Professional Documents
Culture Documents
01 VMware NSX For Vsphere 6.2 Overview
01 VMware NSX For Vsphere 6.2 Overview
2
Knowledge Transfer Kit
Overview
2
What is a
Software-Defined Data Center?
What is a Software-Defined Data Center?
Software
4 4
What is a Software-Defined Data Center? (cont.)
4 5
Application Consumption
Applications
1
Location Independence 5
Biggest Industry Transformation
Since Mainframe-to-Client Server
Computing
6
Enterprise IT Will Change
7
Why?
8
Enterprise Business Leaders Want Their IT to be Like Amazon
Internal Software-Defined
Data Center (SDDC)
New IT
or
or
Hardware-Defined
Data Center (HDDC)
No IT
Outsourced
9
Anatomy of the Most Agile and Efficient Data Centers is SDDC
Google / Facebook /
Amazon Data Centers
Custom Application
Software / Hardware Abstraction
Custom Platform
Software / Hardware Abstraction
Any x86
Any Storage
Any IP network
10
Choice for “New IT” – SDDC or HDDC
Vertical Integration
Any x86 Any x86 Integrated x86
11
“New IT” Will Be SDDC
SDDC
SDDCPlatform
Platform
Data Center Virtualization
12
Remember, SDDC is Not a Product –
SDDC is an Approach
Application
Application Consumption
s
Virtual Virtual Virtual
Software Machines Networks Storage
Location Independence
13
Businesses Are Buying the Vision and Strategy
Products Strategic Approach
Building
Building Blocks
Blocks and
and Tools
Tools Data
Data Center
Center for
for the
the Next
Next 10
10 Years
Years
14
Selling SDDC
Customers want How they justify it
Agility Efficiency
• Service delivery speed • OpEx and CapEx savings
• Infrastructure flexibility • Business velocity
• Capacity elasticity • Results measurement and
optimization
15
What Customers Want
Network
Virtualization
is
Missing
16
What Must Happen
Data Center
Virtual Machine
Network
Operational Model
?
• Decouple from Hardware
• Create, Delete, Grow, Shrink
• Transparent to Application
• Programmatic Monitoring
• Extensible
17
Software-Defined Data Center – IT Outcomes
Secure
Secure Delivery
Delivery
IT
IT Service
Service Delivery
Delivery of
of Mobile
Mobile Apps
Apps in
in
Time
Time in
in Minutes
Minutes Minutes
Minutes
App and Business
Infrastructure Delivery Mobility Improved
Improved Security
Security
OpEx
OpEx Reduction
Reduction Automation to
to Effort
Effort Ratio
Ratio
Streamlined and
Security Controls
CapEx
CapEx Reduction
Reduction Automated Data Center
Native to Infrastructure
Operations
Business Priorities
18
Tied to VMware SDDC IT Outcomes
Professional service:
[T] = technical; [O] = operational
• Performance and Capacity Optimization, • 3rd Party Integration, Customized • App Health Monitoring
Streamlined and • Infrastructure Health Monitoring Dashboards • Quality of Service Management
Automated Data • Compliance Monitoring
Center
Operations •• [T] ••
[T] Performance
Performance && Capacity
Capacity Mgmt
Mgmt D&D
D&D •• [O]
[O] Ops
Ops Trans
Trans for
for Compliance
Compliance
[T]
[T] Performance
Performance && Capacity
Capacity Mgmt
Mgmt D&D
D&D
•• [O]
[O] Ops
Ops Trans
Trans for
for Performance
Performance &
& Capacity
Capacity •• [T]
[T] Compliance
Compliance D&D
D&D •• [O]
[O] Ops
Ops Trans
Trans for
for Performance
Performance &
& Capacity
Capacity
• Automated VM Delivery (IaaS) • Automated Middleware and Apps Delivery; • Hybrid Cloud (for example. AWS, OpenStack)
App and • Infrastructure Costing Policy-Based Network/Storage Services • Application Release Automation (DevOps)
Infrastructure • Service Costing • Custom Services (for example, Desktops)
