NSX Student Guide (Editable)
480
VMware NSX: Install, Configure, Manage Lecture Manual NSX 6.0 VMware® Education Services VMware , Inc. www.vmware.com/education
-
Upload
radu-pavaloiu -
Category
Documents
-
view
43 -
download
5
description
NSX
Transcript of NSX Student Guide (Editable)
VMware® Education Services VMware , Inc.
www.vmware.com/education
VMware NSX: Install, Configure, Manage NSX 6.0 Part Number EDU-EN -NSXICM6-LECT Lecture Manual
Copyright/Trademark
Copyright © 2014 VMware, Inc. All rights reserved . This manual and its accompanying materials are protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/ patents . VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names ment ioned herein may be trademarks of the ir respective companies.
The training material is provided "as is," and all express or implied cond itions, representations, and warranties, includ ing any implied warranty of merchantability, fitness for a particular purpose or noninfringement, are discla imed , even if VMware, Inc., has been advised of the possibility of such claims. This training material is designed to support an instructor-led training course and is intended to be used for reference purposes in conjunction with the instructor-led training course. The train ing material is not a standalone training tool. Use of the training material for self-study without class attendance is not recommended.
These materials and the computer programs to which it relates are the property of, and embody trade secrets and confidential information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed, transferred, adapted or modified without the express written approval of VMware, Inc.
Course development: Rob Nendel , John Tuffin, Jerry Ozbun
Technical review : Elver Sena, Chris McCain
Technical editing : Jim Brook , Shalini Pallat , Jeffrey Gardiner
Production and publishing: Ron Morton, Regina Aboud
The courseware for VMware instructor-led training relies on materials developed by the VMware Technical Communications writers who produce the core technical documentation , available at http://www.vmware .com/supportlpubs.
www.vmware.com/education
MODULE 1
MODULE 2
Course Introduction 1 Importance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Learner Objectives 3 Learner Objectives (2) .. "". "".. ".. " ".. " 4 You Are Here . """""". "". "".. "". "".. ".. " " 5 Typographical Conventions. "".. ".. " " 6 References """. """""". "". "". . "". "". . ". . ". . . ". . " 7 About NSX "". """""". "". "".. "". "".. ".. " ".. " 8 NSX Certification 9 VMware Learning Path Tool. ".. 10 NSX Resources 11
NSX Networking" """". """""". "". "".. "". "".. ".. "... ".. " 13 You Are Here """""""""""""". "". """. "". "".. ".. "".. ".. " 14 Importance" """""""""""""""". """""". "". "".. "". "".. ".. " 15 Module Lessons" """"". """""". "". "".. "". "".. ".. " ".. " 16 Lesson I: Introduction to vSphere Virtualization 17 Learner Objectives 18 Virtual Machines 19 Benefits ofVirtuaI Machines " ".. 20 ESXi Hypervisor 21 vCenter Server. ".. "".. ".. " " 22 vCenter Server Management Features 23 vSphere vMotion .. " ".. " 25 Shared Storage. ".. "".. ".. " " 26 Features That Use Shared Storage 27 Virtual Networking 28 Virtual Switch Types 29 Networking Features 30 vSphere Product Placement. 32 Review of Learner Objectives 33 Lesson 2: Overview of the Software-Defined Data Center. 34 Learner Objectives. " " 35 Choices for IT . ".. " ".. " 36 Data Center Models" " 37 Advantage of Software-Defined Data Center ".. 38 Choice for New IT 39 Software-Defined Data Center as New IT. 40 Components of a Software-Defined Data Center 41 Vision and Strategy 42 Virtual Compute, Storage, and Network 43 Data Center Hardware. . . . . . . . . . . . . . . . . . . . 44 Hypervisors and Virtual Switches 45
VMware NSX: Install, Configure, Manage
ii
NSX: Network Virtualization Platform 46 About a Virtual Network 47 Network Virtualization: Layer 2 48 Network Virtualization: Layer 3 49 Concept Summary 50 Review of Learner Objeetives 51 Lesson 3: Introduction to NSX and NSX Manager. 52 Learner Objectives 53 NSX Capabilities 54 Prepare for Installation: Client and User Access 55 Prepare for Installation: Port Requirements 56 Installation: Manager OVA 57 Initial Configuration: Management UI 58 Initial Configuration: Time and Syslog Settings 59 Initial Configuration: Network Settings 60 Initial Configuration: vCenter Server Connection 61 NSX Overview: Planes 62 NSX Overview: Data Plane Components 63 NSX Overview: Control Plane Components 64 NSX Overview: Management Plane Component 65 NSX Overview: Consumption 66 Enterprise Topology 67 Servicer Provider: Multiple Tenant Topology 68 Multiple Tenant Topology: Scalable Desigu 69 Scalability 70 NSX for vSphere: Scale Boundaries 71 NSX Manager 72 Building the NSX Platform 73 Lab I: Introduction 74 Lab I: Configuring NSX Manager 75 Concept Summary 76 Review of Learner Objectives 77 Lesson 4: NSX Controller 78 Learner Objectives 79 NSX Controller 80 NSX Controller Cluster Deployment 82 Control Plane Interaction 83 Control Plane Security 84 Control Plane Security: Diagram 85 User World Agent 86 NSX Controller: Master Election 87 Master Failure Scenario 88 NSX Controller Workload Distribution 89
