7.21.16 VMware NSX...VXLAN VNI 1001 Existing switches New HPE VTEP Switches Unicast Layer 2/3 Underlay Network 5930 NSX Controller NSX Manager 10.10.10.146/24 10.10.10.145/24 vCenter

Welcome

Questions? Please contact [email protected] or call 972.403.8045.

The next big shift in your datacenterVMware NSX with HPE Networking

Ethan Melloul – CCIE #44000 (R/S, SP) | VCP‐DCV5Master ASE – FlexNetwork SolutionsConsulting Solutions Architect – HPN Data Center

33


What does the Data Center Network look like today and where are we headed?


Enterprises are moving to a New Style of ITNetworking innovations lay the foundation for transformation

Software-definedInfrastructure

ResilientFabric

Network Virtualization

Software-defined Networking

Social MediaBig DataCloud Mobility

ConvergedInfrastructure Cloud


The data center infrastructure trinityNetworking is frozen in time and needs to change

– Compute power shifted to virtualization years ago

– Highly scalable and programmable (orchestrated)

– “Cloud-ready” COMPUTE

– Storage shifted to virtualization years ago

– Highly scalable and programmable (orchestrated)

– “Cloud-ready”STORAGE

– Rigid and overprovisioned

– Cannot provision at the speed and scale of cloud

– “Needs transforming to be cloud-ready”

“Traditional network design practices do not adequately support the modern user. These design practices need to move beyond connecting the dots and sizing bandwidth.”

HPE Newsletter featuring Gartner Research, G00250953, 28th March 2013

http://imagesrv.gartner.com/media-products/pdf/hp_ts/hp_ts_iss1.pdfNETWORK

New Service


HPE Cloud-First Data Center PortfolioThe industry’s best field tested and tried Ethernet fabric

Modular network OS with Intelligent Resilient Fabric

1/10/40/100GbE L2/L3 and converged switches

HPE

IMC

man

agem

ent

Spine and core

HPE Comwarenetwork OS

Leaf switches

10/40/100GbE switches

HPE

Tec

hnol

ogy

Serv

ices

IMC 5900AF/CP5930 Series

7900 Series12900E Series

5950-32QSFP28


HPE Comware 7 network operating systemAdvanced, modular and resilient operating system

– Memory Isolation

– Preemptive SchedulerUnix Style

OS

– Data plane in kernel space for higher level of performance

Separation Control &

Data planes

New Set of High End features

– Upgrade (ISSU)

– Virtual Device with CPU & Memory separation

Higher availability– Complete process isolation

– Better separation control & data planes

– ISSU upgrades

Enhanced feature set– OpenFlow 1.3 and SDN

– 9 devices IRF Ethernet fabric configs

– DCB, FCoE, TRILL/SPB, EVB (VEPA)

Lower costs– No hidden licenses for advance features


HPE Intelligent Resilient Fabric (IRF)Simple, Resilient & Versatile pay-as-you-grow business model

5930

5930 5930

5930

Logical IRF view

IRF fabric Physical switches

– IRF is an innovative HPE switch virtualization technology

– Up to nine physical Comware 7 switches may be grouped into an IRF Fabric (domain)

– IRF Fabric appears as one virtual switch and is managed as a single network device using one IP address

– IRF Fabrics are created using standard 10/40GbE ports

– Members of IRF Fabric may reside in the same network layer

– All members of IRF Fabric are in active/active mode

– All members need to be from same series (5900 / 5930 / 5700)


Simplification with IRF

HPE IRF simplified

2-tier data centerTraditional

3-tier data center

HPE IRF optimized

3-tier data center

XX

XX

Higher port densities and IRF simplify DC network designs,Providing better network performance for server virtualization (vMotion)


