1
00:00:00,910 --> 00:00:11,170
So two solutions that help Paul as a service administrator include VMware, NSX and Nuage Networks,

2
00:00:11,170 --> 00:00:14,800
VSP, product or virtual services platform.

3
00:00:15,460 --> 00:00:18,880
I'm going to demonstrate the VSP in a moment.

4
00:00:19,240 --> 00:00:22,810
Now, these products may not apply to your environment.

5
00:00:23,470 --> 00:00:27,490
It depends on how big it is and what features are required.

6
00:00:27,910 --> 00:00:35,590
But let's explain why these products came to the rescue of Paul so that he no longer had to deal with

7
00:00:35,590 --> 00:00:37,750
Grumpy Peter the network guy.

8
00:00:38,380 --> 00:00:44,380
So think of Voice and how WhatsApp changed the way Voice works.

9
00:00:44,860 --> 00:00:47,740
So Paul has two ESXi servers.

10
00:00:48,520 --> 00:00:56,320
He's asked PETA, the network guy, to give him a connection from one iSCSI server to the other.

11
00:00:56,680 --> 00:01:00,820
Now PETA has told him that he needs to use a Layer three infrastructure.

12
00:01:01,480 --> 00:01:03,670
And Paul just says, that's fine.

13
00:01:03,700 --> 00:01:06,040
Go ahead with your layer three infrastructure.

14
00:01:06,790 --> 00:01:12,400
Another problem Paul has with Peter is that when he wants to implement policies like access control

15
00:01:12,400 --> 00:01:16,510
lists, it takes Peter a long time to make those changes.

16
00:01:16,720 --> 00:01:24,910
So when Peter wants to allow, let's say one to talk to VMT but not talk to the M3, it takes Peter

17
00:01:25,060 --> 00:01:27,550
a long time to implement those changes.

18
00:01:27,670 --> 00:01:34,240
He wants to do it through the CLP and he needs to make changes on multiple devices and he only wants

19
00:01:34,240 --> 00:01:36,070
to do it during a change window.

20
00:01:36,400 --> 00:01:41,680
So all of that just adds more to the frustration that Paul is encountering.

21
00:01:41,710 --> 00:01:47,290
Paul tells Peter, All I need is IP connectivity from this server to that server.

22
00:01:47,500 --> 00:01:51,490
Don't worry about implementing access control lists for my VMs.

23
00:01:51,730 --> 00:01:53,620
From a quality of service point of view.

24
00:01:53,650 --> 00:01:56,890
I will mark DHCP as I want.

25
00:01:56,890 --> 00:02:01,570
Just implement the quality of service for the DHCP marketing that I send you.

26
00:02:01,990 --> 00:02:09,789
Don't worry about acls only implement the acls to allow esxi one to talk to esx ie two.

27
00:02:09,820 --> 00:02:11,560
I'll take care of the rest.

28
00:02:11,800 --> 00:02:17,050
Pete is getting quite nervous because suddenly the amount of work that Paul was asking him to do has

29
00:02:17,050 --> 00:02:18,400
been reduced dramatically.

30
00:02:18,700 --> 00:02:24,700
All Pete is doing is providing connectivity from this iSCSI server to that ESX server.

31
00:02:25,180 --> 00:02:29,370
In other words, he's just implementing basic routing, basic switching.

32
00:02:29,380 --> 00:02:33,100
No fancy intelligence has been added to the network.

33
00:02:33,650 --> 00:02:43,130
Because Paul is now putting the intelligence in the end devices rather than in the network.

34
00:02:43,640 --> 00:02:50,750
The network becomes a transport mechanism to move traffic from A to B, but has no intelligence in the

35
00:02:50,750 --> 00:02:57,950
same way that the Internet has no intelligence with regards to the cold setup and cold down of Skype

36
00:02:57,950 --> 00:02:58,940
or WhatsApp.

37
00:02:59,240 --> 00:03:04,160
So what about VLANs and how does traffic get sent from VM one to VM?

38
00:03:05,270 --> 00:03:10,640
Now there's a bunch of new terminology that you need to learn, and as always, new terms need to be

39
00:03:10,640 --> 00:03:11,120
invented.

40
00:03:11,120 --> 00:03:12,560
So we sound intelligent.

41
00:03:12,800 --> 00:03:18,920
So these ESXi servers are what are called Vee tips or virtual tunnel endpoints.

42
00:03:18,920 --> 00:03:21,020
They are just the endpoint of a tunnel.

43
00:03:21,500 --> 00:03:29,720
The iSCSI service can dynamically set up tunnels between them using what's called VXLAN or Virtual Extensible

44
00:03:29,720 --> 00:03:30,290
LAN.

45
00:03:30,650 --> 00:03:36,410
Think of it as a tunnel similar to JIRA or IPsec.

46
00:03:36,440 --> 00:03:38,450
It's just a tunnel mechanism.

47
00:03:38,870 --> 00:03:41,600
And we'll talk in more detail about VXLAN later.

48
00:03:42,450 --> 00:03:51,180
One of the advantages that VXLAN has is that it supports 6 million segments or layer two domains or

49
00:03:51,180 --> 00:03:52,290
VLANs.

