IP network

VVD design - 9000 MTU

Requirements
Greater flexibility for header data 1600 MTU Min
Uses Geneve overlay
Allows more development of services

Basic Appliance config

Deploy initial OVA of NSX Manager & control VM
CLI Admin & Auditor Password defined DC
Allows supported install via UI Edge
1 NSX manager deployment per vCenter vCenter(s) Cloud
Add compute managers
multiple vCenters per NSX manager VMs
Install Overview NSX is a suite of products
Standalone CLI install Containers
VIP or External Deploy additional management VMs (3 total) Support for Bare Metal
Overlay Multi-hypervisor
Create transport zone
VLAN Mixed modes of above
TEPs IP Pool Prepare Transport Nodes Consistency
Push code to compute Ability to add networking services Automation
Network Virtualization
links N-VDS Flexible
Create Edge services Routing
Create logical networks Bridging
Logical Interface (LIF) Layer 2 broadcast domain Switching
Virtual Interface (VIF) Logical Switch Networking Features NAT
Port group for a workload
Virtual network identifier (VNI) VPN
VM Frame to switch DHCP
Return if within dynamic state Controller Cluster Load balancing
Switching
MAC learning BUM Flooding via Replication mode Local
Secuirty Firewalling
Same transport node Local Process Public cloud
Decision
Overlay Remote API > NSX Manager component saves config
Tunnel Endpoint (TEP) Forward to tunnel endpoint Switching
To destination workload Data Flow Overview Concept Pushed to CCP component translates & maintains runtime Routing
Micro-segmentation Security
VMs Pushed to transport nodes to data plane
Network policy Workload level Prior to 2.4 Seperated Management & Control Planes
NCP plugin Containers
Label Overview Reduces number of VMS
From 2.4 - Converged management & control plane
VLAN HA mode availible
Does not require a network change
Overlay Single VM Below 2.4
Multi hypervisor 3 VMs converged with CCP
Deployment
IP / MAC Sets 2.4 - HA / Converged External LLB Supported
Network
Traditional method Virtual IP
logical networks Consistent posture across data plane
Web GUI
Zoning Infrastructure
Abstracts IP API
NSX Manager
Naming Management Plane Configuration database CorfuDB
Static Cloud
Policy Apporaches
Dynamic Tags Plugins to other areas vCenter
Scope Containers
Workload or Application
No IP or infratsrcuture zoning based Hypervisor host
No dependancy on vCenter Uses concept of compute manager
Nested Dynamic Multiple vCenters
URL / FQDN Management plane agent (MPA) Connects from Transport node to NSX manager
From 2.4
whitelisting
Routing
North South Perimeter
Switching
Multi-tenant Central Control plane (CCP)
Edge Firewall Security Security
Active standby Stateful Centralised
ARP Supression
Virtual & Physical form factor
NSX Controller Cluster (CCP) Seperate 3 VMs before 2.4
East-West traffic Control Plane
NSX-T Architecture Converged with management functions from 2.4
Multiple Compute managers
Centralised management plane Overview [2.4.1] Holds the control state
Moves with VM
Policy based 2 Tier By Tep IP Subnet
Rule base in NSX manager Replication mode
Data Flow Head End Every node in transport zone
Controller Cluster component expands the config to rules Control Plane
Architecture Local Control plane (LCP) Agent from transport node to CCP node
Data path at N-VDS with vSIP module ESXi
VMs
Agent and OVS KVM Data plane Endpoint forwarding data traffic to workloads
Containers
Flow tables
ESXi N-VDS
Scale out with compute Performance
KVM Open vSwitch
Spoof guard Distributed Firewall
On Prem Overlay aware
Rate limiting Switching policy Feature overview Transport nodes (TN) NSX-T Edge
Can have TEP
BPDU filtering
Baremetal Agent based
ARP Snooping
Windows VM
DHCP
Ip Discovery Off Prem Linux VM
Manual
NSX Cloud Gateway
VMtools
NSX Managed Virtual distributed switch Forked version of the VDS from vSphere
Active directory groups Identity Firewall
ESXi
Partner based services From 2.4
Service insertion Data Plane KVM
availible
Code availible across multiple form factors
Logical routing between broadcast domains Bare metal

Communication between different L2 domains VM

Router code on every host Management plane placed in NSX manager Decoupled from vCenter

kernel space Links to transport zone

1 hop routing N-VDS Can be linked to different transport node types

Asymmetric routing Same logical broadcast domain across hypervisors

Route Lookup Optimised routing Teaming Policy

Encapsulated Different Endpoint Distrbuted Router (DR) Connect to Uplink profile Active
Closest to source uplinks
Does not leave host Same Endpoint Process Define Standby

If connected routes Transport VLAN

No connected forwarded to GW MTU

Connects to the physical Single Tier From 2.4 Multiple switches per host - N-VDS type

Downlinks Tier-0 REST API

East West Interaction JSON

Stateful Swagger

Tier-1 Terraform
Centralized logic
Multi-Tenancy Multi-Tier Multiple tooling Ansible

In & out of NSX domain North South Routing Python

VM Demarcation

ISO Consistent across hybrid cloud

CPU Baremetal Create

HCL Operations overview Decoupled Approach NSX Manager
NIC Configure

ECMP Active - Active Scale out Form factors vCenter

Compute manager
State is in sync Consume network

One node active at a time Stateful Services Router (SR) Licence is for NSX not V or T Already supported & licenced
Active - Standby
Standby has BGP sessions Cannot co-exist on same host or cluster
Exsisting NSX-V Thoughts
Different node NSX Edge node Migration to T approach Upgrade Co-ordinator

BGP Dyanmic Peering HCX migration from V or vSphere from 2.4

Defines a physical uplink
Static Peering NSX Backup On Change Detection External storage
From 2.4
NAT VMware HCX support for migration

DHCP

LLB
Stateful services
L2
VPN
L3 NSX-T Overview updated for 2.4.1
Firewall www.elasticsky.co.uk | Paul McSharry - 2019
@pmcsharry