SlideShare a Scribd company logo

VMware NSX 101: What, Why & How

A
Aniekan Akpaffiong

VMware NSX provides a platform for deployment of software-defined network (SDN) and network function virtualization (NFV) services across physical network devices in a way that is analogous to server virtualization.

Technology
1 of 86
NSX 101: What,Why & How Aniekan Akpaffiong Bob Horne Initial presentation at HPETOS October 2016
Seminar Introduction • This seminar on NSX will include a discussion of its: • Benefits (including an intro to NSX Networking and SDDC) • Components & Features • Use cases we’ll jump into an NSX Demo and finish with a discussion of Additional Learning Resources and Certification • The goal is to introduce you to NSX; you can then decide if NSX is a journey you’d like to undertake • This seminar will NOT: – replace training and hands-on experience – provide design/consulting advice • Prerequisites – Basic exposure to virtualization – Curiosity about software defined networks 2
Module 1 NSX Overview
In Brief – NSX NVP – Combines functionality from: – Nicira’s NetworkVirtualization Platform (NVP) – VMware vCloud Networking and Security – NSX isVMware's Software Defined Network (SDN) solution – decouples networking and security from the physical hardware – provides network and security features, such as distributed routing and micro-segmentation – treats the physical network as a pool of transport capacity – reduces the time to provision multi-tier network and security services – brings security inside the data center with automated fine-grained policies tied to the virtual machines – NSX brings the operational model of a virtual machine to the data center network L2 – 3 L4 – 7 4 virtualizes network and security services virtualizes the network fabric
Benefits – NSX • Dynamic provisioning of virtual networks and security services • Workload mobility across clusters and L3 infrastructure • Isolation of tenants without the limitations ofVLANs • Centralized management of distributed services • New tools for automation, policy andVM visibility Logical Router Logical Switch Network, Security Services 5
IT’s Requirements 6 TransformationResponsiveness Speed, Agility Bespoke, Simplicity Right Price, RightTime Business Architect Security CIO Customer
Challenges ofVirtualization Performance Challenge: Overhead of virtualization Solution: Deploy services closer to the data Visibility Challenge: Status of physical devices Solution: Build on performant infrastructure Maturity Challenge:The industry is evolving Solution: Rigorous PoC Internal Controls Challenge: Disrupts existing relationships Solution: Convergence, DevOps 7
Module 2 NSX Networking
It’s All NetworkingTo Me 9
Layer Layer Name Protocol Data Unit (PDU) Main Function Example Protocol AddressType 7 Application Data Interaction with user. Provides services to app. FTP Hostname example.com 6 Presentation Data Data representation (Converts/Encrypts) XDR,XML Hostname example.com 5 Session Data Connection dialog (Start/Stop/Order) RPC, SOCKS Socket 172.16.3.24:80 4 Transport Segment (TCP) Datagram (UDP) End-to-End Delivery (Entire message) TCP, DCCP Port number 80 3 Network Packet Routing and Addressing IP, IGMP IP Address 172.16.3.24 2 Data Link Frame Node-to-node (Access to media) Ethernet, MPLS MAC 1C98ECA8EC30 1 Physical Bit Distance and electrical (Low level parameters) RS232, DOCSIS N/A Application Transport Internet Link Communication Model 10A.Akpaffiong, 2016
Broadcast & Collision Domain 11 Broadcast Domain Collision Domain Hub One broadcast domain per device One collision domain per device One broadcast domain per device One collision domain per port One broadcast domain per port One collision domain per port Switch Router
Broadcast & Collision Domain Hub Switch Router Broadcast Device Device Port Collision Device Port Port 12
Packets PayloadOverhead Protocol Data Unit (PDU) Fixed Variable 46 – 1500 Bytes EthernetV2 Standard Payload Range 1501 – 9000 Bytes EthernetV2 Jumbo Payload Range Recommended MTU for NSX 1600 bytes 13
VLAN 14 /24 10.1.2.1110.1.2.10 A B 10.1.2.10 A 10.1.2.11 A’ 10.1.4.10 B 10.1.4.11 B’ Trunk Trunk 10.1.2.10 A’ 10.1.4.10 B’ 10.1.2.11 A 10.1.4.11 BVLAN ID X VLAN ID Y X and Y are integers between 1 and 4094 switch
VLAN Frame Format – IEEE 802.1Q 15 Inner DST MAC Inner SRC MAC 802.1Q (opt) Ether Type/ Length Payload FCS Inner Ethernet Header TPID PCP DEI VID 1500 bytes18 bytes 12 bits1 bit3 bits16 bits 4 bytes TPID Tag Protocol Identifier TCI Tag Control Information PCP 802.1p Priority Levels (COS) DEI Drop eligible indicator (DEI) VID VLAN ID FCS Frame Check Sequence 6 6 bytes2 4 bytes
Virtual Local Area Network -VLAN 16 Adds 4 bytes to the Ethernet frame VLAN IEEE 802.1Q Broadcast isolation and segmentation IEEE 802.1D (STP) at L2 to manage paths Up to 212 (4096) virtual networks
VLAN andVXLAN VLAN –Virtual LAN Segmentation and broadcast isolation IEEE 802.1Q Enables up to (212) or 4096 virtual networks IEEE 802.1D - SpanningTree Protocol (STP) at L2 to manage paths Adds 4 bytes to the Ethernet frame VXLAN –Virtual eXtensible LAN A Layer 2 overlay scheme over a Layer 3 network IETF RFC 7348 Enables up to (224) or 16 million virtual networks TRILL, SPB at L2 and OSPF and BGP at L3 to manage paths Adds 50 byteVXLAN header to Ethernet frame 17
VXLAN… in a nutshell 18 A Framework for OverlayingVirtualized Layer 2 Networks over Layer 3 Networks Virtual eXtensible Local Area Network Fundamental concept of NSX Overlay One of several protocols that enable Network Overlay: STT, OTV, LISP, GENEVE, NVGREEnables dynamic, large-scale, isolated virtual Layer 2 networks in multi-tenant environments. Key traits ofVXLAN overlay technology are: encapsulation & end- point communication VXLAN encapsulates the original Ethernet frame into IP/UDP VTEPs are end-points where Ethernet frame is encapsulated & de- encapsulated
Encapsulation Encapsulation masks data so it can pass undetected under certain circumstances – Like the above, iSCSI data is encapsulated asTCP/IP in order for the SCSI data to be accepted on a TCP/IP network. NSX usingVXLAN to encapsulate Ethernet payload in a similar manner. Ethernet IP TCP iSCSI Data iSCSI PDU C R C 19
Trunk & Access Links 20 Switch SwitchTrunk Link Access Links Access links • Member of oneVLAN ID group • Referred to as the native VLAN • Attached device is unaware of aVLAN membership Trunk links • Conduit for multipleVLAN IDs • 100Mbps or higher link between switches, a switch and router, or a switch and server • Enable VLANs to span across a backbone
21 Traditional Network Design Leaf/Spine “IP Fabric” Design Core Aggregation Access Spine Leaf
Module 3 Software-Defined Data Center (SDDC)
Software-Defined Data Center – Concepts • Moves intelligence from hardware into software • Decouples the underlying network, server and storage hardware • Location-independent • Leverages a data center virtualization layer Hardware Software Intelligence baked into Hardware Dedicated,Vendor Specific Hardware Manual Configuration & Management Intelligence in Software Independent,Vendor-Neutral Hardware Automated Configuration & Management
