Main Page

From NSX Ninja
Jump to: navigation, search
  • Deploying your first VNF with TCA I have shown you how to set up the complete infra with TCA and VCD here. In this article, I will show you how to deploy your first VNF.
  • Scaling out your VNF with TCA I have shown you how to set up the complete infra with TCA and VCD here. I have also shown you how to create your first VNF here. In this article, I will show you how to scale out this VNF using TCA and how to add the scaled out "app VM" to the load balancer using a workflow.
  • Deploy a NFV Lab with VMware TCA and VCD Last year VMware released the VMware Telco Cloud Automation (TCA) platform, which is a platform designed to help Cloud Service Providers (a.k.a. Telcos) onboard new applications, automate the design and deployment of both Virtual Network Functions (VNFs) and Cloud-native Network Functions (CNFs). This article will give you detailed step-by-step instructions to get started with testing out how TCA is set up and how this integrates with all other Software-Defined Data Center (SDDC) components. In this article, I will use VMware Cloud Director (VCD) as the Network Function Virtualisation (NFV) Virtualised Infrastructure Manager (VIM).
  • Books
  • VMware Cloud Director Basics with NSX-T This article will explain how you can integrate NSX-T into VMware Cloud Director to provide Network and Security capabilities across different tenants. To integrate NSX-T with VMware Cloud Director, you also need to know a bit about VMware Cloud Director and how it is installed, configured, and typical use-cases.
  • Hub and Spoke Layer 2 VPNs between multiple NSX-T enabled sites In this wiki article, I will explain how to set up Hub and Spoke Layer 2 VPNs between multiple NSX-T enabled sites.
  • NSX-T (nested) Lab with (3) different sites (and full (nested) SDDC deployment) This article will explain how you created a full nested SDDC Lab with NSX-T inside your vSphere environment. I will show you how to create three fully isolated Pod environments where each Pod can be seen as a private cloud/location/region or lab on its own. Each Pod can be seen as a location:

    - Pod 100 (GREEN) = Palo Alto
    - Pod 110 (BLUE) = Rotterdam
    - Pod 120 (ORANGE) = Singapore

    With this lab consisting of three pods, you will be able to create your own NSX-T Federation lab. The configuration and deployment of Federation are out of scope for this article. What is in scope here is primarily setting up the infrastructure to test NSX-T across multiple locations.
  • Configure NSX-T VRF Lite A VRF Tier-0 Gateway is a Gateway that is configured as a child object to a Parent Tier-0 Gateway. This means that you can configure multiple "mini Tier-0 Gateways" inside a Parent Tier-0 Gateway. In this wiki article, I will show you how to configure VRF Lite using NSX-T with two separate tenants.
  • Configure NSX-T URL Analysis NSX-T URL analysis allows you to get insight into what websites are accessed within the organization. These websites are scored so you can review and understand the reputation and risk of the accessed websites. This article will explain to you how to configure URL Analysis.
  • NSX-T IDS end-to-end testing In this article, I will explain to you how the NSX-T IDS feature works. I will perform some known attacks using Metasploit and show you how an attacker can perform certain attacks and how the NSX-T IDS will detect these attacks. I will also show you how to protect your network using the NSX-T Distributed Firewall after discovering the attacks by looking at the NSX-T IDS events.
  • Configuring NSX-T Federation with NSX-T The video's in this article will show you how to configure NSX-T Federation across three sites.
  • Deploying the second and third NSX-T Manager Nodes and form an NSX-T Manager Cluster This article will show you how to deploy your second and third NSX-T Manager nodes to form a cluster.
  • NSX-T EVPN North/South routing with NX-OS EVPN-based Datacenter fabric With the release of version 3.0, NSX-T supports now VRF Lite and EVPN. VRF support was a long-waited feature to overcome the scalability of NSX-T for multitenancy support. The purpose of this wiki article is to show how to extend NX-OS EVPN based DC network down to the NSX-T Edge level to enable VRF routing between them.
  • CA signed certs with NSX-T This wiki article will guide you through the process of replacing your NSX-T Manager Node self-signed SSL Certificates with your own CA-signed SSL certificates. There are many ways to generate CSR's, set up Certificate Authorities, and sign CSR's. In this article, however, I am explaining how this is done using one of these methods. I will show you a full end-to-end process from setting up your own Microsoft Windows CA Server, generating CSR's and how to use this CA Server to sign your own NSX-T SSL Certificates.
  • Configuring a VIP address across the NSX-T Manager Nodes In this article, I will show you how to configure a VIP IP address across your NSX-T Manager Cluster Nodes.
  • Add a (vCenter Server) Compute Manager to NSX-T In this article, I will show you how you add a Compute Manager (a vCenter Server) to NSX-T.
    You need to add a vCenter Server (Compute Manager) to NSX-T to:

