At the VMware user conference VMworld this week at the Moscone Center in San Francisco, VMware officially rolled out the early release (for testing not production) network virtualization platform VMware NSX. The product is based on the Nicira acquisition and will replace VMware’s vSwitch and the vSphere Distributed Switch (VDS). Previously, VMware took a minimalist approach to networking; with this announcement switching and routing are now built into the hypervisors themselves. Also new, real touch points back to the physical network have been added through the NSX Controller to agents running on Arista, Brocade, Cumulus, Dell, HP and Juniper network devices. Also included are translational bridging between logical overlays and VLANs. A stateful firewall is also built into the hypervisor. Distributed firewall capability enables stateful, logical insertion of third party solutions from F5, McAfee, Palo Alto Networks, Symantec and Trend Micro. The NSX Edge Services router provides access to other critical network services in the datacenter such as perimeter routing (BGP, OSPF, IS-IS), firewalls, user & site VPNs, elastic load balancers and DNS/DHCP/IP services.
VMware’s message is clear: we are going to do network virtualization the right way, our way. It is interesting to note that when VMware is speaking of NSX it is all about the software defined datacenter (SDDC), but no references to SDN. It would appear to be intentional with VMware drawing a very strong distinction between what they are doing and the day-to-day protestations around SDN and all its variants – and particularly the camp centered upon OpenFlow. SDN is a battle for others to fight, because OpenFlow SDN implies some degree or a great degree of rip and replace. VMware NSX is an overlay that can be dropped into your existing infrastructure. VMware is all about bringing other components of the IT infrastructure into the virtualization fold. NSX is new and different and it has teeth. Previously VMware lacked true routing and switching capabilities and all that changes with NXS. Even more important is the addition of the controller and the agents that provide direct connectivity with a number of equipment vendors, with Cisco perhaps being the only consequential absence.
On the load balancing/ADC front, Citrix and F5 have signed on to deliver solutions to support NSX and provider tighter integration. Citrix plans to introduce NetScaler Control Center integration with VMware NSX later in the year. This solution ties into the Citrix datacenter stack of choice, Apache CloudStack, and the Citrix Cloud Platform. The F5 announcement looks to provide an API-based integration solution leveraging VMware vApp and F5 iApp. There will also be bi-directional collaboration between vShield Manager and the F5 management solutions.
These partnerships with network equipment and ADC vendors are just a tip of the iceberg of the new VMware NSX Partner Program. There are other well known network equipment vendors such as Riverbed signing up to embed WAN Optimization into a future release of NSX, along with vendors from other IT disciplines such as security taking the pledge. So often, when vendors roll out new platforms, it is devoid of the critical vendor partnerships that will give it the legs it needs to stand on. This is not the case here.
To be clear there is nothing here that is production ready. NSX is not yet GA. This is an early release – the VMware version of a pajama party for its more progressive and eager customers who want to go out and kick the proverbial tires. Has VMware solved all the problems of network virtualization? Does this replace the underlying physical infrastructure? Absolutely not. Management tools, while often mentioned, still remains largely a missing piece of the puzzle. When the virtual network component fails or slows down how do you troubleshoot this new overlay network? That question still remains unanswered. It would be nice to see some network monitoring vendors on that list of NSX partners. So there are holes in the story, however, VMware has painted a very compelling story for an overlay network approach to network virtualization and perhaps most importantly have changed the game in terms of what is embedded in a hypervisor from a networking perspective. I love a good fight and this is looking to shape up to be a doozy.