Software-Defined Data Center – Concepts Automation Pooling Abstraction 24 Server FirewallNetworkStorage extends virtualization concepts of abstraction, pooling, and automation to all data center resources and services decouples the underlying network, server and storage hardware, while leveraging its infrastructure location-independent; can be in a single data center, span multiple private data centers, or span hybrid data centers
Software-Defined Data Center – Concepts Application Service Management Application Management Layer vRA Application Services SDDC Management Cloud Management Platform vRA e.g. OpenStack SDDC Foundation Virtualization of Physical Assets VMware vSphere SDSSDN VSANNSX 25
Software-Defined Data Center – Positioning NSX – A software construct – Physical network as a flexible pool of transport capacity – Policy-driven attachment of network and security services – Decouples network configuration from physical infrastructure – Security and micro-segmentation – Key tenant to the software-defined data center (SDDC) 26
Software-Defined Networking –Vendors 27
Module 4 NSX Introduction
VMware NSX treats: “The physical network as a pool of transport capacity with network and security services attached toVM’s with a policy-driven approach.” NSX Introduction VMware NSX brings: “The operational model of a virtual machine to the data center network, transforming the economics of network and security operations.” VMware NSX delivers: “The network virtualization platform of the Software-Defined-DataCenter (SDDC)” 29
NSX Architecture 30 Any Network Device Overlay Transport Any Hypervisor NSX vSwitch NSX Controller NSX Manager NSX API Any Cloud Management Platform e.g.VXLAN, NVGRE, STT ESXi, KVM, XenServer vDS, kernel modules Manage state, P2V gateway Deployment e.g. vRA, OpenStack UI Underlay, 1600 MTU
NSXTypes NSXType vSphere (NSX-v) Multi-hypervisor (NSX-mh) Hypervisor ESXi ESXi, KVM, XenServer SwitchType dvSwitch Open vSwitch Encapsulation VXLAN GRE, STT,VXLAN Central Service NSX Edge Physical NSX GW Appliance Distributed Firewall East-West Distributed Firewall In-kernel East-West DF viaACL and Security Groups Distributed Routing In-kernel Distributed Routing Routing via Open vSwitch Additional Load-balancing,VPN, DHCP, NAT, Central Routing services EOS announced. Successor is NSX-T (Transformers) 31
Sample NSX (6.2.2+) Product Features per License NSX Licenses Sample Features Standard Advanced Enterprise Distributed Switching and Routing    Edge Firewall    Edge Load Balancing   Distributed Firewall   Cross vCenter NSX  VPN (IPSec and SSL)  http://www.vmware.com/products/nsx/compare.html 32
Module 5 NSX Features
NSX Features Switching Routing Firewall Load Balancing VPN Gateway V i r t u a l N e t w o r k s Switching Routing Firewall Load Balancing VPN Gateway 34
172.16.20.1 172.16.20.2 NSX Features – Logical Switching • Creates logically abstracted L2 segments • Logical L2 switching across L3 boundaries • Decoupled from the physical network SRV01 SRV02 Logical L2 Network Segment Physical Logical L3 Powered byVXLAN 35
NSX Features – Routing • Routing Functions: – Distributed Logical Router (DLR) – kernel • Provides L3 routing without leaving the hypervisor • Routing scales with environment by adding hosts • Optimizes East-West traffic flows – NSX Edge Services Router (ESR) –VM APP01 DB01 Physical Logical L3 50025001 DLR 172.16.20.1 172.16.30.1 External Router 36
NSX Features – Routing • Edge Services Routing is performed in the NSX Edge Services Gateway – Routing between tenants – Forwarding information between L2 broadcast domains – North-South communication patterns NSX Edge Internet 37
NSX Features – Distributed Firewall 38 Logical Switch VM VM vNIC at egress at ingress Security Policy enforced: Placement Mobility Performance
NSX Features – Edge Firewall ESG VM VM VM Logical Switch VM VM VM Logical Switch Internet Tenant1 Tenant2 Virtual Appliance North-SouthTraffic Complements DF 39
NSX Features – Micro-segmentation Before NSX Focus on perimeter defense Low priority systems left unprotected Security between systems is expensive Centralized firewalls result in large firewall rules 40 With NSX Micro-granular security model Security applied at virtual network interface Security distributed to every hypervisor Security cost normalized across all systems Automated provisioning of security policies Security policies always follows theVM Security policies are: • simplified • centralized • logically grouped
NSX Features – Load Balancer (Simplified logical representation) VIP = LB IP Edge IP ESG Distribution Method: • ROUND_ROBIN • LEAST_CONN • IP_HASH • URI TCP (8090) HTTP (80) HTTPS (443) SRV n SRV 2 SRV 1Service Request Backend Serer IP Modes of Operation: • One-Arm (DNAT & SNAT) • Inline (DNAT) 41
NSX Features –VPN L3WAN L3WAN Laptop SiteA Site C Site B Remote User L2VPN Edge Allow remote user connect to services Provides connectivity between sites Stretch L2 network between sites 42
NSX Features Logical Switch East-West Communication Kernel-based, extend network reach Logical Router North-South Communication Distributed and Appliance based, inter-provider Services Gateway Physical-to- Virtual Application Services – Firewall, Routing,VPN, LB 43
NSX Features – Security Group, Security Policy 44 SecurityGroup Grouping of workloads Dynamic Static WhatTo Protect
Network Introspection Services Endpoint Service Firewall rules HowTo Protect NSX Features – Security Group, Security Policy 45 SecurityGroup SecurityGroup Security Policy Service Description Applies to Firewall Rules Rules that define the traffic to be allowed to, from, or within the security group vNIC Endpoint Data Security or 3rd party services e.g. anti- virus or vulnerability management services Virtual Machines Network Introspection Services that monitor your network such as IPS and network forensics Virtual Machines WhatTo Protect SecurityPolicy
NSX Features – Security Probing Questions 1. If a threat makes it past your perimeter, are you able to quickly and automatically respond to prevent the threat from moving from server to server? • NSX Micro-segmentation applies security at the workload level without need for additional firewalls or changes to existing network/security platform • Security profile moves seamlessly with the workload • Security scales automatically with the environment 2. Do you need to improve your Security SLA? • Global rule sets can be complex and difficult to modify, making threat analysis and forensics, tedious and time-consuming • NSX Micro-Segmentation reduces the complexity, changes are automatically communicated and propagated, security provisioning is streamlined 46
Module 6 NSX Components
NSX Components - Architecture 48 NSX Manager 443/TCP – Admin UI, REST 80/TCP –VIB Access ProLiant DL180 Gen9 UID UID netcpa (UWA) vsfwd (UWA) VTEP 5671/TCP – RMQ 2878, 2888, 3888/TCP – State Sync 443, 902/TCP – vSphereWeb 22, 80, 443, 902/TCP – Mgmt/Provisioning 53, 123, 514/TCP/UDP (DNS, NTP, Syslog) NSX ESG ProLiant DL180 Gen9 UID UID vsfwd (UWA) VTEP 4789/UDP –VXLAN vCenter Server Client PC 123/TCP/UDP – NTP 8301, 8302/UDP – DVS Sync NSX Controller Cluster DFW DFW VMware KB 2079386Visualized 443/TCP – REST RMQ netcpa (UWA) VXLAN VXLAN Routng Routng