VMware NSX: Install, Configure, Manage
MODULE 3
Contents
Slicing Assignment 90 Slicing Distribution 91 Slice Redistribution 92 Component Interaction: Configuration 93 Lab 2: Introduction (I) . " .. " " .. " .. " " 94 Lab 2: Introduction (2) . ".. "".. ".. " " 95 Lab 2: Configuring and Deploying an NSX Controller Cluster 96 Review of Learner Objectives ".. " 97 Key Points 98
Logical Switch Networks and VXLAN Overlays. ".. " ".. ".. "" . "99 You Are Here 100 Importance" """"""""""""""""""""""""""""""""""""""""""""""101 Module Lessons" """"""""""""""""""""""""""""""""""""""""""102 Lesson 1: Ethernet Fundamentals "". "".. ".. " " 103 Learner Objectives" """"""""""""""""""""""""""""""". """""". "104 Review: Networking Definitions. ".. "".. ".. " " 105 Ethernet ".. ".. "" . "" . """""""""""106 MAC Tables 107 Broadcast Domain 108 Address Resolution Protocol 109 From Packets to Frames 110 Segmentation and Encapsulation 111 Layer 3: IPv4 Datagram 112 Layer 4: TCP Segment 113 Concept Summary. " 114 Review of Learner Objectives 115 Lesson 2: Overview ofvSphere Distributed Switch " .116 Learner Objectives " .117 VMkernel Networking " .118 Advantages ofvSphere Distributed Switch 119 Distributed Switch Architecture 120 vSphere Distributed Switch Enhancements in ESXi 5.5 121 Design Considerations 122 Teaming Best Practices 123 Load-Based Teaming 124 Distributed Switch in Enterprise 125 Lab 3: Introduction (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126 Lab 3: Introduction (2) 127 Lab 3: Preparing for Virtual Networking " .128 Concept Summary 129 Review of Learner Objectives 130 Lesson 3: Link Aggregation 131
iii
iv
Learner Objectives 132 Ethernet Loop 133 Spanning Tree Protocol 134
STP Diagram" . """""". "". " "". "". " "". "". " "". "". " "". "". " "". "135 Bandwidth Constraint """"""""""""""""""""""""""""""""""""""136 Link Aggregation Control Protocol. 137 Enhanced LACP in vSphere 5.5 138
Enhanced LACP ". """. "". " "". "". " "". "". " "". "". " "". "". " "". "139 Concept Summary 140 Review of Learner Objectives 141 Lesson 4: Virtual LANs 142 Learner Objectives 143
Virtual LANs" """"""""""""""""""""""""""""""""""""""""""" "144 Switches and Routers with VLANs.. " " 145
VLANsand ARP" """"""""""""""""""""""""". """""". """""". "146 VLANs Across switches" ". """. "". " "". "". " "". "". " "". "". " "". "147
VLAN Scalability """"""""""""""""""""""""". """""". """""". "148 802.1Q 149 802.1Q Frame 150 Native VLAN 151 Concept Summary 152 Review of Learner Objectives 153 Lesson 5: VXLAN: Logical Switch Networks 154 Learner Objectives. "".. ".. " ".. " ".. " ".. " " 155 VXLAN Tenus" ". "".. ".. "".. ".. "".. ".. "".. ".. " ".. " "156 VXLAN Protocol Overview 157 Virtual Extensible LAN 158 NSX Use Cases 159 VXLAN Frame Format 160 Multicast: Network Components 161 Internet Group Management Protocol 162 Bidirectional PIM . " ".. " ".. " " " " 163 NSX for vSphere VXLAN Replication Modes 164 VXLAN Replication: Control Plane 165 VXLAN Replication: Data Plane 166 Unicast Mode 167 Multicast Mode 168 Hybrid Mode 169 Unicast and Hybrid Mode: Same Host " .170 Unicast Mode: Different Hosts 172 Hybrid Mode: Different Hosts 173 Multicast Mode: Different Hosts 174 Quality of Service 175
VMware NSX: Install, Configure, Manage
MODULE 4
Contents
QoS Tagging 176 Physical Network Congestion 177 NSX Component Interaction: Configuration 178 NSX Logical Switching 179 Logical Switch 180 Lab 4: Introduction (l) 181 Lab 4: Introduction (2) 182 Lab 4: Configuring and Testing Logical Switch Networks 183 Concept Summary 184 Review of Leamer Objectives 185 Key Points 186
NSX Routing 187 You Are Here 188 Importance 189 Module Lessons 190 Lesson 1: NSX Routing 191 Learner Objectives 192 Supported Routing Protocols 193 OSPF Features 194 About OSPF 195 OSPF Neighbor Relationships 196 OSPF Packet Types 197 OSPF Hello Packets 198 Other OSPF Packets 200 OSPF Neighbor States 201 OSPF Router Types 203 OSPF Areas 204 OSPF Area Types 205 OSPF Normal Area 206 OSPF Stub Area 207 OSPF NSSA 208 OSPF Area and Router Types Example 209 Intermediate System to Intermediate System 210 IS-IS Features 211 IS-IS Areas 212 IS-IS Router Levels 213 IS-IS Neighbor Adjacency 214 IS-IS Design Considerations 215 BGP Features 216 Border Gateway Protocol 217 BGP AS Numbers 218 BGP Peers 219
