Like any other firewall the NSX-T Distributed Firewall (DFW) consumes memory and CPU. Unlike other firewalls the DFW’s resource consumption is distributed, taking place on the transport nodes where the workloads it protects reside. Memory allocation An ESXi transport node allocates a fixed amount of memory for the different DFW components. The amount of memory…

Read more NSX-T Distributed Firewall Threshold Monitoring

After receiving a couple questions about the NSX-T firewall policy locking feature, I decided to write a short blog post about it. The purpose of locking a firewall policy The easy part first. As explained in the official NSX-T documentation we lock a firewall policy to prevent multiple users from editing the same section. Locks…

Read more Locking NSX-T Firewall Policies

With every new release of NSX-T interesting features are added to the platform. Take failure domain for example. Introduced in version 2.5, failure domain adds another layer of protection for the centralized services running on Tier-1 Gateways. It basically facilitates a rack aware placement mechanism for the Tier-1 service router (SR) components. In today’s article…

Read more Tier-1 Failure Domain

A stretched cluster architecture facilitates for higher levels of availability and things like inter-site load balancing. It’s a common multisite solution and also part of VMware’s Validated Design for SDDCs with multiple availability zones. Traditionally compute networking in an active-active multisite setup has had its challenges, but with vSAN storage and NSX networking technologies that’s…

Read more Deploying NSX-T in a Stretched Cluster – Part 1

Recently a new version of the NSX-T Reference Design Guide was released. This guide, which now covers NSX-T versions 2.0 – 2.5, is a must read for anyone interested in the NSX-T solutions and their recommended design. One of the things you’ll find in the updated guide is a new recommended deployment mode for the…

Read more Single N-VDS per Edge VM

Welcome back! In part 1 we had a look at some NSX-T management plane failure scenarios and how to recover from them. In this part we continue to investigate NSX-T recoverability at the data plane and more specifically the NSX Edge. Quick note If you ever experience an issue in your NSX-T production environment, the…

Read more NSX-T Recoverability – Part 2

With NSX-T 2.5 comes NSX Intelligence 1.0. This component, which is part of NSX Data Center Enterprise Plus, is something I’ve been looking forward to since it was announced. NSX Intelligence adds a powerful analytics engine to the NSX-T platform. It provides workload and network context that is unique to NSX. Application owners and operations…

Read more Installing NSX Intelligence

Like everything else in life, stuff can break in your NSX-T environment too. When that happens it’s important to understand how to get things back on track again. In the following blog articles I’m going through a couple of NSX-T failure scenarios and look at how to recover from them. As usual I’m doing this…

Read more NSX-T Recoverability – Part 1