49 Feature Feature Operating System Specialized Packet Forwarding Engine NSX: SDN Traditional Network Device
NSX: SDN 50 Feature Feature Operating System Specialized Packet Forwarding Engine Configuration:CLI/GUI Management Plane Data Plane ForwardingTable Routing Protocol(s) Control Plane Neighbor IPTableLink State Traditional Network Device
NSX: SDN 51 Feature Feature Operating System Specialized Packet Forwarding Engine Feature Feature Operating System Specialized Packet Forwarding EngineFeature Feature Operating System Specialized Packet Forwarding Engine Feature Feature Operating System Specialized Packet Forwarding Engine Feature Feature Operating System Specialized Packet Forwarding Engine
NSX: SDN 52 O p e r a t i n g S y s t e m Feature Feature Simple Packet Forwarding Engine Simple Packet Forwarding Engine Simple Packet Forwarding Engine Simple Packet Forwarding Engine Simple Packet Forwarding Engine
Overlay Network Uses software to create layers of network abstraction: – run multiple, discrete virtualized network layers on top of the physical network (underlay) 53 Uses encapsulation to create L2 logical networks on top of the existing physical IP network Physical “Underlay” Virtual “Overlay”
VXLAN Encapsulation 54 Outer Ethernet Header Outer IPv4 Header Outer UDP Header Original Ethernet Frame 50 ByteVXLAN Encapsulation Overhead VXLAN Header F C S Payload Inner Ethernet Header OverlayUnderlay
VXLAN Frame Format 55 VXLAN Header Outer UDP Header Outer IPv4 Header Outer Ethernet Header Outer DST MAC Outer SRC MAC VXLAN Type (opt) Outer 802.1Q (opt) Ether Type 14 bytes IP Header Data IP Proto col Header Check Sum Outer SRC IP Outer DST IP 20 bytes SRC Port DST Port UDP Length UDP Check Sum 8 bytes VXLAN Flags RSVD VXLAN Network ID RSVD 8 bytes Payload F C S Inner Ethernet Header Inner DST MAC Inner SRC MAC 802.1Q (opt) Ether Type 14 or 18 bytes 1500 bytes
VTEP -VXLANTunnel End Point 56 VXLAN Segments VNID 1 VNID 2 VNID 1 VNID 2 VM VM VM VM IP VTEP VXLAN Segments VTEP IP Interface IP Interface VXLAN Segments VTEP encapsulates an Ethernet frame in aVXLAN frame or de- encapsulates aVXLAN frame and forwards the inner Ethernet frame.
57 VNI VTEPESXi 1 VTEPESXi 2 UTEPESXi 3 VM B VTEPESXi 4 Unicast Replication Mode 1 2 3 4 VM A VM C VM D Multicast Unicast HybridBUM – Broadcast, Unknown unicast, and Multicast
Transport Zone Transport Zone • defines clusters of hosts that can participate in the virtual network • configurable boundary for a givenVXLAN Segment • defines the reach of the L2 domain Cluster 1 VDS 1 VDS 2 Transport Zone 1 Cluster 3Cluster 2 58
Module 7 NSX Deployment
NSX Deployment – Hardware Minimum Requirement Appliance Memory vCPU Disk Space NSX Manager (1x) 16 GB 4 60 GB NSX Controller (3x) 4 GB 4 20 GB NSX Edge (1x) Compact: 512 MB 1 1 disk 500MB Large: 1 GB 2 1 disk 500MB + 1 disk 512MB Quad-Large: 1 GB 4 1 disk 500MB + 1 disk 512MB X-Large: 8 GB 6 1 disk 500MB + 1 disk 2GB Guest Introspection 1 GB 2 4 GB NSX Data Security 512 MB 1 6 GB per ESXi host 60
NSX Roles 61 AuditorSecurity Administrator NSX Administrator Enterprise Administrator RO access to all areas R/W access to NSX operations : • installing virtual appliances • configuring port groups RO access to other areas R/W access to all areas of NSX R/W access to NSX security: • defining data security policies • creating port groups • creating reports for NSX modules RO access to other areas
Module 8 NSX Resources
Live Demo Demonstration of NSX 63
NSX Resources -VMware Hands-on Labs 64http://labs.hol.vmware.com/HOL/
NSX Resources – HPE Education www.hpe.com/us/training 65
NSX Resources – Certification VMware NSX Training and Certification 66
A.Akpaffiong, 2016 ”Since before your sun burned hot in space and before your race was born, I have awaited a question.” --The City on the Edge of Forever, StarTrek 67 Questions?
A.Akpaffiong, 2016 You are now free to go! 68
A.Akpaffiong, 2016 Backup Slides 69
NSX NetworkVirtualization Services – Security 70 Third-Party • Antivirus • DLP • Firewall • Intrusion Prevention • Vulnerability Management • Identity and Access Management • Security Policy Management Built-In • Distributed Firewall • Edge Firewall • Data Security • Server Activity Monitoring • VPN (SSL, IPsec)
Software-Defined Networks (SDN) • SDN has two defining characteristics: o SDN separates the control plane from the data plane o SDN consolidates the control plane, so that a single software control program controls multiple data-plane elements • The concept underpinning SDN is simple: o If the data and control plane are de-coupled the static network can be made intelligent, responsive, programmable and centrally controlled. 71
NSX Network Planes – An Analogy 72 Management Plane Control Plane Data Plane Manager & vCenter NSX Controller NSX vSwitch define enforce execute nytimes.com
NSX Components – Network Planes 71
NSX Components – Network Planes Configuration:CLI/GUI ForwardingTable Routing Protocol(s) Neighbor IPTableLink State 72
NSX Components – Network Planes Configuration:CLI/GUI Forwarding Table Routing Protocol(s) Neighbor IPTableLink State NSX vSwitch NSX Edge NSX Controller Edge Logical Router NSX Manager vCenter Server 73
NSX Components – Network Planes • Network Planes – Management plane defines the network policy – Control plane enforces the network policy – Data Plane executes the network policy Management Plane Control Plane Data Plane How What Do NSX Manager vCenter Controller vSwitch 74
NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Limited limited information expansion is expensive global performance characteristics steered choke point 75
NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Sprawl choke point steered basic packet information Limited 76
NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Sprawl Enforcement Assumed embedded data path scales every packet inspected comprehensive security policy Limited 77
NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Sprawl Enforcement Assumed Perimeter Services North-South Limited 78
NSX Features – L2 Bridging 81 VXLAN WebVM AppVM DB SVR2SVR1 VLAN L2 Bridge Connectivity Embedded Scalable HWVTEP Controller Cluster OVSDB
PG 82 VM PGPG VM PG vDS VTEPESXi/ESG PG VM PGPG VM PG vDS VTEPESXi/ESG Active DLR (HA) Standby DLR (HA) Switch Switch Trunk Access orTrunk VNI VID Trunk VMK MAC B MAC A MAC C MAC E MAC D VNI VID VNI VID VNI VID VNI NSX Features – L2 Bridging
83 VNI VTEPESXi 1 VM A VTEPESXi 2 MTEPESXi 3 VM CVM B VTEPESXi 4 VM D NSX Features – Multicast Replication Mode 1 2 3 L3 - PIML2 - IGMP L2 - IGMP
84 VNI VTEPESXi 1 VM A VTEPESXi 2 UTEPESXi 3 VM CVM B VTEPESXi 4 VM D NSX Features – Unicast Replication Mode 1 2 3 4
85 VNI VTEPESXi 1 VM A VTEPESXi 2 MTEPESXi 3 VM CVM B VTEPESXi 4 VM D NSX Features – Hybrid Replication Mode L2 - IGMP L2 - IGMP 1 2 3 4
NSX Components – ControllerTables 86 NSX Controller Node MAC Table MapVM MACs to VTEP ARP Table MapVM IPs to MAC VTEP Table MapVNI to VTEP

