VMware NSX Technical Deep Dive

Overall rating: 4.94 Instructor: 5.00 Materials: 4.93 more …

VMware NSX is the networking component of VMware’s Software-Defined Data Center (SDDC) architecture, providing a full-service L2-L7 overlay virtual network deployed on top of any general-purpose IP network hardware.

This webinar describes VMware NSX principles and architecture, and focuses on technologies and components used in NSX-V, including overlay virtual networking, physical-to-virtual gateways, network services and security.

The current version of the webinar focuses on NSX-V. Detailed information on NSX-T architecture and implementation will be added in early 2019... starting with security posture of NSX-T by Matthias Luft on January 17th 2019.


This webinar is part of Software-Defined Data Centers (SDDC) roadmap and accessible with standard subscription

Start now Access content


The webinar covers these topics:

VMware NSX Overview

  • SDDC network requirements
  • VMware NSX products and licensing
  • VMware NSX architecture
  • Management-, control- and data plane components, including NSX Manager, NSX Controller cluster, and distributed switches, logical routers and firewalls

Logical Switches

  • Principles of overlay virtual networks
  • VXLAN-based unicast forwarding and BUM flooding, including source node replication and hybrid flooding
  • Underlay MTU challenges
  • Logical switches and transport zones

Gateways to Physical World

  • Layer-2 and layer-3 gateways implemented with NSX Edge Services Gateway
  • Hardware VTEPs
  • Hardware gateway controller architecture

Distributed Routing

  • Control- and data plane implementation of distributed routing
  • Control VM details (interfaces, routing protocols…)
  • Connecting distributed routing domains to the outside world

Network Security

  • Microsegmentation principles
  • Distributed firewalls
  • Identity firewalls
  • Integrating third-party security solutions, including guest introspection
  • Service composer 101

NSX Network Services

  • L2-L7 firewalling and NAT
  • ESG-based load balancing
  • ESG load balancing algorithms
  • SSL termination/offload

Virtual Private Networks

  • Remote Access SSL VPN
  • IPsec-based L3VPN
  • SSL-based L2VPN
  • Connecting VMware NSX deployment with a traditional vSphere deployment

Cross-vCenter Deployments

  • Cross-vCenter NSX architecture
  • Universal objects
  • Local egress
  • Split-brain operation (Controller Disconnected Mode)

Attacking NSX-T

This section (delivered in a live session on January 17th 2019) will look at NSX-T from an attacker's perspective. Matthias Luft will present an attack surface evaluation of the NSX-T environment and describe what this will most likely mean for your security design and operation of NSX-T itself. The focus is not on the security features of NSX-T, but the security posture of the product itself.

Target Audience

Network- or virtualization architects, designers or implementation engineers working in environments that have already deployed or plan to introduce vSphere-based private or public cloud-based services.

You should be familiar with the principles of the basics of IP routing, overlay virtual networking and vSphere networking as provided in these webinars:

Happy Campers

About the webinar

It was over my head, because I don't have a clue about the underworkings of NSX, and that's what I need to learn first. But you brought the topics clearly, and concisely. I did appreciate the brevity of the topics.

Kenyone Johnson

The Author

Ivan PepelnjakIvan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.

Ivan is the author of several books covering data center technologies, highly praised webinars, and dozens of data center and cloud-related technical articles published on his blog.

More about Ivan Pepelnjak

Matthias LuftMatthias Luft is a Freelance IT Security Researcher/Trainer/Consultant and former heads of the German security research company ERNW Research. He is interested in a broad range of topics (such as DLP, virtualization/cloud, and network security) while keeping up with the daily consulting and assessment work.