50
00:03:52,770 --> 00:03:54,450
To use a networking term.

51
00:03:54,690 --> 00:04:00,510
We don't necessarily talk about a VLAN per se, but think of it as a layer two network.

52
00:04:00,960 --> 00:04:03,540
But we can support 16 million of them.

53
00:04:03,810 --> 00:04:14,100
No longer is pool restricted to 4000 odd VLANs, so Paul can put his VMs into whichever subnet he wants

54
00:04:14,100 --> 00:04:16,709
to and to take it a step further.

55
00:04:17,279 --> 00:04:20,070
Paul can dynamically allocate the subnets.

56
00:04:20,740 --> 00:04:27,790
So he might say that this VM is going to be in the 172610 network and VM two is going to be in the 172

57
00:04:27,790 --> 00:04:29,620
16 2.0 network.

58
00:04:29,980 --> 00:04:32,980
Is Peter's underlay network aware of that?

59
00:04:33,130 --> 00:04:34,690
And the answer is no.

60
00:04:35,380 --> 00:04:40,480
Traffic sent from VM one to VM two is going to be sent through the VXLAN tunnel.

61
00:04:41,150 --> 00:04:47,870
So the underlay network consisting in this example of router one router tune router three have no visibility

62
00:04:47,900 --> 00:04:52,490
of these subnets because they are encapsulated within VXLAN.

63
00:04:53,460 --> 00:04:54,570
The rot is in the core.

64
00:04:54,600 --> 00:04:56,640
Only sea traffic from the ships.

65
00:04:56,640 --> 00:05:00,390
So SSI one sending traffic to SSI two.

66
00:05:00,960 --> 00:05:04,260
They have no visibility of the overlay network.

67
00:05:05,020 --> 00:05:06,640
So what is Paul done here?

68
00:05:07,120 --> 00:05:14,470
Paul has created what's called a virtual network or an overlay network that's running on top of the

69
00:05:14,470 --> 00:05:15,460
underlay network.

70
00:05:15,460 --> 00:05:17,200
So this is the underlay network.

71
00:05:17,800 --> 00:05:21,610
The VXLAN is the overlay network or the virtual network.

72
00:05:22,120 --> 00:05:27,340
And the advantage of the virtual network or overlay network is that it can be dynamically created and

73
00:05:27,340 --> 00:05:29,810
torn down as required.

74
00:05:29,830 --> 00:05:35,170
I'm going to demonstrate this in a moment, but the whole idea is what are the advantages from Paul's

75
00:05:35,170 --> 00:05:35,920
point of view?

76
00:05:36,010 --> 00:05:39,510
Number one, he can have 16 million VLANs.

77
00:05:39,520 --> 00:05:44,830
He can put his VMs into individual VLANs if he so chooses.

78
00:05:45,100 --> 00:05:55,060
His ESXi servers or other hypervisors like KVM have visibility of the state of VMs so he can dynamically

79
00:05:55,060 --> 00:06:02,200
deploy policies to his VMs without involving Peter the network engineer.

80
00:06:02,910 --> 00:06:08,640
If Paul decides that VM One should be able to talk to VM two, but shouldn't be able to talk to VM three.

81
00:06:08,790 --> 00:06:14,490
He can dynamically deploy those access control policies through an orchestration tool.

82
00:06:14,940 --> 00:06:19,440
In other words, a graphical user interface without involving.

83
00:06:20,120 --> 00:06:26,990
PETA, the network person without using the CLI and without configuring the core infrastructure.

84
00:06:27,290 --> 00:06:31,640
The core infrastructure is simply there to move traffic from point A to point B.

85
00:06:31,820 --> 00:06:39,350
In other words, from SSI one to SSI two, he can dynamically implement quality of service as long as

86
00:06:39,350 --> 00:06:43,190
the underlay network is accepting the DHCP values sent.

87
00:06:43,940 --> 00:06:45,890
By the service.

88
00:06:46,310 --> 00:06:50,630
He no longer has to ask PETA to implement quality of service for him.

89
00:06:51,050 --> 00:06:55,760
He no longer has to ask Peter to make changes at specific times.

90
00:06:55,910 --> 00:07:02,870
The virtual network can be dynamically created, dynamically torn down in seconds, rather than taking

91
00:07:02,870 --> 00:07:04,640
days or weeks to deploy.

92
00:07:05,060 --> 00:07:11,270
Changes all happened through an orchestration tool such as OpenStack or VMware orchestration tool.

93
00:07:11,540 --> 00:07:19,220
Paul has reached his dream of being able to remove the bottleneck of Peter, the network guy.

94
00:07:19,790 --> 00:07:24,830
Peter is simply there to provide IP connectivity from one server to another.

95
00:07:25,160 --> 00:07:31,070
And Paul can implement his own policies, his own VLANs, dynamically on the fly.

96
00:07:31,370 --> 00:07:37,460
This is a story, but hopefully it will make you think about the changes that are taking place in networking

97
00:07:37,460 --> 00:07:38,030
today.

98
00:07:38,330 --> 00:07:40,180
But now I want to demonstrate this.

99
00:07:40,190 --> 00:07:43,520
It's all very good talking about it, but let's see it in action.