Delivery
Automation •• [T]
[T] SDDC
SDDC D&D;
D&D; [T]
[T] Cloud
Cloud Automation
Automation D&D
D&D •• [O]
[O] Ops
Ops Trans
Trans for
for Cloud
Cloud Automation
Automation •• [T]
[T] SDDC
SDDC D&D
D&D
•• [O]
[O] Ops
Ops Trans
Trans for
for Cloud
Cloud Automation
Automation •• [T]
[T] SDDC
SDDC D&D;
D&D; [T]
[T] Cloud
Cloud Automation
Automation D&D
D&D •• [T]
[T] Cloud
Cloud Automation
Automation D&D
D&D
19
IT Outcomes Drive Journey to SDDC
Phase III
Business
Phase II Partner
Service
Phase I Provider
Cost
Speed and Agility
Center
QoS and Control
CapEx and OpEx
Savings
App
App and
and Infrastructure
Infrastructure Delivery
Delivery Automation
Automation
Security
Security Controls
Controls Native
Native to
to Infrastructure
Infrastructure
High
High Availability
Availability and
and Resilient
Resilient Infrastructure
Infrastructure
Streamlined
Streamlined and
and Automated
Automated Data
Data Center
Center Operations
Operations
Data
Data Center
Center Virtualization
Virtualization and
and Standardization
Standardization
20
Network Virtualization with
VMware NSX
VMware NSX Vision: Driving VMware NSX Everywhere
Managing Security and Connectivity for Many Heterogeneous End Points
Public clouds
Branch offices
(Partner)
Internet of things
Mobile devices
(VMware Airwatch®)
Virtual Desktop
On-premises data center (VDI)
22
VMware NSX is Mainstream – Current Customer Projects
23
VMware NSX Enables the Next-Gen Networking Model
OS
Applications Software
VSWITCH
Virtual Virtual Virtual
Machines Networks Storage
Location Independence
24
Data Center Network
Internet
25
Compute Infrastructure
Internet
26
Hypervisors and VMware NSX Virtual Switch
Internet
27
NSX for vSphere | Network Virtualization Platform
Internet
NSX
28
Operational Model of Virtual Networks
Internet
NSX
29
A Complete Virtual Network in Software –
Logical Switching
1.1.2.0/24
Egress
1.1.1.0/24
L2
Logical Switch (L2)
Ingress
Network Hypervisor
IDS
Load Balancer
General Purpose IP Hardware Physical Network
30 30
A Complete Virtual Network in Software –
Distributed Routing
Egress
1.1.2.0/24
L2
Logical Switch (L2)
L3 Virtual Network
In Software
L3
1.1.1.0/24
L2
Ingress
Network Hypervisor
IDS
Load Balancer
General Purpose IP Hardware Physical Network
31 31
Distributed Routing
OSPF BGP
A logical router control VM is
deployed and exchanges
routing updates with peers
NSX vSwitch
Hypervisor
NSX vSwitch
Hypervisor
NSX vSwitch
Hypervisor
The VMware NSX® for vSphere® The logical router VM sends which distribute the routes to
admin creates a new logical router route updates to the VMware each hypervisor data plane
NSX Controller™ instances…
NSX for vSphere routing: Highly available routing
with fully distributed data plane
Distributed in each hypervisor Controllers are clustered
Central configuration
32
A Complete Virtual Network in Software –
Distributed Firewalling
Egress
1.1.2.0/24
L2
FW
Logical Switch (L2)
L3 Virtual Network
In Software
L3
1.1.1.0/24
L2
FW
Logical Switch (L2)
Ingress
Network Hypervisor
IDS
Load Balancer
General Purpose IP Hardware Physical Network
33 33
Distributed Firewalling
V
V
V M
V V M
M V
M M
V M
V
M
M
NSX vSwitch
VM
V NSX vSwitch
Hypervisor V M
V
Hypervisor
VM VM
M M
V
M
VM
NSX vSwitch
Hypervisor
V
V M V
V
M V M NSX vSwitch
M V
V M M
M V Hypervisor
M
NSX vSwitch
NSX vSwitch
Hypervisor
Hypervisor
Virtual Network
NSX vSwitch
Hypervisor
VM
VM
VM
NSX vSwitch
Hypervisor Existing Physical Network
35
Virtual Network (cont.)