Recommended

An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxNSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxAtif Raees
 
Volume Encryption In CloudStack
Volume Encryption In CloudStackVolume Encryption In CloudStack
Volume Encryption In CloudStackShapeBlue
 
SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)NAIM Networks, Inc.
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automateIlkka Tengvall
 
Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Jürgen Ambrosi
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1Sanjeev Kumar
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 

Recommended

An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxNSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxAtif Raees
 
Volume Encryption In CloudStack
Volume Encryption In CloudStackVolume Encryption In CloudStack
Volume Encryption In CloudStackShapeBlue
 
SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)NAIM Networks, Inc.
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automateIlkka Tengvall
 
Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Jürgen Ambrosi
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1Sanjeev Kumar
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 
Cisco ucs presentation
Cisco ucs presentationCisco ucs presentation
Cisco ucs presentationAbdelkader YEDDES
 
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptx
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptxvmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptx
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptxVitNguyn252054
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery ManagerJürgen Ambrosi
 
VMware - HCX - Architecture and Design .pdf
VMware - HCX - Architecture and Design .pdfVMware - HCX - Architecture and Design .pdf
VMware - HCX - Architecture and Design .pdfGiancarloSampaolesi
 
Dell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesDell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesAndrew McDaniel
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformKangaroot
 
VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5Sanjeev Kumar
 
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxcloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxVitNguyn252054
 
VMware Advance Troubleshooting Workshop - Day 2
VMware Advance Troubleshooting Workshop - Day 2VMware Advance Troubleshooting Workshop - Day 2
VMware Advance Troubleshooting Workshop - Day 2Vepsun Technologies
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
OpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release NotesOpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release NotesGerryJamisola1
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfJuanSalinas593459
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
OpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesOpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesJalal Mostafa
 
VSAN – Architettura e Design
VSAN – Architettura e DesignVSAN – Architettura e Design
VSAN – Architettura e DesignVMUG IT
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
 
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례SONG INSEOB
 
VMware Virtual SAN Presentation
VMware Virtual SAN PresentationVMware Virtual SAN Presentation
VMware Virtual SAN Presentationvirtualsouthwest
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 

More Related Content

What's hot

vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptx
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptxvmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptx
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptxVitNguyn252054
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery ManagerJürgen Ambrosi
 
VMware - HCX - Architecture and Design .pdf
VMware - HCX - Architecture and Design .pdfVMware - HCX - Architecture and Design .pdf
VMware - HCX - Architecture and Design .pdfGiancarloSampaolesi
 
Dell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesDell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesAndrew McDaniel
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformKangaroot
 
VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5Sanjeev Kumar
 
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxcloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxVitNguyn252054
 
VMware Advance Troubleshooting Workshop - Day 2
VMware Advance Troubleshooting Workshop - Day 2VMware Advance Troubleshooting Workshop - Day 2
VMware Advance Troubleshooting Workshop - Day 2Vepsun Technologies
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
OpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release NotesOpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release NotesGerryJamisola1
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfJuanSalinas593459
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
OpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesOpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesJalal Mostafa
 
