Welcome to VMware NSX Tutorials. The objective of these tutorials is to provide in depth understand of VMware NSX.
In addition to free VMware NSX Tutorials , we will cover common interview questions, issues and how to’s of VMware NSX.
Introduction of VMware NSX Tutorials
VMware NSX is the network virtualization and security platform that emerged from VMware. It is a platform for the software-defined data center. This software networking platform allows complex networking topologies to be deployed programmatically in seconds. SDNs allow ease of deployment, management, and automation in deploying and maintaining new networks while reducing and in some cases completely eliminating the need to deploy traditional networks.
VMware NSX components
A VMware NSX setup consists of various components. Each of them has a specific role in the overall setup. Some components are deployed in form of an appliance, other are installed as a module into the Hypervisor:
The NSX Controllers implements a network control plane for controlling the Open vSwitch (OVS) devices that perform packet forwarding. Controller Cluster nodes cooperate to manage all OVS devices and enforce consistency between the logical network view (defined via the NSX API) and the transport network view (implemented by OVS-enabled access switches).
Hypervisors, NSX Service Nodes, and NSX Gateways are represented in NSX as transport nodes. A transport node is any physical or virtual device that runs Open vSwitch and is managed by the NSX Controller to implement logical networks. How the NSX Controller manages the transport node depends on the role of that transport node:
-Hypervisors: Leverage an Open vSwitch to provide network connectivity for VM-based workloads. Like Service Nodes and Gateways, hypervisors are represented in NSX using the transport node entity.
-Gateways: An NSX Gateway connects logical networks to the data center’s physical network or to physical applications.
-Service Node: NSX Service Nodes offload network packet processing from hypervisor Open vSwitches, such as broadcast, unknown unicast and multicast (BUM) replication and CPU-intensive cryptographic processing.
The NSX Manager provides a GUI for operators to setup and configure an NSX network. It is not used by OpenStack itself and could be removed in the case that the operator uses CLI commands for all setup and configuration steps.
VMware NSX Architecture
In this diagram, the service administrator can provision the entire lifecycle of either a network segment (VLAN or VXLAN) or network service (firewall, load balancing, VPN, etc.) using either a third-party management interface or through the vCenter Web Client. Any programmatic changes made by the service administrator to firewalls, networks, or routing are sent from the NSX Manager to either the NSX Edge Services Gateway (NSX Edge) or the NSX vSwitches through the NSX Controller.
NSX vSwitches provide efficient, in-hypervisor networking capabilities that allow for an optimized network path and enhanced security for “east-west” traffic, which uses logical network resources. The NSX vSwitch can perform distributed routing for VLAN and VXLAN-connected networks, firewall services at the vNIC level, and typical layer 2 switching services. The NSX vSwitch firewall capabilities control the ingress and egress of network traffic for each VM using traditional network configurations (IP address, IP port, etc.), by vCenter object type, or by the user’s identity.
The NSX Edge Services Gateway on the internal network provides load balancing services to applications housed within the data center. The externally facing NSX Edge VM handles the “north-south” network traffic by providing routing, firewall, and VPN services to users wishing to access resources within the secure network boundary. Additionally, the NSX Edge is controlling access to external network ports and protocols for systems that sit within the secure network boundary.
NSX-v Deployment Considerations
This section discusses how network virtualization offered by VMware NSX-v can be placed on top of the scalable L3 network fabric presented in the previous sections. Network virtualization consists of three major aspects: decouple, reproduce and automate. All three aspects are vital in achieving the desired efficiencies. This section focuses on decoupling, which is key to simplifying and scaling the physical infrastructure.
Being able to provide L2 connectivity at the logical network level, independently from the characteristics of the underlying network infrastructure is the fundamental property that enables the decoupling effect. In the example of a L3 DC fabric where the L2/L3 boundary is positioned at the leaf layer, VLANs cannot span beyond a single rack inside the switching infrastructure but this does not prevent the provisioning of L2 adjacency between workloads connected to the logical networks.
When building a new environment, it is essential to choose an architecture that allows for future growth. The approach discussed here works for deployments that begin small but grow to large-scale ones while keeping the same overall architecture.
The guiding principle for such deployments is that the network virtualization solution does not imply any spanning of VLANs beyond a single rack. Although this appears to be a simple requirement, it has widespread impact on how a physical switching infrastructure can be built and on how it scales.
In an NSX enabled data center it is desirable to achieve logical separation and grouping of the ESXi hosts providing specific functions such as compute, management and edge services. This separation is logically arranged and provides the following advantages to the DC architect:
-Flexibility of expanding and contracting resources for specific functions.
-Ability to isolate and develop span of control.
-Managing life-cycle of certain resources for specific functions (Better HW – CPU, memory and NIC, upgrade, migration etc.).
-High availability based on functional connectivity needs, DRS, FT, Edge P/V and HA etc
-Automation control over areas or functions that require frequent changes (app-tier, security tags, policies, loadbalancer etc.)
These core tutorials will help you to learn the fundamentals of VMware NSX. For an in-depth understanding and practical experience, explore Online VMware NSX Training.
VMware NSX Overview
In order to clearly understand the components and architecture that make up the F5 BIG-IP and VMware NSX solution, it’s important to first understand the major components of VMware NSX, including their roles and responsibilities within the NSX architecture and where they function in the network plane stack.
The primary responsibility of traditional and virtualized networking devices is to move and manage traffic across the network. It is important to understand how these network devices are programmed, the protocols and standards used to learn about network paths and other types of devices, and the way network traffic rules are enforced when processing network traffic.
You’ll commonly hear about the three logical levels of network device functionality—the data plane, control plane, and management plane. The following diagram describes each network plane and its primary purpose.
Management plane—The management plane provides a method for configuring the network device. The configuration entered here will be placed into the control plane, and subsequently used by the data plane to properly ship the traffic around the network. Additionally, the management layer also uses protocols for proactive monitoring and device performance/statistics management.
Control plane—The control plane maintains both static configurations from the management layer (i.e., routing protocol configurations, firewall policies, etc.) and dynamic configurations from network routing protocols. The control plane contains the “rules” for moving the traffic around the network.
Data plane—The data plane is the workhorse of the network device. It is responsible for actually moving the packets across the network. It processes and forwards/ blocks traffic based on the “rules” established in the control plane.
Configuring the NSX Connector
After the BIG-IQ Cloud is installed, the next step to completing the integration is to set up the NSX connector. The NSX connector establishes a connection between vCenter, NSX Manager, and BIG-IQ Cloud. Once this connection is established, BIG-IQ Cloud has the means to communicate with the NSX Manager and vCenter server to deploy and manage BIG-IP VEs and application delivery services.
BIG-IP administrators can configure the available BIG-IP VE server images and assign a BIG-IP licensing pool used by a specific VMware NSX Manager. The NSX Connector can also be associated with the BIG-IQ Cloud catalog items to present specific application delivery configurations to NSX Manager. The BIG-IP VE images are stored on an internal web server or datastore for quick and easy access.
VMware NSX-v network virtualization solution addresses current challenges with physical network infrastructure and brings flexibility, agility and scale through VXLAN-based logical networks. Along with the ability to create on-demand logical networks using VXLAN, the NSX Edge Services Gateway helps users deploy various logical network services such as firewall, DHCP, NAT and load balancing on these networks. This is possible due to its ability to decouple the virtual network from the physical network and then reproduce the properties and services in the virtual environment. NSX-v reproduces in the logical space typical network services traditionally delivered by the physical infrastructure, as switching, routing, security, load-balancing, Virtual Private Networking and allows to extend connectivity into the logical space to physical devices connected to the external network.