Virtual Network
NSX vSwitch
Hypervisor
VM
VM
VM
User Space
NSX vSwitch
Hypervisor Existing Physical Network
36
Non-Disruptive Deployment
VM
VM
Virtual Network
NSX vSwitch
Hypervisor
VM
VM
VM
User Space
NSX vSwitch
Hypervisor Existing Physical Network
37
Programmatically Provisioned
Cluster Controller VM VM
VM
Virtual Network
NSX vSwitch
Hypervisor
VM VM
VM
User Space
al Network
NSX vSwitch
Hypervisor Existing Physic Cloud Mgt Platform
38
Services Distributed to the NSX Virtual Switch
Cluster Controller
VM VM
VM
User Space
Virtual Network
NSX vSwitch
Hypervisor
Physical Host
VM VM
VM
User Space
Network
NSX vSwitch
ti ng P h ys ic al
Hypervisor Exis Cloud Mgt Platform
Simplified IP Backplane No VLANs, No ACLs, No Firewall Rules
39
Physical Workloads and Legacy VLANs
Cluster Controller
VM VM
VM
User Space
Virtual Network
NSX vSwitch
Hypervisor
Physical Host
VM VM
VM
User Space
40
More Efficient Routing with VMware NSX
Before
Before VMware
VMware NSX
NSX With
With VMware
VMware NSX
NSX Before
Before VMware
VMware NSX
NSX With
With VMware
VMware NSX
NSX
UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B
UCS
UCS Blade
Blade 1
1 UCS
UCS Blade
Blade 1
1 UCS
UCS Blade
Blade 2
2 UCS
UCS Blade
Blade 1
1 UCS
UCS Blade
Blade 2
2
UCS
UCS Blade
Blade 1
1
NSX
NSX vSwitch
vSwitch vswitch vswitch NSX
NSX vSwitch
vSwitch
vswitch
41
More Efficient Firewalls with VMware NSX
Before
Before VMware
VMware NSX
NSX With
With VMware
VMware NSX
NSX Before
Before VMware
VMware NSX
NSX With
With VMware
VMware NSX
NSX
UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B UCS
UCS Fabric
Fabric A
A UCS
UCS Fabric
Fabric B
B
UCS
UCS Blade
Blade 1
1 UCS
UCS Blade
Blade 1
1 UCS
UCS Blade
Blade 2
2 UCS
UCS Blade
Blade 1
1 UCS
UCS Blade
Blade 2
2
UCS
UCS Blade
Blade 1
1
NSX
NSX vSwitch
vSwitch vswitch vswitch NSX
NSX vSwitch
vSwitch
vswitch
42
I Didn’t Know NSX for vSphere
Could Do That
43
Better Security
44
Achieving Isolation with NSX for vSphere
Virtual networks are isolated
from each other 192.168.2.20
(overlapping IP addresses)
192.168.2.20
Virtual Network VM 2607:f0d0:1002:51::7
VM
VM
IPv6
Virtual Network
NSX vSwitch
Hypervisor
192.168.2.10
Physical Host
192.168.2.10
2607:f0d0:1002:51::4
VM VM
VM
VM VM VM VM
Internet VM
vSwitch vSwitch
Hypervis Hypervis
or or
Physical Physical
Host Host
46
Service Insertion –
Palo Alto Networks Next-Gen Firewall Example
VMware
NSX Security Admin
Security Policy
VM VM
Internet VM
Traffic
Steering vS vSwitch
witch
Hypervis Hypervis
or or
Physical Physical
Host Host
47
What’s New in
NSX for vSphere 6.2.3?
