A vMoment of NSX Tips

I have been tweeting about NSX Tips for over an year and one of my friends who is actively preparing for his VCP-NV 2019 recommended me to post the tips as a blog for quick reference. Hence I thought to sort them together as a Twitter moment as well as an article to help the vCommunity with the certification studies.

Here are the 30 NSX Tips which I have tweeted (and still going). I will update the content as soon as I tweet a tip next time. Thanks to the #vCommunity for the RT to reach a good audience.

Twitter moment -> https://twitter.com/i/moments/1175014070380089345

NSX-T Tip 20:BUM Replication is handled in software and is decoupled from underlying hardware.The choice of replication mode depends on the number of host TEP subnets with Hierarchical Two-Tier as the default.For single subnet TEPs,replication mode doesn't matter#RunNSX #vExpert pic.twitter.com/GWrf2WG287

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) September 19, 2019

NSX-T Tip 19: For Edges in VM Form Factor,the dot1q tagging for the T0 Gateway uplinks are applied at it's host networking DVS or host N-VDS. For Baremetal Edges,the dot1q tagging applies directly at it’s N-VDS level.@vmwarensx @vExpert #RunNSX #VMware https://t.co/FmrKzgH2Tx

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) September 17, 2019

NSX-T Tip 18:NSX-T has DNS Forwarder Service at the T1 or T0 level for the Overlay workloads.This is a caching only DNS(relay mode) pointed to the customer's existing DNS server with default TTL 300s.The service works in Active/Standby mode on the Edge Cluster.#vExpert #RunNSX pic.twitter.com/U0rA2bXWHi

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) September 16, 2019

NSX-T Tip 17: Having an Edge Cluster for the @vmwarensx T1 Gateway (SR Construct) can influence routing decisions as well as ECMP in few scenarios. This post from Gary Hills @spillthensxt explains this in detail (Scenario 5 & 6)#VMware #vExpert #RunNSX https://t.co/mGgbtFzGTK

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) September 5, 2019

NSX-T Tip 16: Use AS multipath-Relax on the T0 BGP process to achieve uplink ECMP when the T0 SR uplinks peer with Leaf Switches or Core over different ASNs. #vExpert #RunNSX https://t.co/iLosHRNfE3

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) August 31, 2019

NSX-T Tip 15: When configuring @vmwarensx T0 Gateway routing with multiple uplinks over the Edges, consider the URPF mode as well. URPF Strict mode can lead to packet drops in some scenarios like having ECMP on Leafs but not on the T0 Gateway uplinks.#vExpert #RunNSX @vExpert pic.twitter.com/6ZJTE10TCA

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) August 13, 2019

NSX-T Tip 14: When configuring eBGP peering between @VMware NSX-T T0 Gateway & Leaf Switches, enable BFD for the BGP neighbors for faster uplink failure detection and failover. For baremetal edges, this is in the order of milliseconds.@vExpert #vExpert @vmwarensx #RunNSX pic.twitter.com/aMVB6fvll2

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) August 10, 2019

NSX-T Tip 13:Enabling T0 ECMP sets the BGP maximum-paths parameter of each SRnode to 8.Edge VMs are usualy deployed with 2 uplinks, achieving 2 ECMP paths/node. Baremetal edges can achieve 8 ECMP paths with a single node. This is the running-config of an SR node.#vExpert #RunNSX pic.twitter.com/RuvqxjNN9I

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) August 6, 2019

NSX-T Tip: This is how we migrate the T1/T0 SR Components from one edge node to another in an Edge cluster. An use case would be like upgrading the form factor of the deployed Edge VMs in the cluster (medium to large for eg:)@vmwarensx @vExpert #VMware #vExpert #RunNSX pic.twitter.com/zXOVxdcCBG

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) August 4, 2019

NSX-T Tip: This is how NSX-T T0 Gateway with Inter-SR Routing enabled along with DellEMC Networking L3 VLT Leaf switches helps in re-routing Ingress/Egress traffic in case of an uplink failure. Read more in my blog : https://t.co/SI485gJeer @vmwarensx @vExpert #RunNSX #vExpert pic.twitter.com/h13Fzbnsss

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) July 26, 2019

NSX-T Tip: This is how we use the NSX-T loadbalancer to perform an HTTP to HTTPS redirection of a web application hosted in the overlay. We also have an option to set a "Sorry Server" in case the Server pool goes down or during a maintenance window.@vmwarensx #vExpert @vExpert pic.twitter.com/kdMQIGWp9h

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) July 25, 2019

NSX-T Tip: If u want to view/export the running configuration of your T0 Gateway (SR Component), try this from the Edge node VRF for the SR component:

set debug
get service router running-config@vExpert @vmwarensx #RunNSX #vExpert pic.twitter.com/fcdgDVxBFP

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) July 23, 2019

NSX-T Tip: When you enable Inter-SR routing for the T0 Active-Active Gateway, each route that is advertised between the iBGP T0 SR components is set with a BGP Community tag of NO_EXPORT, hence they are not advertised to external ToR.@vExpert @vmwarensx #RunNSX #VExpert pic.twitter.com/YZ52ZkgyXa

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) July 11, 2019

Taken from @VMware VVD 5.0.1, this is how NSX-T Edge VM Networking on host N-VDS would look like. An example for this would be a VCF NSX-T Workload domain which uses a shared Edge and Compute cluster in the WLD.@vmwarensx @vExpert #vExpert #RunNSX pic.twitter.com/Q9RrZTDlec

