How VMware NSX network virtualization could change networking -- or not
A comprehensive collection of articles, videos and more, hand-picked by our editors
SAN FRANCISCO -- VMware unveiled NSX, its new network virtualization platform, which combines the company's suite of virtual networking technologies and the acquired Nicira virtual network overlay technology.
VMware NSX now includes a full stack of logical network functionality, including distributed virtual routing, load balancing, firewalling and VPN. VMware has also tied NSX more directly to the physical network at multiple layers through an expanded system of vendor partners.
Much of this is possible due to Nicira's Network Virtualization Platform -- a controller-based virtual network overlay that simplifies the provisioning of network connectivity for virtual machines by creating tunnels across the physical network, using the virtual switches on hypervisor hosts as tunnel endpoints.
NSX is VMware's response to a networking industry that remains slow to catch up to the programmability and automation that the rest of the data center industry has embraced, according to Andre Kindness, principal analyst at Cambridge, Mass.-based Forrester Research Inc.
"Networking is too manual and complex," Kindness said. "We should have started dealing with some of these issues five years ago or even earlier. The fact that we're still doing so much [networking] on CLI [command-line interface] is just ridiculous. There is a sense that the SDN world is taking too darn long, so overlays are going to be the answer for a long while. VMware is saying we can't wait, so this is what we need."
VMware NSX adds top-of-rack switch integration
VMware announced that several networking vendors have added both VXLAN tunnel termination and NSX-based VXLAN termination endpoint (VTEP) software to their switches, particularly their top-of-rack data center switches. These partner vendors include Dell, Arista Networks, Cumulus Networks, Juniper Networks and Brocade. HP has also added VXLAN tunnel termination, but has eschewed integrating NSX's VTEP software. Instead, it is federating its Virtual Application Networks SDN controller with the NSX controller and is integrating its Intelligent Management Center.
Notably absent from the switch integration party is Cisco Systems, the overwhelming network market leader and long-time VMware collaborator. Cisco has declined to announce any networking product news at VMworld, despite having a presence at the show.
VMware has gone beyond "the individual point-to-point capabilities and the network extensions that we got with tunneling technologies like VXLAN," said Eric Hanselman, research director for New York-based 451 Research. "They are moving into deeper integration … with a range of different networking products … with lots of detail about network topology that can be communicated with any of the devices integrated around NSX."
NSX adds routing and Layer 4-7 services
Further up the network stack, VMware added distributed virtual routing to NSX.
"Often in the past when Layer 3 was added to a virtual networking solution it would be a router running in a virtual machine," said Martin Casado, chief networking architect at VMware and founder of Nicira. "So say 100 hosts were connected to that router, all that traffic would be going through one virtual machine. In this release we have distributed routing, which means the routing functionality is in the kernel and distributed at the edge. There is no chokepoint. The traffic will go one hop, but you still have Layer 3 functionality."
NSX also now has distributed load balancing, firewalling and VPN services. These Layer 4-7 services have very basic functionality aimed mostly at east-west traffic, Casado said. For north-south traffic in and out of a data center, NSX is stepping up its partner integration. F5 Networks, Riverbed and Citrix Systems announced varying degrees of NSX integration with their application delivery controllers, and Silver Peak announced integration of the management platform for its virtual WAN optimization controllers with NSX, allowing Silver Peak to chain its WAN optimization services to individual virtual machines.
VMware also opened NSX up to a broader ecosystem of cloud orchestration and management platforms, providing northbound integration with Canonical, Piston Cloud Computing, OpenStack, Red Hat and CloudStack.
In addition to announcing an ecosystem of technology partners, VMware also introduced three NSX customers during CEO Pat Gelsinger's VMworld keynote. Technology executives from GE Appliances, eBay and Citi all publicly affirmed they are using the platform.
"As we've gotten more into automation, we still see the network is a bottleneck" said Lance Weaver, chief technology officer (CTO) of GE Appliances. "We see network virtualization giving us the ability to apply automation and deliver the speed that the business is looking for."
Greg Lavender, CTO of Citi, said NSX is supporting his firm's efforts to support IT multi-tenancy. "We're creating virtual overlays to support different tenants," he said.
NSX is a good start, but VMware has more work to do
Despite integrating hardware from multiple partners to serve as NSX service gateways and VTEPs, virtual and physical network operations still remain mostly isolated, which many experts see as a problem.
"In general, this is an overlay, and my issue with that is you'll still need to talk to the physical side," Kindness said. "In an overlay world you have 16 million VLANs theoretically. All of these are going to be important. If they are important, then wouldn't you be cutting up physical network resources for that amount of VLANs, as well? The two worlds need to interact. The first step is the top-of-rack area with this integration, but it's only part of the answer. The physical and virtual worlds need to be interacting as a whole."
More on network virtualization
Virtual overlay networks enable multi-tenancy
SDN vs. network virtualization: Martin Casado explains
VXLAN gateways integrate physical and virtual infrastructures
Ten network virtualization definitions you need to know
VMware's move to create federation jointly across NSX and HP's Virtual Application Networks SDN controller is an example of VMware thinking more broadly and addressing these gaps, said Joe Skorupa, vice president and distinguished analyst with Stamford, Conn.-based Gartner. The two controllers integrate with HP's network management platform to give network operators full visibility, management and control across the physical and virtual network. However, the value of this federation relies on the presence of OpenFlow switches in the network, since HP's controller uses OpenFlow to communicate southbound. For HP shops, that's not a problem, since the vendor has a broad line of OpenFlow switches, but the protocol is not broadly deployed in most switch lines today.
VMware's NSX launch is a good start, but it's narrow and incomplete, Skorupa said. The company's positioning of NSX as a network hypervisor will not win over the engineers who have spent decades working in Cisco's CLI.
VMware must now connect with buyers outside its server virtualization comfort zone. "VMware needs to get beyond thinking like a virtualization company and start thinking like a strategic data center company. It's time to go big or go home," Skorupa said.
VMware has argued that all an NSX overlay needs between tunnel endpoints is solid IP connectivity, but Skorupa warned this stance could lead to more network complexity.
"I've heard people at VMware tell me they're going to solve all the issues with IP," he said. "There is a lot of stuff that IP doesn't do well because it wasn't meant to do it. That's why we have, for example, MPLS [multi-protocol label switching], where you have an underlay-overlay. And if [VMware] keeps adding complexity and building another MPLS in the data center to address problems, then a lot of the issues of complexity are going to come right back at them."
NSX pricing and availability
NSX will be generally available in the fourth quarter of this year. Most of the NSX integration from partner vendors will be available in 2014.
VMware has declined to announce pricing, citing that the technology is still in beta. Pricing and licensing terms will be a critical issue for many enterprises whose budgets have been flat for years.
"This is net-new dollars that the customer has to come up with," Skorupa said. "If it's a modest up-charge over current ESX pricing, then that makes adoption relatively easy from a pricing standpoint. If it's the same price as your current ESX license, or more, then I think it gets a lot harder."
Let us know what you think about the story; email: Shamus McGillicuddy, news director.