What’s New in VMware NSX
49
What’s New with VMware NSX Licensing?
VMware NSX for vSphere 6.2.3
Standard / Advanced /
Standard
Enterprise Tiers
Agility and automation for the data center
50
New VMware NSX Offerings: Standard, Advanced, and
Enterprise
Standard Advanced Enterprise
Agility and automation Standard, plus a fundamentally Advanced, plus networking and
of the network more secure data center security across multiple domains
Distributed switching and routing ✓ ✓ ✓
NSX Edge firewall ✓ ✓ ✓
NAT ✓ ✓ ✓
SW L2 bridging to physical environment ✓ ✓ ✓
Dynamic routing with ECMP (Active-active) ✓ ✓ ✓
API-driven automation ✓ ✓ ✓
Integration with vRealize® and OpenStack1 ✓ ✓ ✓
Automation of security policies with vRealize ✓ ✓
NSX Edge load balancing ✓ ✓
Distributed firewalling ✓ ✓
Integration with Active Directory ✓ ✓
Server activity monitoring ✓ ✓
Service insertion (3rd party integration) ✓ ✓
Cross-vCenter® NSX ✓
Multi-site VMware NSX optimizations ✓
VPN (IPSEC and SSL) ✓
Remote gateway ✓
Integration with HW VTEPs ✓
1
L2, L3 & NSX Edge Integration Only. No consumption of Security Groups
Detailed Feature List Available here: http://kb.vmware.com/kb/2145269
51
New VMware NSX Offerings: Standard, Advanced, and
Enterprise
Standard Advanced Enterprise
Agility and automation Standard, plus a fundamentally Advanced, plus networking and
of the network more secure data center security across multiple domains
Distributed switching and routing ✓ ✓ ✓
NSX Edge firewall ✓ ✓ ✓
NAT ✓ ✓ ✓
SW L2 bridging to physical environment ✓ ✓ ✓
Dynamic routing with ECMP (Active-active) ✓ ✓ ✓
API-driven automation ✓ ✓ ✓
Integration with vRealize and OpenStack 1 ✓ ✓ ✓
Automation of security policies with vRealize ✓ ✓
NSX Edge load balancing ✓ ✓
Distributed firewalling ✓ ✓
Integration with Active Directory ✓ ✓
Server activity monitoring ✓ ✓
Service insertion (3rd party integration) ✓ ✓
Cross-vCenter NSX ✓
Multi-site VMware NSX optimizations ✓
VPN (IPSEC and SSL) ✓
Remote Gateway ✓
Integration with HW VTEPs ✓
1
L2, L3 & NSX Edge Integration Only. No consumption of Security Groups
Detailed Feature List Available here: http://kb.vmware.com/kb/2145269
52
Examples: VMware NSX Standard Topologies
Software
DLR L2 Bridge DLR
Note: Other topologies are possible – the pictures shown are representative only
53
New VMware NSX Offerings: Standard, Advanced, and
Enterprise
Standard Advanced Enterprise
Agility and automation Standard, plus a fundamentally Advanced, plus networking and
of the network more secure data center security across multiple domains
Distributed switching and routing ✓ ✓ ✓
NSX Edge firewall ✓ ✓ ✓
NAT ✓ ✓ ✓
SW L2 bridging to physical environment ✓ ✓ ✓
Dynamic routing with ECMP (Active-active) ✓ ✓ ✓
API-driven automation ✓ ✓ ✓
Integration with vRealize and OpenStack 1 ✓ ✓ ✓
Automation of security policies with vRealize ✓ ✓
NSX Edge load balancing ✓ ✓
Distributed firewalling ✓ ✓
Integration with Active Directory ✓ ✓
Server activity monitoring ✓ ✓
Service insertion (3rd party integration) ✓ ✓
Cross-vCenter NSX ✓
Multi-site VMware NSX optimizations ✓
VPN (IPSEC and SSL) ✓
Remote Gateway ✓
Integration with HW VTEPs ✓
1
L2, L3 & NSX Edge Integration Only. No consumption of Security Groups
Detailed Feature List Available here: http://kb.vmware.com/kb/2145269
54
Examples: VMware NSX Advanced Topologies
Note: Other topologies are possible – the pictures shown are representative only
55
New VMware NSX Offerings: Standard, Advanced, and
Enterprise
Standard Advanced Enterprise
Enterprise
Agility and automation Standard, plus a fundamentally Advanced,
Advanced, plus
plus networking and
