This was one of my favorite sessions on the NSX track in VMworld Barcelona, Bruce Davie, formally of Cisco and Nicira, now CTO and Principal Engineer for Networking at VMware.
What I liked most was how he abstracted complexity.
“The problem is scale”
With forecasters predicting a huge increase in devices, automation, security and application continuity will have to keep pace at scale that most of us haven’t really contemplated.
nsx today – desired state requests
NSX is programable using APIs as well as a UI, however when a user interacts with the nsx management plane, those orders are first communicated as a desired state to the control plane. The control plane in turn has two tasks, discover the current state and then translate instructions that the date plane can understand, once implemented we will have a realized state.
These are not one time instructions, but a request to maintain a configuration state for an object, for example a virtual machine even it moves. By centralising management and control functions allows for a highly scalable infrastructure, trying to repeat the configuration of 100s, 1,000s or 1,000,000s of objects on multiple routers or switches will neither scale or be operationally sustainable in a dynamic environment.
nsx tomorrow – clustered management, distributed controllers
Today continuity is primarily focused on the data plane, however it will become vital that uptime is maintained for both the management and controller plane as API calls are used by multiple developers and automatization tools are used to instantiate and tear down infrastructure. So it is expected that uptime requirements for these components will become more stringent in the future.
Principally for the management plane any user requests must not lost or forgotten, the intention is to resolve this by using clustering techniques, shared storage and the use of distributed logs on the management plane.
A number of functions of the the control plane can be distributed, the coming architecture will consist of a central controller and distributed controllers. This extra layer will also allow for scaling into heterogeneous hypervisor environments.
nsx – in the cross cloud services
What got people talking in the VMWorld general sessions was the integration with public clouds, and the possibility to host a vm in AWS and maintain firewall protection while allowing traffic to reach a database server in your on-prem datacenter.
However on closer examination cross cloud integration is a solution quite distinct to using distributed switches, routers and firewalls, and represents a major leap forward in nsx architecture.
In an on-prem datacenter nsx relies on the virtual distributed switch, this dependancy is not assumed for third party public clouds, instead special machine images are used that contain vSwitch (OVS) and nsx control plane code within the operating system.
To protect the on-prem datacenter network, from a guest being compromised in a public cloud, a cloud gateway edge sits in between the local on-prem data center and public cloud.
By decoupling nsx from the vDS and ESX, will make it truly agnostic, while many vendors try to lock in customers, the vision is to offer the customer the ability to use NSX in multiple clouds on multiple platforms.
You can watch this session for free by simple registering on the VMWorld website
Look for NET 8193R