VSAN – Architettura e Design
VSAN – Architettura e DesignVSAN – Architettura e Design
VSAN – Architettura e DesignVMUG IT
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
 
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례SONG INSEOB
 
VMware Virtual SAN Presentation
VMware Virtual SAN PresentationVMware Virtual SAN Presentation
VMware Virtual SAN Presentationvirtualsouthwest
 

What's hot (20)

Cisco ucs presentation
Cisco ucs presentationCisco ucs presentation
Cisco ucs presentation
 
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptx
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptxvmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptx
vmware_cloud_foundation_on_vxrail_technical_customer_presentation.pptx
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery Manager
 
VMware - HCX - Architecture and Design .pdf
VMware - HCX - Architecture and Design .pdfVMware - HCX - Architecture and Design .pdf
VMware - HCX - Architecture and Design .pdf
 
Dell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesDell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready Nodes
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5
 
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptxcloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
cloud_foundation_on_vxrail_vcf_pnp_licensing_guide.pptx
 
VMware Advance Troubleshooting Workshop - Day 2
VMware Advance Troubleshooting Workshop - Day 2VMware Advance Troubleshooting Workshop - Day 2
VMware Advance Troubleshooting Workshop - Day 2
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networking
 
OpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release NotesOpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release Notes
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdf
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
OpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesOpenStack Architecture and Use Cases
OpenStack Architecture and Use Cases
 
VSAN – Architettura e Design
VSAN – Architettura e DesignVSAN – Architettura e Design
VSAN – Architettura e Design
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdf
 
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
 
VMware Virtual SAN Presentation
VMware Virtual SAN PresentationVMware Virtual SAN Presentation
VMware Virtual SAN Presentation
 

Similar to VMware NSX 101: What, Why & How

VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationBayu Wibowo
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301Kevin Groat
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization toolDaljeet Singh Randhawa
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
Walk Through a Software Defined Everything PoC
Walk Through a Software Defined Everything PoCWalk Through a Software Defined Everything PoC
Walk Through a Software Defined Everything PoCCeph Community
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Brad Eckert
 
Why sdn
Why sdnWhy sdn
Why sdnlz1dsb
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 

Similar to VMware NSX 101: What, Why & How (20)

VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
Wan networks
Wan networksWan networks
Wan networks
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
 
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX BoxesCloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301
 
NSX, un salt natural cap a SDN
NSX, un salt natural cap a SDNNSX, un salt natural cap a SDN
NSX, un salt natural cap a SDN
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization tool
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
Walk Through a Software Defined Everything PoC
Walk Through a Software Defined Everything PoCWalk Through a Software Defined Everything PoC
Walk Through a Software Defined Everything PoC
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
Why sdn
Why sdnWhy sdn
Why sdn
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