of the network more secure data center security across multiple domains
Distributed switching and routing ✓ ✓ ✓
NSX Edge firewall ✓ ✓ ✓
NAT ✓ ✓ ✓
SW L2 bridging to physical environment ✓ ✓ ✓
Dynamic routing with ECMP (Active-active) ✓ ✓ ✓
API-driven automation ✓ ✓ ✓
Integration with vRealize and OpenStack 1 ✓ ✓ ✓
Automation of security policies with vRealize ✓ ✓
NSX Edge load balancing ✓ ✓
Distributed firewalling ✓ ✓
Integration with Active Directory ✓ ✓
Server activity monitoring ✓ ✓
Service insertion (3rd party integration) ✓ ✓
Cross-vCenter NSX ✓
Multi-site VMware NSX optimizations ✓
VPN (IPSEC and SSL) ✓
Remote Gateway ✓
Integration with HW VTEPs ✓
1
L2, L3 & NSX Edge Integration Only. No consumption of Security Groups
Detailed Feature List Available here: http://kb.vmware.com/kb/2145269
56
Examples: VMware NSX Enterprise Topologies
57
VMware NSX Enterprise Topologies Cross-vCenter
58
VMware NSX Enterprise Topologies
VPN Tunnel
VPN VPN
DLR DLR
59
VMware NSX Hardware Layer 2 Gateway Integration
• Hardware based low latency forwarding for E/W bridged traffic
• High port density
• Central management from VMware NSX UI
• Strengthen VMware NSX ecosystem:
all major networking vendors participate
Hardware
Layer 2
Gateway
Non-virtualized appliances
60
Edge SYN-Flood Protection Improvement
Protect workloads from Denial-of-Service attacks
Overview
3-Way
3-Way
HS
available for traffic proxied by the NSX Edge, like SSL/VPN,
HS
SSYY
NN
SSYY
NN
LB.
Benefits
61
Edge Upgrade Process With VMware NSX 6.2(3)
Upgrade from 6.2(n) 6.2(n+1)
62
New Edge DHCP Options
Support options for PXE boot and static routes
Overview
Benefits
D
DH
TP
HC
63
NSX Edge High Availability Enhancements
Overview
internal
I’m active internal
Benefits
64
DFW Granular Rule Filtering
Simplify management and troubleshooting of distributed firewall
Overview
Benefits
65
DFW Extended Application Layer Gateway Support
• DFW supports Application Layer Gateways (ALGs)
• VMware NSX releases up to version 6.2.2 support the following ALGs:
– FTP
– CIFS
– ORACLE TNS
– MS-RPC
– SUN-RPC
• ALGs are one of the key features that differentiate a stateful firewall from ACLs
66
Guest Introspection
Windows 10 Support
Overview
Benefits
67
SSLVPN Refresh
VMware NSX SSLVPN client support and security
Overview
Benefits
68
Operations and Troubleshooting: New in VMware NSX
• SNMP Support: configure SNMP • Traceflow: enhanced to trace packets • Third-party monitoring with ability to
traps for VMware NSX events forwarded thru third-party NetX copy packets via NetX
services
• NSX Dashboard: central view into • Customer Experience Improvement
overall health of VMware NSX •• VMware NSX Central CLI: Program
components enhancements to host health, packet
capture, and more • VMware vRealize®® Log Insight™ for
• Channel Health Checks VMware NSX
• Flow Monitoring: filter support
69
SNMP Support for NSX Manager
Traps generated by NSX Manager
Overview
OPS Team
• SNMP traps generated by VMware NSX Manager™ in case of
errors
• SNMPv2c support
• System events related to hypervisors, controllers, edges and
NSX Manager can be sent as traps (up to 4 collectors)
• When enabled, Critical and High severity events are reported
SNMP
SNMP Trap
Trap
by default (can be customized)
70
VMware NSX Troubleshooting Dashboard
Troubleshooting single pane of glass
Overview
Benefits
71
Enhanced Communication Channel Health
• Provide error details during communication faults
• Generate an event when a channel goes into a wrong status
• Heartbeat messages now generated from NSX Manager to hosts
Alert
Alert
Hosts
72
Traceflow Visibility Through Third-Party NetX Services
