VMware NSX Technical Deep Dive

Home » Webinars » Software-Defined Data Centers (SDDC) » VMware NSX Technical Deep Dive

This webinar describes VMware NSX principles, architecture and components, including overlay virtual networking, physical-to-virtual gateways, network services and security.

Last modified on 2019-11-16 (release notes)


The webinar slide deck includes NSX-T details that will be covered in NSX Architecture Deep Dive workshop in early September 2019, and in live webinar sessions starting in mid-November 2019.

If you cannot attend the September workshop and need more details before November, please contact us.

2:09:45 Introduction and Overview

This section is answering the fundamental questions one should know when considering VMware NSX:

  • What problem is it trying to solve?
  • What are the differences between NSX-V and NSX-T, and where would you use one or the other?
  • How is the product licensed?

It also describes the high-level architecture of NSX-V, its components and their interaction.

What Is VMware NSX 12:26 2019-11-16
NSX Data Center Products 12:14 2019-11-16
Product Licensing 15:16 2019-11-16
Using VMware NSX 10:55 2019-11-16

29:05 VMware NSX-V Architecture

VMware NSX-V Architecture Overview 29:05 2019-05-03

49:49 VMware NSX-T Architecture

NSX-T Architecture Overview 16:02 2019-11-14
NSX-T Management-Control-Data Plane 22:53 2019-11-14
NSX-T Requirements and Scalability 10:54 2019-11-14

More Information

OpenStack on VMware NSX (Software Gone Wild podcast)

1:12:24 Logical Switches in NSX-V

VMware NSX logical switches implement overlay virtual networks emulating Ethernet (layer-2) segments with VXLAN encapsulation.

This section describes how NSX implements VXLAN data and control plane, and what it expects from the physical (underlay) network infrastructure.

Technology Overview 15:44 2019-05-03
Geneve Encapsulation in NSX-T 12:57 2019-11-14
Logical Switches in VMware NSX-V 14:17 2019-05-03
BUM Flooding in VMware NSX-V 20:08 2019-05-03
Layer-2 Security in VMware NSX-V 9:18 2019-05-03

More Information

Dynamic routing over vPC (available in Nexus-OS 7.2)

1:05:54 Gateways to Physical World

Overlay virtual networks are more scalable than traditional VLAN-based virtual networks... but the clients accessing the servers connected to the overlay networks still reside in the physical world.

This section describes three variants of physical-to-virtual gateways (bridge, router, network services device) and their software and hardware implementation in VMWare NSX-V.

Overview 14:02 2019-05-03
NSX Edge Services Gateway 14:40 2019-05-03
IP Routing in NSX ESG 9:40 2019-05-03
Layer-2 Gateways 12:34 2019-05-03
Hardware Gateways 14:58 2019-05-03

37:14 Distributed Logical Routers

Distributed logical routers provide optimal any-to-any packet forwarding within overlay virtual networks. This section describes the details of NSX-V distributed logical routers, including:

  • DLR control- and data plane architecture;
  • Packet forwarding with DLR;
  • DLR integration with the outside world.
Architecture 15:59 2019-05-13
Control Plane 9:13 2019-05-13
Interfaces and Addressing 12:02 2019-05-13

More Information

End-to-End Packet Flows
VRRP, Anycast, Fabrics and Optimal Forwarding

29:24 Firewalling and Security

VMware NSX-V includes stateful distributed firewall that can filter traffic not only based on traditional attributes (IP, MAC, TCP/UDP ports) but also based on vCenter objects, users logged into virtual machines, or application fingerprints.

Other security solutions available in NSX-V framework include integratino of third-party security appliances, guest introspection and service composer.

Distributed Firewall 15:27 2019-05-13
Identity Firewall and Third-Party Solutions 10:32 2019-05-13
Guest Introspection and Service Composer 3:25 2019-05-13

More Information

Microsegmentation in VMware NSX on Software Gone Wild
Palo Alto Virtual Firewalls on Software Gone Wild

35:39 ESG Network Services

Edge Services Gateway (ESG) provides a plethora of network services including:

  • Firewalling and NAT
  • Load balancing and SSL proxy functionality
  • SSL VPN, IPsec VPN and L2VPN
  • DHCP and DNS proxy
NSX ESG Network Services Overview 6:48 2019-05-13
Load Balancing in NSX ESG 12:52 2019-05-13
Remote Access VPN 7:47 2019-05-13
Site-to-Site VPN 8:12 2019-05-13

23:03 Cross-vCenter and Cross-Site NSX-V Deployments

Even though NSX-V was never designed for cross-site deployments, VMware force-fit it into stretched VLAN segments concept.

In this section you'll discover the architecture of cross-site NSX deployments, universal objects, routing hacks needed to prevent traffic trombones, and NSX-V behavior under split-brain scenarios.

Architecture and Universal Objects 8:29 2019-05-13
Local Egress 7:28 2019-05-13
Controller Disconnected Mode 7:06 2019-05-13

More Information

VMware NSX-V Update (includes ingress traffic discussion)

54:52 Attacking NSX-T

In this section Matthias Luft describes how you could approach a security evalution of a complex proprietary distributed system like VMware NSX-T
The section is available to users with paid subscription
Security Evaluation of Complex Closed Systems 17:53 2019-04-02
Technology Overview and Attack Surfaces 22:06 2019-04-02
Attack Surface Evaluation and Tools 9:58 2019-04-02
Conclusions 4:55 2019-04-02

Slide Decks

VMware NSX Technical Deep Dive 8.2M 2019-08-30
Attacking NSX-T 2.7M 2019-01-17
You started this section on %started% Mark completed