Clear and Simple NSX-T 2.4 (VCP-NV 2020)

This video provides a comprehensive breakdown of the OSI model, demystifying its seven layers to help viewers understand how devices communicate over a network. Focusing primarily on the critical layers for networking (physical, data link, network, and transport), it highlights common issues, troubleshooting tips, and practical applications for network professionals.

This video provides a historical overview of Ethernet networking, from the early days of Carrier Sense Multiple Access with Collision Detection (CSMA/CD) to the evolution of hubs and modern Ethernet switches. It explains how Ethernet switches use MAC address tables to efficiently manage data traffic and avoid collisions, highlighting the fundamental differences between older and newer networking technologies.

This video explains the concept of Maximum Transmission Unit (MTU) and its impact on network performance, highlighting how larger MTU settings reduce overhead by sending fewer frames. It emphasizes the importance of consistent MTU configuration across a network to avoid issues like frame drops or the resource-intensive fragmentation and reassembly processes on switches and routers.

This video explains how Layer 2 broadcast traffic, such as ARP requests, affects the performance of both physical and virtual switches by flooding all ports with broadcast frames. It highlights that while broadcasts can propagate across interconnected switches within the same Layer 2 network, they are contained by routers, which do not forward Layer 2 broadcasts to other network segments.

This video explains the Spanning Tree Protocol (STP) and how it prevents switching loops in Ethernet networks by detecting and blocking redundant connections. While STP ensures a loop-free topology to avoid network failures caused by broadcast storms, it may reduce available bandwidth by disabling certain network paths to maintain stability.

This video introduces the basics of IP networking, focusing on fundamental concepts like IP addresses, subnetting, default gateways, and how routers interconnect Layer 2 networks by forwarding packets between different IP networks. It explains the role of routers and routing tables in directing traffic and illustrates the differences between Layer 2 (MAC) and Layer 3 (IP) addressing in network communication.

This video explains the concept of ARP (Address Resolution Protocol) requests and how they are handled by an Ethernet switch, highlighting their role in mapping IP addresses to MAC addresses for direct Layer 2 communication. It demonstrates how ARP broadcasts are used to discover the MAC address of a destination device and the network overhead this can cause, emphasizing the importance of minimizing such traffic in network management.

This video introduces the fundamentals of virtual networking, explaining how virtual machines (VMs) connect to resources within an ESXi host or a physical network using virtual network interface cards (vNICs) and virtual switches. It covers key concepts such as virtual machine port groups, VLAN tagging, VMkernel ports, and how traffic flows between virtual and physical networks to enable communication and management within a virtualized environment.

This video covers the vSphere standard switch configurations, focusing on NIC teaming methods like originating virtual port ID, source MAC hash, and IP hash to balance traffic across physical adapters and ensure network resilience. It also discusses features like traffic shaping, security settings (e.g., forged transmits, MAC address changes, and promiscuous mode), and the use of multiple TCP/IP stacks to manage different types of traffic efficiently in a virtualized environment.

This video discusses the vSphere Distributed Switch (VDS), highlighting its scalability advantages over the vSphere Standard Switch (VSS) and its centralized management via vCenter. It covers advanced features like Private VLANs for intra-VLAN isolation, Load-Based Teaming (LBT) for dynamic traffic balancing, and Link Aggregation Control Protocol (LACP) for aggregating multiple physical NICs to optimize network performance and flexibility.

This video introduces NSX-T, highlighting its differences and advantages over its predecessor, NSX-V, particularly in terms of platform support and management independence from vCenter. NSX-T offers broader compatibility with various environments like KVM, Kubernetes, AWS, and Azure, supports AWS Outposts, and integrates management and control plane functions into a unified cluster, making it a versatile choice for modern, multi-cloud infrastructures.

This video provides an overview of the management, control, and data planes of NSX-T, explaining how each plane functions and interacts within the NSX-T environment. The management plane handles configuration changes, the control plane manages dynamic state and updates, and the data plane is responsible for the actual traffic flow, including critical components like the NSX Edge for north-south traffic and cloud extensions.