VMware NSX 101: What, Why & How

  • 1. NSX 101: What,Why & How Aniekan Akpaffiong Bob Horne Initial presentation at HPETOS October 2016
  • 2. Seminar Introduction • This seminar on NSX will include a discussion of its: • Benefits (including an intro to NSX Networking and SDDC) • Components & Features • Use cases we’ll jump into an NSX Demo and finish with a discussion of Additional Learning Resources and Certification • The goal is to introduce you to NSX; you can then decide if NSX is a journey you’d like to undertake • This seminar will NOT: – replace training and hands-on experience – provide design/consulting advice • Prerequisites – Basic exposure to virtualization – Curiosity about software defined networks 2
  • 4. In Brief – NSX NVP – Combines functionality from: – Nicira’s NetworkVirtualization Platform (NVP) – VMware vCloud Networking and Security – NSX isVMware's Software Defined Network (SDN) solution – decouples networking and security from the physical hardware – provides network and security features, such as distributed routing and micro-segmentation – treats the physical network as a pool of transport capacity – reduces the time to provision multi-tier network and security services – brings security inside the data center with automated fine-grained policies tied to the virtual machines – NSX brings the operational model of a virtual machine to the data center network L2 – 3 L4 – 7 4 virtualizes network and security services virtualizes the network fabric
  • 5. Benefits – NSX • Dynamic provisioning of virtual networks and security services • Workload mobility across clusters and L3 infrastructure • Isolation of tenants without the limitations ofVLANs • Centralized management of distributed services • New tools for automation, policy andVM visibility Logical Router Logical Switch Network, Security Services 5
  • 6. IT’s Requirements 6 TransformationResponsiveness Speed, Agility Bespoke, Simplicity Right Price, RightTime Business Architect Security CIO Customer
  • 7. Challenges ofVirtualization Performance Challenge: Overhead of virtualization Solution: Deploy services closer to the data Visibility Challenge: Status of physical devices Solution: Build on performant infrastructure Maturity Challenge:The industry is evolving Solution: Rigorous PoC Internal Controls Challenge: Disrupts existing relationships Solution: Convergence, DevOps 7
  • 10. Layer Layer Name Protocol Data Unit (PDU) Main Function Example Protocol AddressType 7 Application Data Interaction with user. Provides services to app. FTP Hostname example.com 6 Presentation Data Data representation (Converts/Encrypts) XDR,XML Hostname example.com 5 Session Data Connection dialog (Start/Stop/Order) RPC, SOCKS Socket 172.16.3.24:80 4 Transport Segment (TCP) Datagram (UDP) End-to-End Delivery (Entire message) TCP, DCCP Port number 80 3 Network Packet Routing and Addressing IP, IGMP IP Address 172.16.3.24 2 Data Link Frame Node-to-node (Access to media) Ethernet, MPLS MAC 1C98ECA8EC30 1 Physical Bit Distance and electrical (Low level parameters) RS232, DOCSIS N/A Application Transport Internet Link Communication Model 10A.Akpaffiong, 2016
  • 11. Broadcast & Collision Domain 11 Broadcast Domain Collision Domain Hub One broadcast domain per device One collision domain per device One broadcast domain per device One collision domain per port One broadcast domain per port One collision domain per port Switch Router
  • 12. Broadcast & Collision Domain Hub Switch Router Broadcast Device Device Port Collision Device Port Port 12
  • 13. Packets PayloadOverhead Protocol Data Unit (PDU) Fixed Variable 46 – 1500 Bytes EthernetV2 Standard Payload Range 1501 – 9000 Bytes EthernetV2 Jumbo Payload Range Recommended MTU for NSX 1600 bytes 13
  • 15. VLAN Frame Format – IEEE 802.1Q 15 Inner DST MAC Inner SRC MAC 802.1Q (opt) Ether Type/ Length Payload FCS Inner Ethernet Header TPID PCP DEI VID 1500 bytes18 bytes 12 bits1 bit3 bits16 bits 4 bytes TPID Tag Protocol Identifier TCI Tag Control Information PCP 802.1p Priority Levels (COS) DEI Drop eligible indicator (DEI) VID VLAN ID FCS Frame Check Sequence 6 6 bytes2 4 bytes
  • 16. Virtual Local Area Network -VLAN 16 Adds 4 bytes to the Ethernet frame VLAN IEEE 802.1Q Broadcast isolation and segmentation IEEE 802.1D (STP) at L2 to manage paths Up to 212 (4096) virtual networks
  • 17. VLAN andVXLAN VLAN –Virtual LAN Segmentation and broadcast isolation IEEE 802.1Q Enables up to (212) or 4096 virtual networks IEEE 802.1D - SpanningTree Protocol (STP) at L2 to manage paths Adds 4 bytes to the Ethernet frame VXLAN –Virtual eXtensible LAN A Layer 2 overlay scheme over a Layer 3 network IETF RFC 7348 Enables up to (224) or 16 million virtual networks TRILL, SPB at L2 and OSPF and BGP at L3 to manage paths Adds 50 byteVXLAN header to Ethernet frame 17
  • 18. VXLAN… in a nutshell 18 A Framework for OverlayingVirtualized Layer 2 Networks over Layer 3 Networks Virtual eXtensible Local Area Network Fundamental concept of NSX Overlay One of several protocols that enable Network Overlay: STT, OTV, LISP, GENEVE, NVGREEnables dynamic, large-scale, isolated virtual Layer 2 networks in multi-tenant environments. Key traits ofVXLAN overlay technology are: encapsulation & end- point communication VXLAN encapsulates the original Ethernet frame into IP/UDP VTEPs are end-points where Ethernet frame is encapsulated & de- encapsulated
  • 19. Encapsulation Encapsulation masks data so it can pass undetected under certain circumstances – Like the above, iSCSI data is encapsulated asTCP/IP in order for the SCSI data to be accepted on a TCP/IP network. NSX usingVXLAN to encapsulate Ethernet payload in a similar manner. Ethernet IP TCP iSCSI Data iSCSI PDU C R C 19
  • 20. Trunk & Access Links 20 Switch SwitchTrunk Link Access Links Access links • Member of oneVLAN ID group • Referred to as the native VLAN • Attached device is unaware of aVLAN membership Trunk links • Conduit for multipleVLAN IDs • 100Mbps or higher link between switches, a switch and router, or a switch and server • Enable VLANs to span across a backbone
  • 21. 21 Traditional Network Design Leaf/Spine “IP Fabric” Design Core Aggregation Access Spine Leaf
  • 23. Software-Defined Data Center – Concepts • Moves intelligence from hardware into software • Decouples the underlying network, server and storage hardware • Location-independent • Leverages a data center virtualization layer Hardware Software Intelligence baked into Hardware Dedicated,Vendor Specific Hardware Manual Configuration & Management Intelligence in Software Independent,Vendor-Neutral Hardware Automated Configuration & Management
  • 24. Software-Defined Data Center – Concepts Automation Pooling Abstraction 24 Server FirewallNetworkStorage extends virtualization concepts of abstraction, pooling, and automation to all data center resources and services decouples the underlying network, server and storage hardware, while leveraging its infrastructure location-independent; can be in a single data center, span multiple private data centers, or span hybrid data centers
