Book Image

Learning VMware NSX - Second Edition

By : Ranjit Singh Thakurratan
Book Image

Learning VMware NSX - Second Edition

By: Ranjit Singh Thakurratan

Overview of this book

VMware NSX is a platform for the software-defined data center. It allows complex networking topologies to be deployed programmatically in seconds. SDNs allow ease of deployment, management, and automation in deploying and maintaining new networks while reducing and in some cases completely eliminating the need to deploy traditional networks. The book allows you a thorough understanding of implementing Software defined networks using VMware’s NSX. You will come across the best practices for installing and configuring NSX to setup your environment. Then you will get a brief overview of the NSX Core Components NSX’s basic architecture. Once you are familiar with everything, you will get to know how to deploy various NSX features. Furthermore, you will understand how to manage and monitor NSX and its associated services and features. In addition to this, you will also explore the best practices for NSX deployments. By the end of the book, you will be able to deploy Vmware NSX in your own environment with ease. This book can come handy if you are preparing for VMware NSX certification.
Table of Contents (17 chapters)
Title Page
About the Author
About the Reviewer
Customer Feedback

NSX features and services

Before we get started with NSX, it is important to understand some of its features and services.


NSX 6.2 is the current NSX version as of this writing.

Some NSX features are listed as follows. We will discuss these features in great detail in the following chapters:

  • Logical switching: NSX allows the ability to create L2 and L3 logical switching that enables workload isolation and separation of IP address space between logical networks. NSX can create logical broadcast domains in the virtual space that prevent the need to create any logical networks on the physical switches. This means you are no longer limited to 4096 physical broadcast domains (VLANS).
  • NSX gateway services: The Edge gateway services interconnect your logical networks with your physical networks. This means a virtual machine connected to a logical network can send and receive traffic directly to your physical network through the gateway.
  • Logical routing: Multiple virtual broadcast domains (logical networks) can be created using NSX. As multiple virtual machines subscribe to these domains, it becomes important to be able to route traffic from one logical switch to another. Logical routing helps achieve this by routing traffic between logical switches, or even between a logical switch and public networks. Logical routing can be extended to perform east-west routing that saves unnecessary network hops, increasing network efficiency. Logical routers can also provide north-south connectivity allowing access to workloads living in the physical networks. Logical routers also help avoid hairpinning of traffic, thereby increasing network efficiency.


East-west traffic is traffic between virtual machines within a datacenter. In the current context, this typically will be traffic between logical switches in a VMware environment. North-south traffic is traffic moving in and out of your datacenter. This is any traffic that either enters your datacenter or leaves your datacenter.

  • Logical firewall: NSX allows you the option of a distributed logical firewall or an Edge firewall for use within your software-defined networking architecture. A distributed logical firewall allows you to build rules based on attributes that include not just IP addresses and VLANs, but also virtual machine names and vCenter objects. The Edge gateway features a firewall service that can be used to impose security and access restrictions on north-south traffic.
  • Extensibility: There are third-party VMware partner solutions to integrate directly into the NSX platform that allow a vendor choice in multiple service offerings. There are many VMware partners who offer solutions such as traffic monitoring, IDS, and application firewall services that can integrate directly into NSX. This enhances management and end user experience by having one management system to work with.

The features listed earlier enable NSX to offer a wide variety of services that can be consumed in your infrastructure. These services can be deployed and configured by the NSX API as well. Some of the NSX services are listed as follows:

  • Load balancer: NSX Edge offers a variety of services and the logical load balancer is one of them. The logical load balancer distributes incoming requests among multiple servers to allow for load distribution while abstracting this functionality from end users. The logical load balancer can also be used as a high availability (HA) mechanism to ensure your application has the most uptime.
  • Virtual private networks (VPN): The NSX Edge offers the VPN service that allows you to provision secure encrypted connectivity for end users to your applications and workloads. Edge VPN service offers SSL-VPN plus it allows for user access and IPSEC site-to-site connectivity, which enables two sites to be interconnected securely.
  • Dynamic Host Configuration Protocol (DHCP): NSX Edge offers DHCP services that allow IP address pooling, and also static IP assignments. An administrator can now rely on the DHCP service to manage all IP addresses in your environment, rather than having to maintain a separate DHCP service. The DHCP service can also relay DHCP requests to your existing DHCP server as well. The NSX Edge DHCP service can relay any DHCP requests generated from your virtual machines to a pre-existing physical or virtual DHCP server, without any interruptions.
  • Domain name system (DNS): NSX Edge offers a DNS relay service that can relay any DNS requests to an external DNS server.
  • Service composer: The service composer allows you to allocate network and multiple security services to security groups. Virtual machines that are part of these security groups are automatically allocated the services.
  • Data security: NSX data security provides visibility into sensitive data, ensures data protection, and reports back on any compliance violations. A data security scan on designated virtual machines allows NSX to analyze and report back on any violations based on the security policy that applies to these virtual machines.

Other NSX features include cross-vCenter networking and security, which allow you to manage multiple vCenter NSX environments using a primary NSX manager. This not only allows centralized management, but also extends one or more services and features across multiple vCenter environments. We will talk more about cross vCenter networking in the upcoming chapters.