v
vi
BOP Peers Example 220 BOP Route Selection 221 Concept Summary 222 Review of Learner Objectives 223 Lesson 2: NSX Logieal Router 224 Learner Objectives 225 Layer 3 Networking Overview 226 Layer 3 Enables Larger Networks 227 Distributed Logical Router 228 Hairpinning 229 Distributed Logical Router: Logical View 231 Distributed Logical Router: Physical View 232 Data Path: Host Components 233 VLAN LIF 234 Designated Instance 235 VXLAN LIF 236 Control Plane: Components 237 Logical Router Control Virtual Machine 238 Management, Control, and Data Communication 239 Deployment Models: One Tier 240 Deployment Models: Two Tier 241 Distributed Router Traffic Flow: Same Host 242 Distributed Router Traffic Flow: Different Host. 243 Lab 5: Introduction (1) 244 Lab 5: Introduction (2) 245 Lab 5: Introduction (3) 246 Lab 5: Introduction (4) 247 Lab 5: Configuring and Deploying an NSX Distributed Router 248 Concept Summary 249 Review of Learner Objectives 250 Lesson 3: Layer 2 Bridging 251 Learner Objectives 252 VXLAN to VLAN Layer 2 Bridging 253 Use Cases 254 Layer 2 Bridging Details 255 Bridge Instance 256 Bridge Instance Failure 257 Layer 2 Bridging: Flow Overview 258 Design Considerations 259 ARP Request from VXLAN 260 ARP Response from the VLAN 262 Unicast Traffic 263 ARP Request from VLAN 264
VMware NSX: Install, Configure, Manage
MODULE 5
Contents
Concept Summary 265 Learner Objectives 266 Lesson 4: NSX Edge Services Gateway 267 Learner Objectives.. " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . "268 NSX Edge Gateway" " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . "269 Integrated Network Services" ".. ".. " " 270 NSX Edge Services Gateway Sizing 271 Features Summary. " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . "272 NSX Edge Routing 273 Routing Verification 274 Lab 6: Introduction (I) 275 Lab 6: Introduction (2) 276
Lab 7: Introduction" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " . "277 Lab 6: Deploying an NSX Edge Services Gateway and Configuring
Static Routing " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "278 Lab 7: Configuring and Testing Dynamic Routing on NSX Edge
Appliances" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "279 Review of Learner Objectives " .280 Key Points 281
NSX Edge Services Gateway Features " .. " " .. " .. " " .283 You Are Here. ".. " ".. ".. " ".. ".. " ".. ".. " ".. " ".. "... "284 Importance" " " . " " . " " " . " " . " " " . " " . " " " . " " . " ".. " " . " ".. " " . " ".. "285 Module Lessons" .. " ".. ".. " ".. ".. " ".. ".. "... ".. " ".. " "286 Lesson 1: NSX Edge Network Address Translation 287 Learner Objectives. " ".. ".. " ".. " ".. " ".. " " 288 Private IPv4 IP addresses 289 IPv4 Overlapping Space 290 Managing NAT Rules 291 Source NAT Deployment Using NSX Edge " .292 Example: Set Up External Access to Web Server. " " .293 Add a Second External IP Address for NAT Use 294 Destination NAT Deployment Using NSX Edge 295 Creating a Destination NAT Rule for Inbound External Access 296 Create a Destination NAT Rule and Test Inbound Connectivity 297 Creating a Source NAT Rule and Testing Outbound Connectivity 299 Lab 8: Introduction (I) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300 Lab 8: Introduction (2) 301 Lab 8: Introduction (3) 302 Lab 8: Configuring and Testing Network Address Translation on an NSX Edge Services Gateway 303 Concept Summary 304 Review of Learner Objectives 305
vii
viii
Lesson 2: NSX Edge Load Balancing 306 Learner Objectives 307 NSX Edge Load Balancer 308 NSX Edge Load Balancer Modes " 309 Load-Balancer Operation .. "".. ".. "".. ".. "".. ".. " ".. " "310 One-Ann Load Balancer" .. "".. ".. " " 311 One-Ann Load Balancer Traffic Flow 312 Inline Load Balancer" ". "". """. "". """. "". "".. "". "".. "". "".. "313 Inline Load Balancer Traffic Flow ".314 Lab 9: Introduction 315 Lab 10: Introduction 316 Lab 9: Configuring Load Balancing with NSX Edge Gateway (1)" """317 Lab 9: Configuring Load Balancing with NSX Edge Gateway (2) 318 Lab 10: Advanced Load Balancing .. " " 319 Concept Summary" """"""""""""""""""""""""""""""". """""". "320 Review of Learner Objectives" .. "". "".. ".. " ".. " 321 Lesson 3: NSX Edge High Availability """""""". "". """. "". "".. "322 Learner Objectives 323 High Availability 324 NSX Edge High Availability Operation 325 Stateful High Availability 326 NSX Edge Failure. " ".. " ".. " ".. " " " 