  • 25. Software-Defined Data Center – Concepts Application Service Management Application Management Layer vRA Application Services SDDC Management Cloud Management Platform vRA e.g. OpenStack SDDC Foundation Virtualization of Physical Assets VMware vSphere SDSSDN VSANNSX 25
  • 26. Software-Defined Data Center – Positioning NSX – A software construct – Physical network as a flexible pool of transport capacity – Policy-driven attachment of network and security services – Decouples network configuration from physical infrastructure – Security and micro-segmentation – Key tenant to the software-defined data center (SDDC) 26
  • 29. VMware NSX treats: “The physical network as a pool of transport capacity with network and security services attached toVM’s with a policy-driven approach.” NSX Introduction VMware NSX brings: “The operational model of a virtual machine to the data center network, transforming the economics of network and security operations.” VMware NSX delivers: “The network virtualization platform of the Software-Defined-DataCenter (SDDC)” 29
  • 30. NSX Architecture 30 Any Network Device Overlay Transport Any Hypervisor NSX vSwitch NSX Controller NSX Manager NSX API Any Cloud Management Platform e.g.VXLAN, NVGRE, STT ESXi, KVM, XenServer vDS, kernel modules Manage state, P2V gateway Deployment e.g. vRA, OpenStack UI Underlay, 1600 MTU
  • 31. NSXTypes NSXType vSphere (NSX-v) Multi-hypervisor (NSX-mh) Hypervisor ESXi ESXi, KVM, XenServer SwitchType dvSwitch Open vSwitch Encapsulation VXLAN GRE, STT,VXLAN Central Service NSX Edge Physical NSX GW Appliance Distributed Firewall East-West Distributed Firewall In-kernel East-West DF viaACL and Security Groups Distributed Routing In-kernel Distributed Routing Routing via Open vSwitch Additional Load-balancing,VPN, DHCP, NAT, Central Routing services EOS announced. Successor is NSX-T (Transformers) 31
  • 32. Sample NSX (6.2.2+) Product Features per License NSX Licenses Sample Features Standard Advanced Enterprise Distributed Switching and Routing    Edge Firewall    Edge Load Balancing   Distributed Firewall   Cross vCenter NSX  VPN (IPSec and SSL)  http://www.vmware.com/products/nsx/compare.html 32
  • 34. NSX Features Switching Routing Firewall Load Balancing VPN Gateway V i r t u a l N e t w o r k s Switching Routing Firewall Load Balancing VPN Gateway 34
  • 35. 172.16.20.1 172.16.20.2 NSX Features – Logical Switching • Creates logically abstracted L2 segments • Logical L2 switching across L3 boundaries • Decoupled from the physical network SRV01 SRV02 Logical L2 Network Segment Physical Logical L3 Powered byVXLAN 35
  • 36. NSX Features – Routing • Routing Functions: – Distributed Logical Router (DLR) – kernel • Provides L3 routing without leaving the hypervisor • Routing scales with environment by adding hosts • Optimizes East-West traffic flows – NSX Edge Services Router (ESR) –VM APP01 DB01 Physical Logical L3 50025001 DLR 172.16.20.1 172.16.30.1 External Router 36
  • 37. NSX Features – Routing • Edge Services Routing is performed in the NSX Edge Services Gateway – Routing between tenants – Forwarding information between L2 broadcast domains – North-South communication patterns NSX Edge Internet 37
  • 38. NSX Features – Distributed Firewall 38 Logical Switch VM VM vNIC at egress at ingress Security Policy enforced: Placement Mobility Performance
  • 39. NSX Features – Edge Firewall ESG VM VM VM Logical Switch VM VM VM Logical Switch Internet Tenant1 Tenant2 Virtual Appliance North-SouthTraffic Complements DF 39
  • 40. NSX Features – Micro-segmentation Before NSX Focus on perimeter defense Low priority systems left unprotected Security between systems is expensive Centralized firewalls result in large firewall rules 40 With NSX Micro-granular security model Security applied at virtual network interface Security distributed to every hypervisor Security cost normalized across all systems Automated provisioning of security policies Security policies always follows theVM Security policies are: • simplified • centralized • logically grouped
  • 41. NSX Features – Load Balancer (Simplified logical representation) VIP = LB IP Edge IP ESG Distribution Method: • ROUND_ROBIN • LEAST_CONN • IP_HASH • URI TCP (8090) HTTP (80) HTTPS (443) SRV n SRV 2 SRV 1Service Request Backend Serer IP Modes of Operation: • One-Arm (DNAT & SNAT) • Inline (DNAT) 41
  • 42. NSX Features –VPN L3WAN L3WAN Laptop SiteA Site C Site B Remote User L2VPN Edge Allow remote user connect to services Provides connectivity between sites Stretch L2 network between sites 42
  • 43. NSX Features Logical Switch East-West Communication Kernel-based, extend network reach Logical Router North-South Communication Distributed and Appliance based, inter-provider Services Gateway Physical-to- Virtual Application Services – Firewall, Routing,VPN, LB 43
  • 44. NSX Features – Security Group, Security Policy 44 SecurityGroup Grouping of workloads Dynamic Static WhatTo Protect
  • 45. Network Introspection Services Endpoint Service Firewall rules HowTo Protect NSX Features – Security Group, Security Policy 45 SecurityGroup SecurityGroup Security Policy Service Description Applies to Firewall Rules Rules that define the traffic to be allowed to, from, or within the security group vNIC Endpoint Data Security or 3rd party services e.g. anti- virus or vulnerability management services Virtual Machines Network Introspection Services that monitor your network such as IPS and network forensics Virtual Machines WhatTo Protect SecurityPolicy
  • 46. NSX Features – Security Probing Questions 1. If a threat makes it past your perimeter, are you able to quickly and automatically respond to prevent the threat from moving from server to server? • NSX Micro-segmentation applies security at the workload level without need for additional firewalls or changes to existing network/security platform • Security profile moves seamlessly with the workload • Security scales automatically with the environment 2. Do you need to improve your Security SLA? • Global rule sets can be complex and difficult to modify, making threat analysis and forensics, tedious and time-consuming • NSX Micro-Segmentation reduces the complexity, changes are automatically communicated and propagated, security provisioning is streamlined 46
  • 48. NSX Components - Architecture 48 NSX Manager 443/TCP – Admin UI, REST 80/TCP –VIB Access ProLiant DL180 Gen9 UID UID netcpa (UWA) vsfwd (UWA) VTEP 5671/TCP – RMQ 2878, 2888, 3888/TCP – State Sync 443, 902/TCP – vSphereWeb 22, 80, 443, 902/TCP – Mgmt/Provisioning 53, 123, 514/TCP/UDP (DNS, NTP, Syslog) NSX ESG ProLiant DL180 Gen9 UID UID vsfwd (UWA) VTEP 4789/UDP –VXLAN vCenter Server Client PC 123/TCP/UDP – NTP 8301, 8302/UDP – DVS Sync NSX Controller Cluster DFW DFW VMware KB 2079386Visualized 443/TCP – REST RMQ netcpa (UWA) VXLAN VXLAN Routng Routng
  • 49. 49 Feature Feature Operating System Specialized Packet Forwarding Engine NSX: SDN Traditional Network Device
