I created a live demo showing some cool capabilities of the Aviatrix Cloud Networking Platform. In this demo I play the role of a SaaS provider that onboards new customers via VPN, and needs to meet the following requirements:
Easily onboard new customers even if their IP addressing overlaps with the SaaS provider.
Provide secure segmentation and isolation between customers.
Easily insert next gen firewalls between the customers and the SaaS for deep packet inspection and threat analysis.
Have complete flow level visibility of customer network traffic, and operation tools to diagnose and troubleshoot problems.
Provide end-to-end encryption to secure sensitive data in flight.
And be able to meet all of these requirements using any cloud provider.
In the demo I show how easy it is to meet requirements like this using Aviatrix. And best of all, no matter which cloud provider(s) you’re using, the solution and architecture is exactly the same. This SaaS provider can use the services and global footprint of any or all cloud providers, and do it with consistent repeatable architecture.
You can leave comments on this post here: where I posted this on LinkedIN.
Is there a particular scenario you want to see in a Continue reading
Miscellaneous notes on Aviatrix.
Usually updated on Fridays.
New and updated notes are placed at the top.
Updating the Aviatrix Controller IAM Policy:
When deploying the Aviatrix controller in AWS for the first time, the AWS CloudFormation template that launched your controller may not have the most current IAM policy definitions for the IAM roles it creates for the controller to use. To remedy this, right after your controller is launched and you’ve logged on for the first time, do the following:
How to use an AWS ACM Certificate with your Aviatrix controller:
To apply an ACM public certificate to your UI sessions with the Aviatrix controller you’ll need to use a Load Balancer and attach your certificate to it. Here’s what I did:
It’s time to get things cranking here again and a big topic is going to be enterprise cloud networking. What I mean by that in simple terms is how an enterprise can use the networking services of cloud providers to build, migrate, and run their most important applications in the cloud.
Over the last 6 years a lot has happened in the shift to public cloud. I don’t need to explain that to you. We already know that building and migrating applications in/to the cloud is what the world is doing – and for reasons that no longer need explaining.
What’s more interesting now is that the term “the cloud” used to mean one thing: Amazon Web Services. Six years ago, when you said to somebody, “Yeah, so, we are going to migrate this application to the cloud.” – nobody asked what cloud you were talking about and why.
And in the very same stride “cloud networking” implied AWS Networking. If you told somebody that you were a cloud network architect, nobody questioned that either. It meant that you knew AWS VPC, Direct Connect, Route 53, NAT Gateways, Security Groups, VPC subnets and route tables, the various AWS instances Continue reading
Hey! Cisco Nexus peeps! What could possibly be more fun than connecting your awesome new NSX gear to your Cisco Nexus gear? For the life of me I really don’t know. All right then. Lets do it!
Lets kick things off with this email question I received from a reader.
Hi Brad, In our environment we have two prevailing server standards, rackmounts and UCS. I read your excellent NSX on UCS and 7K design guide and the section on not running routing protocols over the VPC links makes sense. My related question concerns how we can achieve a routing adjacency from the NSX Distributed Router to the N7K with a rack mount with 2x10gbe interfaces connecting to 2x7Ks via VPC? (we don’t use the NSX Edge Router).
This reader has politely pointed out that my VMware NSX on Cisco UCS and Nexus 7000 design guide could have provided a bit more detail on NSX Edge design. I totally agree. There’s no time like the present, so let’s dive into that now and stir up some content that might end up in the next version of the guide.
All right. We won’t worry too much about the form factor of the Continue reading
Hey! Cisco Nexus peeps! What could possibly be more fun than connecting your awesome new NSX gear to your Cisco Nexus gear? For the life of me I really don’t know. All right then. Lets do it!
Lets kick things off with this email question I received from a reader.
Hi Brad, In our environment we have two prevailing server standards, rackmounts and UCS. I read your excellent NSX on UCS and 7K design guide and the section on not running routing protocols over the VPC links makes sense. My related question concerns how we can achieve a routing adjacency from the NSX Distributed Router to the N7K with a rack mount with 2x10gbe interfaces connecting to 2x7Ks via VPC? (we don’t use the NSX Edge Router).
