Learn about the benefits of having smaller broadcast domains in a physical environment.
- [Instructor] One of the main benefits to using NSX is the end of hairpinning. So what is hairpinning? Well, hairpinning is an inefficient use of a network where I have to go further than I need to in order to get to a resource and I might actually end up returning back to where I was. So, in this example, what we have is say two virtual machines that are on two different hosts, but they're on the same switch rack. One virtual machine wants to talk to the other virtual machine.
Before NSX, what would happen is that the virtual machine that wants to talk to the other virtual machine would have to go out and find routing, and it's default gateway would be all the way out on the core. Well, that means it has to go all the way out to the core for the router to tell it, "Well, that virtual machine that you need to talk to "is kind of back where you came from." And so then it comes all the way back, and as you can see, that kind of makes a hairpin.
That's an inefficient use of network resources. So, how do we avoid that? Well, after NSX, we can have those virtual machines talking to each other through the top of rack switch, through the access layer, without having to go out to the core. How can we do that, you may ask. Well, because with NSX we can use the distributed logical router, and the distributed logical router is distributed across all of the hosts that are in the NSX transport zone.
That means that regardless of where the virtual machine is, it's default gateway is always local to it. That means that it can get routing information locally from the host, and then therefor just go through the top of rack switch to get to what it needs to get to. That's a tremendously better use of physical network resources, and that's one of the main advantages of NSX, in fact, that's one of the chief main advantages.
Another way to look at this is on wire hops. If we were to take a look at a typical Nexus 7000 network and we look at before NSX, there are six wire hops involved in these two virtual machines that are actually on the same host, they're on the same UCS Blade. There are six wire hops involved though, just because they have to go out and get routing.
Whereas with NSX, there are zero wire hops involved because they're on the same host and notice that even though they are in different subnets, since they're on the same hosts, the distributed logical firewall can provide them the information to connect to each other, and the connection. So that's if it's on the same host, what if they're on different hosts? If they're on different hosts, the distributed firewall and the distributed logical router can still help, because distributed firewall and the distributed logical router are represented on each one of the hosts.
So instead of having six wire hops, as we had before, we only have two wire hops. The system would have to go through the UCS fabric to get to the other hosts, since the two virtual machines are not on the same hosts. But still, two is a lot less than six. So these concepts and these components of the distributed wire and the distributed firewall are what make NSX beneficial to a network and are what allow us to use the physical network in much more efficient ways.
- VCP6-NV certification requirements
- Technology and architecture
- Physical infrastructure
- Installation and upgrading
- Virtual network configuration
- Network services
- Network security administration
- Operational tasks in a VMware NSX environment
- VMware network virtualization troubleshooting