VMware Virtual Network: Stuck Between the Past and the Future

If you want to implement overlay virtual networking with VMware products today, you have two options: use vCNS 5.5 or NSX for vSphere… and I would be hard pressed to choose one or the other.

NSX for vSphere would be a perfect forward-looking recommendation, but it’s not available through the same channels as the other VMware products. Supposedly it’s GA and you can buy it, but the How to Buy section of the NSX data sheet doesn’t have a single word pointing you in a useful direction. You cannot get its documentation on VMware’s web site, you cannot download an evaluation copy to get proficient with its concepts… but you can play with online labs (which don’t include product documentation). Go figure. My cynical inner self wonders whether VMware doesn’t trust its traditional customers and channel partners to be sophisticated enough to play with the new toy; who knows – they might break it and cry foul.

Don’t get me wrong. NSX for vSphere is a great product, but I would be reluctant to recommend it to my enterprise customers today; there must be a reason VMware is playing it so cautious, and then there are all the ridiculous pricing and licensing rumors (hint: publishing an official pricing model would dispel them).

However, there’s still vCNS 5.5, which also includes VXLAN and vShield Edge (the precursor of NSX Edge Services Router). Unfortunately, VXLAN in vCNS 5.5 still requires IP multicast (Nexus 1000V had unicast mode for quite a while), vShield Edge still doesn’t have the goodies I like in the NSX Edge Services Router (routing protocols) and vShield App still filters traffic through a VM, whereas NSX uses a distributed in-kernel stateful firewall. Other missing bits and pieces: L2 and L3 gateways and distributed routing functionality, which would make vCNS 5.5 comparable with Hyper-V 3.0. Reading the vCNS 5.5 release notes I cannot help but see it as a lipstick on vCNS 5.0.

Summary: When trying to implement overlay virtual networks with a VMware product one could either use NSX or (and I’m not really comfortable recommending it to my regular enterprise users), or vCNS 5.5 (a product that’s conceptually at least a year old).

Which one is a better choice today? I don’t know. I would love VMware to get their act together, and give us a virtual networking product that would be as consumable as its other products. In the meantime, it’s worth looking at the freemium edition of Nexus 1000V.


  1. Should it be concerning that the first "What's New" item listed in the vCNS 5.5 release notes is something designed to help you with kernel crashes?
  2. Hi Ivan, about the ridiculous pricing and licensing rumors. I can confirm that the default pricing is ridiculous but VMware are very open to talk because i think they are trying to find the right pricepoint. The worst about the licensing model is that you DONT get vspp atm, so no help on growing your partner status....
Add comment