VMware NSX

NSX Licensing NSX Implementation Steps NSX Reference Architecture

Product Features Standard Advanced Enterprise
2 Register with vCenter
Distributed switching and routing • • • 1 Deploy NSX Manager
NSX edge firewall • • •
vCenter
NAT • • • 3
SW L2 bridging to physical environment • • • Deploy NSX WAN Internet
Controllers
Dynamic routing with ECMP (active-active) • • • 5
4
API-driven automation • • • Configure and
Prepare VP N
deploy EdgeService
Integration with vRealize and OpenStack • • • Clusters
NSX Edge Gateway(s) and
NSX Controllers
Log Management with vRealize Log Insight for NSX • • • Services additional Networking
Gateway & Security Services
Automation of security policies with vRealize • •

NSX edge load balancing • •

Distributed firewalling • •

Integration with Active Directory • •

V PN V PN

Server activity monitoring • • APP

OS
APP
OS

Service insertion (third-party integration) • • APP

OS
APP
OS
V PN V PN

Integration with AirWatch • •

Cross vCenter NSX • Payload Rack/Cluster Management Cluster Edge Cluster

vSphere Cluster 1 vSphere Cluster 2 vSphere Cluster N
Multi-site NSX optimizations •

VPN (IPSec and SSL) •

Load Balancer commands NSX Edge commands NSX Manager Teaming and Failover Mode
Remote Gateway •

Integration with hardware VTEPs • Firewall Controllers Policy NSX Support Multi vTEP Support Uplink Behavior
Shows load balancer configuration
# show configuration Shows the firewall configuration
Shows controller nodes status Route Based on Originating Port Both NICs Active
loadbalancer # show configuration firewall # show controller list all
Shows VIPs Shows specific firewall rule information
# show firewall rule-id “ruleID” Route Based on Source MAC Hash Both NICs Active
NSX Edge Sizes # show configuration Edges
loadbalancer virtual Show IP address group
Shows information for all edges Route Based on IP Hash Flow Based
Flavours vCPU Memory General Guideline “vipName” # show configuration ipset # show edge all
Shows load balancer pool configuration Show application set
Shows specific Edge information
Compact 1 512MB
- Tests # show configuration # show configuration application-set Route Based on NIC Load
- POCs # show edge “edgeID”
loadbalancer pool “poolName”
- Medium performance firewall Shows load balancer pool Dynamic Routing LACP Flow Based
Large 2 1GB Logical Routers
- Single Services member state Shows entries on table
# show service loadbalancer # show ip [bgp/ospf] List all logical router instance
Quad-Large 4 1GB - High performance firewall pool “poolName” # List all logical router instance Explicit Failover Order Only one NIC active
Shows neighbors
- High performance Firewall # show ip [bgp/ospf] neighbors List which host received routing information
X-Large 6 8GB
- Load Balancing # show logical-router list dlr “dlrID” host
Shows routes learned NSX Dynamic Routing
# show ip route [bgp/ospf] List routing table for a specific host
# show logical-router host “hostID” dlr
Shows configuration
NSX Load Balancing Services “dlrID” route
# show configuration [bgp/ospf]
Shows Logical router’s statistics
WAN Internet
# show logical‐router controller master dlr
Dynamic routing protocol is configured
“dlrID” statistics 1
NSX Controller Commands on the logical router instance
Show the ARP table for a Logical router on a specific host

Peering
# show logical‐router host “hostID” dlr OSPF/BGP
Restarts a controller. Restart only one controller at a time “dlrID” arp NSX Edge Controller pushes new logical router
# restart controller (Acting as next hop router) 2 configuration including to ESXi hosts
Shows control-cluster status Logical SWITCHES
One-Arm Mode (Proxy) WAN Internet Inline Mode (Transparent) # show control‐cluster status Shows Logical Switches
ospf Dynamic routing peering between the
• Connected directly on the same • Load Balancer is the VMs Shows controller, configuration, and status of the specified VNI # show logical‐switch list all VP N
3
192.168.10.1 Pe /b NSX Edge and logical router control VM
VMs network default gateway # show control‐cluster logical‐switches vni Shows connected logical switch on a host er
gp

“vniID” in
# show logical‐switch controller g DLR
• It's not the VMs default gateway • Only DNAT is required Control VM NSX Mgr
Shows the hosts that are connected to the specified VNI “controllerID” host “hostIP” joined-vnis 3 1
# show control‐cluster logical‐switches 6 4
New learned routes from the NSX Edge are
• SNAT is mandatory • Server farm replies back to the Shows MAC Address table for a logical switch pushed to the Controller for distribution
original client IP connection‐table “vniID” # show logical‐switch controller master vni Data 192.168.10.3
Path (Protocol Address)
• Server farm replies back to “vniID” mac
Shows MAC records of the specified VNI 4
the VIP • This model is simple too but not # show control‐cluster logical‐switches mac‐ Shows VTEP table for a host Controller sends the route updates
quite flexible
table “vniID” 5
• This model is simple to deploy # show logical‐switch controller 192.168.10.2 to all ESXi hosts
(Forwarding Address)
• Full visibility into the original Shows the ARP records updated from the specified connection. “controllerID” host “hostIP” vtep
• It provides greater flexibility client IP address # show control‐cluster logical‐switches arp‐ 2
Shows the ARP table for a host DLR …
records “hostIP” # show logical‐switch controller Routing kernel modules on the hosts
• Dedicated network services • Shared network services 5 6 handle the data path traffic
Shows the MAC records updated from the specified connection “controllerID” host “hostIP” arp NSX Controller
Cluster
# show control‐cluster logical‐switches mac‐ Shows MAC address table for a host
records “hostIP” # show logical‐switch controller 172.16.10.0/24 172.16.30.0/24
Shows the VTEP table for the specified VNI “controllerID” host “hostIP” mac 172.16.20.0/24
# show control‐cluster logical‐switches vtep‐ Shows logical switch statistics
table “vniID” # show logical‐switch controller master vni
Shows the VTEP records updated from the specified host “vniID” statistics ESXi Commands NSX Resource Links
# show control‐cluster logical-switch vtep- Shows all hosts on which a logical switch is available
records “hostIP“ # show logical‐switch list vni “vniID”host Check NSX VIBs Installed Documentation Center
https://www.vmware.com/support/pubs/nsx_pubs.html
# esxcli software vib list | grep esx
Official Blog
Uninstalling NSX VIBs http://blogs.vmware.com/networkvirtualization
# esxcli software vib remove VMware Hands-on Labs
VXLAN Frame Format --vibname=esx-vxlan http://hol.vmware.com/
# esxcli software vib remove
Design Guide
VXLAN Encapsulated Frame --vibname=esx-vsip http://bit.ly/2cHPGtJ
14 bytes 20 bytes 8 bytes 8 bytes 14 bytes 4 bytes 1500 bytes Display VXLAN Details Trending support issues
# esxcli network vswitch dvs vmware vxlan list http://kb.vmware.com/kb/2131154
Outer Ethernet Outer UDP VXLAN Ethernet FCS
Outer IP Header 802.1Q Original Payload Test VTEP Connectivity Troubleshooting
Header Header Header Header
https://kb.vmware.com/kb/2122691
# vmkping ++netstack=vxlan -d -s “MTU_SIZE”
Minimum MTU size: 1600 Inner Frame
“VTEP_IP_DEST”

Copyright © 2016 VMware, Inc. All rights reserved. VMware Professional Services @duboc • @dumeirell • @vmwarensx https://vmware.com/products/nsx