VMware NSX is here and now

Previously I covered components surrounding VMWare’s NSX offering and what made up the solution. After a year since announcement and much hubbub surrounding the “network admin unicorn slayer”, VMworld Barcelona marked the GA release of NSX. After I had some time to think on it and the network industries direction as a whole there are quite a few interesting developments. I see interesting and great progression within SDDC, network programmability, and large-scale orchestration.

I am going to say it. Overlays at this point in time are a good way forward. A network built with the known goal of overlay and multi-tenancy will have a strong foundation. I have likened this previously to skyscrapers. When you build you know how high you’re going to go, expected to go and the foundations are set accordingly. If you don’t plan for it then you will undoubtedly run into issues.

With NSX the development of the next generation Service Orientated architecture (SOA) can be realised. Through removing the human element of delivery in turn configuration is optimized. In a NSX SOA there is a higher ability to steer traffic and control the flow of communication. No longer does this require invoking the dark warlock arts. On traffic steering and optimizing the human element, which is being slowly repurposed, is now channeled into developing Application Blueprints, Templates and delivering business opportunity.

What makes me happy is now the VMware vCloud Networking & Security product suite is now the first and last hop in Data Centre communications. The vSwitch is growing up and playing a bigger role than ever. The NSX solution is analogous to MPLS or as Ivan uses in network virtualization discussions, Skype. With NSX the vSwitch with the vCloud Networking & Security product can deliver Firewalls, Routing, Distributed L2 Switching all managed by the NSX Control cluster. Using standard APIs, VMware allows third-party applications such as an IDS to communicate to the vNIC and instantiate network-level access to live data-flows.

TOR Switching hasn’t been left out. Hardware vendors delivering TOR solutions can leverage the NSX offering through being able to accommodate VTEP. VTEP, which I discussed a while back in this post, lets NSX register the TOR Switch as a L2 gateway.  Now it is possible to allow a VLAN or port to be bound and mapped to a VXLAN. This then allows upper layer services such as traditional Firewalls, Load Balancer’s, WAN accelerators and IDS/IPS to play their part. There are offerings from Juniper such as the MX family which can be NSX L2 gateways and in Q1 2014 the Q-fabric DC solution will be able to do the same.

Visibility is something that is something that you cannot have enough of. Administrators desire it and can never get quite what the want or if it is what they want it is spread across disparate systems. With NSX the information is in one place. The health of physical and virtual networks, the flow data, meta data, and x86 resource utilization is unparalleled. Speaking of x86, what I find impressive is the theoretical throughput of software switching and network assets. Current Intel architectures allow for 10Gb/s per core. Road maps for Intel’s CPU models project rather stable and deterministic increases that seem to align to demand. As each tick and tock of CPU models, Nehalem through to Sandy Bridge to Haswell, die sizes decrease and cores increase. This will have a profound impact on forwarding throughput.

Now coming back to reality – NSX is here. NSX is available* now for use. The ability to deliver standardized services efficiently, remove human inconsistency, and decrease time to market for Service Orientated Architectures offerings. This is just one overlay solution in a field that has many good players. As the hype around NSX eases off and competitors respond, we may see partnerships form or NSX becoming the SDN BORG CUBE.

[*] – rumours around licensing allude to per VM model with prices starting at 500 VMs. You must contact sales to get any more information and I believe this is enters NDA territory. Simply put this is targeted at one market only – cloud providers.  Note that information in this footnote is based on snippets from VMworld.