328 NSX Edge Services Gateway High Availability 329 Virtual Machine and Appliance Failure .. ".. " 330 ESXi Host Failure. " ".. " ".. " ".. " " " 331 Lab 11: Introduction " " " " 332 Lab II: Configuring NSX Edge High Availability " .333 Concept Summary 334 Review of Learner Objectives 335 Lesson 4: NSX Edge and VPN 336 Learner Objectives 337 Logical L2 VPN .. " ".. " ".. " ".. " " " 338 Overview of Layer 2 VPN 339 Logical User (SSL) and Site-to-Site (IPsec) VPN 340 NSX IPsec VPN .. " ".. " ".. " ".. " " " 341 IPsec Security Protocols: Internet Key Exchange ".. " . """"342 IPsec Security Protocols: Encapsulating Security Payload. ".. " . """"344 IPsec ESP Tunnel Mode Packet ".. ".. "" .345 Configuration Example for IPsec VPN ".346 IPsec with AES-NI 347 Add an IPsec VPN 348 NSX SSL VPN-Plus Service ".. " " .349 SSL VPN-Plus 350
VMware NSX: Install, Configure, Manage
MODULE 6
Contents
NSX Edge SSL VPN-Plus Secure Management Access Server 351 Use Cases for SSL VPN-Plus Services 352 Lab 12: Introduction 353 Lab 13: Introduction 354 Lab 14: Introduction (1) 355 Lab 14: Introduction (2) 356 Lab 12: Configuring Layer 2 VPN Tunnels 357 Lab 13: Configuring IPsec Tunnels 358 Lab 14: Configuring and Testing SSL VPN-Plus 359 Concept Summary 360 Review of Leamer Objectives 361 Key Points 362
NSX Seeurity 363 You Are Here 364 Importance 365 Module Lessons 366 Lesson 1: NSX Edge Firewall 367 Leamer Objectives 368 NSX Edge and Distributed Firewall: Security Comparison 369 NSX Edge Firewall 370 Firewall Rule Types 371 Virtualization Context Awareness 372 Populating Firewall Rules 373 Source and Destination of a Rule 374 Firewall Service 375 Create a Firewall Serviee 376 Action Option 377 Publish Changes 378 NSX Edge Services Gateway: Form Factors 379 Lab 15: Introduction (I) 380 Lab 15: Introduction (2) 381 Lab 15: Using NSX Edge Firewall Rules to Control Network Traffic 382 Concept Summary 383 Review of Learner Objectives 384 Lesson 2: Distributed Firewall 385 Learner Objectives 386 Evolution of Firewall Placement. 387 Distributed Firewall Overview 388 Distributed Firewall Filtering 389 Distributed Firewall Location and Policy Independence 390 Distributed Firewall Policy Enforcement 391
ix
x
Distributed Firewall Components: Communication 392 Distributed Data Path 393 Policy Rule Objects 394 Layer 2 Policy Rules" ". "". """. "". """. "". "".. "". "".. "". "".. "395 Layer 3 and Layer 4 Policy Rules 396 Centralized Management of the Distributed Firewall 397 Using Distributed Firewall Sections 398 Policy Rule Objects" "". "". """. "". """. "". """. "". """. "". """. "399 Logical Switch Rule-Based Example ".. " " .400 Security Groups 401 Security Group Components 402 Rule-Based Security Group Example ".. " " .403 Applied To: Example "" """"""""""""""""""""""""""""""""""" .404 Lab 16: Introduction" ". """""". """""". """""". """""". "". """. .405 Lab 16: Using NSX Distributed Firewall Rules to Control Network Traffic" """"""""""""""""""""""""""""""""""""""""" .406 Concept Summary" """"""""""""""""""""""""""""""". """""". "407 Review of Learner Objectives " .408 Lesson 3: Flow Monitoring .409 Learner Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .410 Flow Monitoring 411 Enable Flow Monitoring .412 Exclusion Settings. "".. ".. " ".. " ".. " ".. " " .413 Viewing Flows. "". "".. ".. "".. ".. "".. ".. "".. ".. " ".. " .414 Flow Views by Service .415 Live Monitoring" .. "".. ".. "".. ".. "".. ".. " ".. " ".. " .416 Live Monitoring Output Example .417 Lab 17: Introduction .418 Lab 17: Using Flow Monitoring .419 Concept Summary .420 Review of Learner Objectives .421 Lesson 4: Role-Based Access Control .422 Learner Objectives. " ".. " ".. " ".. " " " .423 Authentication, Authorization, and Accounting Model .424 Identity Sources" .. "".. ".. "".. ".. " ".. " ".. " ".. " .425 Identity Source vSphere Requirements " .426 Role-Based Access Control for NSX for vSphere ".. " .. "" "427 NSX User Roles 428 Scopes ".. " .. """429 NSX Role Guidelines .430 Permission Inheritance Example: Single Group 431 Permission Inheritance Example: Multiple Groups 432 Configure Role-Based Access Control 433
VMware NSX: Install, Configure, Manage
Contents
Define Scope . . . . . . . .…
www.vmware.com/education
VMware NSX: Install, Configure, Manage NSX 6.0 Part Number EDU-EN -NSXICM6-LECT Lecture Manual
Copyright/Trademark
Copyright © 2014 VMware, Inc. All rights reserved . This manual and its accompanying materials are protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/ patents . VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names ment ioned herein may be trademarks of the ir respective companies.