Overview
7
7
8
8
1
1
2
2
Benefits
3
3
9
9
VDS 4
4
• Increased application visibility, security and compliance
5
5 • Customers can leverage existing 3rd rd party solutions
6
6
7
7
8
8 same
8
8
step
9
9
73
73
Enhanced Central CLI for VMware NSX Troubleshooting
Additional capabilities and support
Overview
Benefits
VM VM
• Simplify troubleshooting
VM
VM
VM VM
VM
VM
• Reduce time to resolution
• No more access to hosts required for VMware NSX
NSX vSwitch NSX vSwitch
administrators
Hypervisor Hypervisor
74
Flow Monitoring Enhancements
Live flow filtering, performance improvements
Overview
Benefits
75
Packet Copy Service Support
NetX support of packet copy
Benefits
VDS VDS • Increased application visibility, security and compliance
• Customers can leverage existing third-party solutions
Without With
Packet Copy Packet Copy
76
vRealize Log Insight for VMware NSX 3.3.2
• vRealize
vRealize Operations
Operations Management
Management Pack™
Pack™ for
for VMware
VMware NSX:
NSX:
•• Virtual
Virtual +
+ physical
physical network
network topology
topology views
views
•• Troubleshooting action frameworks
• vRealize Log Insight extensibility – 40+ third-party content packs The best real-time management
available
available for SDDC
77
NSX for vSphere 6.2
Enhancements and Features
Introduced in the 6.2 Release
Released August 2015
VMware NSX 6.2
Accelerating SDDC adoption
and driving new opportunities
80
NSX for vSphere 6.2 Major Enhancements
81
VMware NSX Support for VMware vSphere 6.0
VMware NSX builds on top of industry-first hypervisor technologies
Overview
• Builds upon next generation of vSphere vMotion
innovation
• Support for cross-vCenter vSphere vMotion
over VXLAN
• Dedicated TCP/IP stack for vSphere
vMotion
• VMware vSphere Network I/O Control v3 support
+
for VMware NSX logical switches
• VMware NSX plug-In to VMware vSphere Web
Client, with improved browser support,
responsiveness and 5x performance gains
Benefits
• Builds upon foundation of the software-defined
data center
• Leverages existing investments and skill sets
82
VMware NSX Support for Multiple vCenter Instances
• NSX for vSphere 6.2 introduces support for multiple vCenter instances with vSphere 6.0
– L2 and L3 extended across vCenter boundaries
– Consistent firewall policy across multiple VMware vCenter Server® instances
– Support for cross-vCenter vSphere vMotion with L2/L3/distributed firewall support
• Key considerations
– 1 VMware NSX Manager:1 vCenter relationship
– Up to eight vCenter instances / VMware NSX managed by a single VMware NSX Controller™ cluster
– One active NSX Manager as configuration primary, rest as secondary
83
L2 and L3 Extended across vCenter Boundaries
Seamlessly extend the software-defined data center
Overview
Universal
Universal Logical
Logical Switch
Switch
Benefits
• Non-siloed logical networks
• Capacity pooling (across vCenter instances
and across sites)
• Logical network infrastructure for cross-
vCenter vSphere vMotion
• Metro multisite logical networks (metro area
capacity pooling with site egress)
84
Consistent Firewall Policy Across vCenter Boundaries
Seamlessly extend software-defined data center security
Overview
Benefits
• Unified security policies across vCenter
resources
• Define once, apply everywhere
85
Multi-vCenter Distributed Firewall
• Universal Section
• Local Section
86
VMware NSX with Ecosystem Delivers Key Services for
Applications
Connectivity Security
Traditional Modern
Applications Applications
Availability
Data Security Activity Monitoring
Connectivity to
Physical Networks
Load
Balancing