Traditional Data Center Networks – 3 Tier Design

VM VM VM

VM VM VM

HypervisorVM VM VM

VM VM VM

Hypervisor

Bare Metal Servers

L2 Access Switches

IRF L2/L3 Core Switches

40G Link aggregation & 802.1Q trunks

WAN / Internet

L2 DMZ IRF Switches

L2 External Zone IRF Switches

Application Load Balancers

Firewalls

WAN Routers

L2 Fabric

– Considered “legacy” design

– Can pose challenges with security and more commonly spanning-tree topology problems causing network outages

– Multiple layers of complexity


DC Network Virtualization (NV) / Overlay Networking (NSX)• Simpler, faster, flexible and scalable networking• Services and zones moved to Network Virtualization solutions / Overlay networks• Supports multi-tenancy and different network variations for each tenant• Stable and error free underlay network required

VM VM VM

VM VM VM

HypervisorVM VM VM

VM VM VM

Hypervisor

WAN / Internet

WAN RoutersTenant 1 Tenant 2 Tenant X

Physical UnderlayNetwork Fabric

Virtual Overlay Networks


CLOS Fabric (Spine/Leaf Topology)– CLOS (physical) networks provide a distributed/high performance, scalable network fabric with all leaf

switch network ports having equal latency for East/West traffic

– Each leaf switch is connected to all spine switches

– Customers may choose to deploy a 2 spine fabric (2 x 40G uplinks) and expand to 4+ spines (4 x 40G uplinks or more) when they require additional bandwidth

– Choice of SPB / TRILL / L3 IP routing (OSPF/BGP) over the physical fabric and enable ECMP

Leaf Switches

SpineSwitches

Leaf Switches

4 Spine CLOS Fabric2 Spine CLOS Fabric

SpineSwitches


IRF Enhanced CLOS Fabric– Spine/Leaf IRF switches provides higher port density, LACP to the hypervisor, chassis redundancy

while still realizing the benefits of a centralized control plane and single configuration file

– Possible for customers to start small and expand desired leaf/spine switches with IRF for further growth without impacting production traffic

– Applicable to SPB / TRILL / L3 IP routing (OSPF/BGP) network fabrics

2 Spine Fabric

(IRF enhanced spine & leafswitches)

4 Spine CLOS Fabric (IRF enhanced leaf switches)

Leaf Switches

SpineSwitches

Leaf Switches

SpineSwitches


L3 Fabric– Removal of STP

– Usage of standards based routing protocol

– Shortest path routing

– Provides Equal Cost Multi Pathing (ECMP)

Servers/VMs

Default gateway for each subnet terminates at

access switch

Multiple /30 L3 subnets

L2

Routing protocol


Example Of Another Architecture - EBGP Fabric– EBGP from ToR to Leaf switches

(No IGP)

– L2 traffic terminated at ToRs

– Application level HA

– Most enterprise customers do not need this complexity

– More applicable to large scale service providers

AS 65001

Leafs

Spines

Leafs

Spines

AS 65010 AS 65020AS 6501X AS 6502X

AS 65100 AS 65101 AS 65100 AS 65101“allow-as-loop 1” on ToRs to allow routes

from another rack with the same AS#

L2 traffic ends at ToR, Only L3 above ToR

IGP (OSPF) + full Mesh IBGP required

for each AS with multiple routers


Evolving Role of the Physical Network

• From 2- or 3-tier to spine/leaf

• Density & bandwidth jump

• ECMP for layer 3 (and layer 2)

• Reduce network oversubscription

• Wire & configure once

• Uniform configurations

WAN/Internet

WAN/Internet


Closer look at features of NSX


ProvidesA Faithful Reproduction of Network & Security Services in Software

Management APIs, UI

Switching Routing

Firewalling

Load Balancing

VPN

Connectivity to Physical Networks

Policies, Groups, Tags

Data Security Activity Monitoring


Logical Firewall/Routing

• OSPF/eBGP/iBGP/IS-IS• Virtualization and identity

context firewall

Features

• Remove hairpins and bottlenecks in routing and firewalling

• Line rate performance with distributed scale out architecture

Scale & Performance

• Create on demand networks to speed up application provisioning

Use Cases

L2

L2

Tenant A

Tenant B

L2

L2

L2 Tenant C

L2

L2

L2


Logical User (SSL) and Site 2 Site (IPSec) VPNFeatures

• Interoperable IPsec tested with major vendors

• Clients on all major OS (Win, Apple, Linux)