The training material is provided "as is," and all express or implied cond itions, representations, and warranties, includ ing any implied warranty of merchantability, fitness for a particular purpose or noninfringement, are discla imed , even if VMware, Inc., has been advised of the possibility of such claims. This training material is designed to support an instructor-led training course and is intended to be used for reference purposes in conjunction with the instructor-led training course. The train ing material is not a standalone training tool. Use of the training material for self-study without class attendance is not recommended.
These materials and the computer programs to which it relates are the property of, and embody trade secrets and confidential information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed, transferred, adapted or modified without the express written approval of VMware, Inc.
Course development: Rob Nendel , John Tuffin, Jerry Ozbun
Technical review : Elver Sena, Chris McCain
Technical editing : Jim Brook , Shalini Pallat , Jeffrey Gardiner
Production and publishing: Ron Morton, Regina Aboud
The courseware for VMware instructor-led training relies on materials developed by the VMware Technical Communications writers who produce the core technical documentation , available at http://www.vmware .com/supportlpubs.
www.vmware.com/education
MODULE 1
MODULE 2
Course Introduction 1 Importance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Learner Objectives 3 Learner Objectives (2) .. "". "".. ".. " ".. " 4 You Are Here . """""". "". "".. "". "".. ".. " " 5 Typographical Conventions. "".. ".. " " 6 References """. """""". "". "". . "". "". . ". . ". . . ". . " 7 About NSX "". """""". "". "".. "". "".. ".. " ".. " 8 NSX Certification 9 VMware Learning Path Tool. ".. 10 NSX Resources 11
NSX Networking" """". """""". "". "".. "". "".. ".. "... ".. " 13 You Are Here """""""""""""". "". """. "". "".. ".. "".. ".. " 14 Importance" """""""""""""""". """""". "". "".. "". "".. ".. " 15 Module Lessons" """"". """""". "". "".. "". "".. ".. " ".. " 16 Lesson I: Introduction to vSphere Virtualization 17 Learner Objectives 18 Virtual Machines 19 Benefits ofVirtuaI Machines " ".. 20 ESXi Hypervisor 21 vCenter Server. ".. "".. ".. " " 22 vCenter Server Management Features 23 vSphere vMotion .. " ".. " 25 Shared Storage. ".. "".. ".. " " 26 Features That Use Shared Storage 27 Virtual Networking 28 Virtual Switch Types 29 Networking Features 30 vSphere Product Placement. 32 Review of Learner Objectives 33 Lesson 2: Overview of the Software-Defined Data Center. 34 Learner Objectives. " " 35 Choices for IT . ".. " ".. " 36 Data Center Models" " 37 Advantage of Software-Defined Data Center ".. 38 Choice for New IT 39 Software-Defined Data Center as New IT. 40 Components of a Software-Defined Data Center 41 Vision and Strategy 42 Virtual Compute, Storage, and Network 43 Data Center Hardware. . . . . . . . . . . . . . . . . . . . 44 Hypervisors and Virtual Switches 45
VMware NSX: Install, Configure, Manage
ii
NSX: Network Virtualization Platform 46 About a Virtual Network 47 Network Virtualization: Layer 2 48 Network Virtualization: Layer 3 49 Concept Summary 50 Review of Learner Objeetives 51 Lesson 3: Introduction to NSX and NSX Manager. 52 Learner Objectives 53 NSX Capabilities 54 Prepare for Installation: Client and User Access 55 Prepare for Installation: Port Requirements 56 Installation: Manager OVA 57 Initial Configuration: Management UI 58 Initial Configuration: Time and Syslog Settings 59 Initial Configuration: Network Settings 60 Initial Configuration: vCenter Server Connection 61 NSX Overview: Planes 62 NSX Overview: Data Plane Components 63 NSX Overview: Control Plane Components 64 NSX Overview: Management Plane Component 65 NSX Overview: Consumption 66 Enterprise Topology 67 Servicer Provider: Multiple Tenant Topology 68 Multiple Tenant Topology: Scalable Desigu 69 Scalability 70 NSX for vSphere: Scale Boundaries 71 NSX Manager 72 Building the NSX Platform 73 Lab I: Introduction 74 Lab I: Configuring NSX Manager 75 Concept Summary 76 Review of Learner Objectives 77 Lesson 4: NSX Controller 78 Learner Objectives 79 NSX Controller 80 NSX Controller Cluster Deployment 82 Control Plane Interaction 83 Control Plane Security 84 Control Plane Security: Diagram 85 User World Agent 86 NSX Controller: Master Election 87 Master Failure Scenario 88 NSX Controller Workload Distribution 89
