Learn NSX Day 7 : Deploying ESXi

Image Builder
Reason to use :
Pre load NSX VIBs into your ESXi image for an auto deploy solution
(Prep ESXi hosts normally in Update Manager)
A guide can be found her How to Install VIBs on ESXi host vmwarearena.com

Check VIBs are loaded

host-prep

host-prep

Check for  :
NSX VXLAN
NSX Distributed Firewall

Where to check. See example “Verify NSX VIBs Installation from ESXi hosts” vmwarearena.com

  

ESXi

  • Logs F/W decisions
  • Requires “netcpa” agent to be running for VXLAN tunnel end point (VTEP)
  • Shows ARP entries for given VXLAN network

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX  Day 6 : NSX and Logical Switches

Replication Modes on Logical Switches

logical-switch options

logical-switch options

 

Broadcast (BUM)
Hybrid Mode Logical Switch

 

broadcast

broadcast

 

Sort of utilises both Unicast and Multicast traffic

 


Unknown Uni-cast replication

unicast

unicast


Reason to use :
Opposite to Multicast. Separation of the Physical and Logical networks
 
No PIM or IGMP on physical network. Non-ESXi don’t receive BUM option
Configurable in the Transport Zone (VTEPS Send Uni-cast and can remote proxy in transport zone)

Multicast Replication

multicast

multicast


Reason to use :
NSX relies on Layer 2 and Layer 3 multicast for physical network for VXLAN encapsulated multi destination is sent to all VTEPS
(page  26) 
Required PIM and L3 multicasting routing
Least amount of bandwidth used on physical network architecture

 

Logical Switches

Prep work :
Config VXLAN tunnel endpoint (VTEP) VLAN on trunk in physical switches

A good article on logical switching and transport zones was available this page by  Alex Hunt – Logical Switching and Transport Zones 


Spine – Leaf architected networks

spine-leaf

spine-leaf

A great description by Ethan Banks below :
“In modern data centers, an alternative to the core/aggregation/access layer network topology has emerged known as leaf-spine. In a leaf-spine architecture, a series of leaf switches form the access layer. These switches are fully meshed to a series of spine switches.

Network overlays such as VXLAN are common in highly virtualized, multi-tenant environments such as those found at Infrastructure as a Service providers. Arista Networks is a proponent of layer 3 leaf-spine designs, providing switches that can also act as VXLAN Tunnel Endpoints.” By Ethan Banks

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologises if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

 

Learn NSX  Day 5 : NSX HA, Edge, REST API

Edge HA

edge

edge

 

  • Works in Active / Standby. There is zero service interruption during failover
  • Requires two NSX Edge appliances
  • Configured with in the Web Client > Networking and Security > NSX Edges > Manage > Settings > Configuration > Add Edge appliance or at the install NSX edge time

    add-edge

    add-edge

  • Edge makes sure Edge VMs are on different ESXi hosts.

VMware recommends:

  • Deploy appliances to two different datastores and resource pools.
  • Have a Primary and a Secondary appliance
  • Primary maintains the heartbeat.
  • Leverage vSphere HA to provide better NSX Edge HA

NSX Rest API

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX  Day 4 : NSX Roles

Security Admin
Options : “NSX Security only”
Description : View configured policies, View violation reports, can also have limited access to specific edge devices, create port groups etc.

NSX Administrator
Options : “NSX Operations only”
Description :Install appliance’s and configuration

Auditor
Options : “Read Only”
Description : View configured policies, View violation reports

Enterprise Admin
Options : “NSX Operation and Security”
Description : Create and publish security policies, install virtual appliances plus other roles

 

A good article and guide on how to assign users permissions I used was “Working with NSX – Assigning User Permissions” WAHL NETWORK

 

VMware NSX 6 Documentation for “quote”

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

 

Learn NSX  Day 3 : NSX Manager and NSX Controller

NSX Manager

NSX Manger

NSX Manger

Manage vCenter Registration

nsx-manager-options

nsx-manager-options

Overview

Manage NSX Manager

Manage NSX Manager

Options

  • Deployment of the controller clusters
  • Logical networking
  • Networking and Edge services
  • Security Services (out the box includes support  for vRA,vLI,vROPS,vIO,Arkin & Tufin)
  • Creates self-signed certs
  • ESXi host Prep (VIBS etc)
  • Extend logical networks for a new ESXi cluster
    (web client > Network security > Install for new cluster)
  • Logging configured
  • Backup NSX

NSX Controller (Control Plane)

add-controller

add-controller

  • Deployed as virtual appliances
  • Enable VXLAN
  • Logically separated from the data plane traffic
  • Dynamic routing between ESXi (North / South by Edge VM)
  • Supports ARP suppression
  • Each controller node is assigned roles

Diagram from my notes

NSX Manager

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX  Day 2 : NSX Deployment Best Practice

This best practice page is more of a list of resources and starting points to collect information from

·         Start with the VMware NSX for VSphere Network Virtualization Design Guide
·
         VMware NSX Brownfield Deployment Guide
·
         Best practices from VMware World (Lostdomain.org) (Cluster Design, NSX Multi-tenancy,NSX Distributed Firewall, NSX Transport Zone & NSX Edge Services)
·         Deploying VMware NSX for vSphere and the Nutanix enterprise cloud platform (A downloadable document with Use Case scenarios)


The key technical feature for me was to

·         Deploy NSX Manager and NSX Controller to a Management Cluster and not the same clusters your other VMs are part of.
·         Use vSphere HA as NSX Manager is a virtual machine

 Lab Deployment guide NSX Lab Design & Deploying NSX Manager vmwarearena.com

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 1 : NSX Requirements

The assumption is you already know what NSX is. These are my study notes and exam prep. If you want an introduction to NSX, try this Alex Hunt introduction to NSX

For my setup the basic requirements are :

·         vSphere environment using vCenter & ESXi (HA, DRS & FT)
·         ESXi Cluster (idealy x2 clusters, 1x Mgmt and 1xService)
·         1x vCenter per NSX Manager
·         Physical network 1600 MTU
·         1 x vDS
·         Prep hosts for NSX (VIBS) – Manually or use Updated Manager
·         Desktop Client (Windows 10) running Chrome or Firefox with flash installed
·         NSX ova required 16GB RAM and 4 CPU. (unsupported 8GB RAM and 2 CPU)

For a quick deploy in a PoC Deploy-and-Configure-VMware-NSX-in-23-minutes (untested, all scripts are at you own risk)

Minimum versions which support NSX

·         vCenter 5.5
·         ESXi 5.1
·         vShield 5.5
·         vCNS 5.5

VMware NSX Configuration Maximums 6.2

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are note made during my study of VMware for NSX. Apologise if any of the detail is incorrect. Hopefully posts under Learn NSX help others to start learning about VMware NSX for vSphere.

Learn NSX – VMware NSX for vSphere

nsx1_hotwiredv2
Over the following weeks I’ll be posting my study notes on VMware NSX for vSphere

These notes have been created based on :
1) Attending VMware Network Virtualization Fundamentals – On site training by VMware
2) NSX SE Customer Labs (NSXv 6.1)- On site training by VMware
3) NSX for vSphere 6.1 Exploration – Lab- On site training by VMware
4) Setting up a PoC NSX lab – Hot Wired IT Solutions facilities
5) VMware® NSX for vSphere (NSX) Network Virtualization  Design Guide
6) VMware Learning Platform – NSX training modules


Topics
:
Day 1 starts  10.10.16 – Each day of notes will be available at 8am (GMT)
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API

Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologises if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.