Enhancing VMware NSX services to enable new use cases and simplify operations
87
Distributed Firewall Rule Enforcement Without VMware Tools
Operational improvements of distributed firewall
Overview
88
Load Balancer Enhancements
Improves usability
Overview
• Scale: Increases number of VIPs supported
from 64 to 1024
• Operation: Provides LB monitor information on
failure (last check, status last change, and fail
L3 reason)
VM1 VM2 VM3
• LB feature: Supports VIP and pool port ranges
VM1 VM2
Benefits
• Improves manageability and troubleshooting
• Leverages third-party LB vendor capabilities
inside VMware NSX model
• Simplifies migration of applications load-
balanced by third-party LB to the VMware
NSX environment
89
Routing Enhancements
Enhanced routing configuration and troubleshooting
Overview
• Supports administrative distance for static routes
• No DLR control VM with static routing
• Supports exact match for redistribution rules
• Enable/disable strict uRPF interface checks on the
edge
• Show AS path in show ip bgp route CLI
command
• Do not announce management interface from DLR
control VM
• Automatic consistency check for logical routing
• Transport of VLAN tags over VXLAN
Benefits
VM VM VM VM VM
VM VM VM VM VM • Ease of configuration and enhanced troubleshooting
• Enhanced routing functionality and operations
90
Physical Services Integration Through VMware NSX Hardware
VTEPs
Provide connectivity to physical workloads and services
Overview
• VMware NSX hardware VTEP-enabled
physical appliance
VM1 VM2 • Attach any physical services appliance
• Extensible (schema-based)
LS – VNI • Integration not dependent on multicast
5001
91
Distributed Logical Router and Bridging Integration
VM
VM VM
VM
VM
VM VM
VM Bridging Physical
Bridging Physical instance server
APP instance server
APP LS
LS not
not extended
extended to
to
VLAN can use
VLAN can use DLR
DLR
92
Improving Visibility
• L2 and L3 trace flow • Central CLI
– Tests connectivity through logical and physical paths – Reduces troubleshooting time for distributed network
– Shows where the packet is dropped
functions
– Provides access to control and data plane Information
– Provides per logical service (LS/LR/DFW/Edge) statistics
• Enhancement to VMware NSX APIs and tables
– New APIs that provide additional controller, hypervisor and – Provides commands to check out-of-synch states
edge info
– APIs detect health of communication channels
93
Deploying
NSX for vSphere
Deploying Network Virtualization with
NSX for vSphere
1 2 3
Programmatic
Virtual
Network Deployment
NSX NSX
Mgmt Edge
95
Multi-vCenter Deployment Considerations
• Greenfield deployments of multi-vCenter are straightforward
– Assign NSX Manager roles
– Deploy universal controller cluster
– Consume universal or local objects
96
NSX for vSphere
Supports Complex Application Topologies
WEB
DATABASE
97
Ecosystem
NSX for vSphere
Ecosystem Technology Partners
99
SDDC and NSX for vSphere
Enable Enterprise IT as Agile as Amazon
100
NSX for vSphere Deployment Use Cases
Self-Service IT Data Center Public Clouds
Automation
Dev X
Test X
Acquisition
A
Dev A
101
The Big Picture – Why VMware NSX is Needed
• VMware NSX introduces a higher level of security to the data center
• IT organizations can streamline their networking and security operations
• Businesses lay the foundation for the software-defined data center
Unmatched security inside Deploy faster and adapt to Flexible network foundation for
the data center changes more easily the software-defined data
center
102
Questions
103
VMware NSX for vSphere 6.2
Knowledge Transfer Kit
VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304