VMware introduced a new milestone on its roadmap toward a software-defined data center with today's announcement of VMware NSX, a forthcoming software package that combines its vCloud Network and Security product with Nicira's NVP. VMware acquired Nicira in July 2012 for more than $1 billion.
VMware NSX, which the company says will be available in the second half of this year, will create a network virtualization layer to run over an enterprise's physical data center network. The goal of network virtualization is to bring new levels of automation to network configuration, which will speed deployment of new applications. Network virtualization also enables the creation of programmatic interfaces that let third-party applications and services easily hook into the network.
As Hatem Naguib, VMware's VP of networking and security, wrote in a blog post, "With network virtualization, each application's virtual network and security topology is equally mobile and in lock-step with the fluid virtual compute layer, automated with APIs, and decoupled from custom/proprietary hardware."
VMware's vision of network virtualization emphasizes the virtual switches that reside within a hypervisor. "The right place to implement virtualization is the last hop," said Martin Casado, Nicira's founder and now VMware's Chief Architect of Network, in an interview with Network Computing. "In virtualized environments, the last piece of network intelligence is the vSwitch. That's where we choose to implement network virtualization."
VMware creates tunnels between virtual switches by using encapsulation protocols. Casado says VMware will support multiple encapsulation protocols, including VXLAN (an IETF draft protocol that has backing from Cisco Systems and VMware, among others) and Stateless Transport Tunneling (STT), which was developed by Nicira.
VMware NSX will include a controller cluster, which is software that runs on x86 servers. The controller cluster maintains the virtual network topography, and will configure the vswitches to get application traffic to the correct destination. Naguib notes that the controller is out of band, so it doesn't have to touch packets. The controller cluster will also have APIs to support OpenStack Quantum and vCloud.
Said Casado, "For network virtualization, we do want a northbound API. And that's Quantum. The Quantum API is a great northbound API." He noted that VMware and Nicira have both put significant development effort into the Quantum project.
[ Join us at Interop Las Vegas for access to 125+ IT sessions and 300+ exhibiting companies. Register today! ]
The use of a centralized controller is common in other network virtualization schemes, including Cisco's ONE initiative, and from startups such as Big Switch Networks.
VMware NSX will also include other components, including gateway services that allow the virtual network to interface with non-virtual hosts. "NSX offers L2 Gateway services where HA pairs of dedicated L2 Gateway nodes, or partner Top of Rack switches, can bridge between NSX virtual networks and VLANs on a physical network," wrote Naguib. "L2 Gateway services can also be placed at remote sites, bridging a remote VLAN to an NSX virtual network, for migrating workloads to and from the cloud data center."
VMware NSX will also include NSX Manager, a management GUI that provides an interface into the controller. Naguib says network administrators will use the manager to view the connectivity status of virtual network elements, review logs, and troubleshoot the system.