This video explores the functionality of NSX Manager in NSX-T, detailing its deployment in a three-node cluster to provide scalability, efficiency, and fault tolerance, as well as the role of a virtual IP for management traffic. It also explains options for enhancing availability and load balancing, such as using external load balancers to manage API requests and distribute workloads across different network subnets.

This video explains the role of the NSX controller, a function integrated into the NSX Manager cluster in NSX-T, which manages logical switching, routing, and firewall rules. The NSX controller handles tasks like tracking virtual machine MAC addresses, managing dynamic routing updates, and ensuring seamless vMotion by maintaining accurate mappings of where virtual machines are located across transport nodes.

This video explains the concept of controller plane sharding in NSX-T, where each NSX controller within the three-node NSX Manager cluster is responsible for managing specific transport nodes. The controllers share a distributed database, ensuring that if one controller fails, no data is lost and the transport nodes are simply reassigned to another controller, maintaining efficient operations without interrupting data flow.

This video provides an in-depth overview of the NSX-T data plane, emphasizing its role in forwarding and managing user traffic across transport nodes such as ESXi hosts, containers, and bare metal servers. It explains the concept of creating Layer 2 segments over a Layer 3 physical network using Tunnel Endpoints (TEPs) and the importance of proper MTU settings to enable efficient communication across NSX domains, effectively decoupling the virtual network configuration from the physical network infrastructure.

This video dives deeper into the concepts of NSX-T overlay networks, specifically focusing on Tunnel Endpoints (TEPs) and Geneve encapsulation to allow Layer 2 segments to span across Layer 3 physical networks. It explains how TEPs encapsulate and decapsulate traffic to maintain seamless communication between VMs on the same logical network, even when they are physically separated across different subnets and transport nodes.

In this video, we explore the concept of transport zones in NSX-T and how they define the scope and connectivity of network segments across transport nodes, such as ESXi hosts, KVM, bare metal servers, and NSX edges. We discuss the differences between overlay transport zones, which are used for Geneve overlay networks, and VLAN transport zones, which connect to physical VLAN-backed networks, and explain how transport zones are configured and applied to transport nodes to manage network segmentation and traffic flow.

In this lesson, we focus on VLAN transport zones in NSX-T, where we create VLAN-backed segments associated with specific VLANs on transport nodes like ESXi hosts. These VLAN-backed port groups enable connectivity between devices on physical networks and NSX-T environments, with edge nodes acting as the bridge between overlay networks (Geneve) and VLAN-based network segments.

This lesson demonstrates the host preparation process for configuring ESXi hosts to run NSX-T in a lab environment. It covers setting up the necessary prerequisites, such as transport zones, tunnel endpoint IP pools, uplink profiles, and transport node profiles, and then applying a transport node profile to the selected ESXi hosts to enable NSX-T configurations and networking.

This lesson explores the visibility differences between NSX-V and NSX-T when configuring transport zones and Tunnel End Points (TEPs). Unlike NSX-V, where all VMkernel ports and TEP details are visible in the vSphere client, NSX-T requires using its own user interface to view TEP configurations and monitor tunnel statuses between transport nodes.

This lesson explains how NSX-T utilizes uplink profiles to determine NIC teaming policies and traffic distribution across physical adapters in ESXi hosts configured as transport nodes. It covers different teaming methods—such as failover order, load balanced source, and load balanced source MAC address—to manage how virtual machines and their network interfaces are mapped to uplinks, optimizing network traffic flow and redundancy.

This lesson demonstrates how to configure uplink profiles and manage the underlying settings of ESXi hosts in NSX-T using VMware's hands-on labs. It highlights that most configurations for NSX-T, such as NIC teaming, transport VLAN, and MTU settings, are handled through NSX Manager uplink profiles rather than directly in the vSphere client, where configuration options for NSX-backed virtual distributed switches are limited.

This lesson covers the process of logical switching in NSX-T by creating Layer 2 segments within an N-VDS (NSX Virtual Distributed Switch). It explains how traffic is managed and forwarded between VMs on different ESXi hosts using tunnel endpoints (TEPs) and describes the encapsulation method used to carry traffic across the physical underlay network, highlighting the role of the NSX controller in managing MAC tables for traffic forwarding.

