NSX技術(shù)發(fā)展與V2T的遷移方案簡(jiǎn)介

1、NSX技術(shù)發(fā)展與V2T的遷移方案簡(jiǎn)介靈魂拷問(wèn)怎么證明當(dāng)前建設(shè)的IT架構(gòu) 能很好支持未來(lái)企業(yè)業(yè)務(wù)的 發(fā)展需要？未來(lái)IT架構(gòu)需要提供的標(biāo)志性能力敏捷性針對(duì)業(yè)務(wù)部門(mén)的需求快 速響應(yīng)，針對(duì)市場(chǎng)變化 的需求快速部署業(yè)務(wù)。連續(xù)性在硬件不可靠的情況下 提供業(yè)務(wù)的連續(xù)性，在 多云和多中心保障業(yè)務(wù) 連續(xù)性安全合規(guī)性滿(mǎn)足企業(yè)對(duì)業(yè)務(wù)安全設(shè) 計(jì)，滿(mǎn)足審計(jì)部門(mén)對(duì)安 全的要求可視化直觀而高效的監(jiān)控?cái)?shù)據(jù)中 心的資源使用情況、虛擬 網(wǎng)絡(luò)路徑分析及各個(gè)應(yīng)用 的性能、容量、排除及合 規(guī)自服務(wù)&現(xiàn)代化從手動(dòng)變?yōu)樽詣?dòng)，用流程定義、自動(dòng)化交付應(yīng)用和資源， 并對(duì)新型應(yīng)用平臺(tái)提供統(tǒng)一支持交付云計(jì)算IT 即服務(wù)擴(kuò)展性能實(shí)現(xiàn)無(wú)縫平滑的縱向 及

2、橫向的擴(kuò)展能力，及 多廠商方案集成NSX的前世今生4虛擬化和容器帶來(lái)的數(shù)據(jù)中心網(wǎng)絡(luò)的演進(jìn)虛擬機(jī)需要相應(yīng)的網(wǎng)絡(luò)： 交換、路由、防火墻負(fù)載均衡、運(yùn)維等容器也需要相應(yīng)的網(wǎng)絡(luò)： 交換、路由、防火墻負(fù)載均衡、運(yùn)維等虛擬機(jī)需要相應(yīng)的網(wǎng)絡(luò)： 交換、路由、防火墻負(fù)載均衡、運(yùn)維等物 理 機(jī) 時(shí) 代虛 擬 機(jī) 時(shí) 代容 器+多 云 時(shí) 代基于物理機(jī) 的網(wǎng)絡(luò)：交換、路由、 防火墻負(fù)載均衡、 運(yùn)維等容器網(wǎng)絡(luò)和虛擬機(jī)網(wǎng)絡(luò)的邊界虛擬機(jī)網(wǎng)絡(luò)和物理網(wǎng)絡(luò)的邊界CloudvCloud Air Network5SDN 軟件定義網(wǎng)絡(luò)的演進(jìn)過(guò)程API未來(lái)：面向應(yīng)用和多 云驅(qū)動(dòng)的網(wǎng)絡(luò)體系完善：Overlay復(fù)用發(fā)展：集中管理源起：軟硬解

3、耦SDN控制器OpenFlow開(kāi)放控制協(xié)議通用硬件6突破網(wǎng)絡(luò)和存儲(chǔ)的限制，實(shí)現(xiàn)數(shù)據(jù)中心 資源全面池化NSX和vSAN橫空出世！身份認(rèn)證安全連接可用性分析和洞察力策略可擴(kuò)展性用戶(hù)私有云虛擬機(jī), 容器, 微服務(wù)分支機(jī)構(gòu)公有云電信網(wǎng)物聯(lián)網(wǎng)2019虛擬云網(wǎng)絡(luò)連接 & 保護(hù)任意環(huán)境下的任意應(yīng)用8Built-in Automated應(yīng)用和數(shù)據(jù)Programmable Application CentricVMware VCN產(chǎn)品家族網(wǎng)絡(luò)和安全的管理和自動(dòng)化vRealize AutomationEnd-to-end workload automationNetwork InsightNetwork disc

4、overy and insightsCloud-Based ManagementWorkflow AutomationBlueprints/TemplatesInsights/DiscoveryVisibility網(wǎng)絡(luò)和安全虛擬化SecurityIntegrationExtensibilityAutomationElasticityNSX Data CenterNSX CloudAppDefenseNSX SD-WAN byNSX Hybrid ConnectNetworking andsecurity for allCloud-nativenetwork servicesModern app