This reader has politely pointed out that my VMware NSX on Cisco UCS and Nexus 7000 design guide could have provided a bit more detail on NSX Edge design. I totally agree. There’s no time like the present, so let’s dive into that now and stir up some content that might end up in the next version of the guide.
All right. We won’t worry too much about the form factor of the Continue reading
What could possibly be more fun than connecting your awesome new NSX gear to your Cisco Nexus gear? For the life of me I really don’t know. All right then. Lets do it!
Lets kick things off with this email question I received from a reader.
Hi Brad, In our environment we have two prevailing server standards, rackmounts and UCS. I read your excellent NSX on UCS and 7K design guide and the section on not running routing protocols over the VPC links makes sense. My related question concerns how we can achieve a routing adjacency from the NSX Distributed Router to the N7K with a rack mount with 2x10gbe interfaces connecting to 2x7Ks via VPC? (we don’t use the NSX Edge Router).
This reader has politely pointed out that my VMware NSX on Cisco UCS and Nexus 7000 design guide could have provided a bit more detail on NSX Edge design. I totally agree. There’s no time like the present, so let’s dive into that now and stir up some content that might end up in the next version of the guide.
All right. We won’t worry too much about the form factor of the servers right now. Whether Continue reading
This year I had the honor and privilege to co-present a session at VMworld 2014 with my esteemed colleague Scott Lowe. As many of you know, Scott is a celebrity at VMworld and one of the most famous virtualization bloggers and the author of many best selling books on VMware vSphere.
In this session Scott and I pretended to be colleagues at a company that decided to deploy VMware NSX for their software-defined data center. I played the role of the “Network Guy”, and of course Scott played the role of the “Server Guy”. So then, how do we work together in this environment?
These are just some of the questions we attempt to role play and answer in this 35 min session:
***Update: this VMworld session video was removed from YouTube by VMware and is no longer available.***
This year I had the honor and privilege to co-present a session at VMworld 2014 with my esteemed colleague Scott Lowe. As many of you know, Scott is a celebrity at VMworld and one of the most famous virtualization bloggers and the author of many best selling books on VMware vSphere.
In this session Scott and I pretended to be colleagues at a company that decided to deploy VMware NSX for their software-defined data center. I played the role of the “Network Guy”, and of course Scott played the role of the “Server Guy”. So then, how do we work together in this environment?
These are just some of the questions we attempt to role play and answer in this 35 min session:
***Update: this VMworld session video was removed from YouTube by VMware and is no longer available.***
This year I had the honor and privilege to co-present a session at VMworld 2014 with my esteemed colleague Scott Lowe. As many of you know, Scott is a celebrity at VMworld and one of the most famous virtualization bloggers and the author of many best selling books on VMware vSphere.
In this session Scott and I pretended to be colleagues at a company that decided to deploy VMware NSX for their software-defined data center. I played the role of the “Network Guy”, and of course Scott played the role of the “Server Guy”. So then, how do we work together in this environment?
These are just some of the questions we attempt to role play and answer in this 35 min session:
***Update: this VMworld session video was removed from YouTube by VMware and is no longer available.***
Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI? In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist. I’ll start with the message below from a reader asking for my opinion on the matter:
Hi Brad,
I’m involved in a new Data Center networking project where Cisco is proposing the Cisco ACI solution. I am starting to dig-in to the technology, but my immediate “gut reaction” is to use Cisco for a standard Clos-type Leaf and Spine switch network and use NSX for providing Layer 3 to Layer 7 services.
I am interested in hearing your opinion about Cisco ACI versus VMware NSX, since you have worked for both companies. If you have time, it would be great to share your views on this subject.
As you can imagine, this is a highly political discussion and our network team are Cisco-centric and resisting my ideas. We are a VMware/Cisco shop and I want the best fit for our SDDC strategy.
For the sake of discussion, lets assume that your IT organization wants to optimize for better Continue reading
Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI? In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist. I’ll start with the message below from a reader asking for my opinion on the matter:
Hi Brad,
I’m involved in a new Data Center networking project where Cisco is proposing the Cisco ACI solution. I am starting to dig-in to the technology, but my immediate “gut reaction” is to use Cisco for a standard Clos-type Leaf and Spine switch network and use NSX for providing Layer 3 to Layer 7 services.