• Remote Authentication via Active Directory, RSA Secure ID, LDAP, Radius

• TCPAcceleration• Encryption – 3DES, AES128, AES256• AESNI H/W Offload• NAT & Perimeter Firewall Traversal

Scale and Performance

• High Performance – AES-NI acceleration• 2 Gb/s throughput per tenant

Use Cases

• Cloud to Corporate• Cloud On-boarding• Remote Office/Branch Office• Remote Management

Internet/IWPSAENC

Internet/SSWLA–NVPN


Logical L2 VPN

Public Cloud

• SSL-based• Web-proxy Support• L2 Bridge to Cloud• Broadcast support

Features

• High Performance – AES-NI acceleration

• 2 Gb/s throughput per tenant

Scale & Performance

• Cloud On-boarding• Cloud Bursting

Use CasesInternet/LW2 VAPNN

L2 VPN

VM VM VM


What is VXLAN and what does it solve?


VXLAN and Overlay Networking Introduction– Virtual Extensible Local Area Network (VXLAN) is a network encapsulation mechanism first introduced in 2011

that supports up to 16 million virtual overlay tunnels over a physical layer 2/3 underlay network for L2 network connectivity and multi-tenancy

– https://tools.ietf.org/html/rfc7348 is currently stated as informational, not a standard yet– VXLAN allows traffic to be load shared across multiple equal cost paths– Supported in 5930, 7900, 12900, Distributed Cloud Networking (DCN), Helion OpenStack, VMware NSX etc– Supports both intra-DC and inter-DC deployment scenarios

– VXLAN capable device = VXLAN Tunnel End Point (VTEP)

Virtual Overlay VXLAN tunnels

Physical Underlay Network

Data Center (DC) 1

L2 or L3

Physical Underlay Network

Data Center (DC) 2

L2 or L3L3 WAN

Extended Over WAN

Intra-DC

Inter-DC


Software / Hardware VTEP Gateway

Software VTEP Gateways• Dedicated servers used to terminate

VXLAN

• Higher latency

• Lower port density

• Lower performance

VM VM VM

VM VM VM

HypervisorVM VM VM

VM VM VM

Hypervisor

Software VTEP Gateways

Bare metal servers orphysical appliances

• Used to bridge VMs to physical devices that do not support VXLAN

VM VM VM

VM VM VM

HypervisorVM VM VM

VM VM VM

Hypervisor

Hardware VTEP Gateways

Bare metal servers orphysical appliances

Hardware VTEP Gateways• Switches used to terminate VXLAN

• Lower latency

• Higher port density

• Higher performance


Software Layer 2 Gateway Form Factor

– Native capability of NSX– High performance VXLAN to VLAN gateway in hypervisor kernelScale-up– x86 performance curve

– Encapsulation & encryption offloads

Scale-out as you grow– Single gateway can handle all P/V traffic

– Then additional gateways can be introduced

Flexibility & Operations– Rich set of stateful services

– Multi-tier logical routing

– Advanced monitoring

VLAN 10VLAN 20

VLAN 30


• NSX Hardware VTEP enabled physical appliance • Attach any physical services appliance• Extensible (schema-based)• Not dependent on Multicast

Overview

• NSX Hardware VTEP enabled physical appliance • Attach any physical services appliance• Extensible (schema-based)• Not dependent on Multicast

Overview

• High density of physical ports to connect physical workloads• Broad ecosystem of NSX partners (including HPE and

Cumulus), other vendors also supporting OVSDB.

Benefits

• High density of physical ports to connect physical workloads• Broad ecosystem of NSX partners (including HPE and

Cumulus), other vendors also supporting OVSDB.