This lesson demonstrates how to create a new segment in NSX-T, explaining how segments function as Layer 2 networks and how they can be associated with Tier 0 or Tier 1 gateways for routing purposes. The video also covers configuring subnet settings for segments, exploring uplink types, and using the VMware vSphere client to connect virtual machines to these newly created segments.

This lesson covers how to create and configure segment profiles in NSX-T to standardize settings like Quality of Service (QoS), IP Discovery, SpoofGuard, Segment Security, and MAC Discovery. These profiles simplify the application of consistent policies across multiple segments, ensuring optimal network performance, security, and management efficiency within the NSX environment.

This lesson explains the three key control plane tables in NSX-T: the ARP table, the MAC table, and the TEP table, which work together to manage traffic within Layer 2 segments. The ARP table maps IP addresses to MAC addresses, the MAC table identifies which TEP each MAC is reachable through, and the TEP table tracks the IP and MAC addresses of TEPs, enabling efficient traffic routing and minimizing broadcast traffic in the network.

This lesson demonstrates how to use the NSX command line to display the ARP, MAC, and TEP tables for a logical switch in NSX-T. It covers accessing the command line interface of NSX Manager, retrieving the UUID of logical switches, and executing specific commands to view the IP-to-MAC mappings, MAC address associations, and TEP information for network segments.

This lesson explains how broadcast, unknown unicast, and multicast (BUM) traffic is replicated across transport nodes in an NSX Layer 2 segment, highlighting two replication modes: head replication and hierarchical two-tier replication. Head replication involves sending unicast copies of BUM traffic from the source TEP to all other TEPs, while hierarchical two-tier replication optimizes traffic flow by using intermediate TEPs to replicate traffic locally within different subnets, reducing network congestion.

In this lesson, we demonstrate how to configure replication modes for segments in the NSX user interface, specifically using the hierarchical two-tier replication method to manage BUM traffic across TEPs. The video also shows how to create a new segment, assign it a Tier 0 gateway, select a transport zone, and adjust the replication mode between head and hierarchical two-tier replication as needed.

In this lesson, we learn about logical routing in NSX-T, focusing on how the distributed router (DR) facilitates East-West routing between virtual machines within the same network. The DR operates as a kernel module on each ESXi host, enabling efficient routing without the need for traffic to leave the host or traverse physical network components, thus reducing latency and network overhead.

In this lesson, we explore routing design options in NSX, focusing on single-tier routing with a Tier-0 distributed router and services router for East-West and North-South traffic management. The Tier-0 router handles internal routing within the NSX domain and connects to external networks via the services router, creating a straightforward routing setup without needing a Tier-1 router.

In this lesson, we dive into multi-tier routing in NSX, focusing on the use cases and benefits of implementing a Tier-0 and Tier-1 gateway structure. Multi-tier routing is primarily used to support multi-tenancy by providing logical separation between provider-controlled routing (Tier-0) and tenant-controlled routing (Tier-1), allowing for more complex network designs that manage how different tenants interact with each other and external networks.

In this lesson, we demonstrate how to set up East-West routing within an NSX-T environment using a Tier-1 gateway to manage internal network traffic between segments. By migrating segments from a Tier-0 gateway to a newly created Tier-1 gateway, we enable multi-tenancy and allow isolated routing between different tenants, while still retaining the ability to control north-south traffic through the Tier-0 gateway.

In this lesson, we demonstrate how to set up and explore logical north-south routing in an NSX-T environment using both Tier-0 and Tier-1 gateways. We focus on configuring edge nodes as the boundary between the NSX routing environment and the external network, and we examine how traffic flows from external sources into the NSX domain, using tools like trace route to visualize the path taken by network packets.

In this lesson, we explore the Tier-0 north-south router configuration in an NSX-T environment using command-line tools. By accessing the NSX Edge node, we examine routing details such as BGP neighbors, route tables, and logical interfaces, providing a deeper understanding of how the Tier-0 gateway manages traffic within the network.

