nsx

With NSX-T logical networking the Tier-0 uplinks become the central passage for all of the North-South traffic—i.e., traffic between the NSX-T logical networks and the physical network. A critical point in the NSX-T data plane and one that we might want to place under a magnifying glass from time to time. In this short article…

Read more Packet Capture On Tier-0 Uplinks

Welcome back! We’re in the process of building an NSX-T Edge – FRRouting environment. In part 1 we prepared the FRR routers by doing he following: Installed two Debian Linux servers Installed VLAN support Enabled packet forwarding Configured network interfaces Installed and configured VRRP Installed FRRouting In this second part we will first deploy the…

Read more NSX-T Meets FRRouting – Part 2

Until recently I always used pfSense with the OpenBGPD package as the NSX-T Edge counterpart in my lab environment. It’s quick and easy to set up and works well enough. But pfSense is not what I typically find in a customer’s production environment. I started to investigate other virtualized “top-of-rack solutions” for the lab that…

Read more NSX-T Meets FRRouting – Part 1

A while back Dumlu Timuralp published an excellent guide on integrating NSX-T 2.5 with K8s. If you haven’t read it already I strongly recommend that you have a look at it. The guide goes through every step of configuring the integration and does a great job explaining the architecture and components that make up this…

Read more Kubernetes – NSX-T Lab

Like any other firewall the NSX-T Distributed Firewall (DFW) consumes memory and CPU. Unlike other firewalls the DFW’s resource consumption is distributed, taking place on the transport nodes where the workloads it protects reside. Memory allocation An ESXi transport node allocates a fixed amount of memory for the different DFW components. The amount of memory…

Read more NSX-T Distributed Firewall Threshold Monitoring

After receiving a couple questions about the NSX-T firewall policy locking feature, I decided to write a short blog post about it. The purpose of locking a firewall policy The easy part first. As explained in the official NSX-T documentation we lock a firewall policy to prevent multiple users from editing the same section. Locks…

Read more Locking NSX-T Firewall Policies

With every new release of NSX-T interesting features are added to the platform. Take failure domain for example. Introduced in version 2.5, failure domain adds another layer of protection for the centralized services running on Tier-1 Gateways. It basically facilitates a rack aware placement mechanism for the Tier-1 service router (SR) components. In today’s article…

Read more Tier-1 Failure Domain