSX supports VMware’s software-defined data center strategy. By extending the virtualization capabilities of abstraction, pooling and automation across all data center resources and services, the software-defined data center architecture simplifies and speeds the provisioning and management of compute, storage and networking resources through policy-driven automation. By virtualizing the network, NSX delivers a new operational model for networking that breaks through current physical network barriers and enables data center operators to achieve better speed and agility with reduced costs.
NSX includes a library of logical networking services – logical switches, logical routers, logical firewalls, logical load balancers, logical VPN, and distributed security. You can create custom combinations of these services in isolated software-based virtual networks that support existing applications without modification, or deliver unique requirements for new application workloads. Virtual networks are programmatically provisioned and managed independent of networking hardware. This decoupling from hardware introduces agility, speed, and operational efficiency that can transform datacenter operations.
Logical Switching: Layer 2 over Layer 3,decoupled from the physical network
Logical Routing: Routing between virtual networks without exiting the software container
Logical Firewall: Distributed firewall, kernel integrated, high performance
Logical Load Balancer: Application load balancing in software
Logical Virtual Private Network (VPN): Site-to-site and remote access VPN in software
VMware NSX API: REST API for integration into any cloud management platform like vCAC, Openstack,etc.
NSX Core components:
There are 2 Major components that make up this solution to provide the final piece in VMware’s SDDC vision. NSX Manager and NSX Controller.
The NSX manager is one of the touch points for the NSX for vSphere solution. NSX manager provides a centralized management plane across your datacenter. It provides the management UI and API for NSX. Upon installation, the NSX Manager injects a plugin into the vSphere Web Client for consumption within the web management platform. Along with providing management APIs and a UI for administrators, the NSX Manager component installs a variety of VIBs to the host when initiating host preparation. These VIBs are VXLAN, Distributed Routing, Distributed Firewall and a user world agent. The benefit of leveraging a VMware solution is that access to the kernel is much easier to obtain. With that VMware provide the distributed firewall function and distributed routing function in kernel. This provides extremely in kernel function processing without the inadequacies of traditional user space or physical firewall network architectures.
The NSX controller is a user space VM that is deployed by the NSX manager. It is one of the core components of NSX and could be termed as the “distributed hive mind” of NSX. It provides a control plane to distribute network information to hosts. To achieve a high level of resiliency the NSX Controller is clustered for scale out and HA. Will discuss about NSX Controller in detail in Upcoming posts.