Thursday, August 23, 2012

Nicira Network Virtualization Platform (NVP)

Yesterday, I had a short technical discussion with a Singapore-based Nicira staff member. They have a niche solution that is doing exactly what the Cisco Nexus and L2 MPLS (i.e. Ethernet over MPLS or Any Transport over MPLS) are trying to achieve: multi-tenancy Data Center Interconnect (DCI) by creating multiple layer 2 virtual networks (or pseudo-wire) across an IP network. Layer 2 networks are essential for many Data Center applications, especially Cloud Virtualization. Imagine performing server clustering, VMWare vMotion, Hyper-V Live Migration on multiple physical sites, which otherwise break by IP subnets. It should also be seriously considered as part of IT Disaster Recovery plans. As for multi-tenancy, you may have multiple network customers or tenants sharing the same underlying physical infrastructure. Each tenant should only see its respective overlay network without visibility into other virtual network - a similar concept to host virtualization and cloud computing.

How does Nicira NVP work? From what I understand in high level perspectives, a data path STT (Stateless Transport Tunneling) tunnel is established between 2 or more Open vSwitches (OVS) across an IP network. This MAC-over-IP tunnel is used to encapsulate all MAC layer traffic and transport them over an IP network, which effectively connect 2 servers (whether virtual or physical) on different sites as if they were on the same subnet or VLAN. 

As of now, the OVS can be integrated into ESX, KVM and XenServer hypervisors. There is also near-future plan for Hyper-V support (not sure if the plan would be cancelled, as Nicira is now acquired by its arch-rival VMWare). Alternatively, an ISO-based image can also be run off as a virtual or physical server as an OVS gateway connecting legacy systems to the Nicira network virtualization platform (NVP).

As for OVS management and control, the NVP Controller Cluster (housed on server clustering) is used to centrally managing and controlling all OVS along the control paths. I was told that even if there were a disconnection on the control paths, the OVS would continue to operate (even though not modifiable at this stage).


From what I observed, the new Cisco Overlay Transport Virtualization (OTV) is probably Nicira's arch-rival at this point. True enough that traditional networking MPLS and L2 pseudo-wires can be employed to perform the same tricks, they are either limited by performance, lack of MPLS aware devices or simply staff knowledge in the IP networks. Both Cisco OTV and Nicira NVP, on the other hand, can be easily established across any traditional IP-based networks.

And prices also do matter. I was told that one would need at least USD150K for a small POC setup to "try out" Nicira NVP. For the same price tag, I could also have purchased at least half-dozen of Cisco ASR1000 hardware (OTV is now supported on ASR platform from version XE3.5S onward). A princely sum that is pretty hard-to-justify for a software purchase to the management I suppose.


7 comments:

  1. I've been doing my own research on Nicira as well. What are your thoughts about Open vSwitch? (www.openvswitch.org). Is this the same as the Nicira product or something entirely different?

    ReplyDelete
  2. Not the same as Nicira. It's more like Nexus 1000 virtual switch on VMWare ESX i.e. virtual network over a cluster of hypervisor hosts.

    Nicira, on the other hand, create L2 tunnel between two NVP gateways. This effectively create a separate virtual network across a physical network i.e. virtual network over a physical network.

    To quote from openvswitch.org:
    "It is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V"

    ReplyDelete
  3. Nicira is now VMWare NSX. And their greatest competitor is still the networking giant - Cisco ACI

    http://www.networkworld.com/article/2172922/sdndn-showdown--examining-the-differences-between-/sdn/sdn-showdown--examining-the-differences-between-vmware-s-nsx-and-cisco-s-aci.html

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. The open source alternative is now Open Daylight + OpenStack Neutron. See http://thenewstack.io/opendaylight-is-one-of-the-best-controllers-for-openstack-heres-how-to-implement-it/

    ReplyDelete
  6. Juniper has VXLAN enabled VTEP switch that is compatible with VMWare NSX. See
    http://tinyurl.com/jeseqeg
    http://tinyurl.com/h4t7em6

    ReplyDelete
  7. Excellent post. I was checking constantly this blog and I am impressed! Extremely helpful info specially the last part :) I care for such information a lot. Thank you and best of luck.

    Network Virtualization

    ReplyDelete