  • 50. NSX: SDN 50 Feature Feature Operating System Specialized Packet Forwarding Engine Configuration:CLI/GUI Management Plane Data Plane ForwardingTable Routing Protocol(s) Control Plane Neighbor IPTableLink State Traditional Network Device
  • 51. NSX: SDN 51 Feature Feature Operating System Specialized Packet Forwarding Engine Feature Feature Operating System Specialized Packet Forwarding EngineFeature Feature Operating System Specialized Packet Forwarding Engine Feature Feature Operating System Specialized Packet Forwarding Engine Feature Feature Operating System Specialized Packet Forwarding Engine
  • 52. NSX: SDN 52 O p e r a t i n g S y s t e m Feature Feature Simple Packet Forwarding Engine Simple Packet Forwarding Engine Simple Packet Forwarding Engine Simple Packet Forwarding Engine Simple Packet Forwarding Engine
  • 53. Overlay Network Uses software to create layers of network abstraction: – run multiple, discrete virtualized network layers on top of the physical network (underlay) 53 Uses encapsulation to create L2 logical networks on top of the existing physical IP network Physical “Underlay” Virtual “Overlay”
  • 54. VXLAN Encapsulation 54 Outer Ethernet Header Outer IPv4 Header Outer UDP Header Original Ethernet Frame 50 ByteVXLAN Encapsulation Overhead VXLAN Header F C S Payload Inner Ethernet Header OverlayUnderlay
  • 55. VXLAN Frame Format 55 VXLAN Header Outer UDP Header Outer IPv4 Header Outer Ethernet Header Outer DST MAC Outer SRC MAC VXLAN Type (opt) Outer 802.1Q (opt) Ether Type 14 bytes IP Header Data IP Proto col Header Check Sum Outer SRC IP Outer DST IP 20 bytes SRC Port DST Port UDP Length UDP Check Sum 8 bytes VXLAN Flags RSVD VXLAN Network ID RSVD 8 bytes Payload F C S Inner Ethernet Header Inner DST MAC Inner SRC MAC 802.1Q (opt) Ether Type 14 or 18 bytes 1500 bytes
  • 56. VTEP -VXLANTunnel End Point 56 VXLAN Segments VNID 1 VNID 2 VNID 1 VNID 2 VM VM VM VM IP VTEP VXLAN Segments VTEP IP Interface IP Interface VXLAN Segments VTEP encapsulates an Ethernet frame in aVXLAN frame or de- encapsulates aVXLAN frame and forwards the inner Ethernet frame.
  • 57. 57 VNI VTEPESXi 1 VTEPESXi 2 UTEPESXi 3 VM B VTEPESXi 4 Unicast Replication Mode 1 2 3 4 VM A VM C VM D Multicast Unicast HybridBUM – Broadcast, Unknown unicast, and Multicast
  • 58. Transport Zone Transport Zone • defines clusters of hosts that can participate in the virtual network • configurable boundary for a givenVXLAN Segment • defines the reach of the L2 domain Cluster 1 VDS 1 VDS 2 Transport Zone 1 Cluster 3Cluster 2 58
  • 60. NSX Deployment – Hardware Minimum Requirement Appliance Memory vCPU Disk Space NSX Manager (1x) 16 GB 4 60 GB NSX Controller (3x) 4 GB 4 20 GB NSX Edge (1x) Compact: 512 MB 1 1 disk 500MB Large: 1 GB 2 1 disk 500MB + 1 disk 512MB Quad-Large: 1 GB 4 1 disk 500MB + 1 disk 512MB X-Large: 8 GB 6 1 disk 500MB + 1 disk 2GB Guest Introspection 1 GB 2 4 GB NSX Data Security 512 MB 1 6 GB per ESXi host 60
  • 61. NSX Roles 61 AuditorSecurity Administrator NSX Administrator Enterprise Administrator RO access to all areas R/W access to NSX operations : • installing virtual appliances • configuring port groups RO access to other areas R/W access to all areas of NSX R/W access to NSX security: • defining data security policies • creating port groups • creating reports for NSX modules RO access to other areas
  • 64. NSX Resources -VMware Hands-on Labs 64http://labs.hol.vmware.com/HOL/
  • 65. NSX Resources – HPE Education www.hpe.com/us/training 65
  • 66. NSX Resources – Certification VMware NSX Training and Certification 66
  • 67. A.Akpaffiong, 2016 ”Since before your sun burned hot in space and before your race was born, I have awaited a question.” --The City on the Edge of Forever, StarTrek 67 Questions?
  • 68. A.Akpaffiong, 2016 You are now free to go! 68
  • 70. NSX NetworkVirtualization Services – Security 70 Third-Party • Antivirus • DLP • Firewall • Intrusion Prevention • Vulnerability Management • Identity and Access Management • Security Policy Management Built-In • Distributed Firewall • Edge Firewall • Data Security • Server Activity Monitoring • VPN (SSL, IPsec)
  • 71. Software-Defined Networks (SDN) • SDN has two defining characteristics: o SDN separates the control plane from the data plane o SDN consolidates the control plane, so that a single software control program controls multiple data-plane elements • The concept underpinning SDN is simple: o If the data and control plane are de-coupled the static network can be made intelligent, responsive, programmable and centrally controlled. 71
  • 72. NSX Network Planes – An Analogy 72 Management Plane Control Plane Data Plane Manager & vCenter NSX Controller NSX vSwitch define enforce execute nytimes.com
  • 73. NSX Components – Network Planes 71
  • 74. NSX Components – Network Planes Configuration:CLI/GUI ForwardingTable Routing Protocol(s) Neighbor IPTableLink State 72
  • 75. NSX Components – Network Planes Configuration:CLI/GUI Forwarding Table Routing Protocol(s) Neighbor IPTableLink State NSX vSwitch NSX Edge NSX Controller Edge Logical Router NSX Manager vCenter Server 73
  • 76. NSX Components – Network Planes • Network Planes – Management plane defines the network policy – Control plane enforces the network policy – Data Plane executes the network policy Management Plane Control Plane Data Plane How What Do NSX Manager vCenter Controller vSwitch 74
  • 77. NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Limited limited information expansion is expensive global performance characteristics steered choke point 75
  • 78. NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Sprawl choke point steered basic packet information Limited 76
  • 79. NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Sprawl Enforcement Assumed embedded data path scales every packet inspected comprehensive security policy Limited 77
  • 80. NSX Features – Firewall • Physical vs.Virtual vs. Distributed vs. Edge Firewall Sprawl Enforcement Assumed Perimeter Services North-South Limited 78
  • 81. NSX Features – L2 Bridging 81 VXLAN WebVM AppVM DB SVR2SVR1 VLAN L2 Bridge Connectivity Embedded Scalable HWVTEP Controller Cluster OVSDB
  • 82. PG 82 VM PGPG VM PG vDS VTEPESXi/ESG PG VM PGPG VM PG vDS VTEPESXi/ESG Active DLR (HA) Standby DLR (HA) Switch Switch Trunk Access orTrunk VNI VID Trunk VMK MAC B MAC A MAC C MAC E MAC D VNI VID VNI VID VNI VID VNI NSX Features – L2 Bridging
  • 83. 83 VNI VTEPESXi 1 VM A VTEPESXi 2 MTEPESXi 3 VM CVM B VTEPESXi 4 VM D NSX Features – Multicast Replication Mode 1 2 3 L3 - PIML2 - IGMP L2 - IGMP
  • 84. 84 VNI VTEPESXi 1 VM A VTEPESXi 2 UTEPESXi 3 VM CVM B VTEPESXi 4 VM D NSX Features – Unicast Replication Mode 1 2 3 4
  • 85. 85 VNI VTEPESXi 1 VM A VTEPESXi 2 MTEPESXi 3 VM CVM B VTEPESXi 4 VM D NSX Features – Hybrid Replication Mode L2 - IGMP L2 - IGMP 1 2 3 4
  • 86. NSX Components – ControllerTables 86 NSX Controller Node MAC Table MapVM MACs to VTEP ARP Table MapVM IPs to MAC VTEP Table MapVNI to VTEP