VMware NSX Technical Deep Dive

Overall rating: 4.79 Instructor: 4.90 Materials: 4.89 more …

VMware NSX is the networking component of VMware’s Software-Defined Data Center (SDDC) architecture, providing a full-service L2-L7 overlay virtual network deployed on top of any general-purpose IP network hardware.

This webinar describes VMware NSX principles and architecture, and focuses on technologies and components used in NSX Data Center (including NSX-V and NSX-T): overlay virtual networking, physical-to-virtual gateways, distributed routing, network services and security, VPN gateways, and multi-data-center deployments.

Availability

This webinar is part of Software-Defined Data Centers (SDDC) roadmap and accessible with standard subscription

Start now Access content

Contents

The webinar covers these topics:

VMware NSX Overview

  • SDDC network requirements
  • VMware NSX products and licensing
  • VMware NSX architecture
  • Management-, control- and data plane components, including NSX Manager, NSX Controller cluster, and distributed switches, logical routers and firewalls

Logical Switches

  • Principles of overlay virtual networks
  • VXLAN and Geneve encapsulation
  • Unicast forwarding and BUM flooding, including source node replication and hybrid flooding
  • Underlay MTU challenges
  • Logical switches and transport zones
  • Logical switch profiles in NSX-T

Gateways to Physical World

  • Layer-2 and layer-3 gateways
  • NSX-V Edge Services Gateway
  • Hardware VTEPs in NSX-V
  • NSX-V hardware gateway controller architecture
  • NSX-T layer-2 gateways (ESX bridge clusters and NSX Edge clusters)

Distributed Routing

  • Control- and data plane implementation of distributed routing
  • Connecting distributed routing domains to the outside world
  • NSX-V Control VM details (interfaces, routing protocols…)
  • NSX-T Tier-0 and Tier-1 Routers
  • NSX-T Service- and Distributed Routers
  • Routing control plane in NSX-T
  • VRF-Lite and EVPN support in NSX-T 3.x
  • IPv4 Multicast in NSX-T 3.0
  • Implement High Availability NSX-T Routing

Network Security

  • Microsegmentation principles
  • Distributed firewalls
  • Identity firewalls
  • Integrating third-party security solutions, including guest introspection
  • NSX-V Service composer 101
  • NSX-T east-west and north-south service insertion
  • NSX-T Distributed IDS

NSX Network Services

  • L2-L7 firewalling and NAT
  • SSL termination/offload
  • NSX-V ESG-based load balancing
  • NSX-V ESG load balancing algorithms
  • NSX-T edge firewall
  • NSX-T NAT and IPAM services
  • NSX-T Service Router load balancing

Virtual Private Networks

  • NSX-V Remote Access SSL VPN
  • IPsec-based L3VPN
  • SSL-based L2VPN (NSX-V) and GRE-based L2VPN (NSX-T)
  • Connecting VMware NSX deployment with a traditional vSphere deployment

Cross-vCenter NSX-V Deployments

  • Cross-vCenter NSX architecture
  • Universal objects
  • Local egress
  • Split-brain operation (Controller Disconnected Mode)

NSX-T Federation

VMware NSX-T Federation provides a single pane of glass for management and monitoring of networking and security across multiple data centers, including simplified disaster recovery.

This section includes:

  • Different use-cases of NSX-T federation;
  • Details of management plane components and how they talk to each other;
  • Security enforcement across multiple locations;
  • Stretching networking across multiple locations including detailed packet flow;
  • NSX-T Federation demo.

Attacking NSX-T

This section (delivered in a live session on January 17th, 2019) looked at NSX-T from an attacker's perspective. Matthias Luft presented an attack surface evaluation of the NSX-T environment and described what this most likely means for your security design and operation of NSX-T itself. The focus is not on the security features of NSX-T, but the security posture of the product itself.

Target Audience

Network- or virtualization architects, designers or implementation engineers working in environments that have already deployed or plan to introduce vSphere-based private or public cloud-based services.

You should be familiar with the principles of the basics of IP routing, overlay virtual networking and vSphere networking as provided in these webinars:

Happy Campers

About the webinar

It was over my head, because I don't have a clue about the underworkings of NSX, and that's what I need to learn first. But you brought the topics clearly, and concisely. I did appreciate the brevity of the topics.
Kenyone Johnson
Excellent technical dive into understanding the inner workings and features of NSX-V and T
Haris Mikudim
The coverage of NSX-T is excellent and really useful. Management want to know about something which they have heard about that is new and with this webinar complete I had all the knowledge I needed to explain NSX-T 3.0 and the changes since NSX-T 2.4. Thank you.
Mark Pawson
I was given short notice to present a board-level overview of VMWare NSX-T for an urgent virtualization platform change from Microsoft. Tech execs needed to understand NSX-T’s position in the market, in its product lifecycle, feature advantages, possible feature deficits, and an idea of the level of effort for implementation. Fortunately, Ivan had just updated this webinar from last year, so the content was absolutely up to date. I went into my presentation with a surplus of knowledge, and was able to address all audience questions quickly and concisely, since the entire subject was now top-of-mind for me.
Mel Beckman
Going deep enough but not too deep!
Unknown User
The most detailed and thoroughly painstaking research that I have come across on VMWare NSX, and with such lucid translation. You could shrug it off by saying 'That's Ivan for you" and you would be right. There is a mountain of data on the Internet on NSX, what you have here is Ivan dissecting the content while providing the context: Why?.
Harpreet Taluja

About the materials

I’ve been an all-access subscriber for several years. When I need to get deep knowledge on a networking topic, instant access to Ivan’s materials always delivers. He puts an amazing amount of effort into keeping materials up to date, and his presentation style is engaging. I only have to be careful not to fall into his Russian accent when discussing webinar content with others :)
Mel Beckman
I have yet to figure out how to convert the collection of videos into a book with chapters, so I can maintain continuity. Any guidance on that would be instrumental. In the absence, sometimes I go back and re-do a section, just so I do not skip any minute details. Otherwise, outstanding content.
Harpreet Taluja

The Authors

Ivan PepelnjakIvan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.

Ivan is the author of several books covering data center technologies, highly praised webinars, and dozens of data center and cloud-related technical articles published on his blog.

More about Ivan Pepelnjak

Jerome CatrouilletJerome Catrouillet is Product Manager Director at VMware Network and Security Business Unit. At VMware, Jerome is leading NSX product strategy for Routing and Federation. Jerome has 20 years of experience across networking architecture for cloud, datacenter, and service provider in France and United States.

More about Jerome Catrouillet…

Matthias LuftMatthias Luft is a Principal Platform Security Engineer at Salesforce Heroku. After more than 10 years in IT Security, he is still excited about a broad range of topics (from hypervisor security to IT security management) and has presented on them on various occasions. Currently, he works on container and cloud security topics.