VMware NSX: Install, Configure, Manage
MODULE 3
Contents
Slicing Assignment 90 Slicing Distribution 91 Slice Redistribution 92 Component Interaction: Configuration 93 Lab 2: Introduction (I) . " .. " " .. " .. " " 94 Lab 2: Introduction (2) . ".. "".. ".. " " 95 Lab 2: Configuring and Deploying an NSX Controller Cluster 96 Review of Learner Objectives ".. " 97 Key Points 98
Logical Switch Networks and VXLAN Overlays. ".. " ".. ".. "" . "99 You Are Here 100 Importance" """"""""""""""""""""""""""""""""""""""""""""""101 Module Lessons" """"""""""""""""""""""""""""""""""""""""""102 Lesson 1: Ethernet Fundamentals "". "".. ".. " " 103 Learner Objectives" """"""""""""""""""""""""""""""". """""". "104 Review: Networking Definitions. ".. "".. ".. " " 105 Ethernet ".. ".. "" . "" . """""""""""106 MAC Tables 107 Broadcast Domain 108 Address Resolution Protocol 109 From Packets to Frames 110 Segmentation and Encapsulation 111 Layer 3: IPv4 Datagram 112 Layer 4: TCP Segment 113 Concept Summary. " 114 Review of Learner Objectives 115 Lesson 2: Overview ofvSphere Distributed Switch " .116 Learner Objectives " .117 VMkernel Networking " .118 Advantages ofvSphere Distributed Switch 119 Distributed Switch Architecture 120 vSphere Distributed Switch Enhancements in ESXi 5.5 121 Design Considerations 122 Teaming Best Practices 123 Load-Based Teaming 124 Distributed Switch in Enterprise 125 Lab 3: Introduction (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126 Lab 3: Introduction (2) 127 Lab 3: Preparing for Virtual Networking " .128 Concept Summary 129 Review of Learner Objectives 130 Lesson 3: Link Aggregation 131
iii
iv
Learner Objectives 132 Ethernet Loop 133 Spanning Tree Protocol 134
STP Diagram" . """""". "". " "". "". " "". "". " "". "". " "". "". " "". "135 Bandwidth Constraint """"""""""""""""""""""""""""""""""""""136 Link Aggregation Control Protocol. 137 Enhanced LACP in vSphere 5.5 138
Enhanced LACP ". """. "". " "". "". " "". "". " "". "". " "". "". " "". "139 Concept Summary 140 Review of Learner Objectives 141 Lesson 4: Virtual LANs 142 Learner Objectives 143
Virtual LANs" """"""""""""""""""""""""""""""""""""""""""" "144 Switches and Routers with VLANs.. " " 145
VLANsand ARP" """"""""""""""""""""""""". """""". """""". "146 VLANs Across switches" ". """. "". " "". "". " "". "". " "". "". " "". "147
VLAN Scalability """"""""""""""""""""""""". """""". """""". "148 802.1Q 149 802.1Q Frame 150 Native VLAN 151 Concept Summary 152 Review of Learner Objectives 153 Lesson 5: VXLAN: Logical Switch Networks 154 Learner Objectives. "".. ".. " ".. " ".. " ".. " " 155 VXLAN Tenus" ". "".. ".. "".. ".. "".. ".. "".. ".. " ".. " "156 VXLAN Protocol Overview 157 Virtual Extensible LAN 158 NSX Use Cases 159 VXLAN Frame Format 160 Multicast: Network Components 161 Internet Group Management Protocol 162 Bidirectional PIM . " ".. " ".. " " " " 163 NSX for vSphere VXLAN Replication Modes 164 VXLAN Replication: Control Plane 165 VXLAN Replication: Data Plane 166 Unicast Mode 167 Multicast Mode 168 Hybrid Mode 169 Unicast and Hybrid Mode: Same Host " .170 Unicast Mode: Different Hosts 172 Hybrid Mode: Different Hosts 173 Multicast Mode: Different Hosts 174 Quality of Service 175
VMware NSX: Install, Configure, Manage
MODULE 4
Contents
QoS Tagging 176 Physical Network Congestion 177 NSX Component Interaction: Configuration 178 NSX Logical Switching 179 Logical Switch 180 Lab 4: Introduction (l) 181 Lab 4: Introduction (2) 182 Lab 4: Configuring and Testing Logical Switch Networks 183 Concept Summary 184 Review of Leamer Objectives 185 Key Points 186
NSX Routing 187 You Are Here 188 Importance 189 Module Lessons 190 Lesson 1: NSX Routing 191 Learner Objectives 192 Supported Routing Protocols 193 OSPF Features 194 About OSPF 195 OSPF Neighbor Relationships 196 OSPF Packet Types 197 OSPF Hello Packets 198 Other OSPF Packets 200 OSPF Neighbor States 201 OSPF Router Types 203 OSPF Areas 204 OSPF Area Types 205 OSPF Normal Area 206 OSPF Stub Area 207 OSPF NSSA 208 OSPF Area and Router Types Example 209 Intermediate System to Intermediate System 210 IS-IS Features 211 IS-IS Areas 212 IS-IS Router Levels 213 IS-IS Neighbor Adjacency 214 IS-IS Design Considerations 215 BGP Features 216 Border Gateway Protocol 217 BGP AS Numbers 218 BGP Peers 219
