Running VMware NSX on a Cisco ACI Fabric

No video

Running VMware NSX on a Cisco ACI Fabric

Рет қаралды 39,002

Күн бұрын

In this video you will see how you can run NSX on top of ACI underlay fabric. NSX is underlay agnostic and customers have asked us how to get all the benefits of NSX while leveraging their existing ACI underlay. You will see how NSX simplifies your underlay configuration while giving you the full benefits of network virtualization. This video also shows you how to have L2/L3 connectivity between physical and virtual workloads across your application tier.

Пікірлер: 62

@MrTaliz 7 жыл бұрын

Good explanation. Even myself who is not a network expert, but a simple VMware admin, understands this!

@quasijones 6 жыл бұрын

Great video, very clear and concise explanations. I will be, sharing this with my partners!

@CompGeek007 6 жыл бұрын

Right on the money. Beautifully done. Two thumbs up!!

@nilesh74in 3 жыл бұрын

Great instructor, nice video, excellent communication and presentation

@johnt3933 7 жыл бұрын

very well explained, thank you for taking the time!

@rupvan 6 жыл бұрын

Awesome video. clear explanation .good Work

@mayanknauni 7 жыл бұрын

Awesome Naman

@MojTabaQi 6 жыл бұрын

Good work;

@vrushalikatote8452 2 жыл бұрын

So impressive and real world example

@CiscoDataCenterMadeEasy 5 жыл бұрын

This is an operational nightmare! 3 different networks, 2 different sets of routers, at least 2 different network admins! And you are saying you are making "ACI easier"? I think this is not the right approach to position NSX benefits my friend. However, thanks for the explanation! very clear :)

@AS-or7em 2 жыл бұрын

💯 Agree - I personally have seen sub-optimal routing scenarios and they lock us into buying more tier 0 gateways as logical nodes cannot support enough traffic? WTH

@deepakkatote3731 2 жыл бұрын

Good work naman

@mutualfundsmalayalam9032 7 жыл бұрын

Thank you 😊 Very informative Video.If possible, could you please explain the use of Vxlan vlan which we allowed on trunk link. Will it be used to encapsulate all internal Vxlan ?

@naman-techshare7878 7 жыл бұрын

Thanks for your feedback A One Networking. Yes so this is our transport Vlan, whenever VXLAN traffic comes out of our hosts it will be encapsulated with this transport VLAN. If you think about it you have reduced your VLAN additions in your physical network and programmatically you can now create virtual logical switches without making changes to underlay network. Simplifies your underlay configuration a lot and make it easy to implement. Hope this helps.

@williamrivera724 3 жыл бұрын

Now dealing with east/west - north and south is looks like we love to create problems. Thinking in traffic can go any direction in any structure could be better. More complexity does not make the solution smart.

@mohitjuneja6196 5 жыл бұрын

Can we have the video of NSX-T 2.4 with ACI?

@erwinguevarra8293 7 жыл бұрын

Good job, very good explanation. Question: What if I want to integrate a firewall from a third party, say a Fortigate VM. How would that come into picture?

@naman-techshare7878 7 жыл бұрын

yes you can do that. VMWare integrates with Fortinet and in that you case your L7 traffic inspection can be service chained to fortinet appliance. You can create security policies in NSX and define what individual traffic need to go to Fortinet.

@naman-techshare7878 6 жыл бұрын

This link should help kzbin.info/www/bejne/j6GypnaLZsepipI

@khansheheyar 4 жыл бұрын

"All is done without touching the ACI" ,but how it's done actually when port-groups are mapped to the EPGs inside ACI?

@darylallen2485 4 жыл бұрын

In NSX, all overlay traffic is mapped to a single port group when it exits the host. This is called the vxlan vlan. I'm not familiar with EPGs, but I don't think you would want to manipulate a packet encapsulated by vxlan any further.

@SY-ve5qm 7 жыл бұрын

Nice overview. One question/clarification: why you need two external EPGs for north-south traffic? Wouldn't one be enough?

@naman-techshare7878 7 жыл бұрын

Yes you can but separating traffic keep connectivity simple, predictable, and fast-converging during failure. Please refer to VMware NSX running on ACI design guide to ensure you are following recommended design communities.vmware.com/docs/DOC-30849

@iuseruser7749 6 жыл бұрын

Good One, but in One Datacenter design , why do we need NSX along with ACI ?. running NSX overlay is required in multi DC design but with ACI Multisite / Multipod , we dont even need NSX. NSX and ACI integration is only layer 3 neighborship , thats it. another issue is in Multi Dc design the SRM ( site recovery manager) traffic would be coming of only one site....

