VMware NSX Network Essentials

Table of Contents

VMware NSX Network Essentials

Credits

Foreword

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

1. Introduction to Network Virtualization

The traditional network model

The three pillars of a Software Defined Data Center

Introducing the NSX-V network virtualization platform

The power of server virtualization and network virtualization

How to leverage NSX

VMware NSX features

Summary

2. NSX Architecture

Introducing network planes

NSX vSphere components

The management plane

The control plane

Three-node controller clusters

Controller roles

The data plane

Overlay networks

The VLAN packet

A VXLAN overview

The VXLAN frame

The inner Ethernet frame

The life of a VXLAN packet

Summary

3. NSX Manager Installation and Configuration

NSX Manager requirements

NSX Manager installation

Understanding the key configuration details

Target - Management and Edge cluster

Network mapping

NSX Manager virtual appliance management

Register vCenter Server with NSX Manager

Register SSO with NSX Manager

NSX Manager deployment consideration

The communication path

Network and port requirements

User roles and permissions

Controller requirements

The procedure for controller IP pool creation

NSX Controller design consideration

Communication path

Network and port requirements

Controller deployment consideration

The NSX data plane

The host preparation procedure

Summary

4. NSX Virtual Networks and Logical Router

NSX logical switches

Logical network prerequisites

Host preparation

Segment ID (VNI) pool

Steps to configure the VNI pool

Transport zone

Configuring a global transport zone

Creating logical switches

Understanding replication modes

Unicast mode packet walk

Design decisions for unicast mode VXLAN

Multicast mode packet walk

Design decisions for multicast mode VXLAN

Hybrid mode packet walk

Design decisions for hybrid mode VXLAN

Connecting virtual machines to logical switches

Testing connectivity

The Distributed Logical Router

Deploying a Distributed Logical Router

Procedure for deploying a logical router

Understanding logical interfaces

Logical router deployment considerations

Layer 2 bridges

Deploying an L2 bridge

Design considerations for the L2 bridge

Summary

5. NSX Edge Services

Introducing Edge services

Introducing Edge form factor

Introducing OSP, BGP, and ISIS

Exploring Open Shortest Path First

Understanding basic OSPF terminology

Updating a topology database

Exploring Intermediate System to Intermediate System

Exploring Border Gateway Protocol

Deploying an NSX Edge gateway

Configuring OSPF on NSX Edge

Configuring OSPF routing on Distributed Logical Router

NSX routing design decisions

NSX Edge NAT

NSX Edge logical load balancer

Server pools

Virtual server

Application profile

Design considerations while load balancing

Generating a certificate

Setting up a load balancer

Setting global options

Creating an application profile

Creating a service monitor

Creating a server pool

Creating a virtual server

Virtual Private Network 

SSL VPN

Configure SSL VPN server settings

Adding ID pool

Private network

IPsec VPN

L2 VPN

Prerequisites

Design decisions while configuring VPN

DHCP relay

Summary

6. NSX Security Features

NSX Distributed Firewall

Security groups

Security policies

Creating a service group

Creating a security policy

Testing firewall rules

Understanding identity-based firewall rules

Procedure for AD registration

NSX flow monitoring

NSX SpoofGuard

Procedure for SpoofGuard configuration

Distributed Firewall takeaways

Summary

7. NSX Cross vCenter

Understanding NSX cross vCenter Server

Components of NSX cross vCenter Server

Universal Synchronisation Service

Universal segment ID

Universal transport zone

Cross vCenter universal logical switch creation

Adding virtual machines to universal logical switches

Cross vCenter Server Universal Logical Routers

Network choke points

Summary

8. NSX Troubleshooting

NSX Manager installation and registration issues

Troubleshooting NSX Manager

Collecting NSX Manager logs via GUI

Collecting NSX Manager logs via CLI

VMware Installation Bundle

EAM log location

Control plane and data plane log collection

Understanding the physical topology

NSX Controller log collection

Collecting NSX Controller logs using CLI steps

Collecting Edge and Distributed Logical Router logs through the web client

NSX user world agents

netcpa

Vsfwd

Vsfwd log location and collection process

Collecting centralized logs from NSX Manager

VXLAN troubleshooting

Packet capturing and analysis

Lab environment details

VNIC packet capturing for egress traffic

NSX upgrade checklist and planning order

The future of NSX

Summary

References

VMware NSX Network Essentials

VMware NSX Network Essentials

Copyright © 2016 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: September 2016