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) July 9, 2019

[Taken from NSX-T docs] If we are not using Transparency for the NSX-T LB HTTP virtual service, good to enable INSERT for the XFF header field, so the Real Server logs can see the original client IP requesting service.#RunNSX #VMware @vmwarensx @vExpert #vExpert pic.twitter.com/hRLnWmpKvz

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) June 17, 2019

NSX-T #Tip: The Centralized port type (CSP) in a T1/T0 logical router is used to connect to the VLAN Logical segments. Eg: when u use partner services integration that requires traffic to be redirected to their appliance for introspection, this port type is used. #RunNSX #ProTip pic.twitter.com/6P0QuRYZlP

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) June 2, 2019

Do u know – @VMware NSX-T Manager uses CorfuDB which is a distributed append only, immutable & scalable log structure. For persistence, data is written to disk but NSX-T manager handles queries in-memory.@vmwarensx #vExpert #RunNSX https://t.co/FHysgbrBJp

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) May 30, 2019

NSX-T Tip:The Reflexive NAT on the Tier-0 logical router is Stateless.This is a 1:1 mapping between a Source IP on the Logical segment to a Translated IP on the VLAN segment.This is needed in Tier-0 Active-Active deployments and when multiple T0 uplinks exist.@vmwarensx #RunNSX pic.twitter.com/PgFusWqXIQ

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) May 26, 2019

This is how @VMware NSX-T Edge VM Networking on DvPort Groups looks like. My drawing from the new blog post.#vExpert #NSX #RunNSX #VMware @vmwarensx pic.twitter.com/yqZm9gnlqA

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) May 23, 2019

NSX-T Tip: For @VMware NSX-T Edge Cluster deployed in VM form factor on VLAN Port Groups on DvSwitch (VTEP),we don't need to specify a Transport VLAN on the Edge Profile because the Transport VLAN tagging is already applied at the Port Group level.@vmwarensx @vExpert #vCommunity pic.twitter.com/flljnhghy6

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) May 22, 2019

If your @VMware NSX-V design has more than one ESG ABR in an OSPF NSSA area, then this option "NSSA Translator Role" decides which ESG would translate Type 7 LSAs from the DLRs to Type 5 LSAs. The routes would be seen as E2 by non-NSSA areas @vmwarensx @VMwarevSphere @vExpert pic.twitter.com/xNHCErclV5

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) April 28, 2019

This is the VNI Table maintained by the @VMware NSX Controller cluster. This shows which controller node is authoritative to maintain the state information of each VxLAN logical segment. In other words, how distributed state management works.@vmwarensx @vExpert #RunNSX #VMware pic.twitter.com/9jroXadyRG

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) April 2, 2019

NSX Tip:The CDO mode gives an extra layer of resiliency to the @vmwarensx control plane.This mode populates a Global VTEP list on separate logical switch which helps many of the control plane operations to work before you rebuild the controller cluster. #vExpert @vExpert #RunNSX pic.twitter.com/aXGrTEtcR5

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) April 1, 2019

NSX Tip : When you decide the span of the @vmwarensx transport zone, make sure it is aligned with the DVSwitch boundary. What if, you exclude a cluster where the DVSwitch is spanned – See the reason from @vmware NSX documentation below: #vExpert @vExpert https://t.co/PexAokMgAI

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) March 26, 2019

VmwareNSX DLR supports DHCP Relaying. You could dynamically manage the IP assignment for the VMs in the VxLAN Logical Segments with the existing DHCP servers on the VLAN segments, thereby maintaining IP Schema centrally. @vmwarensx #RunNSX #NSXMindset pic.twitter.com/kfv584N6Cm

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) February 9, 2019

While peering @vmwarensx ESGs with the physical BGP speakers, have a look at the timer values too. If you modify the Hold timer values to outside the minimum expected range for the peers, the TCP connection fails. This is what you see on a Cisco IOS #CiscoChampion pic.twitter.com/zTMt5pcBG6

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) January 4, 2019

You can reduce the size of ESG-DLR OSPF routing table when you configure the @vmwarensx area as NSSA. This will replace all external routes with a default route to the ABR. In case you want to redistribute routes on the DLR, this will be translated to a Type-5 LSA by the NSSA ABR pic.twitter.com/bIoe7uWdEw

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) November 11, 2018

Achieving Multi-Datacenter Pooling with VMWare NSX. Universal Logical Switches & Universal DLRs can span across datacenters. Workload mobility is simplified. VMs can retain the IP schema even on the new site. This is where you create Universal Transport zone. #vmwarensx #sddc pic.twitter.com/IPo3M0Gnhv

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) October 27, 2018

VMware NSX Controllers are stateless, so its very easy to spin up additional instances. If the Controller cluster has irrecoverable errors and needs to be rebuilt, simply spin up a new Controller cluster and import the controller state information. @vmwarensx #virtualization pic.twitter.com/OElMhPFrPJ

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) October 22, 2018

Enabling OSPF on the @vmwarensx Edge Services Gateway & DLR for routing updates with the Core physical layer. With Route Redistribution enabled at the DLR for the logical networks, the software defined Tenant can now communicate with the external networks. #networking #VMware pic.twitter.com/BtDwfIDky3

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) October 18, 2018

This is where we enable Transparency for the @vmwarensx logical Loadbalancer's Virtual Service. If the Real Servers in the Pool are Web Tiers, then they now can see the original Client IP in the Weblogs. Else it would be the Logical Loadbalancer's VS IP. pic.twitter.com/Ti9qW8VIpi

— Harikrishnan T 🇮🇳 🇺🇸 (@hari5611) October 12, 2018

I hope the Tips were informative. If you find this useful, please share via social media. Thanks for reading

sketch-1565367997315