VMware NSX Technical Deep Dive
Home » Webinars » Software-Defined Data Centers (SDDC) » VMware NSX Technical Deep Dive
Last modified on 2021-12-05 (release notes)
VMware NSX Technical Deep Dive
2:06:10 Introduction and Overview |
||
|
This section is answering the fundamental questions one should know when considering VMware NSX:
It also describes the high-level architecture of NSX-V, its components and their interaction. |
||
| NSX-T 3.0 Update | 2.3K | 2020-11-02 |
| What Is VMware NSX | 12:26 | 2019-11-16 |
| NSX Data Center Products | 11:43 | 2020-05-09 |
| Product Licensing | 13:41 | 2020-05-09 |
| Using VMware NSX | 10:55 | 2019-11-16 |
29:05 VMware NSX-V Architecture |
||
| VMware NSX-V Architecture Overview | 29:05 | 2019-05-03 |
48:20 VMware NSX-T Architecture |
||
| NSX-T Architecture Overview | 15:40 | 2020-05-09 |
| NSX-T Management-Control-Data Plane | 23:20 | 2020-05-09 |
| NSX-T Requirements and Scalability | 9:20 | 2020-05-09 |
More Information |
||
| OpenStack on VMware NSX (Software Gone Wild podcast) | ||
1:43:36 VMware NSX Logical Switches |
||
|
VMware NSX logical switches implement overlay virtual networks emulating Ethernet (layer-2) segments with VXLAN encapsulation. This section describes how NSX implements VXLAN data and control plane, and what it expects from the physical (underlay) network infrastructure. |
||
| Technology Overview | 15:44 | 2019-05-03 |
| Geneve Encapsulation in NSX-T | 10:11 | 2020-02-29 |
| Logical Switches and Transport Zones | 22:00 | 2019-11-22 |
29:26 NSX-V Logical Switches |
||
| BUM Flooding in VMware NSX-V | 20:08 | 2019-05-03 |
| Layer-2 Security in VMware NSX-V | 9:18 | 2019-05-03 |
26:15 NSX-T Logical Switches |
||
| BUM Flooding in VMware NSX-T | 7:54 | 2020-03-13 |
| NSX-T Switching Profiles | 18:21 | 2020-03-13 |
More Information |
||
| Dynamic routing over vPC (available in Nexus-OS 7.2) | ||
1:12:33 Gateways to Physical World |
||
|
Overlay virtual networks are more scalable than traditional VLAN-based virtual networks... but the clients accessing the servers connected to the overlay networks still reside in the physical world. This section describes three variants of physical-to-virtual gateways (bridge, router, network services device) and their software and hardware implementation in VMWare NSX-V. |
||
| Overview | 14:02 | 2019-05-03 |
51:52 VMware NSX-V Gateways |
||
| NSX Edge Services Gateway | 14:40 | 2019-05-03 |
| IP Routing in NSX ESG | 9:40 | 2019-05-03 |
| Layer-2 Gateways | 12:34 | 2019-05-03 |
| Hardware Gateways | 14:58 | 2019-05-03 |
6:39 VMware NSX-T Gateways |
||
| Layer-2 Gateways in NSX-T | 6:39 | 2020-03-13 |
37:14 VMware NSX-V Distributed Logical Routers |
||
|
Distributed logical routers provide optimal any-to-any packet forwarding within overlay virtual networks. This section describes the details of NSX-V distributed logical routers (DLR), including:
|
||
| Distributed Logical Router Architecture | 15:59 | 2019-05-13 |
| NSX-V DLR Control Plane | 9:13 | 2019-05-13 |
| NSX-V DLR Interfaces and Addressing | 12:02 | 2019-05-13 |
More Information |
||
| End-to-End Packet Flows | ||
| VRRP, Anycast, Fabrics and Optimal Forwarding | ||
1:11:33 VMware NSX-T Logical Routers |
||
|
NSX-T provides a two-tier logical routing functionality with packet forwarding split between distributed routers running on every transport node and services routers running on NSX Edge nodes. This section describes the details of NSX-T logical routers, including:
|
||
| NSX-T Logical Routing and Network Services | 10:27 | 2020-03-13 |
| Packet Flow Across NSX-T Logical Routers | 13:16 | 2020-08-05 |
| NSX-T Connectivity to Outside World | 9:02 | 2020-03-13 |
| NSX-T Routing | 11:15 | 2020-08-05 |
| NSX-T Logical Router High Availability | 9:38 | 2020-03-13 |
| VRFs and EVPN on Tier-0 Routers | 11:56 | 2020-11-02 |
| IP Multicast | 5:59 | 2020-11-02 |
1:13:30 Firewalling and Security |
||
|
