NSX: VMware's Network Hypervisor Explained

At VMworld 2013, VMware announced important updates to their flagship product line (see my post Top 10 Most Important Features of vSphere for more info). A major part of the VMworld keynotes were dedicated to the new VMware NSX. I didn’t cover NSX in my vSphere feature or in my vCloud editions post because NSX is not a part of either of those. So what is the new VMware NSX and how can it help you? Let’s find out.

What is VMware NSX?

Created from technologies acquired through VMware’s $1B acquisition of Niciria, VMware NSX is the “ESX for the network”, as it was described at the VMworld keynote.



While that makes NSX easily understood (because most IT people know what does ESX does) and it is where VMware wants to position NSX in the future, that analogy completely oversimplifies what NSX really is, what it does, and where it is at today.

It’s true that VMware ESX virtualizes compute resources – CPU, memory, disk and network adaptor. VMware NSX virtualizes the network offering everything in the network in it’s virtual form – virtual switch, firewall, load balancer, and more.

According to VMware, customers want the same functionality out of a network virtualization solution that they have come to expect from their server virtualization solution. Customers want the operational model of a server virtualization, but for the network. For example, VMware says that NSX should be able to do the following for the network (just as server virtualization does for the compute infrastructure):

• Decouple the network from the hardware
• Make the network elastic, allowing you to create, delete, grow, and shrink the network as needed
• Make the network transparent to applications
• Allow for programmatic monitoring
• Ensure that the virtualized network is extensible so you can add on third-party solutions as needed

Network virtualization must 1) Decouple the network from the physical hardware; 2) Reproduce the physical network, virtually, providing all the same services without the knowledge of the underlying hardware; and 3) Integrate with your cloud management application to automate network provisioning and management so that you realize those operational benefits of server virtualization within the network.

Consider This…

How much time and money could your company save if there were no delays in provisioning new network infrastructure? What if you could have all the same IP addressing on your production and development/test networks? NSX will do that and more.

As VMware continues to push the Software Defined Data Center (SDDC), they say that the network, today, continues to be a barrier as so much of the network is still tied to hardware. Network virtualization (with NSX) is the answer.

What Makes up VMware NSX?

You may think that you already have network virtualization with VMware vSphere. That is partially true. There is basic network virtualization built into vSphere. You have virtual NICs connected to virtual switches and all the VMs on a single host communicate with one another. However, that is really where the virtual networking ends.

Once your VM needs to talk to another VM, a physical server, or the Internet, the VM’s network traffic must traverse the physical network via an uplink on the host. From there, that traffic could just go to a physical switch and then to another ESXi host (Note: If you have an ESX server, it’s reaching end-of-life! Learn more) and virtual machine or it could take any number of network hops around the world to talk to a virtualized VM running as a web server, let’s say, a datacenter on the opposite side of the globe.

Where that network traffic goes is determined by the physical switches, physical routers, and physical firewalls – all “hardware defined”. In short, VMware aims to take control of the network and change it from being “hardware defined” to “software defined” with NSX.

VMware NSX is made up of the following:

• Layer 2 virtual switch with flow-based marking, QoS, ACLs, and more
• Layer 3 Router that is designed to do both east/west and north/south routing
• Distributed firewall that sits closest to the application and runs inside the VMware Kernel
• Load balancer that provides application load balancing in software
• VPN server provides site to site VPN and remote access
• NSX API is a RESTful API that integrates into a number of different cloud management platforms
• Partner ecosystem with additional solutions that integrate into NSX

Get the NSX datasheet here.

NSX works with your existing physical network infrastructure so there is no need to purchase new network hardware. Just as your virtual machines run on top of your vSphere hypervisor, your virtual networks (containing all the functionality above) run on top of your VMware NSX network hypervisor.

NSX is compatible with VMware vSphere, KVM, and Xen as well as OpenStack, CloudStack, and VMware vCloud Automation Center (vCAC) with vCloud Director (vCD).

How does VMware NSX Work?

At this point, you may be wondering how NSX is able to do all that it claims to do. Here’s a look at the NSX architecture:

NSX works by encapsulating the traffic that would normally be sent to the physical switches and routers inside an encapsulation protocol (like STT, VXLAN, and GRE). By doing this, the physical network hardware is compatible and doesn’t have to know anything about the network virtualization that is happening inside.

It’s the NSX gateway that connects the virtual network to the physical network but each hypervisor is running a special VMware NSX virtual switch and NSX controllers (which are virtual appliances) serve as the management plane, controlling it all.

While NSX supports multiple hypervisors and cloud management platforms, here’s what it would look like with vSphere and vCAC/VCD:

Latest News on VMware NSX

At this point, you may be saying “that all sounds great, how do I get started?” As the time that I am writing this blog post, VMware NSX recently has been introduced to the world. Today, it is in use at a handful of very large companies like NTT, eBay, and Paypal. NSX is expected to become generally available (GA) toward the end of 2013. At this point, no pricing or packaging information has been released.

Additional resources about VMware NSX are available on the VMware NSX product page, on this VMware NSX blog post, and in the following VMworld 2013 session recordings, available on YouTube:

• VMworld 2013: Session NET5847- NSX: Introducing the World to VMware NSX
• Interview with Bruce Davie at VMware NSX at VMworld 2013
• VMware’s Approach to SDN by Brad Hedlund
• Scott Lowe, VCDX, interviewed about VMware NSX at Indy VMUG 2013
• VMware Partners Talk about their NSX Integrated Solutions

Editor’s Note:  This article here first appeared on the Softchoice blog and is republished here with their permission.