v
vi
BOP Peers Example 220 BOP Route Selection 221 Concept Summary 222 Review of Learner Objectives 223 Lesson 2: NSX Logieal Router 224 Learner Objectives 225 Layer 3 Networking Overview 226 Layer 3 Enables Larger Networks 227 Distributed Logical Router 228 Hairpinning 229 Distributed Logical Router: Logical View 231 Distributed Logical Router: Physical View 232 Data Path: Host Components 233 VLAN LIF 234 Designated Instance 235 VXLAN LIF 236 Control Plane: Components 237 Logical Router Control Virtual Machine 238 Management, Control, and Data Communication 239 Deployment Models: One Tier 240 Deployment Models: Two Tier 241 Distributed Router Traffic Flow: Same Host 242 Distributed Router Traffic Flow: Different Host. 243 Lab 5: Introduction (1) 244 Lab 5: Introduction (2) 245 Lab 5: Introduction (3) 246 Lab 5: Introduction (4) 247 Lab 5: Configuring and Deploying an NSX Distributed Router 248 Concept Summary 249 Review of Learner Objectives 250 Lesson 3: Layer 2 Bridging 251 Learner Objectives 252 VXLAN to VLAN Layer 2 Bridging 253 Use Cases 254 Layer 2 Bridging Details 255 Bridge Instance 256 Bridge Instance Failure 257 Layer 2 Bridging: Flow Overview 258 Design Considerations 259 ARP Request from VXLAN 260 ARP Response from the VLAN 262 Unicast Traffic 263 ARP Request from VLAN 264
VMware NSX: Install, Configure, Manage
MODULE 5
Contents
Concept Summary 265 Learner Objectives 266 Lesson 4: NSX Edge Services Gateway 267 Learner Objectives.. " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . "268 NSX Edge Gateway" " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . "269 Integrated Network Services" ".. ".. " " 270 NSX Edge Services Gateway Sizing 271 Features Summary. " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . " " . " " " . "272 NSX Edge Routing 273 Routing Verification 274 Lab 6: Introduction (I) 275 Lab 6: Introduction (2) 276
Lab 7: Introduction" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " . "277 Lab 6: Deploying an NSX Edge Services Gateway and Configuring
Static Routing " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "278 Lab 7: Configuring and Testing Dynamic Routing on NSX Edge
Appliances" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "279 Review of Learner Objectives " .280 Key Points 281
NSX Edge Services Gateway Features " .. " " .. " .. " " .283 You Are Here. ".. " ".. ".. " ".. ".. " ".. ".. " ".. " ".. "... "284 Importance" " " . " " . " " " . " " . " " " . " " . " " " . " " . " ".. " " . " ".. " " . " ".. "285 Module Lessons" .. " ".. ".. " ".. ".. " ".. ".. "... ".. " ".. " "286 Lesson 1: NSX Edge Network Address Translation 287 Learner Objectives. " ".. ".. " ".. " ".. " ".. " " 288 Private IPv4 IP addresses 289 IPv4 Overlapping Space 290 Managing NAT Rules 291 Source NAT Deployment Using NSX Edge " .292 Example: Set Up External Access to Web Server. " " .293 Add a Second External IP Address for NAT Use 294 Destination NAT Deployment Using NSX Edge 295 Creating a Destination NAT Rule for Inbound External Access 296 Create a Destination NAT Rule and Test Inbound Connectivity 297 Creating a Source NAT Rule and Testing Outbound Connectivity 299 Lab 8: Introduction (I) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300 Lab 8: Introduction (2) 301 Lab 8: Introduction (3) 302 Lab 8: Configuring and Testing Network Address Translation on an NSX Edge Services Gateway 303 Concept Summary 304 Review of Learner Objectives 305
vii
viii
Lesson 2: NSX Edge Load Balancing 306 Learner Objectives 307 NSX Edge Load Balancer 308 NSX Edge Load Balancer Modes " 309 Load-Balancer Operation .. "".. ".. "".. ".. "".. ".. " ".. " "310 One-Ann Load Balancer" .. "".. ".. " " 311 One-Ann Load Balancer Traffic Flow 312 Inline Load Balancer" ". "". """. "". """. "". "".. "". "".. "". "".. "313 Inline Load Balancer Traffic Flow ".314 Lab 9: Introduction 315 Lab 10: Introduction 316 Lab 9: Configuring Load Balancing with NSX Edge Gateway (1)" """317 Lab 9: Configuring Load Balancing with NSX Edge Gateway (2) 318 Lab 10: Advanced Load Balancing .. " " 319 Concept Summary" """"""""""""""""""""""""""""""". """""". "320 Review of Learner Objectives" .. "". "".. ".. " ".. " 321 Lesson 3: NSX Edge High Availability """""""". "". """. "". "".. "322 Learner Objectives 