VMware NSX and Nutanix: build a fully software-defined data center (Software-Defined Datacenter)
The combination of VMware NSX for vSphere and the Nutanix Xtreme Computing Platform (XCP) made the creation of fully software-defined data centers (Datacenters) a reality. XCP allows administrators to build a virtualization infrastructure free from the limitations of traditional architectures.
VMware NSX and Nutanix XCP, a comprehensive solution, guarantees virtual machines access to fast local subsystems — computing and storage — and provides a flexible and secure network infrastructure without the limitations of physical components.
In order to test the possibility of transparent and stable operation of VMware NSX for vSphere in its cluster, Nutanix tested 2 main scenarios for using this system. In the first variant, the Nutanix Controller VM (CVM) management virtual machine was connected to the VLAN in the traditional network, and the working virtual machines were located in the NSX virtual networks. In the second scenario, both working virtual machines and CVM were connected to the NSX virtual network segments. Connecting the CVM to the NSX network complicates the overall configuration and setup of the system, but allows you to use the isolation and microsegmentation functions for the Nutanix cluster.
')
Uses and Benefits
Before delving into the analysis of these scenarios, let's look at the most typical example of using the NSX, given in the VMware NSX design guide . We will check out several advantages that use of software-defined networks gives. The figure shows 3 different segments with virtual machines: a web services segment, an application segment, and a database segment. The traffic of these virtual machines is handled by three different virtual networks based on VXLAN (VNI 5001-5003).
Thanks to packet encapsulation in VXLAN, each virtual network segment is in no way connected to the physical network infrastructure. The distributed logical router (DLR), operating at the kernel level of each hypervisor, combines the specified virtual network segments at the 3rd level without forwarding packets to the physical router. Routing is done right in the core of the hypervisor. Moreover, the distributed firewall (DFW) enforces security policies at the network adapters level of the virtual machines, regardless of the presence and location of physical firewalls on the network.
The distributed router and firewall (DFW and DLR) operate at the level of each hypervisor in the cluster. Due to the fact that these are distributed components, traffic routing and filtering are performed right where the virtual machines operate, regardless of the underlying network infrastructure. There are only two requirements for the physical network infrastructure - communication between hypervisors and support for large network frames (jumbo frames).
The lack of binding of a virtual machine to the topology of a physical network means that its addressing and management will not affect the network configuration. Isolated network “islands” can be created inside virtual network segments, which can be quickly copied and transferred, for example, to the cloud. One use case is to create a copy of the infrastructure instance (network segment and virtual machines) for developers, the second example is to restore a complete copy of a working project from an archive copy for verification, without worrying that it will affect workflows and lead to an IP conflict. addresses.
Scenario 1 - NSX is used only for working virtual machines.
The recommended NSX configuration for Nutanix is ​​to use isolated NSX virtual subnets for groups of user VMs, for example, for web services, applications, and DBMSs, while the Nutanix management virtual machine (CVM) is connected to a regular port-group on a distributed switch. This greatly simplifies the configuration of the entire complex.
In the example below, the storage subsystem traffic is transferred between nodes (hosts) via VLAN 101, and the traffic of the working virtual machines encapsulated in the VXLAN is transmitted through VLAN 401.
Scenario 2 - NSX is used for both workload and Nutanix CVM.
In the alternative shown below, both working virtual machines and Nutanix CVM are connected to the NSX network. Communication between CVMs on different nodes of the Nutanix cluster is provided on virtual network 5000. The addressing of virtual adapters for management and VXLAN, in the example, illustrates the situation when two cluster nodes are located in different server racks separated by a router (at level 3). Encapsulating packets in VXLAN overcomes this limitation.
While this scenario is a bit more complicated than the previous one, it allows you to take advantage of the NSX advantages of microsegmentation and isolation for Nutanix CVM. You can isolate the CVM and the storage network in one virtual segment, which, in turn, is distributed across multiple L3 physical subnets.
It is important to note that recommendations for building a leaf-spine topology remain true for the physical nodes of Nutanix. Addressing between ESXi hosts in different racks can be organized at 3rd level (L3), but the network connections between the Nutanix nodes must meet the bandwidth and latency requirements.
Conclusion
Using VMware NSX with Nutanix gives system administrators the ability to build powerful and flexible solutions that are free from the limitations of traditional physical infrastructures. The Nutanix Xtreme Computing Platform (XCP) provides computing resources and a storage subsystem, while the NSX creates a virtual network infrastructure that is not tied to physical network components. Nutanix verified that both of these components are successfully integrated with each other, resulting in all the benefits provided by software-defined data centers, including logical separation of storage infrastructure, isolation of virtual networks, security policies that are moved with virtual machines, and automation of workflows.
Nutanix with VMware NSX allows administrators to focus on building scalable applications, because no matter where the virtual machine is running, it will always have access to the necessary resources. A stable and reliable physical infrastructure provides the foundation for a flexible and convenient virtual network, always ready for expansion if necessary.
By Jason Burns, Senior Solutions & Performance Engineer at Nutanix
Translation: Sergey Tarasevich, Trinity Systems Engineer
Original article: next.nutanix.com/t5/Nutanix-Connect-Blog/VMware-NSX-on-Nutanix-Build-a-Software-Defined-Datacenter/ba-p/7590
Trinity engineers will be happy to advise you on server virtualization, storage systems, workstations, applications, networks. Order a consultation.
