VMware Brings NSX’s Network Virtualization into the Physical World

VMware NSX Network Virtualization

VMware is detailing more about its NSX network virtualization platform on Monday by fleshing out the description of its capabilities and introducing a host of hardware partners tapping into the platform.

Central to the announcement, likely the centerpiece of Monday’s VMworld opening keynotes, is the ability to configure physical and virtual switch ports at the same time. As VMware had hinted earlier in August, that trick is enabled through the NSX’s use of VXLAN for creating overlay tunnels, and by switches that likewise support VXLAN.

NSX was announced in the spring as the combination of technologies from Nicira (the NVP platform) and VMware (vCloud Network and Security). It’s a key element to VMware’s strategy for software-defined networking (SDN) and the software-defined data center (SDDC), two subjects likely to come up more than a few times during CEO Pat Gelsinger’s keynote.

NSX Reaches Layers 2-7

But the company is using neither term to describe NSX, instead stressing it as a platform for network virtualization for Layers 2-7 — meaning it goes beyond routing and switching overlays to provide logical firewalls, load balancers, and VPNs.

In fact, one part of the announcement that Martin Casado, VMware’s chief network architect, emphasized in talking to SDNCentral was the ability to do a network-wide, distributed firewall, running in the NSX’s Linux kernel. This wouldn’t be a product to compete with commercial firewalls, which examine traffic packet-by-packet. Rather, it would be operate at the flow level.

Such a thing would be useful for, say, an enterprise that’s moved all of its functions into the data center, Casado said. Certain people might not be allowed to access certain applications or databases — hence the need for an intra-data-center firewall.

Consistent with March’s announcement, VMware is saying NSX will reach general availability in the fourth quarter.

VMware is also announcing some early users for NSX: CITI, eBay, GE, and WestJet, all apparently slated to talk during Monday’s opening keynote.

Hardware Partners Crowd Around NSX

This NSX coming-out party will be supported by more than 20 partners — including at least four switch vendors announcing ways they can support the mixed physical/virtual environments that NSX now allows. The vendors stressed that they’ll work with other SDN and virtualization environements too — specifically, it seems certain they’ll all support Microsoft‘s NVGRE as well as VMware’s VXLAN.

That’s partly out of pragmatism, but also because the switch chip they’re most likely using, the Trident II from Broadcom, supports those multiple environments.

Each vendor we spoke to seemed to have a spin on why it’s working with NSX in a “unique” way. The main thing is the integration of the hardware-switch and NSX environments: Each switch’s software becomes a gateway between the physical and virtual sides, so that ports on either side can be configured by the management software on either side. And NSX’s tunnels can now connect a physical port to a virtual port.

How that gets described depends on the vendor. Here’s a sampling.

1. Arista, rather than announcing a new switch, is announcing OpenWorkload, an application for the Extensible Operating System (EOS) that runs on every Arista switch.

Other new EOS applications being announced include:

  • pathTracer, a probe that lets Arista actively monitor network connections for congestion or latency. “If I had my way, it would be software you could run on your servers too, but that’s still open for debate,” says Mark Berly, EOS product manager.
  • Network Telementry, which streams network-state data to applications from the likes of ExtraHop or Splunk.
  • Smart System Upgrade, which allows for network elements to be added to (or subtracted from) the network without disrupting services.

2. Dell is adding VXLAN support and NSX integration by introducing a high-end top-of-rack switch, the S6000, due to ship by the end of September. The advantage Dell is claiming is its presence in the storage and server businesses, which allow it to take the visibility of physical/virtual networks “beyond the switch,” says Arpit Joshipura, vice president of marketing for Dell’s networking products.

3. HP is federating its SDN controller with NSX’s — which sounds a lot like what the others are doing, but HP insists it’s a step deeper. With this announcement, HP is focusing on orchestrating the controllers together, as opposed to allowing a controller to reach southbound to manipulate physical and virtual ports together.

That said, HP switches’s software will include the ability to view the physical and virtual networks together. The feature is called ConvergedControl, and it’s due to come out in the second half of 2014.

HP is also introducing a new top-of-rack switch with VXLAN support built in. Called the HP 5930, it’s due to ship in December.

4. Juniper will add VXLAN routing support to the MX line of routers and the EX9200 switch in mid-2014. Being a security company as well, Juniper will also extend NSX integration to its security appliances at an unspecified date.

5. Just to show that switches aren’t having all the fun, Citrix is announcing integration of its Netscaler product line with NSX, meaning NSX (or a competing virtual environment) will be able to call up Netscaler instances. The capability will be previewed later this quarter, but Citrix isn’t committing to a launch date yet.

It’s All in the Chips

One wrinkle here is the availability of Trident II chips — the devices that are probably at the heart of all this VXLAN support.

Announced at VMworld a year ago, the Trident II was supposed to ship in volume at the end of 2012. But full production shipments still haven’t started, and Broadcom officials told press at the end of July that the date is still “a few months” away, said Executive Vice President Rajiv Ramaswami.

The chip is available in what Broadcom officials call “very large scale sampling,” meaning there’s at least one customer that is building production systems with the chip, Ramaswami said. So, it seems someone out there is getting their fill of Trident IIs. (Arista seems like a good guess.)


  1. Craig Matsumoto says

    So, what’s this mean for the VMware/Cisco relationship?

    More generally — everybody’s friends today, but as VMware’s networking story strengthens, I wonder how threatened the hardware vendors start to feel. They all claim they’re becoming software players anyway, and there’s truth to that, but Cisco, Juniper & Alcatel all still rely on the power of hardware: ASICs.

    For now, you could interpret NSX as working with that power rather than counter to that. Not sure how sustainable that relationship is, though.

  2. Simon Dredge says

    Looks like some proprietary plusses but, looking purely at the networking aspects, there appears to be a lot of inherent overlay complexities compared to a pure L3 solution, like Project Calico promotes – an architecture which was lauded by many in the Mesos community a few weeks back. #WillitScale?

Leave a Reply