Book Image

VMware NSX Cookbook

By : Bayu Wibowo, Tony Sangha
Book Image

VMware NSX Cookbook

By: Bayu Wibowo, Tony Sangha

Overview of this book

This book begins with a brief introduction to VMware's NSX for vSphere Network Virtualization solutions and how to deploy and configure NSX components and features such as Logical Switching, Logical Routing, layer 2 bridging and the Edge Services Gateway. Moving on to security, the book shows you how to enable micro-segmentation through NSX Distributed Firewall and Identity Firewall and how to do service insertion via network and guest introspection. After covering all the feature configurations for single-site deployment, the focus then shifts to multi-site setups using Cross-vCenter NSX. Next, the book covers management, backing up and restoring, upgrading, and monitoring using built-in NSX features such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring. Towards the end, you will explore how to leverage VMware NSX REST API using various tools from Python to VMware vRealize Orchestrator.

Related Content you might be interested in

Current Title:

Small book image
VMware NSX Cookbook
Bayu Wibowo | Tony Sangha
Mar, 2018 | 584 pages
Small book image
Learning VMware NSX
Ranjit Singh Thakurratan
Aug, 2017 | 254 pages
Small book image
VMware Cross-Cloud Architecture
Ajit Pratap Kundan
Mar, 2018 | 504 pages
Small book image
Mastering VMware vSphere 6.5
Andrea Mauro | Paolo Valsecchi | Karel Novak
Dec, 2017 | 598 pages
Table of Contents (19 chapters)
Title Page
Title Page
Packt Upsell
Packt Upsell
Foreword
Foreword
Contributors
Contributors
Preface
Preface
Free Chapter
1
Getting Started with VMware NSX for vSphere
Getting Started with VMware NSX for vSphere
Introduction
Choosing the right VMware NSX for vSphere edition
Selecting ESXi hosts and network adapters
Downloading NSX for vSphere
Deploying the NSX Manager virtual appliance
Replacing the NSX Manager certificate
Registering vCenter server with NSX Manager
Applying the NSX license
Deploying the NSX Controller Cluster
Preparing a vSphere cluster for NSX
Validating NSX VIB installation
2
Configuring VMware NSX Logical Switch Networks
Configuring VMware NSX Logical Switch Networks
Introduction
Configuring VXLAN Networking
Configuring a VXLAN Segment ID
Creating a NSX Transport Zone
Creating a NSX Logical Switch
Connecting a Virtual Machine to an NSX Logical Switch
Testing an NSX Logical Switch
Enabling the Controller Disconnected Operation Mode on a Transport Zone
3
Configuring VMware NSX Logical Routing
Configuring VMware NSX Logical Routing
Introduction
Configuring the Distributed Logical Router
Configuring the Distributed Logical Router for dynamic routing
Deploying and configuring the NSX ESG in HA mode
Understanding and configuring the NSX ESG for routing
4
Configuring VMware NSX Layer 2 Bridging
Configuring VMware NSX Layer 2 Bridging
Introduction
Configuring Software-Based Gateway Layer 2 Bridging
Selecting a hardware VTEP gateway
Integrating Hardware VTEP Gateway with VMware NSX
Extending VMware NSX Logical Switch to Hardware VTEP Gateway
5
Configuring VMware NSX Edge Services Gateway
Configuring VMware NSX Edge Services Gateway
Introduction
Configuring a DNS relay
Configuring a DHCP server
Configuring an Edge Firewall
Configuring Network Address Translation
Configuring Load Balancing
Configuring IPSEC VPN
Configuring SSL VPN
Configuring High Availability
6
Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard
Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard
Introduction
Verifying NSX DFW component status
Configuring IP Discovery for Virtual Machines
Working with SpoofGuard
Excluding Virtual Machines from DFW Protection
Configuring DFW Session Timeout
Creating Security Policy Rules from the Firewall Table Menu
Creating Security Policy Rules from the Service Composer menu
Verifying DFW rules
Leveraging the DFW Applied To field
Deploying Network or Guest Introspection Services
Configuring the Identity Firewall
7
Configuring Cross-vCenter NSX
Configuring Cross-vCenter NSX
Introduction
Configuring Primary and Secondary NSX Manager(s)
Creating a Universal Transport Zone and adding a vSphere cluster to the Universal Transport Zone
Creating a Universal Logical Switch
Creating a Universal Logical Router
Adding a VM to a Universal Logical Switch
Understanding and configuring the Universal Distributed Firewall
8
Backing up and Restoring VMware NSX Components
Backing up and Restoring VMware NSX Components
Introduction
Backing up NSX Manager
Restoring NSX Manager
Restoring NSX Controller Nodes
Restoring a Logical Switch Backing Port Group
Restoring NSX Edge
Exporting NSX DFW Rules configuration from the Firewall Menu
Restoring NSX DFW Rules configuration from the Firewall Menu
Exporting NSX Security Policy from the Service Composer Menu
Restoring NSX Security Policy from the Service Composer Menu
9
Managing User Accounts in VMware NSX
Managing User Accounts in VMware NSX
Introduction
Creating a service user account for vCenter server registration
Granting access to NSX
Creating and Managing CLI user accounts in NSX manager
10
Upgrading VMware NSX
Upgrading VMware NSX
Introduction
Preparing for VMware NSX upgrade
Verifying VMware NSX working state
Upgrading VMware NSX Manager
Upgrading NSX controller node
Upgrading VMware NSX Host Clusters
Upgrading VMware NSX Edge
Upgrading Network and Security Service Deployments
11
Managing and Monitoring VMware NSX Platform
Managing and Monitoring VMware NSX Platform
Introduction
Monitoring NSX using NSX Dashboard
Configuring the NSX Components Syslog
Configuring and viewing the NSX Distributed Firewall Log
Configuring vRealize Log Insight for NSX
Enabling NSX Flow Monitoring
Using Application Rule Manager
Using NSX Endpoint Monitoring
12
Leveraging the VMware NSX REST API for Management and Automation
Leveraging the VMware NSX REST API for Management and Automation
Introduction
Using the REST API with the Postman REST client
Using the REST API with cURL
Using the REST API with PowerShell
Using the REST API with Python
Using the vRealize Orchestrator plugin for NSX
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Configuring IP Discovery for Virtual Machines

As explained in the introduction, NSX DFW uses VMware Tools to retrieve a virtual machine IP address and enforces firewall rules on the virtual machine. However, in some cases virtual machines may not have VMware Tools installed and running. To avoid the DFW dependency on VMware Tools, NSX 6.2.0 introduced two new mechanisms to discover a virtual machine's IP address that can be configured on a vSphere cluster-level basis:

  • DHCP snooping: Tracks IPv4 and IPv6 DHCP protocol messages
  • ARP snooping: Tracks ARP messages from the guest virtual machines

The NSX Manager can use either of these mechanisms to discover the IP address and apply firewall rules to a virtual machine. In this recipe, we will enable ARP snooping for virtual machine IP discovery.

Getting ready

Make sure you have Security Administrator or Enterprise Administrator access to NSX.

How to do it...

Follow these steps to change IP detection type settings on a vSphere cluster:

  1. From the vSphere...
Previous Section
End of Section 4
Next Section