Troubleshooting Distributed Firewall in NSX-V – How to check firewall rules for a VM

Troubleshooting Distributed Firewall in NSX-V Blog reference: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.troubleshooting.doc/GUID-20234847-3E7A-4FE8-AEE1-31FFB3652481.html  In my earlier post on Microsegmentation, we referenced the below topology and we put the workloads for different tiers - Web, App and DB on the same NSX Logical Switch.With NSX micro segmentation, firewall is applied at vnic level of each virtual machine. Topology Below firewall rules … Continue reading Troubleshooting Distributed Firewall in NSX-V – How to check firewall rules for a VM

Cross Vcenter NSX using Local Egress (Active-Active)

Cross Vcenter NSX using Local Egress The above topology has been used for the purpose of this lab. In this blog post, we are going to cover Active Active Cross Vcenter NSX.BGP is used as a routing protocol in this setup above.And appropriate BGP peerings have been illustrated in topology above.We are using eBGP between … Continue reading Cross Vcenter NSX using Local Egress (Active-Active)

VMware NSX Microsegmentation – Securing Collapsed Architectures

VMware NSX Microsegmentation - Securing Collapsed Architectures As depicted in above topology, NSX-V Distributed Firewall feature is enabled. And as shown in figure above, firewall is effectively applied at each vNic of virtual machine. In this topology: BGP is used as routing protocoliBGP is used within NSXeBGP is used between NSX edges and the physical … Continue reading VMware NSX Microsegmentation – Securing Collapsed Architectures

Cross Vcenter NSX with BGP

We have covered cross vcenter NSX with OSPF previously.Here we cover cross vcenter NSX with BGP.In this above topology: There are two vcenters, one in the primary site and the other in DR site.Primary NSX manager is deployed in primary site.Secondary NSX manager is deployed in DR site.Primary NSX manager is linked with vcenter in … Continue reading Cross Vcenter NSX with BGP

Cross Vcenter NSX with OSPF

References: Cross Vcenter NSX Design Guide https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-multi-site-solutions-cross-vcenter-nsx-design-guide.pdf Intra area routes versus inter area routes https://blog.ipspace.net/2008/01/e1-and-e2-routes-in-ospf.html In one of the earlier posts, we have covered running OSPF in NSX domain. Here we try to cover running OSPF in a Cross Vcenter NSX setup. In the above topology: 1. There are two NSX managers. Primary NSX manager … Continue reading Cross Vcenter NSX with OSPF

Vrealize Network Insight 3.8 Installation

References:   VRNI Architecture: https://blogs.vmware.com/management/2016/10/vrealize-network-insight-3-1-scalability.html   Installation Guide: https://docs.vmware.com/en/VMware-vRealize-Network-Insight/3.8/vRealize-Network-Insight-Installation-Guide.pdf   This installation is broken down into two parts: - One for platform & - The other for Collector aka Proxy. During the deployment of OVA for Platform & Proxy, you will use Thin Provision as the virtual disk format. 1. The first step with regards … Continue reading Vrealize Network Insight 3.8 Installation

NSX Edge Load Balancer – One Arm Mode

In the topology above, NSX edge load balancer is deployed in one arm mode. NSX edge load balancer has a single layer 3 interface which is connected to Distributed Logical Router via a logical switch. This logical switch is dedicated for Load Balancing Tier. There is also a Web Tier hosting web servers and these … Continue reading NSX Edge Load Balancer – One Arm Mode

OSPF Routing Protocol in NSX

OSPF NSX         The above topology illustrates OSPF Totally NSSA setup in NSX domain.   Distributed logical router is handling east-west traffic within the data center while the edges E1 and E2 are handling north-south traffic.   Edges E1 and E2 are configured in ECMP mode which allows more bandwidth to flow … Continue reading OSPF Routing Protocol in NSX