VMware NSX Technical Deep Dive

Home » Webinars » Software-Defined Data Centers (SDDC) » VMware NSX Technical Deep Dive

This webinar describes VMware NSX principles, architecture and components, including overlay virtual networking, physical-to-virtual gateways, network services and security.

Last modified on 2021-12-05 (release notes)


VMware NSX Technical Deep Dive

2:06:10 Introduction and Overview

This section is answering the fundamental questions one should know when considering VMware NSX:

  • What problem is it trying to solve?
  • What are the differences between NSX-V and NSX-T, and where would you use one or the other?
  • How is the product licensed?

It also describes the high-level architecture of NSX-V, its components and their interaction.

NSX-T 3.0 Update 2.3K 2020-11-02
What Is VMware NSX 12:26 2019-11-16
NSX Data Center Products 11:43 2020-05-09
Product Licensing 13:41 2020-05-09
Using VMware NSX 10:55 2019-11-16

29:05 VMware NSX-V Architecture

VMware NSX-V Architecture Overview 29:05 2019-05-03

48:20 VMware NSX-T Architecture

NSX-T Architecture Overview 15:40 2020-05-09
NSX-T Management-Control-Data Plane 23:20 2020-05-09
NSX-T Requirements and Scalability 9:20 2020-05-09

More Information

OpenStack on VMware NSX (Software Gone Wild podcast)

1:43:36 VMware NSX Logical Switches

VMware NSX logical switches implement overlay virtual networks emulating Ethernet (layer-2) segments with VXLAN encapsulation.

This section describes how NSX implements VXLAN data and control plane, and what it expects from the physical (underlay) network infrastructure.

Technology Overview 15:44 2019-05-03
Geneve Encapsulation in NSX-T 10:11 2020-02-29
Logical Switches and Transport Zones 22:00 2019-11-22

29:26 NSX-V Logical Switches

BUM Flooding in VMware NSX-V 20:08 2019-05-03
Layer-2 Security in VMware NSX-V 9:18 2019-05-03

26:15 NSX-T Logical Switches

BUM Flooding in VMware NSX-T 7:54 2020-03-13
NSX-T Switching Profiles 18:21 2020-03-13

More Information

Dynamic routing over vPC (available in Nexus-OS 7.2)

1:12:33 Gateways to Physical World

Overlay virtual networks are more scalable than traditional VLAN-based virtual networks... but the clients accessing the servers connected to the overlay networks still reside in the physical world.

This section describes three variants of physical-to-virtual gateways (bridge, router, network services device) and their software and hardware implementation in VMWare NSX-V.

Overview 14:02 2019-05-03

51:52 VMware NSX-V Gateways

NSX Edge Services Gateway 14:40 2019-05-03
IP Routing in NSX ESG 9:40 2019-05-03
Layer-2 Gateways 12:34 2019-05-03
Hardware Gateways 14:58 2019-05-03

6:39 VMware NSX-T Gateways

Layer-2 Gateways in NSX-T 6:39 2020-03-13

37:14 VMware NSX-V Distributed Logical Routers

Distributed logical routers provide optimal any-to-any packet forwarding within overlay virtual networks. This section describes the details of NSX-V distributed logical routers (DLR), including:

  • DLR control- and data plane architecture;
  • Packet forwarding with DLR;
  • DLR integration with the outside world.
Distributed Logical Router Architecture 15:59 2019-05-13
NSX-V DLR Control Plane 9:13 2019-05-13
NSX-V DLR Interfaces and Addressing 12:02 2019-05-13

More Information

End-to-End Packet Flows
VRRP, Anycast, Fabrics and Optimal Forwarding

1:11:33 VMware NSX-T Logical Routers

NSX-T provides a two-tier logical routing functionality with packet forwarding split between distributed routers running on every transport node and services routers running on NSX Edge nodes.

This section describes the details of NSX-T logical routers, including:

  • NSX-T logical routers and network services
  • Distributed- and services routers architecture
  • Packet flow across NSX-T logical routers
  • Connectivity to the outside world
  • VRF-Lite and EVPN support
  • IP Multicast in NSX-T 3.0
  • Internal routing and BGP routing with external routers
  • Logical router high availability
NSX-T Logical Routing and Network Services 10:27 2020-03-13
Packet Flow Across NSX-T Logical Routers 13:16 2020-08-05
NSX-T Connectivity to Outside World 9:02 2020-03-13
NSX-T Routing 11:15 2020-08-05
NSX-T Logical Router High Availability 9:38 2020-03-13
VRFs and EVPN on Tier-0 Routers 11:56 2020-11-02
IP Multicast 5:59 2020-11-02

1:13:30 Firewalling and Security

VMware NSX includes stateful distributed firewall that can filter traffic not only based on traditional attributes (IP, MAC, TCP/UDP ports) but also based on vCenter objects, users logged into virtual machines, or application fingerprints.