Production reference: 1220916

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham 

B3 2PB, UK.

ISBN 978-1-78217-293-2

www.packtpub.com

Credits

Foreword

Over the past few decades, we witnessed how virtualization changed the landscape of a modern data center. It revolutionized how an under-utilized server hardware could be effectively utilized and in turn secure the ROI for businesses. In fact, virtualization is the first step towards helping organizations realize the goal of Software-Defined Data Center (SDDC).  Now it's time for networks to go through the similar drift and step into new world of SDDC, with the advent of Network Virtualization(NV) and Software-Defined Networking (SDN). Although network virtualization and SDN appear to be the same from an end output perspective, there are subtle nuances between the key functions they both offer to traditional networks. While network virtualization provides a way to create an abstraction layer on the underlying physical layer to create networks, SDN concentrates on consolidating the control plane for these networks. VMware NSX leverages both the network virtualization and SDN concepts to provide a feature-rich networking and security platform for its customers. NSX is a big leap towards achieving VMware's vision of SDDC. With NSX for vSphere in place, customers can seamlessly extend virtualization to network and security services and also bundle them with automation capabilities.

There has been a lot spoken and written lately about VMware NSX in the networking industry over the past few years. If we take a step back and look at where all this started, we quickly come across a company called Nicira, which arguably introduced the SDN concept to the industry back in the 2000s.  In 2012 when VMware acquired Nicira, a new transformation started for virtual networks which enabled them to offer networking and security functionality that is typically handled in hardware directly in hypervisors. In short, NSX successfully enabled customers to abstract, reproduce, and automate the traditional network and security services in software.

I don't want to spill the beans just yet in this foreword. I would let you explore all the awesomeness of NSX by yourself in the upcoming chapters of this book. This book provides you good foundations on Network Virtualization and SDN along with how NSX uses them both to provide network services to SDDC. You will be shown the detailed step-by-step instructions to install and configure NSX. In addition, you will also be learning how to leverage NSX to implement logical switching, routing (both static and dynamic), edge services gateway, distributed firewall, VPN configurations, data security, and so on.

Hope you are going to like it, and happy learning!

Pavan Kumar Thota

Staff Technical Training specialist

About the Author

Sreejith.C is a solution consultant at the Mannai corporation based out of Qatar. He specializes in storage, virtualization, private, public, hybrid cloud, and SDN. He determines customer requirements and designs VMware Cloud-based solution architectures spanning VMware’s product portfolio from the vCloud Suite to meet the functional and business requirements of various sizes of organisation, and across verticals. He holds various advanced and professional certifications: VCAP-CIA,VCAP 55-DCV,CCNA-DC, VCP-NV, VCP-CLOUD-5/6, VCP- 6/5/4, EMC-ISA, EMCISA-V2, EMCIE, and MCTS-AD2008. He has instructed multiple candidates on EMC and VMware technologies on a wide range of products such as Symmetrix, VMAX, vCloud Director, VCNS, NSX, and vCloud Air. He enjoys speaking at customer forums by sharing his ideas and also participates in VMware Community forums. You can contact him on LinkedIn ID at  http://www.linkedin.com/pub/sreejith-c/44/b30/a2a

Sreejith is married to Sthuthi and they are blessed with a beautiful daughter called Naomi.

I would like to dedicate this book to my family, who have immensely helped in my career, and last but not least, my colleagues with whom I have worked so far in VMware and Wipro Technologies.