I am interested in hearing your opinion about Cisco ACI versus VMware NSX, since you have worked for both companies. If you have time, it would be great to share your views on this subject.
As you can imagine, this is a highly political discussion and our network team are Cisco-centric and resisting my ideas. We are a VMware/Cisco shop and I want the best fit for our SDDC strategy.
For the sake of discussion, lets assume that your IT organization wants to optimize for better Continue reading
Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI? In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist. I’ll start with the message below from a reader asking for my opinion on the matter:
Hi Brad,
I’m involved in a new Data Center networking project where Cisco is proposing the Cisco ACI solution. I am starting to dig-in to the technology, but my immediate “gut reaction” is to use Cisco for a standard Clos-type Leaf and Spine switch network and use NSX for providing Layer 3 to Layer 7 services.
I am interested in hearing your opinion about Cisco ACI versus VMware NSX, since you have worked for both companies. If you have time, it would be great to share your views on this subject.
As you can imagine, this is a highly political discussion and our network team are Cisco-centric and resisting my ideas. We are a VMware/Cisco shop and I want the best fit for our SDDC strategy.
For the sake of discussion, lets assume that your IT organization wants to optimize for better Continue reading
You’ve probably heard it before. The myth goes something like this: “With software based overlays, troubleshooting in real-time where a flow is going with ECMP hashing on the fabric is going to be a real problem.” The implied message being that this can only be possible with special hardware in a new proprietary fabric switch.
I’ve heard this one a number times, usually while seated comfortably in a session presented by a vendor who’s invested in the failure of software-centric network virtualization such as VMware NSX. As if this person has never heard of Netflow? Or maybe they assume you won’t bother to do the research, connect the dots, and in fact discover all that is possible.
Well, guess what? I decided to do the research :-) And I put together a short demo showing you just how simple it is to get this troubleshooting capability with generally available software, using any standard network switch, constructed in any standard fabric design (routed Leaf/Spine, L2 with MLAG, etc).
I presented this demo to the VMworld TV crew and embedded it here for your convenience:
It’s really simple, actually. Here’s what I explain in the video:
The Continue reading
You’ve probably heard it before. The myth goes something like this: “With software based overlays, troubleshooting in real-time where a flow is going with ECMP hashing on the fabric is going to be a real problem.” The implied message being that this can only be possible with special hardware in a new proprietary fabric switch.
I’ve heard this one a number times, usually while seated comfortably in a session presented by a vendor who’s invested in the failure of software-centric network virtualization such as VMware NSX. As if this person has never heard of Netflow? Or maybe they assume you won’t bother to do the research, connect the dots, and in fact discover all that is possible.
Well, guess what? I decided to do the research :-) And I put together a short demo showing you just how simple it is to get this troubleshooting capability with generally available software, using any standard network switch, constructed in any standard fabric design (routed Leaf/Spine, L2 with MLAG, etc).
I presented this demo to the VMworld TV crew and embedded it here for your convenience:
It’s really simple, actually. Here’s what I explain in the video:
The Continue reading
You’ve probably heard it before. The myth goes something like this: “With software based overlays, troubleshooting in real-time where a flow is going with ECMP hashing on the fabric is going to be a real problem.” The implied message being that this can only be possible with special hardware in a new proprietary fabric switch.
I’ve heard this one a number times, usually while seated comfortably in a session presented by a vendor who’s invested in the failure of software-centric network virtualization such as VMware NSX. As if this person has never heard of Netflow? Or maybe they assume you won’t bother to do the research, connect the dots, and in fact discover all that is possible.
Well, guess what? I decided to do the research :-) And I put together a short demo showing you just how simple it is to get this troubleshooting capability with generally available software, using any standard network switch, constructed in any standard fabric design (routed Leaf/Spine, L2 with MLAG, etc).
I presented this demo to the VMworld TV crew and embedded it here for your convenience:
It’s really simple, actually. Here’s what I explain in the video:
The Continue reading