Other security solutions available in VMware NSX framework include integration of third-party security appliances, comprehensive service insertion (NSX-T only), distributed IDS (NSX-T only), and guest introspection and service composer (NSX-V only).

29:24 VMware NSX-V Distributed Security

Distributed Firewall 15:27 2019-05-13
Identity Firewall and Third-Party Solutions 10:32 2019-05-13
Guest Introspection and Service Composer 3:25 2019-05-13

44:06 VMware NSX-T Distributed Security

NSX-T Distributed Firewall Overview 22:13 2020-08-05
NSX-T Distributed Firewall Details 9:58 2020-04-24
NSX-T Service Insertion and Distributed IDS 11:55 2020-11-02

More Information

Microsegmentation in VMware NSX-V on Software Gone Wild
Palo Alto Virtual Firewalls on Software Gone Wild

1:05:38 VMware NSX Network Services

VMware NSX provides a plethora of network services including:

  • Firewalling and NAT
  • Load balancing and SSL proxy functionality
  • SSL VPN, IPsec VPN and L2VPN
  • DHCP and DNS proxy

These services are running in ESG (NSX-V) or NSX Edge nodes (NSX-T)

19:40 NSX-V Network Services

NSX ESG Network Services Overview 6:48 2019-05-13
Load Balancing in NSX ESG 12:52 2019-05-13

15:52 NSX-T Network Services

NSX-T Network Services 7:30 2020-04-24
NSX-T Load Balancing 8:22 2020-08-05

30:06 VMware NSX VPN Services

VPN Services 4:14 2019-12-11
Remote Access VPN (NSX-V only) 5:59 2019-12-11
Site-to-Site VPN 19:53 2020-08-05

32:47 Cross-vCenter and Multi-Site NSX Deployments

Even though VMware NSX was never designed for cross-site deployments, VMware force-fit it into stretched VLAN segments concept.

In this section you'll discover the architecture of cross-site NSX deployments, NSX-V universal objects, routing hacks needed to prevent traffic trombones, and NSX-V/NSX-T behavior under split-brain scenarios.

23:03 NSX-V Cross-vCenter and Multi-Site Deployments

Architecture and Universal Objects 8:29 2019-05-13
Local Egress 7:28 2019-05-13
Controller Disconnected Mode 7:06 2019-05-13

9:44 NSX-T Multi-Site Deployments

NSX-T Multi-Site Deployment 9:44 2020-04-24

2:18:07 NSX-T Federation

NSX-T federation is a management-plane solution that allows you to configure virtual networking and security objects across multiple NSX-T deployments. It also includes security group synchronization between NSX-T Local Managers, and stretched layer-2 segments and distributed routers.

NSX-T Federation Positioning 10:18 2021-03-18
NSX-T Federation Components 15:33 2021-03-18
NSX-T Federation Management 12:55 2021-03-18
Security Use Cases 11:06 2021-03-18

1:10:02 Stretched Networking in NSX-T Federation

Supported Network Topologies 7:54 2021-03-18
T0 and T1 Gateway Deployments 13:43 2021-03-18
Stretched L2 Connectivity 12:43 2021-03-18
Stretched L3 Packet Walks 11:41 2021-03-18
Requirements, Licensing and Orchestration 13:26 2021-03-18
Design Examples 10:35 2021-03-18

18:13 Demos

Demo - Federation Networking and Security 4:12 2021-01-29
Demo - Networking Disaster Recovery 14:01 2021-01-29

54:52 Attacking NSX-T

In this section Matthias Luft describes how you could approach a security evalution of a complex proprietary distributed system like VMware NSX-T
The section is available to users with paid subscription
Security Evaluation of Complex Closed Systems 17:53 2019-04-02
Technology Overview and Attack Surfaces 22:06 2019-04-02
Attack Surface Evaluation and Tools 9:58 2019-04-02
Conclusions 4:55 2019-04-02

Slide Decks

VMware NSX Technical Deep Dive 6.3M 2020-11-02
NSX-T Federation Deep Dive 4.0M 2021-01-14
Attacking NSX-T 2.7M 2019-01-17

4:16 From the Design Clinic

Scaling VMware Private Cloud 4:16 2021-12-27
You started this section on %started% Mark completed