@zmikund865 3 жыл бұрын

PKS,TKGI

@The_Racing_Kraft 7 жыл бұрын

Ummmm, did you write all of this backwards? Does VM have some backwards writing class all presenters must take?

@naman-techshare7878 7 жыл бұрын

its a secret can't share :-)

@Acid113377 7 жыл бұрын

I would assume they mirror the video horizontally in post production ;) ...

@ccieboy2119 7 жыл бұрын

Thank you for highlighted the power of ACI, VLAN have local significance, any-cast gateways, and a robust underlay. As you mentioned ACI is a robust underlay for virtual and physical workloads, that is policy driven using APIC, as you mention configure them once and everything you can do through NSX, but why, if i can manage the virtual and physical workloads from APIC and integrate Vcenter with APIC to automate the creation of port groups, (understand you need to do one time hooks), why i need to spend on compute for the edge and DLR, if i can do all the functions using ACI without having a bottle neck sending the traffic to edge/DLR to speak to outside world and for physical/virtual communication, also why i need to have VXLAN to VLAN mapping if i can do it on the ACI leaf? and regarding security using contracts i can protect my workloadd in stateless manner and if needed i can use AVS to do the distributed fire-walling, and it is a VMWARE certified VIB ubder pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-751034F3-5337-4DB2-8272-8DAC0980EACA.html&resultof=%22%56%49%42%22%20%22%76%69%62%22%20. and i am limited to VMWARE hypervisor, what about if i need to have Hyper-V or KVM i need to use the EDGE to communicate with them?, in ACI you can have multi-hypervisor support, never the less dont forget about the telemetry counters that can give visibility to what is happening on the integrated fabric. i need to thank you for clearing the confusion i have, really i dont need NSX for my environment and it is nice to hear from VMWARE that ACI is a Robust solution.

@naman-techshare7878 7 жыл бұрын

CCIE Boy, Thanks for listening to video. I am not sure if that was intent of video. It was not a comparison but how customers are using both solutions, you can do whatever you like and i am glad you are not confused anymore. Regarding VLAN local significance we wont need that with trunking only (4) Vlans's. Is that not the reason for using VXLAN to not hit Vlan limit . I have yet to see customers hitting bottle neck with in kernal routing. Also AVS is not supported in Vsphere 6.0 and onwards which is clearly documented in release notes. To be clear NSX also supports KVM and Hyper-V is coming.

@ChrisBarrett911 7 жыл бұрын

Naman-TechShare Thank you for the video on how the ACI fabric helps NSX. Question: Why won't VMW certify AVS? It has certified N1000v. AVS is compatible and supported by Cisco. Official support will start on Dec 8. For ESXi 6.0. It is not required however for any micro-segmentation security in ACI.

@naman-techshare7878 7 жыл бұрын

Hi Chris: AVS is not supported with vpshere 6.0. Customers can refer to vsphere 6.0 release notes

@jllage 7 жыл бұрын

Thanks and thanks for the video. Can you clarify if NSX-v supports KVM and/or if this is only with NSX-T? Also, does NSX offer feature parity with NSX-v for KVM? Thanks!

@MrTaliz 7 жыл бұрын

Sad comment from a sad Cisco sales rep. ACI is a great switching platform, but thats all it is. It requires specific physical Cisco boxes. You can however use NSX at Amazon, and extend your cloud there. Good luck doing that with ACI.. Also, ACI cant do micro segmentation or VXLAN without AVS, and AVS is not supported by VMware. So Cisco really are stuck between a rock and a hard place.

@mtsmello 7 жыл бұрын

well you're just throwing away all the ACI functionality this way

@TheChinobi23 3 жыл бұрын

Right? So the engineer who design something like this is just throwing away money

@da23ad 2 жыл бұрын

The downside of this design is that baremetal to VM trafic is considered as north south although it should be considered as east west since this is intra datacenter...

@AS-or7em 2 жыл бұрын

Not a good decision tbh - I have personally seen sub-optimal routing scenarios as a result. VMware does lock us in to the products when tier 0 gateways cannot support enough throughput. Please leave networking to the networking team and focus on compute.

@Nikoolayy1 6 жыл бұрын

Good explanation but the English needs some work.

@user-yh8ce7tg8l 5 жыл бұрын

Watching you draw out each and every little square, combined with your difficult to read micro handwriting made this a lesson in patience and to be honest, just adds unneeded distractions. My mind wants to keep reading the words 'backwards' and the overlay with the contrast of your body doesn't help. Stick to the boring visual software, it works for a reason.