Tag: VMwareNSX

DHCP service consumption in NSX

Welcome to NSXworld, today we will be discussing about DHCP & its configuration in VMware NSX.

DHCP is one of the important features available in NSX and can be used for dynamic IP address allocation to your hosts, NSX supports Segment DHCP server configuration on the downlink interface and the service interface. You can configure a Segment DHCPv4 server, or a Segment DHCPv6 server, or both, on the segment, before we consume DHCP services in NSX, Let’s talk about prerequisites which we need to take care of.

Prerequisites:

  • Base build of NSX is configured, bit obvious.
  • Edge nodes & Edge clusters are deployed.
  • DHCP profile is configured in your network profiles. Networking > Network Profile > DHCP > Add DHCP Profile
Continue reading DHCP service consumption in NSX

Sub Transport Node Profile and Sub Cluster – NSX

In this blog we will be discussing about Sub Transport Node Profile & Sub cluster concept in VMware NSX.

Before we start this discussion, Let’s re-visit Transport Node Profile, what exactly it is & why we use TNP ?

So, TNP is used to prepare an ESXi cluster for NSX, it is used as an template to prepare similar configuration across multiple clusters, which makes NSX configuration scalable & error free, since we need not to provide all inputs like uplink profile, IP pools , transport zones & uplink mapping for each cluster, we can simply prepare one TNP & map it to all clusters.

There is a ask for Host TEP pool while preparing TNP, In bigger environments where we have multiple cluster spanned over underneath separate Racks, each rack having their own L2 Networks, or stretched clusters across two different datacenters, where only management VLAN is stretched but not TEPs.

In those scenarios, if we want to use TNP two options comes in picture.

Continue reading Sub Transport Node Profile and Sub Cluster – NSX

VMware NSX – Layer 2 VPN

Welcome back to the new blog, today we will be discussing about Layer 2 VPN functionality & support in NSX.

Key Points –

  1. As the name itself clarifies – Layer 2 VPN is used to stretch or extend Layer 2 networks across multiple sites on same broadcast domain.
  2. VPN connection is secured via route based IPSec tunnel across sites between L2VPN server & L2VPN Client, where L2VPN Client service runs at Source & L2VPN Server service runs at Target site.
  3. Extended network via L2VPN is single broadcast domain, so IPs of VM doesn’t get change when they are moved and gateway resides at source site only until you cutover to target site.
  4. VNI and VLAN backed both network types are supported for extension between source to target.
    • VLAN to VLAN supported.
    • VNI to VNI supported.
    • VLAN to VNI supported.
    • VNI to VLAN not a valid use case.
Continue reading VMware NSX – Layer 2 VPN

NSX Projects – Part-1 – Introduction

NSX introduced Projects concept starting 4.x version, which is true multi-tenancy feature introduced in NSX.

Prior to this we used to do VRF-lite or separate Tier-1 & Tier-0 set of routers for each tenant to achieve multi-tenancy that too was only from routing prospect, it was not a true multi-tenancy solution, since the security objects were still shared among all tenants.

With NSX-Project feature we can isolate security and networking objects across tenants in a single NSX deployment only.

In this blog series we will be discussing and implementing Projects in details, however this particular blog will be short and majorly focus on the theory piece of it which is needed to understand this multi-tenancy concept.

Continue reading NSX Projects – Part-1 – Introduction

VMware Cloud Foundation – Upgrade

Welcome to the new blog, In this blog we will be discussing about the process to be followed for VCF upgrade, I have taken an example for version 4.5 to 5.0, however the process will be same for other versions as well. (do not forget to check the compatibility & upgrade guide) to ensure you are not missing any intermediate upgrade if any.

You can perform a sequential or skip-level upgrade to VMware Cloud Foundation 5.0 from VMware Cloud Foundation 4.3 or later. If your environment is at a version earlier than 4.3, you must upgrade the management domain and all VI workload domains to VMware Cloud Foundation 4.3 or later before you can upgrade to VMware Cloud Foundation 5.0.

Please refer to the upgrade guide document for the most recent updates and process: https://docs.vmware.com/en/VMware-Cloud-Foundation/5.0/vcf-lifecycle/GUID-C82BB0D4-FD52-4CC9-A6BB-3A6CF35E380E.html

In this document I have tried to capture step by step screenshot of upgrade process and few errors for your reference.

Continue reading VMware Cloud Foundation – Upgrade

VMware NSX – Gateway Firewall

Welcome Back !!

We have been discussing about security features VMware NSX offers in previous blogs, today we will focus on Gateway firewall.

Like, What exactly gateway firewall is, Where are the firewall rules get enforced in gateway firewall, When it make sense to use it, along with the use cases.

Continue reading VMware NSX – Gateway Firewall

VMware NSX – Time Based Firewall

Welcome Back !!

In previous blog we discussed about NSX Identity firewall also referred as IDFW, Today we will talk about Time based firewall and implement one of the use-case of it.

With Time base firewall rule, VMware NSX security administrator can manage traffic based on time window, which means a firewall rule will be active only for certain period.

One of the use-case can be, you have outsourced some maintenance work to team, who will be working on certain systems only during off business hours only, after that access will be revoked.

In this blog we will be discussing about everything you need to know about Time based Firewall like:

  • Key Points to keep in mind while using this feature.
  • Prerequisites.
  • Implementation of a use-case.
Continue reading VMware NSX – Time Based Firewall

NSX IDENTITY FIREWALL – IDFW

Welcome Back !!

In this blog, we will be discussing about NSX Identity firewall also referred as IDFW and will implement one of the rule for the same.

Below are the High level points which we will be discussing in this blog.

  • What is IDFW ?
  • When to use IDFW ?
  • How to enable it ?
  • Write an IDFW rule.
  • Validation
Continue reading NSX IDENTITY FIREWALL – IDFW

NSX Distributed Firewall – Micro Segmentation

Welcome Back !!

In this blog, we will be discussing about NSX micro-segmentation and implement one of the rule for the same.

Below are the High level points which we will be discussing in this blog.

  • Traditional Security Challenges.
  • How NSX Micro segmentation overcomes these challenges.
  • Write/implement a rule for 3-Tier application and validate the same.
Continue reading NSX Distributed Firewall – Micro Segmentation

Independent Bridging – NSX-v to NSX-T In-Parallel Migration use case

Agenda

NSX-v to NSX-T workload migration using NSX Independent bridging option.

•         Different Available Migration Approaches – High level

•         Independent Bridging approach – In detail

•         Customer use-case discussion – Why independent Bridging ?

•         L2Bridging Readiness

•         Validation & Testing

Continue reading Independent Bridging – NSX-v to NSX-T In-Parallel Migration use case