In this video, we explore the setup of active-active service routers within an NSX environment, focusing on their role in north-south routing and centralized services on edge nodes. The lesson discusses the importance of configuring these routers for high availability, the limitations regarding stateful services in active-active configurations, and how routing protocols like BGP handle traffic failover in the event of node failures.

In this video, we explore the setup and operation of active-standby service routers in an NSX environment, focusing on their role in providing high availability for stateful services such as firewalls. The lesson explains how only one service router actively passes traffic while the other remains on standby, ready to take over in case of a failure, with options for preemptive or non-preemptive failover depending on the desired configuration.

In this video, we explore the high availability configuration of an NSX edge cluster by setting up multiple edge nodes with redundant interfaces for a Tier-0 gateway. The lesson includes a deep dive into routing configurations, showing how distributed and service routers work together across edge nodes to ensure continuous north-south connectivity in the event of a node failure.

In this video, we delve into the role of edge nodes in NSX, which are crucial for running centralized network services that can't be distributed to the hypervisor, such as north-south routing, NAT, DHCP, firewall, load balancing, and VPN. The lesson also covers the architecture and configuration of edge nodes, explaining their integration into the network, how they support multiple transport zones, and their importance in ensuring high availability and performance in a production environment.

In this video, we explore NSX routing protocols with a focus on the Tier Zero gateway, which serves as the primary router for north-south traffic, establishing relationships with physical routers in the network. We cover the basics of static routing, the benefits of using BGP for dynamic routing, and how BGP features like route aggregation, community lists, IP prefix lists, and route maps are used to optimize and secure the routing process within an NSX environment.

In this video, we explore the concept of Layer 2 bridging in NSX, which allows the extension of an NSX Layer 2 segment into a VLAN, enabling seamless communication between virtual machines on NSX segments and those on VLANs or physical servers without requiring routing. This functionality supports gradual migration of virtual machines to NSX environments and ensures compatibility with existing network setups, while also integrating with distributed routing for efficient traffic management.

In this video, we explore how Network Address Translation (NAT) is performed in NSX-T 2.4, focusing on both source and destination NAT. The lesson demonstrates how NAT allows communication between privately addressed virtual machines and external networks by modifying IP addresses, with the Tier 1 and Tier 0 service routers handling the translation process for outbound and inbound traffic, respectively.

In this video, we walk through the process of configuring Network Address Translation (NAT) in NSX-T using the free labs at VMware. The demonstration covers setting up both source and destination NAT rules on a Tier 1 gateway, highlighting how NAT allows external access to privately addressed virtual machines while ensuring that only necessary routes are advertised for enhanced security.

In this video, we delve deeper into network address translation (NAT) configurations in NSX, particularly focusing on setting up reflexive NAT in an active-active Tier zero gateway environment. The lesson demonstrates how NAT rules are created, validated, and how the configuration changes affect the routing and network communication within the NSX environment.

In this video, we explore the DHCP server and DHCP relay services in NSX-T, detailing how both Tier one and Tier zero service routers can be configured to act as DHCP servers or relays. The lesson covers the process of forwarding DHCP requests from virtual machines to the appropriate service router and configuring IP address ranges for different network segments, setting the stage for a practical demonstration in the next video.

In this video, I demonstrate how to configure a DHCP server in NSX-T using a Tier zero gateway. The lesson walks through creating the DHCP server, assigning IP address ranges for a new segment, and verifying that a virtual machine successfully obtains an IP address from the configured DHCP server.

In this video, we explore the concepts of load balancing using a Tier one gateway in NSX-T, focusing on how it distributes traffic across server pools and enhances application availability. We cover both Layer 4 and Layer 7 load balancing, discuss the importance of active-standby configuration for Tier one gateways, and explain the differences between inline and one-arm load balancing modes, including how client IPs are handled in each scenario.

In this video, I demonstrate how to set up load balancing in NSX-T 2.4, covering the creation of a load balancer, configuring health monitors, and establishing a server pool. I also show how the load balancer distributes traffic across virtual machines and handles failover when a server in the pool becomes unavailable.