VMware NSX includes stateful distributed firewall that can filter traffic not only based on traditional attributes (IP, MAC, TCP/UDP ports) but also based on vCenter objects, users logged into virtual machines, or application fingerprints. Other security solutions available in VMware NSX framework include integration of third-party security appliances, comprehensive service insertion (NSX-T only), distributed IDS (NSX-T only), and guest introspection and service composer (NSX-V only). |
||
29:24 VMware NSX-V Distributed Security |
||
| Distributed Firewall | 15:27 | 2019-05-13 |
| Identity Firewall and Third-Party Solutions | 10:32 | 2019-05-13 |
| Guest Introspection and Service Composer | 3:25 | 2019-05-13 |
44:06 VMware NSX-T Distributed Security |
||
| NSX-T Distributed Firewall Overview | 22:13 | 2020-08-05 |
| NSX-T Distributed Firewall Details | 9:58 | 2020-04-24 |
| NSX-T Service Insertion and Distributed IDS | 11:55 | 2020-11-02 |
More Information |
||
| Microsegmentation in VMware NSX-V on Software Gone Wild | ||
| Palo Alto Virtual Firewalls on Software Gone Wild | ||
1:05:38 VMware NSX Network Services |
||
|
VMware NSX provides a plethora of network services including:
These services are running in ESG (NSX-V) or NSX Edge nodes (NSX-T) |
||
19:40 NSX-V Network Services |
||
| NSX ESG Network Services Overview | 6:48 | 2019-05-13 |
| Load Balancing in NSX ESG | 12:52 | 2019-05-13 |
15:52 NSX-T Network Services |
||
| NSX-T Network Services | 7:30 | 2020-04-24 |
| NSX-T Load Balancing | 8:22 | 2020-08-05 |
30:06 VMware NSX VPN Services |
||
| VPN Services | 4:14 | 2019-12-11 |
| Remote Access VPN (NSX-V only) | 5:59 | 2019-12-11 |
| Site-to-Site VPN | 19:53 | 2020-08-05 |
32:47 Cross-vCenter and Multi-Site NSX Deployments |
||
|
Even though VMware NSX was never designed for cross-site deployments, VMware force-fit it into stretched VLAN segments concept. In this section you'll discover the architecture of cross-site NSX deployments, NSX-V universal objects, routing hacks needed to prevent traffic trombones, and NSX-V/NSX-T behavior under split-brain scenarios. |
||
23:03 NSX-V Cross-vCenter and Multi-Site Deployments |
||
| Architecture and Universal Objects | 8:29 | 2019-05-13 |
| Local Egress | 7:28 | 2019-05-13 |
| Controller Disconnected Mode | 7:06 | 2019-05-13 |
9:44 NSX-T Multi-Site Deployments |
||
| NSX-T Multi-Site Deployment | 9:44 | 2020-04-24 |
2:18:07 NSX-T Federation |
||
|
NSX-T federation is a management-plane solution that allows you to configure virtual networking and security objects across multiple NSX-T deployments. It also includes security group synchronization between NSX-T Local Managers, and stretched layer-2 segments and distributed routers. |
||
| NSX-T Federation Positioning | 10:18 | 2021-03-18 |
| NSX-T Federation Components | 15:33 | 2021-03-18 |
| NSX-T Federation Management | 12:55 | 2021-03-18 |
| Security Use Cases | 11:06 | 2021-03-18 |
1:10:02 Stretched Networking in NSX-T Federation |
||
| Supported Network Topologies | 7:54 | 2021-03-18 |
| T0 and T1 Gateway Deployments | 13:43 | 2021-03-18 |
| Stretched L2 Connectivity | 12:43 | 2021-03-18 |
| Stretched L3 Packet Walks | 11:41 | 2021-03-18 |
| Requirements, Licensing and Orchestration | 13:26 | 2021-03-18 |
| Design Examples | 10:35 | 2021-03-18 |
18:13 Demos |
||
| Demo - Federation Networking and Security | 4:12 | 2021-01-29 |
| Demo - Networking Disaster Recovery | 14:01 | 2021-01-29 |
54:52 Attacking NSX-T |
||
| In this section Matthias Luft describes how you could approach a security evalution of a complex proprietary distributed system like VMware NSX-T | ||
|
The section is available to users with paid ipSpace.net subscription
|
||
| Security Evaluation of Complex Closed Systems | 17:53 | 2019-04-02 |
| Technology Overview and Attack Surfaces | 22:06 | 2019-04-02 |
| Attack Surface Evaluation and Tools | 9:58 | 2019-04-02 |
| Conclusions | 4:55 | 2019-04-02 |
Slide Decks |
||
| VMware NSX Technical Deep Dive | 6.3M | 2020-11-02 |
| NSX-T Federation Deep Dive | 4.0M | 2021-01-14 |
| Attacking NSX-T | 2.7M | 2019-01-17 |
4:16 From the ipSpace.net Design Clinic |
||
| Scaling VMware Private Cloud | 4:16 | 2021-12-27 |