Benefits

Physical Services Integration via NSX Hardware VTEPsProvide connectivity to physical workloads and services

VM1 VM2

LS – VNI 5001

VLAN 100


NSX Hardware VTEP OVSDB integration: Logical and Physical

VM1

IP NetworkNo Multicast

Physical Infrastructure

VM1 VM2

VLAN 100

Logical view

Physical view


Integrating The HPE VMware NSXv Solution Into A Brownfield Network

VM VM VM

VM VM VM

HypervisorSoftware VTEPsPhysical Servers, WAN Routers/Firewalls

VXLAN VNI 1001

Existing switches

New HPE VTEP Switches

Unicast Layer 2/3 Underlay Network

5930

NSX Controller

NSX Manager

10.10.10.146/24

10.10.10.145/24vCenter

10.10.10.113/24

OVSDB

• Used to bridge VMs to physical devices that do not support VXLAN


HPE FlexFabric Data Center Switch Portfolio


FlexFabric 12900E FlexFabric 7900

High Performance/High Density/CLOS/VoQ (High Buffers) Architecture

Switching Capacity: Up to 120 TbpsPort Density: Up to 512 @ 100 Gb/s ports

Up to 2048 @ 25 Gb/s portsFully Compatible with existing 12900 F modules

Compact Modular CoreSame Architecture as 129xx

Same Software as 129xx

Traditional L2 - Cloud centric L3 (eBGP/ECMP/BFD)Overlays/VXLAN L2 & L3 - Complex MPLS/VPLS - OpenFlow 1.3

HPE Cloud-First core switches at-a-glanceUpdated November 2015


HPE Cloud-First ToR access switches at-a-glance

Top-of Rack, Access Converged Infrastructure

FlexFabric5700

FlexFabric5900/CP

FlexFabric5930

FlexFabric5950 6127XLG Moonshot-45XGc

1/10GbE ToRLayer 2/Light Layer 3

with Data Center features (DCB, FCoE,

TRILL)

1/10GbE ToRFull Layer 3 with Data

Center Features (DCB, FCoE, TRILL, SPB)

Converged ToREthernet/FCoE/FC

(4&8 Gb/s- 5900CP)

10/40GbE ToRNative VXLAN Support

10/25/40/100GbE ToRNative VXLAN Support

HPE BladeSystemInterconnect

Comware v7 based

HPE BladeSystemInterconnect

Comware v7 based

Best in class TCOCompetes AgainstCisco Nexus 2K

High PerformanceCompetes against

Cisco Nexus 55xx/5600

High Performance / Overlay

Competes against Cisco Nexus 93xxx

High Performance / Overlay

Competes against Cisco Nexus 92xx

Feature RichCompetes against Cisco 3120x Blade

Switch

Feature RichCompetes against Cisco 3120x Blade

Switch

Entire stack without licensing, including

MPLS edge (SP/Telcos)

Convergence on every port with IRF

Integration with NSX and Helion as L2

VXLAN GW

No licensing, including MPLS edge

Convergence every port

VXLAN GW

Power of Comware v7 within the C7000

Power of Comware v7 within Moonshot


Data Center 25/100GNext Generation ToR Switch Series

5900 Series– 10GbE and 40GbE Series– Fixed Port– Converged Port Option

1/10GbE

5930 Series– 10GbE and 40GbE Series– Converged Port Options– 2 and 4 Slot Chassis– VXLAN

10/40GbE

5950 Series– Native 100/25GbE Switches– 4 slot chassis– VXLAN

25/50/100GbE


HPE FlexFabric 5950-32QSFP28 SwitchHigh density high density 10G/25G/40G and 100G

– Ideal Customer– Enterprise customers seeking higher performance/high density 25GbE/100GbE Top of Rack

and Spine Switch topologies. Cloud providers seeking VXLAN Overlay capabilities in hardware.

