Clear and Simple VMware NSX 6.2 and vSphere Virtual Networks

Our Networking Fundamentals section begins with the tried-and-true OSI model. Understand the seven layers and learn some handy tricks that can help you keep them straight.

Take a brief tour of the history of Ethernet while you learn key concepts including: Collision and Broadcast domains, MAC addresses, hubs, and switches.

Maximum transmission unit (MTU) is a configuration that when properly configured can help make Ethernet more efficient. When configured wrong it can bring you network to a grinding halt. An MTU of 1600 is required for the NSX Underlay network.

What is an Ethernet broadcast, and what kind of problems do they create? In this video learn about the concepts of layer 2 broadcast and unknown unicast traffic.

When it comes to Layer 2 networks, loop is a four-letter word. Learn how Spanning Tree Protocol (STP) avoids loops and understand the drawbacks of this approach.

Learn the basics of IP addressing and understand why it is important. Understand concepts like private IP addresses and subnet masks.

Address resolution protocol (ARP) is a layer 2 broadcast that is used to learn MAC addresses. I will provide a simple explanation of when an ARP is generated and how it works.

This video explains how Virtual Machines are able to access network resources. You will learn about concepts like virtual switches, VM port groups, and VMkernel ports.

Learn about NIC Teaming methods, security settings, and traffic shaping policies available in the vSphere Standard Switch. I'll also explain the multiple TCP/IP stacks supported by vSphere 6.

Learn how the vSphere Distributed Switch provides scalability to vSphere deployments. What happens if vCenter fails? We'll cover that, along with features such as load-based teaming and Private VLANs.

I'll provide simple explanations about network features that the vSphere Virtual Switch supports, including CDP, LLDP, Network I/O Control (NIOC), Traffic Filtering and Tagging, network health check, Netflow, Rollback, and more.

Why do we need NSX, and what benefits does it provide? What NSX components are in the Management, Control, and Data plane? And how is the initial setup of NSX done? Find out in this lesson!

Learn about VXLAN encapsulation, and how it is used with the Logical Switch. We'll also look at how the NIC teaming method effects the number of VTEPs created.

In this lesson, we examine how different NIC teaming methods—originating port ID, source MAC hash, and IP hash—impact the creation and distribution of VTEPs (VXLAN Tunnel Endpoints) in VMware NSX environments. By understanding the link between NIC teaming strategies and VTEP allocation, we see how traffic distribution among physical adapters varies, with IP hash enabling load balancing across adapters, while port ID and MAC hash methods bind each VM to a specific physical adapter through a single VTEP per NIC.

NSX introduced a new type of virtual switch called a Logical Switch. Learn about the unique features and how it uses VXLAN transport instead of VLANs. I'll also show you how this allows layer 2 traffic to traverse a layer 3 underlay.

Transport Zones are used to define the scope of our logical switches. Clusters of ESXi hosts will be added to a transport zone.

Understand the role of the NSX Controller Cluster and the MAC, ARP, and VTEP tables. We'll cover how these tables are populated and how ARP requests are affected.

This lesson explains the process of virtual machine (VM) communication within NSX by detailing how pings and ARP requests are managed across vSphere Distributed Switches and Logical Switches using VTEPs and NSX controllers. It highlights the role of the NSX controller cluster in optimizing network efficiency by intercepting ARP broadcasts, managing IP-to-MAC mappings, and how NSX Manager integrates with vCenter for controller deployment, ensuring secure communication across the network.

NSX Controller Nodes must be deployed in clusters of three. In this video we'll learn how the NSX Controller Cluster distributes workload and handles failures.

Broadcast, Unknown Unicast, and Multicast traffic are known collectively as BUM traffic. In this video you'll see the different replication modes that NSX uses to distribute this traffic across ESXI hosts.

How does Logical Switching and VXLAN affect the ability to scale our network up? We'll draw some diagrams up on the whiteboard to show how NSX increases scalability by allowing us to deploy routers in the underlay network.

NSX features a hypervisor-based router called the Distributed Logical Router. We'll learn how it routes packets, and what interface types it supports. Network diagrams will be used to compare this to traditional physical routing.

Packets and Frames can contain quality of service values that ensure priority on the physical network. How are these values affected by VXLAN encapsulation?

A Layer 2 bridge can be used to create an Ethernet segment that spans a VLAN and a VXLAN and can even be stretched out to the physical network.

Before we dig into the routing capabilities of NSX I will provide a brief lesson comparing static and dynamic routing.

The NSX Edge is the swiss-army knife of NSX. It does VPN, Firewall, NAT, and other features. In this lesson I'll introduce you to the basics of the NSX edge.

This video explains how the NSX Edge and the Distributed Logical Router can use BGP and OSPF to automatically exchange routing updates.

You can utilize multiple NSX Edge Gateways to spread out ingress and egress traffic across a group of ESXi hosts. Learn these concepts and understand what happens when a failure occurs.

The NSX Edge is part of the data plane, and actively passes network traffic. In this video we'll learn about how we can ensure that the effects of a failure are minimized.

NSX can be deployed on vSphere in a few different ways. In this video we'll look at design options including management, edge, and compute clusters.

The NSX Edge can be used to establish a Layer 2 VPN connection with another NSX Edge - or with any compatible hardware! Learn how the Layer 2 VPN works, and what uses cases it is applicable to.

The NSX Edge can be used to create an IPSEC VPN. This is useful if you have two different networks that need to communicate over the Internet in a secure manner.

The NSX Edge includes a remote access solution called SSL VPN Plus. Learn about how this works, the supported authentication methods, and the different modes it can operate in.

Private IP addresses are not routable on the Internet but are commonly used on most networks. Learn how the NSX Edge can translate private and public IP ranges.

You may have multiple VMs, like web servers, that serve an identical purpose. The NSX Edge can distribute traffic to these VMs and provide redundancy and monitoring.

One of the most attractive features of NSX is microsegmentation. Learn how you can create firewall policies that are enforced at the Virtual NIC level.

Service Composer can be used to automate your security posture. We can also use it to integrate third party solutions, such as anti-virus scanning and intrusion prevention systems.

This lesson introduces the network and guest introspection capabilities in VMware's Service Composer, focusing on how third-party solutions for security scanning and compliance monitoring can tag virtual machines dynamically. Guest introspection detects issues like viruses or sensitive data, tagging affected VMs for isolation within security groups, while network introspection redirects traffic for inspection by services like intrusion prevention systems, enhancing overall security without direct guest OS access.

This lesson covers the fundamentals of Cross vCenter NSX, a feature introduced in NSX 6.2 that enables creating and managing NSX components across multiple vCenter instances. With Cross vCenter NSX, universal objects like logical switches, firewall rules, and distributed logical routers can be established across vCenter environments, facilitating seamless VM migration, consistent network policies, and improved support for disaster recovery and active-active data center configurations.

This lesson delves into the architecture of Cross vCenter NSX, detailing the roles of primary and secondary NSX managers, the use of a universal controller cluster, and how universal objects are managed across vCenter instances. Additionally, it covers the configuration of egress traffic, the role of local egress for optimal routing in multi-site deployments, and the resilience and recovery options in case of primary NSX manager or controller cluster failure, enabling consistent network policies and disaster recovery across sites.