Feeds

VMware NSX mashes up Nicira and homegrown network virt

Virtualizing entire data centers, including admins for systems and networks

Maximizing your infrastructure through virtualization

Having let go of its aspirations to be a player higher up in the systems stack – now that application frameworks, caching software, and other elements of the business have been shuffled off to the new Pivotal group established by parent EMC – VMware is doubling down in the virtualization business, and its top brass were banging the software-defined data center (SDDC) drum pretty loudly down at its analyst meeting on Wall Street this morning. They also talked a bit about what VMware is going to do with network virtualizer Nicira, which it bought last summer for a whopping $1.26bn.

You wouldn't normally expect a lot of news to come out a briefing with financial analysts, but EMC and VMware like to keep everyone on their toes. More importantly, VMware has been under the gun in recent months, after admitting back in December that its products are a bit jumbled up, and then in January that it needed to layoff about 7 per cent of the VMware workforce to make its profit targets.

And so, EMC and its virtualization minion decided to make a bit of news while at the same time getting Wall Street excited about VMware's and EMC's respective revenue and profit streams over the next few years.

First, as El Reg previously reported, VMware announced that it is building its own public cloud, called the vCloud Hybrid Cloud service. (Yes, that is two clouds in the name when Hybrid vCloud, or better still vCloud Public, would do.)

The VMware public cloud will roll out in the middle of this year and has been in beta testing for the past year, and is widely believed to have been developed under an effort called Project Zephyr.

The details on the vCloud Hybrid Cloud service are a bit scarce, but VMware is going to let the same 55,000 reseller channel partners who peddle VMware software licenses today push capacity on this cloud, which will be based on VMware's ESXi hypervisor and its many vCloud Suite extensions.

And, explained VMware CEO Pat Gelsinger, the same intellectual property that the company created to run its own public cloud will be made available to the 220 service provider partners who have already built clouds to support ESXi virtual machines.

How useful this will be to any of them remains to be seen, but given that they already have cloudy infrastructure and have most likely tweaked their internal control freak programs to run ESXi inside their own tools, this seems of dubious value to companies like Verizon Terremark, Savvis, and NaviSite, which no doubt have more experience running clouds than VMware will have for many years to come.

The other big news on the VMware front was something called VMware NSX, which is a mash-up of the homegrown virtual switching components of its ESXi hypervisor, known collectively as vCloud Network and Security (VCNS), and the vSwitch and OpenFlow controller it got through the Nicira deal.

The homegrown virtual switching and security software is really part of the hypervisor, no matter how VMware has pitched it as something separate. This is all golden screwdriver stuff, with the screwdriver activating or deactivating virtual switches and virtual firewalls as you pay for these features inside of ESXi.

Both Nicira and VMware had a mix of open and closed software in their stacks, and there is no reason to believe that the combined NSX product is going to be entirely open source, even if it does hook into open source controllers like OpenStack.

Block diagram of the NSX virtual networking stack from VMware

Block diagram of the NSX virtual networking stack from VMware

Back when the Nicira deal was done in July 2012, the virtual networker was still in stealth mode, but its Open vSwitch virtual switch was already integrated both with the Linux kernel and with the KVM and XenServer hypervisors, thanks to work done by Red Hat and Citrix Systems, respectively.

Open vSwitch was in the process of being integrated with Microsoft's Hyper-V hypervisor, but the virtual switch could not plug directly into VMware's ESXi hypervisor (as its native homegrown switch does), even though you could package Open vSwitch up as an ESXi appliance if you wanted to use it in conjunction with ESXi. You had to talk to it as if it was separate.

Bogomil Balkansky, senior vice president of product marketing for virtualization and cloud platforms at VMware, agreed with El Reg at the time that the simplest integration for VMware to do, conceptually, was to get Open vSwitch running natively and plugging in directly with ESXi.

Balkansky also hinted that VMware would be taking some of the vShield security software that is part of that VCNS homegrown code, which does security for VMs that are reaching up into Layers 4 through 7 in the network stack, and moving it out of the hypervisor and into the NVP OpenFlow controller.

Raghu Raghuram, executive vice president of cloud infrastructure and management at VMware, kept it at a high level for Wall Street. "The new edge of the network is virtual, and it terminates in the hypervisor, and that is pretty good for us," he explained. "We see server administration and network administration coming together over time."

Them's fighting words in a lot of data centers in the world, but convergence is a reality as much as virtualization is, and IT shops are going to have to cope.

As it turns out, NSX is a bit more ambitious than VMware was hinting, and has the goal of creating a completely virtualized networking layer, much as ESXi does a complete job of virtualizing processors and memory – and for the most part, I/O – inside physical servers. Hatem Naguib, vice president of networking and security at VMware, explained it pretty well in a blog post.

The NSX controller is presumably based on the NVP Controller that Nicira cooked up and most certainly did not open source. This is the bit of the OpenFlow setup that runs the control plane that would normally be embedded in physical switches, but has been sucked out of all of the devices and stored centrally in the controller.

This controller is just an x86 box running the Nicira (now VMware) code, and it basically has snapshots of all of the routing and forwarding tables in each switch, which you can change in the controller as necessary and then push out to the physical switches. This is all done programmatically, like starting up and shutting down VMs is done through APIs in ESXi and its vCenter Server control freak on the server-virtualization side.

The NSX controller will support any hypervisor, and will plug into VMware's vCloud cloud controller as well as the OpenStack cloud controller, which Nicira was favoring. And Open vSwitch will be sucked into the ESXi hypervisor, making it a peer with Hyper-V, KVM, and Xen.

Presumably, VMware will continue to support the Nexus 1000V virtual switch from Cisco Systems for those customers who want it, and its own vSwitch virtual switch for those who want to stick with it, but the company did not say.

Raghuram said that the VCNS approach it had been using was "just a virtual patch cable" between server virtual machines and physical switches, and that the NVS vSwitch (the "Open" part seems to have disappeared from the name) would start doing good things with the packets as they flit around between VMs.

Each hypervisor in the NSX setup will have a vSwitch with a programmable Layer 2 through 4 data plane, and the NSX controller would dynamically program IP encapsulation tunnels using its own VXLAN or the Stateless Transport Tunneling (STT) protocols; the NVGRE protocol favored by Microsoft was not discussed.

VXLAN and NVGRE are Layer 2 overlays on Layer 3 networks that, in effect, allow a virtual machine to hop out of a data center and over a router as if it were just hopping from one server rack to another through a top-of-rack switch. This sounds simple enough, but it is tricky. STT makes use of TCP segmentation offload features in network interface cards to create a quick and dirty IP tunnel between hypervisors, but it only works if you have the same NICs everywhere. VXLAN and NVGRE are supposed to be multi-vendor protocols, and they will likely become that and, if the industry has any sense, converge into a common standard.

The NSX controller that VMware has cooked up from its VCNS and Nicira raw ingredients will also be able to hook into logical or physical routers, firewalls, load balancers, virtual private network controllers, security appliances, and network monitors. The NSX controller is implemented as a cluster for both scalability and high availability reasons, and has an external management console called – you guessed it – NSX Manager.

This architecture will allow VMware to do what it has with the ESXi hypervisor and its vCenter Server console over the years. As other OpenFlow controllers flood the market, VMware will be able to cut the price on the NSX controller or give it away for free – or even perhaps open source it – while keeping the management console that allows you to get at the features to be a priced component.

The NSX virtual networking stack will launch in the second half of this year. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.