VMware NSX Technical Deep Dive

Overall rating: 4.83 Instructor: 4.85 Materials: 4.81 more …

VMware NSX is the networking component of VMware’s Software-Defined Data Center (SDDC) architecture, providing a full-service L2-L7 overlay virtual network deployed on top of any general-purpose IP network hardware.

This webinar describes VMware NSX principles and architecture, and focuses on technologies and components used in NSX Data Center (including NSX-V and NSX-T): overlay virtual networking, physical-to-virtual gateways, network services and security.

The current version of the videos focuses on NSX-V. The slide deck already contains the detailed information on NSX-T architecture and implementation, the live webinar sessions will start in November 2019.

Availability

This webinar is part of Software-Defined Data Centers (SDDC) roadmap and accessible with standard subscription

Start now Access content

Contents

The webinar covers these topics:

VMware NSX Overview

  • SDDC network requirements
  • VMware NSX products and licensing
  • VMware NSX architecture
  • Management-, control- and data plane components, including NSX Manager, NSX Controller cluster, and distributed switches, logical routers and firewalls

Logical Switches

  • Principles of overlay virtual networks
  • VXLAN and Geneve encapsulation
  • Unicast forwarding and BUM flooding, including source node replication and hybrid flooding
  • Underlay MTU challenges
  • Logical switches and transport zones
  • Logical switch profiles in NSX-T

Gateways to Physical World

  • Layer-2 and layer-3 gateways
  • NSX-V Edge Services Gateway
  • Hardware VTEPs in NSX-V
  • NSX-V hardware gateway controller architecture
  • NSX-T layer-2 gateways (ESX bridge clusters and NSX Edge clusters)

Distributed Routing

  • Control- and data plane implementation of distributed routing
  • Connecting distributed routing domains to the outside world
  • NSX-V Control VM details (interfaces, routing protocols…)
  • NSX-T Tier-0 and Tier-1 Routers
  • NSX-T Service- and Distributed Routers
  • Routing control plane in NSX-T
  • Implement High Availability NSX-T Routing

Network Security

  • Microsegmentation principles
  • Distributed firewalls
  • Identity firewalls
  • Integrating third-party security solutions, including guest introspection
  • NSX-V Service composer 101
  • NSX-T east-west and north-south service insertion

NSX Network Services

  • L2-L7 firewalling and NAT
  • SSL termination/offload
  • NSX-V ESG-based load balancing
  • NSX-V ESG load balancing algorithms
  • NSX-T edge firewall
  • NSX-T NAT and IPAM services
  • NSX-T Service Router load balancing

Virtual Private Networks

  • NSX-V Remote Access SSL VPN
  • IPsec-based L3VPN
  • SSL-based L2VPN (NSX-V) and GRE-based L2VPN (NSX-T)
  • Connecting VMware NSX deployment with a traditional vSphere deployment

Cross-vCenter NSX-V Deployments

  • Cross-vCenter NSX architecture
  • Universal objects
  • Local egress
  • Split-brain operation (Controller Disconnected Mode)

Multi-Site NSX-T Deployments

  • Architecture overview
  • Active-Active and Disaster Recovery Designs

Attacking NSX-T

This section (delivered in a live session on January 17th, 2019) looked at NSX-T from an attacker's perspective. Matthias Luft presented an attack surface evaluation of the NSX-T environment and described what this most likely means for your security design and operation of NSX-T itself. The focus is not on the security features of NSX-T, but the security posture of the product itself.

Target Audience

Network- or virtualization architects, designers or implementation engineers working in environments that have already deployed or plan to introduce vSphere-based private or public cloud-based services.

You should be familiar with the principles of the basics of IP routing, overlay virtual networking and vSphere networking as provided in these webinars:

Happy Campers

About the webinar

It was over my head, because I don't have a clue about the underworkings of NSX, and that's what I need to learn first. But you brought the topics clearly, and concisely. I did appreciate the brevity of the topics.

Kenyone Johnson

The Author

Ivan PepelnjakIvan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.

Ivan is the author of several books covering data center technologies, highly praised webinars, and dozens of data center and cloud-related technical articles published on his blog.

More about Ivan Pepelnjak

Matthias LuftMatthias Luft is a Principal Platform Security Engineer at Salesforce Heroku. After more than 10 years in IT Security, he is still excited about a broad range of topics (from hypervisor security to IT security management) and has presented on them on various occasions. Currently, he works on container and cloud security topics.