Nicira

You are currently browsing articles tagged Nicira.

Learning NVP, Part 1: High-Level Architecture

Tuesday, May 21, 2013 in Networking, Virtualization by slowe | 6 comments

This blog post kicks off a new series of posts describing my journey to become more knowledgeable about the Nicira Network Virtualization Platform (NVP). NVP is, in my opinion, an awesome platform, but there hasn’t been a great deal of information shared about the product, how it works, how you configure it, etc. That’s something I’m going to try to address in this series of posts. In this first post, I’ll start with a high-level description of the NVP architecture. Don’t worry—more in-depth information will come in future posts.

Before continuing, it might be useful to set some context around NVP and NSX. This series of posts will focus on NVP—a product that is available today and is currently in use in production. The architecture I’m describing here will also be applicable to NSX, which VMware announced in early March. Because NSX will leverage NVP’s architecture, spending some time with NVP now will pay off with NSX later. Make sense?

Let’s start with a figure. The diagram below graphically illustrates the NVP architecture at a high level:

High-level NVP architecture diagram

The key components of the NVP architecture include:

  • A scale-out controller cluster: The NVP controllers handle computing the network topology and providing configuration and flow information to create logical networks. The controllers support a scale-out model for high availability and increased scalability. The controller cluster supplies a northbound REST API that can be consumed by cloud management platforms such as OpenStack or CloudStack, or by home-grown cloud management systems.
  • A programmable virtual switch: NVP leverages Open vSwitch (OVS), an independent open source project with contributors from across the industry, to fill this role. OVS communicates with the NVP controller clusters to receive configuration and flow information.
  • Southbound communications protocols: NVP uses two open communications protocols to communicate southbound to OVS. For configuration information, NVP leverages OVSDB; for flow information, NVP uses OpenFlow. The management (OVSDB) communication between the controller cluster and OVS is encrypted using SSL.
  • Gateways: Gateways provide the “on-ramp” to enter or exit NVP logical networks. Gateways can provide either L2 gateway services (to bridge NVP logical networks onto physical networks) as well as L3 gateway services (to route between NVP logical networks and physical networks). In either case, the gateways are also built using a scale-out model that provides high availability and scalability for the L2 and L3 gateway services they host.
  • Encapsulation protocol: To provide full independence and isolation of logical networks from the underlying physical networks, NVP uses encapsulation protocols for transporting logical network traffic across physical networks. Currently, NVP supports both Generic Routing Encapsulation (GRE) and Stateless Transport Tunneling (STT), with additional encapsulation protocols planned for future releases.
  • Service nodes: To offload the handling of BUM (Broadcast, Unknown Unicast, and Multicast) traffic, NVP can optionally leverage one or more service nodes. Note that service nodes are optional; customers can choose to have BUM traffic handled locally on each hypervisor node. (Note that service nodes are not shown in the diagram above.)

Now that you have an idea of the high-level architecture, let me briefly outline how the rest of this series will be organized. The basic outline of this series will roughly correspond to how NVP would be deployed in a real-world environment.

  1. In the next post (or two), I’ll be focusing on getting the controller cluster built and diving a bit deeper into the controller cluster architecture.
  2. Once the controller cluster is up and running, I’ll take a look at getting NVP Manager up and running. NVP Manager is an application that consumes the northbound REST APIs from the controller cluster in order to view and manage NVP logical networks and NVP components. In most cases, this function is part of a cloud management platform (such as OpenStack or CloudStack), but using NVP Manager here allows me to focus on NVP instead of worrying about the details of the cloud management platform itself.
  3. The next step will be to bring hypervisor nodes into NVP. I’ll focus on using nodes running KVM, but keep in mind that Xen is also supported by NVP. If time (and resources) permit, I may try to look at bringing up Xen-based hypervisor nodes as well. Because NVP leverages OVS as the edge virtual switch, I’ll naturally be discussing some OVS-related tasks and topics as well.
  4. Following the addition of hypervisor nodes into NVP, I’ll look at creating a simple logical network, and we’ll examine how this logical network works with the underlying physical network.
  5. To add more flexibility to our logical network, we need to be able to bring physical resources into NVP logical networks. To enable that functionality, we’ll need to add gateways and gateway services to our configuration, so I’ll discuss gateways and L2 gateway services, how they work, and how we add them to an NVP configuration.
  6. The next step is to enable L3 (routing) functionality within NVP, and that is enabled by L3 gateway services. I’ll spend some time talking about the L3 gateway services, their architecture, adding them to NVP, and including L3 functionality in an NVP logical network. I’ll also explore distributed L3 routing, where the L3 routing is actually distributed across hypervisors in an NVP environment (this is a new feature just added in NVP 3.1).
  7. Now that we have both L2 and L3 gateway services in NVP, I’ll take a look at building more intricate logical networks.

Beyond that, it’s hard to say where the series will go. I’ll likely also take a look at some of NVP’s security features, and examine a few more complex NVP use cases. If there are additional topics you’d like to see beyond what I’ve outlined above, please feel free to speak up in the comments below.

I’m excited about this journey to learn NVP in more detail, and I’m looking forward to taking all of you along with me. Ready? Let’s go!

