Author: Prashant Pandey

IT professional with overall decade of extensive experience who is exploring Virtual Cloud Networking space. All time learner, listener and implementor. Got into technical blog writing space with an idea of knowledge sharing with larger audience & discuss further. I truly feel that, this will eventually lead us to grow together. Disclaimer - All the contents and views expressed in my blogs are mine only and not the opinion of my employer. Agenda of writing these blogs are nothing but knowledge sharing which i have gained along with my experience in the technology space. You may reach me on LinkedIn : https://www.linkedin.com/in/prashant-pandey-750b1457/

VMware NSX Federation – Upgrade

Welcome Back !!

Recently i have completed one of the NSX Federation environment upgrade, there were few points which needs attention while upgrading Federation deployment and are different if we compare to standalone NSX upgrade for obvious reasons like –

We have only single NSX cluster in standalone deployment , but multiple NSX manager clusters (local manager & global manager) in case of federation.

Question arises-

  • How Federation upgrade is similar or different than usual standalone NSX upgrade ?
  • How the upgrade flow looks like in case of federation ?

I have tried to summarized all key points & captured the same in this blog.

Continue reading VMware NSX Federation – Upgrade

NSX IDENTITY FIREWALL – IDFW

Welcome Back !!

In this blog, we will be discussing about NSX Identity firewall also referred as IDFW and will implement one of the rule for the same.

Below are the High level points which we will be discussing in this blog.

  • What is IDFW ?
  • When to use IDFW ?
  • How to enable it ?
  • Write an IDFW rule.
  • Validation
Continue reading NSX IDENTITY FIREWALL – IDFW

NSX Distributed Firewall – Micro Segmentation

Welcome Back !!

In this blog, we will be discussing about NSX micro-segmentation and implement one of the rule for the same.

Below are the High level points which we will be discussing in this blog.

  • Traditional Security Challenges.
  • How NSX Micro segmentation overcomes these challenges.
  • Write/implement a rule for 3-Tier application and validate the same.
Continue reading NSX Distributed Firewall – Micro Segmentation

Troubleshooting NSX DFW via Live packet capture on ESXi host

Background : Live packet capture plays an important role while troubleshooting NSX distributed firewall, Recently I completed one of the micro-segmentation implementation in brownfield environment, added all required flows for the applications & made default rule “DENY” at the end during maintenance window.

One of the application owner reported that “XYZ” application has stopped working, with live packet capture we got the actual insight of packet flow & service ports.

I thought to document the usual commands & packet capture points for easy future reference, You may go through the same below.

Continue reading Troubleshooting NSX DFW via Live packet capture on ESXi host

Independent Bridging – NSX-v to NSX-T In-Parallel Migration use case

Agenda

NSX-v to NSX-T workload migration using NSX Independent bridging option.

•         Different Available Migration Approaches – High level

•         Independent Bridging approach – In detail

•         Customer use-case discussion – Why independent Bridging ?

•         L2Bridging Readiness

•         Validation & Testing

Continue reading Independent Bridging – NSX-v to NSX-T In-Parallel Migration use case

NSX VRF-Lite : Route Leak

Welcome Back!!

In the last blog we discussed about VRF-Lite introduction & configuration, which is a feature to achieve multi-tenancy (Network isolation) in VMware NSX.

This is part-2 of VRF-Lite series, where we will perform route leak among two different VRF.

Continue reading NSX VRF-Lite : Route Leak

NSX VRF-Lite – Introduction & Configuration

Recently I have completed one of the deployments with VRF-Lite having 10 tenants, VRF-Lite is such a useful feature to achieve multitenancy in NSX-T Data Center.

For this document and topology simplicity, I have kept the tenant count as 2 only but the concept is same for any number of tenant count.

I have decided to capture the concepts in 2 different blogs –

Part-1 – will be focusing on VRF-Lite concepts discussion & configuration.

Part-2 – we will be performing Route-Leak among 2 different VRF-Lite.

Continue reading NSX VRF-Lite – Introduction & Configuration

VMware NSX Federation – Part-6

Welcome Back!

In the previous blog we discussed about North-South packet walk in case of stretched network to 2 different physical locations, using NSX Federation.

Today, we are going to create a Global Policy and write a Deny rule under the same.

Continue reading VMware NSX Federation – Part-6

VMware NSX Federation – Part-5

Welcome Back!

In the previous blog we discussed about MAC learning and East-West packet walk in case of stretched network to 2 different physical locations, using NSX Federation.

Today we are going to discuss about North-South packet walk & decision factors which effects routing.

Continue reading VMware NSX Federation – Part-5

VMware NSX Federation – Part-4

Welcome Back!

In the previous blog we discussed till RTEP creation which is needed for cross-site communication.

Today we will be creating a stretched segment across two physical sites & will examine the MAC learning of VMs situated at two different sites, as well as East-West packet flows between 2 VMs residing on two different sites.

Continue reading VMware NSX Federation – Part-4