说明tech summit-网络虚拟化

1、从服务器虚拟化到网络虚拟化卢建军 “我”的数据中心和AWS的对比CONFIDENTIAL2我的数据中心AWSVS第一回合硬件环境CONFIDENTIAL3我的数据中心AWSVS高配4路服务器Intel最新CPU万兆冗余网络FC光纤存储定制化单CPU服务器上一代CPU千兆网络本地存储或iSCSI存储第二回合服务器虚拟化软件CONFIDENTIAL4我的数据中心AWSVSvSphere企业增强版功能众多性能稳定原厂技术支持EC2：自己定制的开源软件功能有限性能无法保障不断的打补丁升级维护第三回合network service provisioningCONFIDENTIAL5我的数据中心AWSVS

2、人工配制的物理LB命令行配制的交换机虚拟机绑定于VLANELBSGElastic IP address结论AWS是SDDC我的数据中心差一步就是SDDC差了什么呢？CONFIDENTIAL6Intelligence in SoftwareHardware IndependentAutomated Configuration & Management什么是Software Defined Data Center (SDDC)?Intelligence in ASICsDedicated, Vendor Specific HardwareManual Configuration & Managem

3、entSoftwareHardware什么是Software Defined Data Center (SDDC)?SoftwareHardwareVirtualMachinesVirtualNetworksVirtualStorageComputeCapacityNetwork CapacityStorageCapacityApplicationsLocation IndependenceApplication ConsumptionDesktopInternetVirtual DesktopLaptopTabletMobile12345网络虚拟化是SDDC缺失的一环Virtual Mach

4、ineData Center Network Operational Model Decouple from hardwareCreate, Delete, Grow, ShrinkTransparent to applicationProgrammatic MonitoringExtensible?Can we run Networks like VMs 什么是网络虚拟化？10从已知到未知的最有效途径CONFIDENTIAL11已知未知类比服务器虚拟化网络虚拟化服务器虚拟化的核心是CONFIDENTIAL12解耦合！解耦合CONFIDENTIAL13服务器虚拟化网络虚拟化类比解除了OS与物理

5、服务器的绑定解除了IP与物理交换机的绑定vMotion？服务器虚拟化对物理设备的要求是CONFIDENTIAL14任何x86服务器！对设备的要求CONFIDENTIAL15服务器虚拟化网络虚拟化类比任何的x86服务器任何的网络设备服务器虚拟化的实施步骤是CONFIDENTIAL16循序渐进！如何部署实施CONFIDENTIAL17服务器虚拟化网络虚拟化类比一台一台地迁移一台一台地虚拟化网络数据中心的现有网络架构InternetExisting Physical Network计算资源InternetExisting Physical Network虚拟化之后InternetExisting P

6、hysical Network网络虚拟化和SDNInternetNSXExisting Physical Network虚拟网络NSX vSwitchHypervisorExisting Physical NetworkVirtual NetworkNSX vSwitchHypervisorVMUser SpaceVMVM虚拟网络NSX vSwitchHypervisorExisting Physical NetworkVirtual NetworkNSX vSwitchHypervisorVMUser SpaceVMVM不间断地部署NSX vSwitchHypervisorVMVMExist

7、ing Physical NetworkVirtual NetworkNSX vSwitchHypervisorVMUser SpaceVMVM动态提供NSX vSwitchHypervisorVMVMVMExisting Physical NetworkVirtual NetworkCloud Mgt PlatformNSX vSwitchHypervisorVMUser SpaceVMVMCluster ControllerDistributedNetwork ServicesDistributedNetwork Services底层物理网络连接Physical HostNSX vSwit

8、chVMVMVMNSX vSwitchVMUser SpaceVMVMHypervisorUser SpaceHypervisorExisting Physical NetworkVirtual NetworkCluster ControllerCloud Mgt PlatformSimplified IP Backplane No VLANs, No ACLs, No Firewall Rules与物理机的连接VLANPhysical HostNSX vSwitchVMVMVMNSX vSwitchVMUser SpaceVMVMHypervisorUser SpaceHypervisorV

9、irtual NetworkPhysical WorkloadL2 Bridging Service VM, ToR,x86 ApplianceCluster Controller网络虚拟化带来的路径优化网络虚拟化带来的路径优化 防火墙网络虚拟化带来更好地安全30Virtual Networks are isolated from each other(Overlapping IP Addresses)Virtual Networks are isolated from underlyingphysical network (IPv6 over IPv4)完全隔离HypervisorPhysi

10、cal HostNSX vSwitchVMVMVMHypervisorPhysical HostNSX vSwitchVMVMVMVirtual NetworkVirtual Network192.168.2.20192.168.2.20192.168.2.10192.168.2.102607:f0d0:1002:51:42607:f0d0:1002:51:7IPv6IPv4分布式虚拟防火墙InternetHypervisorPhysical HostVMVMVMvSwitchHypervisorPhysical HostvSwitchVMVMVMSecurity PolicySecurity

11、 Policy- Reduce Choke Point Security- Centrally Define Policies, Distribute Rule Enforcement for Segmentation- Security Policies Move with VMs- Changes to central policies automatically distributed to affected VMs如何部署33如何部署34Compute1Leverage existing Network InfrastructureAny Network VendorAny Netwo

12、rk TopologyIP Packet Forwarding Fabric如何部署35Compute12Leverage existing Network InfrastructureDeploy VMware NSXNSXEdgeNSXMgmtVirtual InfrastructureNSX Infrastructure如何部署CONFIDENTIAL36Compute12Leverage existing Network InfrastructureDeploy VMware NSXNSX Mgmt & Edge ServicesNSXEdgeNSXMgmtVirtual Infras

13、tructureNSX Infrastructure3Consumption ofApplicationsCMP PortalSelf-ServiceProgrammaticVirtualNetwork DeploymentLogical Networks+多种网络拓扑CONFIDENTIAL37Multiple NetworksFlat NetworkAPPDATABASEWEBWEBAPPDATABASEAutomation Deploy full automation via vCAC, vCD, Openstack or any CMS加入了网络虚拟化的SDDC可以使企业像Amazon一样灵活38“Our IT needs to e more like Amazon.”“We are developing a new kind of IT service broke