In this video, we cover the basic concepts of IPsec VPN tunnels in NSX-T 2.4, highlighting how they secure traffic over untrusted networks like the Internet. We also discuss the requirements for setting up these VPN tunnels, including the need for an active-standby configuration on the Tier-0 gateway, which is the only supported gateway type for IPsec in NSX-T 2.4.

In this video, I demonstrate how to configure an IPSEC VPN in NSX-T 2.4, focusing on setting up the NSX-T side of the configuration. I walk through creating a Tier-0 gateway in active-standby mode, setting up the IPSEC service, and configuring route-based IPSEC sessions, while also explaining key aspects like bypass rules, authentication modes, and encryption profiles.

In this video, we explore the Layer 2 VPN service in NSX-T 2.4, which allows for the extension of a Layer 2 network across geographically separated locations, enabling consistent IP addressing and seamless virtual machine migration. This service supports both VNI and VLAN-based networks, making it ideal for data center migration and disaster recovery, as it simplifies maintaining the same IP address scheme across multiple sites.

In this video, we explore the concept of stateful firewalls within NSX-T 2.4 and discuss how they track and manage ongoing connections to simplify rule sets, allowing for permissive outbound and restrictive inbound rules. We also delve into the benefits of distributed firewalls, which enforce security rules at the virtual network interface level, minimizing unnecessary traffic across the physical network and optimizing east-west traffic control within an NSX environment.

In this video, I demonstrate how to configure the distributed firewall in NSX-T 2.4, including creating and managing firewall policies, setting up rules, and understanding the difference between blacklist and whitelist connectivity strategies. I also show how to create dynamic groups within the inventory to apply specific firewall rules across different application tiers, highlighting the importance of rule order and the ability to target policies for optimal security and performance.

In this video, I demonstrate how to configure the NSX-T 2.4 distributed firewall for a three-tier application, including setting up firewall rules to manage traffic between the web, application, and database servers. I also illustrate the importance of applying firewall rules to both the source and destination groups to ensure proper traffic flow and highlight how the firewall's connectivity strategy (whitelist vs. blacklist) impacts security and access.

In this video, I demonstrate how to configure the NSX-T 2.4 Gateway Firewall, which acts as a perimeter firewall for managing north-south traffic in an NSX domain. The lesson covers creating and applying firewall rules at the Tier-0 or Tier-1 gateway to control access to web servers, ensuring that only specific traffic from designated IP ranges is allowed, while all other traffic is blocked.

In this video, we explore the network introspection services in NSX-T 2.4, focusing on integrating third-party security tools like Next-Generation Firewalls and Intrusion Detection Systems to monitor network traffic. The lesson covers the deployment and configuration of these services for both north-south and east-west traffic within an NSX domain, emphasizing the use of service virtual machines (SVMs) and the creation of redirection rules to ensure specific traffic flows through the security solutions.

In this video, we'll explore how NSX-T 2.4 provides endpoint protection for virtual machines, focusing on protecting the operating system and file system from potential threats through agentless integration with third-party antivirus or anti-malware solutions. We'll cover the setup process, including the deployment of guest introspection services and configuring policies to ensure virtual machines are automatically protected, specifically on Windows VMs, with Linux support introduced in NSX-T 2.5.

In this video, we'll explore the installation process for NSX Manager in NSX-T 2.4, including the prerequisites and system requirements necessary for deployment. We'll also discuss the similarities in deployment between NSX-T 2.4 and 3.0, touching on the different deployment options and resources needed, as well as the relevant ports and protocols that must be configured for a successful installation.

In this video, I'll demonstrate how to install NSX Manager using the vSphere client, walking through the deployment process of the OVA template and configuring the necessary settings. We'll also troubleshoot common installation issues, such as insufficient disk space and memory reservations, and conclude by verifying the successful deployment through various connectivity tests and the initial NSX Manager login.

In this video, I'll demonstrate how to add a compute manager to NSX Manager, walking through the process of connecting a vCenter Server and verifying its registration within the NSX Manager interface. This step is crucial as it enables the integration of vCenter with NSX, allowing for the management of virtualized environments across different hypervisors.