Today we're beginning a new series on route filtering in NSX. Before we dive into our first topic ('IP Prefix Lists for Route Filtering'), let's take a look at "route filtering" and how it's utilized within NSX. Route Filtering Route filtering is a mechanism to alter the routes that are learned or advertised via aContinue reading "NSX Route Filtering – Part One: IP Prefix Lists for Route Filtering"
NSX-T Bridging 101 – Part Nine: A deeper discussion on Promiscuous Mode
Way back in part three of this series, we discussed the methods available for delivering frames to an NSX bridge when using a VSS/VDS. Out of these methods, the use of 'Promiscuous mode' on a distributed port group (DVPG) for bridging is pretty common, and it's understandable why: it's a simple checkbox in the configurationContinue reading "NSX-T Bridging 101 – Part Nine: A deeper discussion on Promiscuous Mode"
Stateful NAT in NSX – Part 2: Stateless Gateway Firewall
Leading up to today's discussion, we previously reviewed the differences between stateful and stateless firewalls , followed by how stateful NAT services operate in conjunction with a stateful Gateway Firewall. While the expectation when using stateful NAT services in NSX is that the Gateway Firewall is enabled with a stateful policy, we wanted to showContinue reading "Stateful NAT in NSX – Part 2: Stateless Gateway Firewall"
Stateful NAT in NSX – Part 1: T0/T1 Gateway Firewall
In our previous post, we detailed the differences between stateful and stateless firewalls. In today's post, we'll investigate how stateful NSX NAT services function in conjunction with the stateful firewall running on a Tier-0 or Tier-1, which is known as the 'Gateway Firewall'. Note: As mentioned in prior posts, we won't be covering the newerContinue reading "Stateful NAT in NSX – Part 1: T0/T1 Gateway Firewall"
Stateful vs Stateless Firewalls – A Review
In our previous post, we took a broad look at the NAT services available in NSX; in particular, we noted which NAT services are 'stateful' or 'stateless' (that is, identifying which NAT services utilize a 'state' table). As NAT rules in NSX are functionally firewall rules, we wanted to review how stateful and stateless firewallsContinue reading "Stateful vs Stateless Firewalls – A Review"
NSX-T Bridging 101 – Part Eight: Enabling MAC Learning on a Distributed Virtual Port Group
A few years ago we published an entire series on bridging in NSX. In the time since, we've had a few questions asked about part three of the series, where we discuss methods for frame delivery. In that post, we briefly touch on the ability for a virtual distributed switch in vSphere 6.7 to utilizeContinue reading "NSX-T Bridging 101 – Part Eight: Enabling MAC Learning on a Distributed Virtual Port Group"
NAT in NSX – Introduction
When it comes to utilizing Network Address Translation (NAT) in NSX, configuring NAT can seem both overly simple and extremely complex. In this series, we want to provide an overall look at NAT within NSX by narrowing the scope of conversation to relatively specific use cases in order to better inform on how the solutionContinue reading "NAT in NSX – Introduction"
NSX-T L3 VPNs: VPNs and the effect of NAT
In this final part of our VPN series, we'll discuss building a VPN over the Internet. More specifically, we will address the impact of Network Address Translation (NAT) on VPN traffic. Quick Review In our prior posts, we built Policy Based, Static Route Based, and Dynamic Route Based VPNs. Let's take a look below atContinue reading "NSX-T L3 VPNs: VPNs and the effect of NAT"
NSX-T L3 VPNs: Route Based VPNs – Dynamic Routing
In our previous post, we created a route based VPN utilizing static routes on a Tier-1 (T1) Service Router (SR). Today, we will demonstrate how to utilize route-based VPNs via Dynamic Routing. Dynamic Routing and VPNs In the introduction to our VPN series, we provided a flowchart identifying where a given type of VPN (eitherContinue reading "NSX-T L3 VPNs: Route Based VPNs – Dynamic Routing"
NSX-T L3 VPNs: Policy Based VPNs
In our first post, we provided a L3 VPN scenario and discussed Policy and Route Based VPNs. Following this, we provided a breakdown of our lab environment that we will be using. Today, we will demonstrate how to configure a Policy Based VPN using our scenario. Policy L3 IPSec VPN scenario Simple VPN Scenario (clickContinue reading "NSX-T L3 VPNs: Policy Based VPNs"
LumberjackWizard 