5、licationsecurityVeloCloudWAN connectivityData center and cloudworkload migrationworkloadsservices任意平臺(tái)PaaS任意基礎(chǔ)架構(gòu)任意應(yīng)用SaaS任意傳輸任意云Cloud Provider Partner9基于NSX的軟件定義網(wǎng)絡(luò)云平臺(tái)新業(yè)務(wù)請(qǐng)求應(yīng)用一應(yīng)用二應(yīng)用三應(yīng)用四應(yīng)用五應(yīng)用N基礎(chǔ)承載網(wǎng)： 任意品牌的IP組網(wǎng)網(wǎng)絡(luò)虛擬化層: 面向業(yè)務(wù)靈活組網(wǎng)基于業(yè)務(wù)應(yīng)用需要 實(shí)現(xiàn)各種網(wǎng)絡(luò)功能 模塊自動(dòng)化云平臺(tái)NSX ProductsProduct market fitNSX common capabilitiesSo

6、ftware based network virtualization Software-based overlayDistributed routing Distributed firewalling API-driven automationNSX for vSphereOnly for vSphere environmentTightly integrated with VMware solutions Feature depth around security & services today Partner integrationsNSX-TMulti-platform ESXi,

7、KVM High PerformanceExpand into new app architectures Extend to native public cloudThe IPv6 full stack supportNSX for vSphere 功能組件消費(fèi)自服務(wù)門(mén)戶(hù)云管理平臺(tái)vCloud Automation Center管理平面NSX Manager單點(diǎn)配置REST API 和 UI 接口vCenter Server控制平面NSX Controller ClusterManages Logical networksRun-time stateDoes not sit in the D

8、ata PathControl-Plane ProtocolNSX Logical Router Control VMUser World Agent數(shù)據(jù)平面NSX Edge Services GatewayESXiVDSHypervisor Kernel ModulesFirewallDistributed Logical RouterVXLANNSX vSwitchNSX EdgeVM form factorData Plane for North South trafficRouting and Advanced servicesNSX vSwitch分布式網(wǎng)絡(luò)邊緣線速性能NSX-T D

9、atacenter Components (starting 2.4)Converged management & control plane cluster3 node cluster for scale & high availabilityUI/API for interacting with user, automation & CMP platformsValidates and Stores desired configuration Maintain and propagate dynamic stateManagement, Control and Data PlanesMan

10、agement/Control PlaneDistributed data planeHost workloads (VMs, containers) and servicesImplements distributed routing & firewallingData PlaneESXi host N-VDSKVM host N-VDSNSX EdgeBare Metal ServerNSXLinux VMNSXNSXWindowsNSX VMCloudGWNATPrivate CloudPublic CloudVMware Cloud on AWSManagement/ Control

11、PlaneVMsContainersNSX Manager ClusterGUI/REST/CMPCloud Service ManagerNSX Container Plugin vCenter(s)NSX-TThen and NowLayernetworkconnection!2014 - 20152015 - 20162016 - 2017First New featRuoreusting EnhancementsSecurity Sf ixmeps lified Operational activities2016 2017NSX-v + NicirLaimited aFvoacilu

12、asboilintyDeveloSpeecruCriltoy uudsing DFWPivotal Cloud FoundryLoad Balancer2017 201820182019Azure in N SNXSCXl-ovuFdeature PCaorni tyainers in Public CloudContainers: Kubernetes, Ope nCSohniftainers UNneixfited App. / CPluAsCteEringHybrid AWSeSrvuipcpeoInrtsertionL,oPaodliBcyalancerVMC Memory Footp

13、 rivnStphere 7.0 Support16Introducing: NSX-T 3.0Full-stack Networking and Security VirtualizationFull-stack Networking for Modern AppsCloud-scale Network AgilityNSX Federation: Consistent policy at scaleGovernment Cloud: Govt cloud for AWS and AzureMulti-tenancy at Scale: L3 EVPN and Multi-VRFDynami

14、c Network Service ChainingBest-in-class Intrinsic SecurityDistributed IDS: Context- based IDSNSX Intelligence 1.1: Enhanced workflowsL7 Edge Firewall: URL Classification/ReputationDFW for Windows 2016 physical workloadsNSX-T for vSphere with K8s: Pod networking for K8sNamespace Isolation: Granular s