VMware NSX and Nutanix XCP, a comprehensive solution, guarantees virtual machines access to fast local subsystems — computing and storage — and provides a flexible and secure network infrastructure without the limitations of physical components.
In order to test the possibility of transparent and stable operation of VMware NSX for vSphere in its cluster, Nutanix tested 2 main scenarios for using this system. In the first variant, the Nutanix Controller VM (CVM) management virtual machine was connected to the VLAN in the traditional network, and the working virtual machines were located in the NSX virtual networks. In the second scenario, both working virtual machines and CVM were connected to the NSX virtual network segments. Connecting the CVM to the NSX network complicates the overall configuration and setup of the system, but allows you to use the isolation and microsegmentation functions for the Nutanix cluster.
')
Uses and Benefits
Before delving into the analysis of these scenarios, let's look at the most typical example of using the NSX, given in the VMware NSX design guide . We will check out several advantages that use of software-defined networks gives. The figure shows 3 different segments with virtual machines: a web services segment, an application segment, and a database segment. The traffic of these virtual machines is handled by three different virtual networks based on VXLAN (VNI 5001-5003).
Thanks to packet encapsulation in VXLAN, each virtual network segment is in no way connected to the physical network infrastructure. The distributed logical router (DLR), operating at the kernel level of each hypervisor, combines the specified virtual network segments at the 3rd level without forwarding packets to the physical router. Routing is done right in the core of the hypervisor. Moreover, the distributed firewall (DFW) enforces security policies at the network adapters level of the virtual machines, regardless of the presence and location of physical firewalls on the network.
The distributed router and firewall (DFW and DLR) operate at the level of each hypervisor in the cluster. Due to the fact that these are distributed components, traffic routing and filtering are performed right where the virtual machines operate, regardless of the underlying network infrastructure. There are only two requirements for the physical network infrastructure - communication between hypervisors and support for large network frames (jumbo frames).
The lack of binding of a virtual machine to the topology of a physical network means that its addressing and management will not affect the network configuration. Isolated network “islands” can be created inside virtual network segments, which can be quickly copied and transferred, for example, to the cloud. One use case is to create a copy of the infrastructure instance (network segment and virtual machines) for developers, the second example is to restore a complete copy of a working project from an archive copy for verification, without worrying that it will affect workflows and lead to an IP conflict. addresses.
Scenario 1 - NSX is used only for working virtual machines.
The recommended NSX configuration for Nutanix is ​​to use isolated NSX virtual subnets for groups of user VMs, for example, for web services, applications, and DBMSs, while the Nutanix management virtual machine (CVM) is connected to a regular port-group on a distributed switch. This greatly simplifies the configuration of the entire complex.
In the example below, the storage subsystem traffic is transferred between nodes (hosts) via VLAN 101, and the traffic of the working virtual machines encapsulated in the VXLAN is transmitted through VLAN 401.
Scenario 2 - NSX is used for both workload and Nutanix CVM.
In the alternative shown below, both working virtual machines and Nutanix CVM are connected to the NSX network. Communication between CVMs on different nodes of the Nutanix cluster is provided on virtual network 5000. The addressing of virtual adapters for management and VXLAN, in the example, illustrates the situation when two cluster nodes are located in different server racks separated by a router (at level 3). Encapsulating packets in VXLAN overcomes this limitation.
While this scenario is a bit more complicated than the previous one, it allows you to take advantage of the NSX advantages of microsegmentation and isolation for Nutanix CVM. You can isolate the CVM and the storage network in one virtual segment, which, in turn, is distributed across multiple L3 physical subnets.
It is important to note that recommendations for building a leaf-spine topology remain true for the physical nodes of Nutanix. Addressing between ESXi hosts in different racks can be organized at 3rd level (L3), but the network connections between the Nutanix nodes must meet the bandwidth and latency requirements.
Conclusion
Using VMware NSX with Nutanix gives system administrators the ability to build powerful and flexible solutions that are free from the limitations of traditional physical infrastructures. The Nutanix Xtreme Computing Platform (XCP) provides computing resources and a storage subsystem, while the NSX creates a virtual network infrastructure that is not tied to physical network components. Nutanix verified that both of these components are successfully integrated with each other, resulting in all the benefits provided by software-defined data centers, including logical separation of storage infrastructure, isolation of virtual networks, security policies that are moved with virtual machines, and automation of workflows.
Nutanix with VMware NSX allows administrators to focus on building scalable applications, because no matter where the virtual machine is running, it will always have access to the necessary resources. A stable and reliable physical infrastructure provides the foundation for a flexible and convenient virtual network, always ready for expansion if necessary.
By Jason Burns, Senior Solutions & Performance Engineer at Nutanix
Translation: Sergey Tarasevich, Trinity Systems Engineer
Original article: next.nutanix.com/t5/Nutanix-Connect-Blog/VMware-NSX-on-Nutanix-Build-a-Software-Defined-Datacenter/ba-p/7590
Trinity engineers will be happy to advise you on server virtualization, storage systems, workstations, applications, networks. Order a consultation.
Source: https://habr.com/ru/post/278261/
All Articles