    1) Install additional NSX-T Manager Nodes through the NSX-T GUI.
    2) Install NSX-T VIB modules on ESXi Hosts in order to make them Hoste Transport Nodes so they can make use of the NSX-T Services.
  • PART 2: Low level DR and SR internal component routing without assigning it to an Edge Cluster for the Tier-1 Gateways In Part 1 we will create a T1 gateway without assigning it to an Edge Cluster... (where this Part 2 talks about create a T1 gateway with assigning it to an Edge Cluster)

    This article will talk about creating a T1 gateway with assigning it to an Edge Cluster and will be the part 2 to the part 1 published earlier.

    This article will answer the following questions:

    1) Where are what DR and SR components created when you only create a T1 gateway with assigning it to an Edge Cluster?
    1a) What happens when you create a segment and connect that to the T1 gateway?
    1b) What happens when you connect a VM to that segment?
    2) Where are what DR and SR components created when you only create a T1 gateway?
    2a) What happens when you create a segment and connect that to the T1 gateway?
    2b) What happens when you connect a VM to that segment?
  • Configuring syslog services on NSX-T components There is a lot of confusion going on, on how to configure logging on the NSX-T Manager components. I get questions like:

    1) How do we log the Distributed Firewall rules?
    2) What is the source of the logging messages?
    3) How do I see logging for the T0 or T1 Gateways and Gateway firewalls?
    4) Is it possible to configure separate logging servers for different purposes?
    5) Is it possible to log the Distributed Firewall rules to a separate logging server?

    In this article, we will try to answer all of these questions with examples.
  • PART 1: Low level DR and SR internal component routing with assigning it to an Edge Cluster for the Tier-1 Gateways A colleague (Sergei Ischenko) who is shadowing my work came back with some pretty interesting questions and comments that will be described and answered below. This article will answer the following questions:

    1) Where are what DR and SR components created when you only create a T1 gateway without assigning it to an Edge Cluster?
    1a) What happens when you create a segment and connect that to the T1 gateway?
    1b) What happens when you connect a VM to that segment?
    2) Where are what DR and SR components created when you only create a T1 gateway?
    2a) What happens when you create a segment and connect that to the T1 gateway?
    2b) What happens when you connect a VM to that segment?
  • Deploying the first NSX-T Manager Node This article will show you how to deploy your first NSX-T Manager node.
  • Adding the NSX-T Licence This article will show you the step on how to add the NSX-T Licence.
  • Deploy a virtual Cisco CSR Router with IOS This article will show you how to deploy a virtual Cisco CSR1000v inside the VMware vSphere environment. After the Deployment, I will show you how to do the basic configuration in order to use it together with NSX-T (or to build your own network topology using Cisco CSR Routers).
  • Deploy a virtual Cisco Nexus Switch with NX-OS This article will show you how to deploy a virtual Cisco NX-OS Layer three switch inside the VMware vSphere environment. After the Deployment, I will show you how to do the basic configuration in order to use it together with NSX-T (or to build your own network topology using Cisco Nexus Switches).
  • Extend the NSX-T default 90 days password-expiration policy NSX-T has the default password policy that you need to change the "admin" password after 90 days. This can be annoying when you have a lab environment and need to change this every three months. In this article, I will show you how to extend the days your password is valid.
  • Multisite (light) Disaster recovery I have created a 4-part video series that will demonstrate how NSX-T multi-site (Disaster Recovery) works. Part 4 is definitely the cherry on the pie, but make sure you watch part 1, 2 and 3 as well to have a good understanding of the environment and to understand fully what is happening.
  • Configure NSX-T Logical Bridging (single profile) In this wiki article, I will show you how to configure Layer 2 Bridging between a VLAN (on the physical network) and a Segment (overlay network) on NSX-T with the same subnet. The goal is to not route network traffic through the Tier-0 and Tier-1 Gateways but to bridge network traffic using Layer 2 Logical bridging.
  • Create an NSX-T manager node cluster In this article, I will explain to you the different options of how you can design and deploy an NSX-T manager node cluster. I will provide you all the different options with justifications of why one choice is better than the other one. I will also discuss the risks that are introduced when you choose a specific option if they are any.