VMware NSX

NSX licensing NSX Implementation Steps NSX Reference Architecture

Product Features Standard Advanced Enterprise
2 Register with vCenter
Distributed switching and routing • • • 1 Deploy NSX Manager
NSX edge firewall • • •
vCenter
NAT • • • 3
SW L2 bridging to physical environment • • • Deploy NSX WAN Internet
Controllers
Dynamic routing with ECMP (active-active) • • • 5
4
API-driven automation • • • Configure and
Prepare VP N
deploy EdgeService
Integration with vRealize and OpenStack • • • Clusters
NSX Edge gateway(s) and
NSX Controllers
Log Management with vRealize Log Insight for NSX • • • Services additional Networking
gateway & Security Services
Automation of security policies with vRealize • •

NSX edge load balancing • •

Distributed firewalling • •

Integration with Active Directory • •

V PN V PN

Server activity monitoring • • APP

OS
APP
OS

Service insertion (third-party integration) • • APP

OS
APP
OS
V PN V PN

Integration with AirWatch • •

Cross vCenter NSX • Payload Rack/Cluster Management Cluster Edge Cluster

vSphere Cluster 1 vSphere Cluster 2 vSphere Cluster N
Multi-site NSX optimizations •

VPN (IPSec and SSL) •

load Balancer commands NSX Edge commands NSX Manager Teaming and Failover Mode
Remote Gateway •

Integration with hardware VTEPs • FIREwAll CoNTRollERS Policy NSX Support Multi vTEP Support uplink Behavior
Shows load balancer configuration
# show configuration Shows the firewall configuration
Shows controller nodes status Route Based on Originating Port Both NICs Active
loadbalancer # show the firewall configuration # show controller list all
Shows VIPs Shows specific firewall rule information
# show firewall rule-id “ruleID” Route Based on Source MAC Hash Both NICs Active
NSX Edge Sizes # show configuration EDgES
loadbalancer virtual Show IP address group
Shows information for all edges Route Based on IP Hash Flow Based
Flavours vCPu Memory general guideline “vipName” # show configuration ipset # show edge all
Shows load balancer pool configuration Show application set
- Tests Shows specific Edge information
Compact 1 512MB # show configuration # show configuration application-set Route Based on NIC Load
- POCs # show edge “edgeID”
loadbalancer pool “poolName”
- Medium performance firewall Shows load balancer pool DyNAMIC RouTINg LACP Flow Based
Large 2 1GB logICAl RouTERS
- Single Services member state Shows entries on table
# show service loadbalancer # show ip [bgp/ospf] list all logical router instance
Quad-Large 4 1GB - High performance firewall pool “poolName” # List all logical router instance Explicit Failover Order Only one NIC active
Shows neighbors
- High performance Firewall # show ip [bgp/ospf] neighbors list which host received routing information
X-Large 6 8GB
- Load Balancing # show logical-router list dlr “dlrID” host
Shows routes learned NSX Dynamic Routing
# show ip route [bgp/ospf] list routing table for a specific host
# show logical-router host “hostID” dlr
Shows configuration
NSX load Balancing Services “dlrID” route
# show configuration [bgp/ospf]
Shows logical router’s statistics
wAN Internet
# show logical‐router controller master dlr
Dynamic routing protocol is configured
“dlrID” statistics 1 on the logical router instance
NSX Controller Commands

Peering
Show the ARP table for a logical router on a specific host
# show logical‐router host “hostID” dlr oSPF/BgP
Restarts a controller. Restart only one controller at a time “dlrID” arp NSX Edge Controller pushes new logical router
# restart controller (Acting as next hop router) 2 configuration including to ESXi hosts
Shows control-cluster status logICAl SwITCHES
one-Arm Mode (Proxy) wAN Internet Inline Mode (Transparent) # show control‐cluster status Shows logical Switches
VP N oS Dynamic routing peering between the
• Connected directly on the same • load Balancer is the VMs Shows controller, configuration, and status of the specified VNI # show logical‐switch list all P F/ 3
192.168.10.1 Pe Bg NSX Edge and logical router control VM
VMs network default gateway # show control‐cluster logical‐switches vni Shows connected logical switch on a host er P
“vniID” in
# show logical‐switch controller g DlR
• It's not the VMs default gateway • only DNAT is required Control VM NSX Mgr
Shows the hosts that are connected to the specified VNI “controllerID” host “hostIP” joined-vnis 3 1
6 New learned routes from the NSX Edge are
• SNAT is mandatory • Server farm replies back to the # show control‐cluster logical‐switches Shows MAC Address table for a logical switch
4 pushed to the Controller for distribution
connection‐table “vniID” Data 192.168.10.3
original client IP # show logical‐switch controller master vni (Protocol Address)
• Server farm replies back to Path
Shows MAC records of the specified VNI “vniID” mac 4
the VIP • This model is simple too but not # show control‐cluster logical‐switches mac‐ Shows VTEP table for a host Controller sends the route updates
quite flexible
table “vniID” 5 to all ESXi hosts
• This model is simple to deploy # show logical‐switch controller 192.168.10.2
(Forwarding Address)
• Full visibility into the original Shows the ARP records updated from the specified connection. “controllerID” host “hostIP” vtep
• It provides greater flexibility client IP address # show control‐cluster logical‐switches arp‐ 2
Shows the ARP table for a host DlR …
records “hostIP” Routing kernel modules on the hosts
• Dedicated network services • Shared network services
# show logical‐switch controller 5 6 handle the data path traffic
Shows the MAC records updated from the specified connection “controllerID” host “hostIP” arp NSX Controller
Cluster
# show control‐cluster logical‐switches mac‐ Shows MAC address table for a host
records “hostIP” # show logical‐switch controller 172.16.10.0/24 172.16.30.0/24
Shows the VTEP table for the specified VNI “controllerID” host “hostIP” mac 172.16.20.0/24
# show control‐cluster logical‐switches vtep‐ Shows logical switch statistics
table “vniID” # show logical‐switch controller master vni
Shows the VTEP records updated from the specified host “vniID” statistics ESXi Commands NSX Resource links
# show control‐cluster logical-switch vtep- Shows all hosts on which a logical switch is available
records “hostIP“ # show logical‐switch list vni “vniID”host Check NSX VIBs Installed Documentation Center
https://www.vmware.com/support/pubs/nsx_pubs.html
# esxcli software vib list | grep esx
official Blog
uninstalling NSX VIBs http://blogs.vmware.com/networkvirtualization
# esxcli software vib remove VMware Hands-on labs
VXlAN Frame Format --vibname=esx-vxlan http://hol.vmware.com/
# esxcli software vib remove
Design guide
VXlAN Encapsulated Frame --vibname=esx-vsip http://bit.ly/2cHPgtJ
14 bytes 20 bytes 8 bytes 8 bytes 14 bytes 4 bytes 1500 bytes Display VXlAN Details Trending support issues
# esxcli network vswitch dvs vmware vxlan list http://kb.vmware.com/kb/2131154
outer Ethernet outer uDP VXlAN Ethernet FCS
outer IP Header 802.1Q original Payload Test VTEP Connectivity Troubleshooting
Header Header Header Header
https://kb.vmware.com/kb/2122691
# vmkping ++netstack=vxlan -d -s “MTU_SIZE”
Minimum MTu size: 1600 Inner Frame
“VTEP_IP_DEST”

Copyright © 2016 VMware, Inc. All rights reserved. VMware Professional Services @duboc • @dumeirell • @vmwarensx https://vmware.com/products/nsx