VMware NSX Technical Deep Dive

Home » Webinars » Software-Defined Data Centers (SDDC) » VMware NSX Technical Deep Dive

This webinar describes VMware NSX principles, architecture and components, including overlay virtual networking, physical-to-virtual gateways, network services and security.

1:07:11 Introduction and Overview

This section is answering the fundamental questions one should know when considering VMware NSX:

  • What problem is it trying to solve?
  • What are the differences between NSX-V and NSX-T, and where would you use one or the other?
  • How is the product licensed?

It also describes the high-level architecture of NSX-V, its components and their interaction.

What Is VMware NSX 15:45 2018-09-18
Product Licensing 13:29 2018-09-18
VMware NSX-V Architecture Overview 37:57 2018-09-18
OpenStack on VMware NSX (Software Gone Wild podcast)

1:15:30 Logical Switches in NSX-V

VMware NSX logical switches implement overlay virtual networks emulating Ethernet (layer-2) segments with VXLAN encapsulation.

This section describes how NSX implements VXLAN data and control plane, and what it expects from the physical (underlay) network infrastructure.

Technology Overview 20:39 2018-09-18
Logical Switches in VMware NSX-V 18:57 2018-09-18

Correction: Dynamic routing over vPC is available in Nexus-OS 7.2. See this technical note for more details (HT: Dmitrij Žečkov)

BUM Flooding in VMware NSX 24:33 2018-09-25
Layer-2 Security 11:21 2018-09-25

1:23:56 Gateways to Physical World

Overlay virtual networks are more scalable than traditional VLAN-based virtual networks... but the clients accessing the servers connected to the overlay networks still reside in the physical world.

This section describes three variants of physical-to-virtual gateways (bridge, router, network services device) and their software and hardware implementation in VMWare NSX-V.

Overview 17:31 2018-09-25
NSX Edge Services Gateway 18:29 2018-09-25
IP Routing in NSX ESG 12:09 2018-09-25
Layer-2 Gateways 16:02 2018-09-25
Hardware Gateways 19:45 2018-09-25

45:22 Distributed Logical Routers

Distributed logical routers provide optimal any-to-any packet forwarding within overlay virtual networks. This section describes the details of NSX-V distributed logical routers, including:

  • DLR control- and data plane architecture;
  • Packet forwarding with DLR;
  • DLR integration with the outside world.
Architecture 19:27 2018-10-17
Control Plane 11:13 2018-10-17
Interfaces and Addressing 14:42 2018-10-17

35:56 Firewalling and Security

VMware NSX-V includes stateful distributed firewall that can filter traffic not only based on traditional attributes (IP, MAC, TCP/UDP ports) but also based on vCenter objects, users logged into virtual machines, or application fingerprints.

Other security solutions available in NSX-V framework include integratino of third-party security appliances, guest introspection and service composer.

Distributed Firewall 18:27 2018-10-17
Identity Firewall and Third-Party Solutions 13:37 2018-10-17
Guest Introspection and Service Composer 3:52 2018-10-17

44:54 ESG Network Services

Edge Services Gateway (ESG) provides a plethora of network services including:

  • Firewalling and NAT
  • Load balancing and SSL proxy functionality
  • SSL VPN, IPsec VPN and L2VPN
  • DHCP and DNS proxy
NSX ESG Network Services Overview 8:30 2018-10-17
Load Balancing in NSX ESG 16:36 2018-10-17
Remote Access VPN 9:30 2018-10-24
Site-to-Site VPN 10:18 2018-10-24

28:07 Cross-vCenter and Cross-Site NSX-V Deployments

Even though NSX-V was never designed for cross-site deployments, VMware force-fit it into stretched VLAN segments concept.

In this section you'll discover the architecture of cross-site NSX deployments, universal objects, routing hacks needed to prevent traffic trombones, and NSX-V behavior under split-brain scenarios.

Architecture and Universal Objects 10:18 2018-10-24
Local Egress 9:05 2018-10-24
Controller Disconnected Mode 8:44 2018-10-24

1:06:05 Attacking NSX-T

In this section Matthias Luft describes how you could approach a security evalution of a complex proprietary distributed system like VMware NSX-T
The section is available to users with paid subscription
Security Evaluation of Complex Closed Systems 21:18 2019-01-18
Technology Overview and Attack Surfaces 27:13 2019-01-18
Attack Surface Evaluation and Tools 11:53 2019-01-18
Conclusions 5:41 2019-01-18

Slide Decks

VMware NSX Technical Deep Dive 47M 2018-09-12
Attacking NSX-T 2.7M 2019-01-17
You started this section on %started% Mark completed