323 High Availability 324 NSX Edge High Availability Operation 325 Stateful High Availability 326 NSX Edge Failure. " ".. " ".. " ".. " " " 328 NSX Edge Services Gateway High Availability 329 Virtual Machine and Appliance Failure .. ".. " 330 ESXi Host Failure. " ".. " ".. " ".. " " " 331 Lab 11: Introduction " " " " 332 Lab II: Configuring NSX Edge High Availability " .333 Concept Summary 334 Review of Learner Objectives 335 Lesson 4: NSX Edge and VPN 336 Learner Objectives 337 Logical L2 VPN .. " ".. " ".. " ".. " " " 338 Overview of Layer 2 VPN 339 Logical User (SSL) and Site-to-Site (IPsec) VPN 340 NSX IPsec VPN .. " ".. " ".. " ".. " " " 341 IPsec Security Protocols: Internet Key Exchange ".. " . """"342 IPsec Security Protocols: Encapsulating Security Payload. ".. " . """"344 IPsec ESP Tunnel Mode Packet ".. ".. "" .345 Configuration Example for IPsec VPN ".346 IPsec with AES-NI 347 Add an IPsec VPN 348 NSX SSL VPN-Plus Service ".. " " .349 SSL VPN-Plus 350
VMware NSX: Install, Configure, Manage
MODULE 6
Contents
NSX Edge SSL VPN-Plus Secure Management Access Server 351 Use Cases for SSL VPN-Plus Services 352 Lab 12: Introduction 353 Lab 13: Introduction 354 Lab 14: Introduction (1) 355 Lab 14: Introduction (2) 356 Lab 12: Configuring Layer 2 VPN Tunnels 357 Lab 13: Configuring IPsec Tunnels 358 Lab 14: Configuring and Testing SSL VPN-Plus 359 Concept Summary 360 Review of Leamer Objectives 361 Key Points 362
NSX Seeurity 363 You Are Here 364 Importance 365 Module Lessons 366 Lesson 1: NSX Edge Firewall 367 Leamer Objectives 368 NSX Edge and Distributed Firewall: Security Comparison 369 NSX Edge Firewall 370 Firewall Rule Types 371 Virtualization Context Awareness 372 Populating Firewall Rules 373 Source and Destination of a Rule 374 Firewall Service 375 Create a Firewall Serviee 376 Action Option 377 Publish Changes 378 NSX Edge Services Gateway: Form Factors 379 Lab 15: Introduction (I) 380 Lab 15: Introduction (2) 381 Lab 15: Using NSX Edge Firewall Rules to Control Network Traffic 382 Concept Summary 383 Review of Learner Objectives 384 Lesson 2: Distributed Firewall 385 Learner Objectives 386 Evolution of Firewall Placement. 387 Distributed Firewall Overview 388 Distributed Firewall Filtering 389 Distributed Firewall Location and Policy Independence 390 Distributed Firewall Policy Enforcement 391
ix
x
Distributed Firewall Components: Communication 392 Distributed Data Path 393 Policy Rule Objects 394 Layer 2 Policy Rules" ". "". """. "". """. "". "".. "". "".. "". "".. "395 Layer 3 and Layer 4 Policy Rules 396 Centralized Management of the Distributed Firewall 397 Using Distributed Firewall Sections 398 Policy Rule Objects" "". "". """. "". """. "". """. "". """. "". """. "399 Logical Switch Rule-Based Example ".. " " .400 Security Groups 401 Security Group Components 402 Rule-Based Security Group Example ".. " " .403 Applied To: Example "" """"""""""""""""""""""""""""""""""" .404 Lab 16: Introduction" ". """""". """""". """""". """""". "". """. .405 Lab 16: Using NSX Distributed Firewall Rules to Control Network Traffic" """"""""""""""""""""""""""""""""""""""""" .406 Concept Summary" """"""""""""""""""""""""""""""". """""". "407 Review of Learner Objectives " .408 Lesson 3: Flow Monitoring .409 Learner Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .410 Flow Monitoring 411 Enable Flow Monitoring .412 Exclusion Settings. "".. ".. " ".. " ".. " ".. " " .413 Viewing Flows. "". "".. ".. "".. ".. "".. ".. "".. ".. " ".. " .414 Flow Views by Service .415 Live Monitoring" .. "".. ".. "".. ".. "".. ".. " ".. " ".. " .416 Live Monitoring Output Example .417 Lab 17: Introduction .418 Lab 17: Using Flow Monitoring .419 Concept Summary .420 Review of Learner Objectives .421 Lesson 4: Role-Based Access Control .422 Learner Objectives. " ".. " ".. " ".. " " " .423 Authentication, Authorization, and Accounting Model .424 Identity Sources" .. "".. ".. "".. ".. " ".. " ".. " ".. " .425 Identity Source vSphere Requirements " .426 Role-Based Access Control for NSX for vSphere ".. " .. "" "427 NSX User Roles 428 Scopes ".. " .. """429 NSX Role Guidelines .430 Permission Inheritance Example: Single Group 431 Permission Inheritance Example: Multiple Groups 432 Configure Role-Based Access Control 433
VMware NSX: Install, Configure, Manage
Contents
Define Scope . . . . . . . .…