Tags: , , , , ,

Life at VMware, Two Weeks In

Monday, February 25, 2013 in General by slowe | 2 comments

Today marks my “two week anniversary” in my new role at VMware. So far, it’s been everything that I thought it would be—exciting, but also challenging.

My entire first week was taken up by new hire onboarding and some training on Nicira’s Network Virtualization Platform (NVP). I was pleased to find that the time and effort I’d spent familiarizing myself with OpenFlow and Open vSwitch (OVS) proved quite useful in hitting the ground running with NVP. There is still much to learn, naturally, but I feel like I have a good foundation upon which I can build.

I was also fortunate during my first week to have the opportunity to jump right into some important projects. Some of them I can’t discuss right now (naturally), but I can mention the joint session proposal I helped create for the April OpenStack Summit. It’s a joint presentation with VMware (me) and Canonical (James Page) talking about the improved vSphere support in OpenStack (including a demo!). Hopefully the session will get selected, but it looks like I’ll be at the OpenStack Summit in April either way. That’s pretty exciting.

I spent the majority of my second week getting settled into new procedures, new process, and new tools. It’s no secret that VMware uses Socialcast internally, and I’m still wrestling with if/how to take advantage of such a tool. Other than that, it’s just a matter of becoming familiar with the tools and where they are located.

One key takeaway so far is that I need to deepen my networking knowledge. It’s clear that I really need to dig into a few key areas, like leaf/spine and L3 ECMP network designs. I’ve already started applying some of the techniques I’ve discussed in my presentations—grammar (terminology), logic (how), rhetoric (why)—to these topics, but the real challenge is finding good information sources. I have some incredible coworkers, but I can’t rely too heavily on them; they have work to get done too. If anyone has any ideas for good resources on these topics, I’m open to any and all suggestions.

That’s it for me, two weeks into my new role at VMware. I’m looking forward to the challenges that lie ahead (there are a few big ones), but also to the opportunities (there a few big ones). Feel free to share your comments below; courteous comments are always accepted.

Tags: ,

New Year, New Challenges, New Opportunities

Friday, January 25, 2013 in General, Networking, Virtualization by slowe | 31 comments

I suppose there’s no sense in beating around the bush. As the blog post title indicates, I’m taking on a new set of challenges (and a new set of opportunities) in 2013—and the way to do that is in a new role with a new company. So, effective 2/8/2013, I am leaving EMC Corporation to join the former Nicira group at VMware, working directly for Martin Casado. I’ll be working with folks like Brad Hedlund (see his announcement here), Bruce Davie, and Teemu Koponen. I’m truly awed by the talent on this team.

My time at EMC over the last three years has been great, and my choice to leave was a difficult choice to make. The decision to leave does not reflect anything bad about EMC, but rather reflects the magnitude of the opportunities for personal and professional growth that lie ahead with VMware’s virtual networking group. There is a saying among my former team at EMC that goes like this: “Once a vSpecialist, always a vSpecialist.” I don’t agree with this statement, because it implies a sense of permanence—something those of us in IT simply can’t afford to have. You must change, you must evolve, you must become something more than what you were in the past, or you will become irrelevant. While I appreciate my time at EMC—both my time as a vSpecialist and my time within the ESG CTO’s office—the time for growth and evolution has come. This move will help me further evolve and grow. I’ve always been interested in networking, but this will be the first time it will be the primary focus for me, and I’m really looking forward to expanding my knowledge, learning new concepts and ideas, and leveraging my existing experience and expertise with virtualization in new and exciting ways.

Although there are great opportunities ahead, there are also a few challenges. I’m not relocating (I love Denver too much!), but my travel schedule will ramp up quite a bit. Travel has been down for me for the last several months (since I left the vSpecialist team), but in the new role my travel will go back up again as I’ll be meeting with the rest of the virtual networking team in Palo Alto, meeting with strategic customers and partners, supporting community events (expect to see me at VMUG events), and educating field sales resources on virtual networking and why it’s important. Undoubtedly the increased travel will have an impact on Crystal and the rest of the family, and I appreciate everyone’s thoughts and prayers as we sort that out.

One other challenge will come from a shift in “allegiance.” I experienced a similar effect when I joined EMC. When I was with ePlus (it seems so long ago!) I was able to maintain reasonably good relationships with different storage vendors as well as different networking vendors. When I joined EMC, the other storage vendors no longer wanted to work with me. I suppose I can understand that. I was able, though, to continue maintain reasonably good relationship with various networking vendors (and even a few other virtualization vendors). I suspect now, though, that my shift to VMware will alter that landscape again. I can only hope the relationships I’ve established with colleagues at “competing” organizations (real or perceived competition) aren’t negatively affected too much.

Long-time readers know that several transitions have occurred over the nearly 8 years that I’ve been writing here. As I’ve done for the last 8 years, I’ll continue to post as much useful, relevant, and interesting content here as I’m able. Will there be a shift in focus? Possibly; I can’t promise there won’t be. Still, I’ll strive to keep sharing as much as I’m able as together we grow, change, and evolve along with the IT industry. Thanks for the support, and I hope that it continues.

Courteous comments are always welcome, so if you have questions or thoughts you want to share, feel free to speak up below.

Tags: , , ,