15、ecurity policiesCluster API Integration: Create LB using K8s APIConverged CNI: vSphere with K8s, Tanzu, upstream K8sStreamlined OperationsConverged VDS: NSX-T on VDSNSX-T Policy: Terraform provider & Ansible ModuleAlarms and SNMP trapsOpenStack Neutron: IPv6, VPNaas for Policy PluginNSX-T 3.0 GA : A

16、pril 7,2020從 NSX-v 遷移至 NSX-T 的方案簡(jiǎn)介17哪些內(nèi)容需要從 NSX-V 遷移至 NSX-T？工作負(fù)載18網(wǎng)關(guān)網(wǎng)絡(luò)服務(wù)遷移戰(zhàn)略從 NSX-V 遷移至 NSX-T 的多個(gè)方法In Place就地模式Lift & Shift共存模式19不需要額外硬件投入，在 現(xiàn)有硬件環(huán)境中實(shí)現(xiàn)遷移需要額外的硬件投入，先 部署全新NSX-T環(huán)境后 橋接到舊的NSX-V環(huán)境 實(shí)現(xiàn)遷移In Place 就地模式NSX-V HostVM Kernel InterfacesNo new NSX-T ServerDeploy “Empty NSX Mgr/Edge”Get information f

17、rom NSX-VPre-checks and user feedbackVDSNSX-VT Kernel ModulesVDSESGDLRT1T0LogicalPhysicalGenerate NSX-T configurationMigrate environment from V2T1. First switch N/S to NSX-T2. Switch hosts to NSX-T3. State and connectivity maintainedNSX-TV LSStart the Migration20Migration Coordinator遷移協(xié)調(diào)器21Migrating

18、 from NSX for vSphere to NSX-TMigration CoordinatorNSX-VNSX-TSame HWIn Place Fully AutomatedMigration22Migrate EverythingMigration CoordinatorStagesPrerequisitesPre-Migration ConfigurationConfig MigrationEdge MigrationHost MigrationRollback Option via Migration Coordinator GUIRollback with Planning

19、Check NotesNondisruptive Assessment Tool23Lift & Shift 共存模式NSX-V HostVM Kernel InterfacesNSX-V Kernel ModulesNSX-V LSNew NSX-T HostVDSVM Kernel InterfacesNSX-T Kernel Modules25VDSNSX-T LSBridgeESGDLRBridgeT1T0Move the VMsHot/Cold vMotion / Bulk moveVM tagging etc.LogicalPhysicalStart the MigrationDe

20、ploy new NSX-T serversSide by SideDeploy a new NSX-T topologyDefine your own architectureExtend L2 between V and TBridge the networksExtend Firewall between V and TMaintain firewall states / rulesMigrating from NSX for vSphere to NSX-TLift and Shift 共存模式NSX-VNSX-TOld HWNew HWMigrate Workloads viaBri

21、dge / HCXReclaim and repurpose ComputeMay share Mgmt and EdgesMigrate Config via Scripts /SPJ ciTopus / ReSTNSX MAT25Host 1Host 2Workload MigrationWith NSX-T BridgingDLRT0BGPECMPNorth / South Edge GatewaysEdge ClusterCompute ClusterLogical SwitchECMPNSX-T Edge NodesMgmt Host 1Mgmt ClusterSegmentvCen

22、ter NSX-VNSX-TNSX-TBridgeState is migrated with NSX-V 6.42628In-Place 就地模式 遷移協(xié)調(diào)器Lift and Shift共存模式Lift and Shift HCX新硬件就地遷移不需要 與 MM 升級(jí)相同需要 供部署虛擬機(jī)時(shí)的 新 T 主機(jī)使用需要 - 遷移期間需要一些 額外容量1故障南/北向：10 30 秒就地東/西向：5 20 秒MM 東/西向：無(wú) 新虛擬機(jī)部署到 T，舊虛擬機(jī)留在 V 上，直至 老化HCX vMotion與 vMotion 相同自動(dòng)配置遷移支持不支持 管理員必須維護(hù)僅限網(wǎng)關(guān)V 和 T 配置要管理多種配置（V 和 T）否是是回滾支持2不適用支持與 CMP 兼容（如 vRA、 vCD、VIO）否是是3比較每種遷移方法的優(yōu)缺點(diǎn)1 約等于 NSX 升級(jí)使用的容量2 參見(jiàn)回滾幻燈片3 詳細(xì)信息取決于 CMP 實(shí)