NSX 4.0.1 Stateful Active-Active Gateway – Part 2 – Two Tier Routing

Welcome back!!! We are at Part 2 of the blog series on NSX Stateful Active-Active Gateways. In Part 1, we dealt with a single tier routing scenario where we had the logical segments attached to stateful A/A T0 Gateway and discussed about Edge sub-clusters, Interface groups, shadow and peer-shadow interfaces, traffic punting, edge node selection…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 2 – Two Tier Routing

NSX 4.0.1 Stateful Active-Active Gateway – Part 1 – Single Tier Routing

With the release of version 4.0.1, NSX introduced support for stateful services on T0 or T1 gateway running in Active-Active topologies. Prior to NSX 4.0.1, configuration of stateful services required to have the gateways configured in Active-Standby mode. The reason for this was asymmetric routing as the return path for traffic can be on a…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 1 – Single Tier Routing

NSX Microsegmentation Part 2 : Transforming Architecture to Policies

Welcome back!!! Now that we developed the microsegmentation architecture for the fictitious customer Corp-XYZ, we will move ahead and transform the architecture to DFW policies. If you missed Part 1, you can read it below: https://vxplanet.com/2022/11/30/nsx-microsegmentation-part-1-developing-the-architecture/ Let’s get started: Defining tags and security boundaries (virtual zones) Based on the design decisions we developed in Part…… Continue reading NSX Microsegmentation Part 2 : Transforming Architecture to Policies

NSX Microsegmentation Part 1 : Developing the Architecture

Distributed Firewall (DFW) is one of the powerful security features of NSX. Distributed Firewall is an East-West Firewall used for network segmentation and microsegmentation to achieve zero-trust protection for the environment. The DFW exists in the kernel of the hypervisor and the rules are enforced at the vnic level of the virtual machines. DFW rules…… Continue reading NSX Microsegmentation Part 1 : Developing the Architecture

NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained

When dealing with Spoofguard, address learning and distributed firewall (DFW), we need to consider two modes under the IP discovery profile of segments called “Trust on First Use (TOFU)” and “Trust on Every Use (TOEU)”. Understanding these modes is important as this has a dependency with spoofguard as well as to avoid DFW bypassing in…… Continue reading NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained

NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway

Until NSX-T version 3.2, Proxy ARP configuration on the T0 Gateway required that the gateway to be deployed in Active-Standby mode. I wrote an article around the same for use with vSphere with Tanzu during February last year. If you missed it, you can read it below: https://vxplanet.com/2021/02/12/nsx-t-architecture-in-vsphere-with-tanzu-part-4-proxy-arp-gateways/ To understand what Proxy ARP is, it…… Continue reading NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway

NSX 4.0 Edge Node Design with four Datapath Interfaces

NSX-T introduced support for four datapath interfaces in release 3.2.1 which allows for more flexibility in achieving deterministic traffic flows for East-West and North-South traffic by decoupling the East-West TEP traffic and North-South traffic over BGP on separate interfaces on the edge nodes. Prior to release 3.2.1, we used named teaming policies for deterministic steering…… Continue reading NSX 4.0 Edge Node Design with four Datapath Interfaces

VMware Explore (VMworld) and how it has helped me over these years

I just registered for the biggest event of the year – VMware Explore 2022 US happening at the Moscone Center in San Francisco, California from Aug 29 – Sept 1, 2022. I am a big fan of VMware Explore event but have never attended in-person and this will be my first in-person experience at the…… Continue reading VMware Explore (VMworld) and how it has helped me over these years