– 32 x 10/25/40/100GbE ports – Ports can be either 10/25/40 or 100G for maximum density and flexibility

– 2 x 10GbE SFP+ ports – High Density wire speed Low Latency 100G Performance– Full Comware v7 feature set– 3.2 Tbps switching capacity– 2,976 Million PPS throughput– Integrated packet buffers (9MB)– Hot swappable reversible DC airflow design, AC/DC hot swappable power options– IPv6 performance in hardware and DCB protocol support– IRF capable with 59xx devices (9 units)– Provides support for DCB/iSCSI/FCoE– Support for VXLAN, TRILL, SPB


HP 5930-32QSFP+ Series SwitchAdvanced ToR/Spine Switch with VXLAN Hardware SupportProduct Description:

40G Top of Rack/Spine Switch 32 QSFP+ ports in 1RU

Ideal Customer:Enterprise customers seeking higher performance/high density Top of Rack and Spine Switch topologies.Enterprise and Mid-Market customers seeking VXLAN and NVGRE Overlay capabilities in hardware (SW to be released late Q2CY2014, beta available now)

Customer Value and Metrics:Performance: High Density wirespeed 40G Performance (L2/L3)Flexible: Ports can be either 40G or four by 10G for maximum density and flexibilityAdvanced: Full Comware v7 feature set. In line with the rest of the Flex Fabric Portfolio

Competitive: Competes against the Nexus 9300, Dell s6000 and Arista 7250QX

Development Goals: Delivering density, performance and VXLAN

Related Services: System Level Support Experience with Proactive Care, Financial Services, HP Factory Express and Integration Service


HP 5930 Modular Series SwitchesFlexibility and PerformanceProduct Description:

New Series of advanced modular Top of Rack Switches providing 10G and 40G connectivity with advanced features such as VXLAN Overlays and Converged Ports

Ideal Customer:Enterprise customers seeking a solution that provides advanced features with maximum flexibilityMid-Market customers seeking a pay as you grow solution for ToR and Spine switching

Customer Value and Metrics:Flexible: Many module options to fit any number of requirementsAdvanced: Full Layer 2/3 Comware v7 feature set including HW/SW support for VXLAN

Competitive: Competes against the Nexus 9300 and Nexus 5600 Series

Development Goals: Delivering a flexible solution with advanced features

Related Services: System Level Support Experience with Proactive Care, Financial Services, HP Factory Express and Integration Service


HP 5930 Modular Series Switch Line Card Options24 port 10GbE SFP+ w/o PHY and 2 QSFP+ (JH180A)

24 Converged port 1/10GbE & 4/8Gbps FC SFP+ and 2 QSFP+ (JH184A)

24 port 10GbE SFP+ w/MACSec and 2 QSFP+ (JH181A)

24 port 10GBASE-T w/MACSec and 2 QSFP+ (JH182A) 6 port 40GbE QSFP+ (JH183A)


HPE-VMware NSX partnership

HPE VMware NSX OEM Network certification

Differentiated through bridging virtual/physical and SDN

One partner capable of delivering SDDC life cycle solutions

HPE branded services

Global end-to-end SDDC and virtualization lifecycle services

The Industry’s first comprehensive NSX OEM network virtualization lifecycle partnership - simplifying customer’s experience

HPE FlexFabric OVSDB certification with VMware NSX, and jointly developed NV / SDN Federation

The Industry’s most complete end-to-end services portfolio with decades of networking and VMware expertise

+


HPE and VMWare NSXBetter Together


One vendor, One ref design, One support contract for all your needs

Advise Transform Integrate Support Flex

HPE brings together decades of networking, virtualization and securityexpertise that enables the bridging of physical and virtual data center infrastructure

HPE better together – the Power of One


Thank you VMware and HPE!


Documents

7.21.16 VMware NSX...VXLAN VNI 1001 Existing switches New HPE VTEP Switches Unicast Layer 2/3 Underlay Network 5930 NSX Controller NSX Manager 10.10.10.146/24 10.10.10.145/24 vCenter