Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Center Network Redesign using SDN

Similar presentations

Presentation on theme: "Data Center Network Redesign using SDN"— Presentation transcript:

1 Data Center Network Redesign using SDN
June 4, 2015 Brian Pietrewicz David Jones Chad VanPelt

2 Data Center Network Redesign using SDN
Introduction What is a Software Defined Network The Benefits of SDN using NSX How NSX Provides the SDN Service Future SDN/NSX/Lobocloud Directions

3 Introduction Project History Lobocloud:
IT delivered datacenter, servers, storage, networks, OS, database and security services Self Service portal Deploy Windows and Linux virtual machines customized to meet capacity requirements Ready and available in 20 minutes (excluding FW) Adding Multi-tenancy and enhanced security through SDN

4 What is a Software Defined Network
In the virtual environment, physical network devices can be virtualized. This adds tremendous flexibility to network infrastructure Virtualized network services Routers Switches Firewalls Network Segments VXLAN Network Interface (VNI)

5 What is NSX Vmware’s Software Defined Network Platform
Developed from two product: Nicira Network Virtualization Platform VMware vCloud Networking and Security Abstracts Hardware functionality into software It is to networking what VSphere ESXi is to computing.

6 NSX in Software Defined Network

7 Benefits of SDN and NSX Improved Network Performance and Functionality
Improved Security Multi-Tenancy Automation/Ease of Network Deployments

8 Improved Network Performance and Functionality
Reduces the hierarchical model of networking Provides secure intra and inter ESXi traffic Increases the the number of possible network segments. Provides the ability to utilize multiple physical datacenters/cloud services without requiring complex network changes

9 Improved Network Security
Increased protection without increasing management. Centrally Managed Security Services Multiple Firewall/Security solutions to meet customers need

10 Traditional vs. NSX Firewalls

11 Traditional model of security
Wall around datacenter only Host based firewalling required to isolate servers Host based firewalling Hard to manage Inconsistent Traffic hair-pinning to physical firewall


13 NSX Model Perform firewall functionality on the connection between the VM and the Virtual Switch Firewall rules centally managed by Vcenter and NSX Manager Firewall rules migrate with the VM Creates consistent rulesets using Security Policy's and Groups Centrally Managed Reduces Network Hair-pinning


15 Multi-Tenancy Security barriers between VMs on same VXLAN/VLAN
Security between functional services, departments, or data/service sensitivity. Web, App, DB NMEL, HR, College of Fine Arts Public data, research data, sensitive (PCI,HIPAA,etc) data VXLANs protected through Edge Service devices and the NSX Distributed Firewalls.


17 Automated Deployment of Network Appliance and Services
Provides multi-tenancy to Lobocloud customers Allow dynamic configuration and deployment of NSX Logical Service Allows on-demand application delivery with NSX managed network and security services. Deployments are templateable and automatable On-Demand vs Pre-created


19 How NSX Works


21 VXLAN Network tunneling protocol Provides L2 tunnels over L3 networks
Increases number of LAN segments available for traffic. Standard VLANs = 4094 VXLAN Network Identifiers = 16 Million Virtual Tunnel End Points (VTEPS) Terminate VXLAN Tunnels ESXi Hosts and Edge Services Gateways


23 VXLAN VXLAN modules operate in ESXi Hypervisor.
Manage by NSX Controllers ARP, VTEP, MAC tables. VTEPs encapsulate/decapsulate network packets. Wrap UDP Packet Header around L2 packet VXLAN Packet header includes VNI. Encapsulated packets are forwarded between VTEPS over physical network like any other IP traffic. ----- Meeting Notes (6/2/15 10:08) ----- change VXLAN iD

24 Distributed Logical Router
Module on each ESXi Hosts Routes VNI-VNI, VLAN – VLAN and VNI – VLAN network traffic Supports OSPF and BGP Protocols Keeps East-West traffic East-West ----- Meeting Notes (6/2/15 10:08) ----- Routier

25 Distributed Firewall DFW Modules run on Host
DFW Modules are controlled by NSX Manager. Configure Rules on Vcenter NSX Manager pushes rules to DFW Modules Firewall process is at the vNic.

26 Distributed Firewall Firewall policy can be wrapped around Cluster
Datacenter distributed port group IP Sets Legacy Port Group Logical Switch Resource Pool Security Group vApp Virtual Machine vNic

27 Edge Service Gateways (ESG)
Use to provide North/South Traffic Used to provide other network services Network Address Translation SSL VPN Load Balancing ESGs are VMs and not modules in ESXi Third Party Vendors provide Advanced ESG services. ----- Meeting Notes (6/2/15 10:08) ----- Change network simple to ESG is VM and not part of the modules

28 Multi-Tenancy Micro-segmentation DFW Edge Services
Using Logical Routers and Switches DFW Profiles based on Name, Security Groups, Logical Switches Edge Services SSL VPN Network Address Translation Firewall

29 VCO/VCAC integration Automated Network Connectivity through Network Profiles Automated System/Application Isolation Deployment Models Precreated – defined/created by IT NSX Admins On-Demand – defined/configured by Lobocloud Customer Lobocloud Customer Profiles Regular Super

30 VCAC Network Profiles Define IP addresses and subnets used in deployments Use IP pools for static IP assignments Use standard switches, distributed switches, or logical switches Profile types External Routed Network address translation (NAT) Private

31 VCAC Security Automation
Automated or Predefined Security Group creation using predefined security policies Security tags automatically assign newly created VMs to security groups. Security tags defined in blueprints.

32 The Future Applications of SDN
Customer access to tenant security VDI Hybrid Cloud Science DMZ

33 Questions/Answers

Download ppt "Data Center Network Redesign using SDN"

Similar presentations

Ads by Google