VMworld 2012: INF-VSP1196: What’s New with vCloud Director Networking
Session abstract
One of the most complex components of a vCloud Director implementation arises from the complexity that comes from flexible networking. Networking in vCloud Director is not a solution by itself. It needs to be looked at as a platform on top of which complex networking solutions can be built. The networking framework consists of many layers and components that need to be put together properly in order to provide a functional and secure networking solution.
This session will go into details on the different networking layers, and how they are consumed in vCloud Director when building solutions. The session will also touch on how to scale virtual machines networking across the whole datacenter using VXLAN, in order to provide for scalable Virtual Data Centers.
The session
In this technical session, Kamau Wanguhu talked about the new changes with vCloud Director Networking. The session started with a quick refresh about what vCD is and how it works.
Most of the presentation was about the vShield Manager and mostly Edge and finally the new thing in networking: VXLAN. vShield now is bundled in two ways: Security and Advanced and comes in 2 version being a Standard or Enterprise version.
Some cool features about the Edge virtual firewall
- The appliance is now virtual hardware 7
- Can be configured with 10 interfaces
- Can act as a DNS relay
- External address space can be increased on the fly
- A new ability to sub-allocate IP address to an Organization Virtual Datacenter
Edge can now provide a DHCP service on internal networks
- Multiple DHCP pools per edge device.
- Single pool per interface.
- Currently there are no options for advanced features such as lease times but they are working on these.
NAT
- Rules can be applied to an interface.
- Rules can be arranged via drag and drop.
- Rules are read from top down. Be aware of the order!
- Source NAT (SNAT) and Destination NAT (DNAT) supports: TCP, UDP, TCP and UDP, ICMP or ANY.
Firewall
- 5 tuple firewall.
- Rules can be arranged via drag and drop.
- Support for TCP, UDP, TCP and UDP.
VPN
- Support for IPsec or SSL site to site configuration
- Not for remote access.
- Compatible with many software and hardware VPN
As mentioned before there was about 20 minutes talk about VXLAN. There was a nice overview and how it works.
- New type of network pool.
- VXLAN is a layer two overlay on a layer three network.
- Each overlay network is known as a VXLAN Segment.
- Traffic carried between VXLAN Tunnel Endpoints (short: VTEP).
- VM’s are not aware of VXLAN.
- VM to VM traffic is encapsulated in a VXLAN header.
- Multicast is used for VM broadcast.
If you want to use VXLAN there are 3 requirements:
- A distributed switch.
- Available vNIC and IP address per switch.
- Multicast addresses.
And the last detail is important: Multicast is required “end to end”. Another thing which is important: The MTU has to be set to 1600 everywhere or the VMkernel will drop the packages. The speaker labeled this as a disadvantage but it is how you look at it.
The session was a little bit rushed in the end but overall was great. The level of technical information was high tho and I am sure certain things might be a problem when people start with this.
This session received 1 question regarding why IPv6 wasn’t mentioned during the whole session and the reason is because vCD currently doesn’t support IPv6.
I made some pictures which I will add later on :-).