About the Reviewer

Deepal Verma is a senior systems engineer who specializes in virtualization and storage technologies. He has worked in a variety of technical roles for over 10 years and holds industry certifications including VMware Certified Implementation Expert - Network Virtualization (VCIX-NV), VMware Certified Professional 6 – Network Virtualization (VCP6-NV), VMware Certified Professional 6 – Data Center Virtualization (VCP6-DCV), VMware Certified Professional 5 – Data Center Virtualization (VCP5-DCV), and others from AWS, EMC, and NetApp. His passion is to continue to learn new technologies and make it easier for others to understand. Deepal has also been recognized as a VMware vExpert (2016) for his contributions to the VMware community.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Preface

NSX has transformed data center networking by introducing security and automation in Software Defined Data Centers (SDDC) . Software-defined networking is highly dynamic and helps organizations scale their data centers. By making use of the feature-rich services in VMware NSX, organizations can improve their CAPEX and OPEX. This book provides a comprehensive coverage of various software-defined networking features offered by VMware NSX.

What this book covers

Chapter 1, Introduction to Network Virtualization, this chapter starts with evolution of virtualization and introduction to software defined data center followed by Network Virtualization discussion. We will also be covering how network virtualization has changed traditional datacenter networking by discussing various uses cases and features of VMware NSX.

Chapter 2, NSX Architecture, understanding NSX architecture is key for knowing features and various use case of NSX. Here we will be primarily covering Management Plane, Control Plane & data plane architecture followed by VXLAN architecture which will be essential for understanding the creation of Logical networks and troubleshooting virtual networks during upcoming modules

Chapter 3, NSX Manager Installation and Configuration, we start this chapter with all requirements needed for a successful NSX installation by following step by step instruction on deploying and configuring NSX manager, NSX Controller and Data Plane software modules for Logical Switching, routing and Microsegmentation.

Chapter 4, NSX Virtual Networks and Logical Router, with the fundamental understanding on Overlay network in the previous chapters here we will be discussing about Logical Switching and distributed logical routing. Starting from configuration we cover step by step instructions on how to deploy Logical switches and establish a simple routing environment within the hypervisor layer.

Chapter 5, NSX Edge Services, we start this chapter with introduction to NSX Edge Services and various form factors. We also have discussions around NAT, DHCP, Load balancing and routing in this chapter and with that knowledge this chapter will be a complete network package that NSX offers in Software defined datacenter.

Chapter 6, NSX Security Features, end to end security is key to the success of any network topology. We start this chapter with introduction to traditional way of securing networks and how NSX helps to have a better control within Virtual Space. Distributed Firewall, Service Composer are some of the key highlight’s of this chapter

Chapter 7, NSX Cross vCenter, one of the most exciting feature of NSX is Cross vCenter Server. Ability to manage multiple vSphere Environment and leverage NSX features is a game changer in modern day datacenter. In this chapter we will have a deep dive sessions on Architecture and deployment of NSX Cross vCenter with some design backing the topology discussed in the chapter.

Chapter 8, NSX Troubleshooting, this chapter is all about applying what we learnt so far to identify and resolve NSX installation, registration and log process steps. The chapter is written in the same order how we started with the architecture of NSX – Management Plane, Control Plane and Data Plane troubleshooting followed by upgrade scenarios.

What you need for this book

Primarily,we need NSX Manager,vCenter Server and ESXI Hosts with Local/remote storage.

Note that for an NSX Manager to participate in a cross-vCenter NSX deployment the following conditions are required.

Above configurations can be configured and tested even on a Nested ESXI environment ,however it is strongly not recommended to deploy it like that in a Production Environment. 

For hardware compatibility matrix, please do refer VMware HCL guide:  http://www.vmware.com/resources/compatibility/search.php

Who this book is for

If you’re a network administrator and want a simple but powerful solution to your network virtualization headaches, look no further than this fast-paced, practical guide.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of