Network virtualization has been described as a hypervisor for your network and that is exactly what it is in terms of what it actually does for the networking in your virtual environment. VMware network virtualization is arguably the industry leader in network virtualization with the NSX Data Center line of products that can do some amazing things. However, if you haven’t yet got caught up on the features, functionality, and various tidbits of VMware network virtualization, my hope is this post can serve as a good primer for a few concepts and products that are offered by VMware and where they fit in. So, let’s dive right into VMware network virtualization components and products to hopefully fill the basic void of information when you begin your network virtualization journey.
VMware Network Virtualization with NSX V and T
Before understanding the concepts involved with VMware network virtualization, let’s first talk about the names of the VMware products that are offered to enable VMware network virtualization.
If you have been following this space from VMware for the past 2-3 years, you know there has been a transition of sorts from one product to another product. VMware NSX-V has long been the de facto standard in network virtualization with VMware vSphere.
In fact, the “V” designates this fact, standing for “vSphere”. This is a VMware network virtualization solution that is built for vSphere only. It cannot be installed with a vCenter Server it can connect to.
With hybrid cloud environments and multi-cloud environments becoming the standard for most businesses, VMware has seen the need to develop a new VMware network virtualization solution that goes beyond vSphere. VMware NSX-T for “Transformers” is that solution.
While NSX-T can certainly be installed into a vSphere environment, it can also go beyond that and be installed in KVM environments and is the standard VMware network virtualization solution for VMware Cloud on AWS. It has “cloud” built into its DNA.
Up until recently, NSX-V contained many more features than NSX-T since NSX-T was the newcomer. However, with the release of NSX-T 2.4, NSX-T achieved relative feature parity with NSX-V. Now, NSX-T is going to be the solution moving forward.
VMware Network Virtualization Concepts
Now that we have an idea on the VMware network virtualization products, let’s take a brief look at a few VMware network virtualization concepts that help to understand how network virtualization works in general.
With the following concepts, we will primarily be looking at NSX-T and not NSX-V, however, many of the concepts between the two overlap.
Network Encapsulation – “Overlay”
Network encapsulation (Overlay) is the technology that is at the heart of network virtualization. This allows packets to be encapsulated and decapsulated on the other end. Entire networks can be encapsulated using specialized encapsulation protocols. This allows networks to be stretched, extended, and driven with software instead of network hardware. NSX-V uses VXLAN, while NSX-T uses GENEVE.
The term overlay makes more sense in this context as you are able to “overlay” your virtual networks on top of the physical network infrastructure by way of this network encapsulation process.
VTEP and TEP
VTEP (NSX-V) and TEP (NSX-T) are the “VXLAN Tunnel Endpoints” and “Tunnel Endpoints” that are the IP addresses on the hypervisor hosts that form the network encapsulation tunnel.
The Network Manager is the first component that you install with VMware network virtualization. It provides the management plane for your network virtualization environment as well as the API access for software interaction.
With NSX-V you connect your Network Manager appliance to vCenter Server. However, with NSX-T, you connect your manager with any number of “compute managers”, of which, vCenter Server is a possibility.
The network controller plays a special role in VMware network virtualization. It intuitively provides the control plane for the solution. It is what is responsible for your logical switch and routing.
In NSX-V, the network controller is a separate appliance outside of the Network Manager. In NSX-T there is a new combined appliance that contains both the Network Manager and Controller “roles” in one appliance. This means you have your management and control planes all in one appliance.
For high-availability you run the combined appliance in a cluster of three-nodes.
The logical switch provides the ability to have a fully functional “Layer 2” switch that can span across your virtual environment, even if these are across routed boundaries. Using network encapsulation, the “layer 2” network presents all the same features and functionality as a normal layer 2 switch.
Distributed Logical Router
The Distributed Logical Router (DLR) contains the routing control plane and distributes the data plane in kernel modules in each hypervisor host. The DLR control plane relies on the NSX Controller cluster to synchronize updates to the kernel modules contained on each ESXi host.
The NSX Edge VM provides routing services and connectivity to networks that are external to the NSX-T deployment. This component is required if you want to deploy a tier-0 router or a tier-1 router with stateful services such as network address translation (NAT), VPN, and others.
In the realm of NSX-V, the transport zone is a construct that controls which hosts a logical switch can reach. The transport zone spans beyond the vSphere cluster and can contain multiple vSphere clusters. The transport zone dictates which clusters and VMs can be connected to a logical switch.
With NSX-T, since it is not limited to vSphere, the transport zone is a container that defines the reach of transport nodes. In the NSX-T context, transport nodes are hypervisor hosts and NSX Edges that can participate in an NSX-T overlay. For hypervisor hosts, this means the host’s VMs can connect to NSX-T logical switches. For NSX Edges, this means that it will have a logical router uplink and downlink.
VMware network virtualization concepts and products includes many different pieces and parts that make the virtualization of your network possible. The above components covered are not every needed component, however, includes the major components involved.
VMware network virtualization includes two products at this point. This includes NSX-V and NSX-T. Understanding the differences can help determine which solution is best in your environment.