Browsed by
Category: NSX-T

Upgrade NSX-T to version 2.5

Upgrade NSX-T to version 2.5

In this blog, I will be documenting the upgrade process of NSX-T to version 2.5. The first step in the upgrade process is to make sure that all versions of other components that I am running are compatible with version 2.5. To find this out, I use: https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&175=&2= This will show me the versions that are compatible. Below vCenter and NSX-T: and the same table is available for ESXi and NSX-T: With the same result, which was to be expected…

Read More Read More

Micro-segmentation with NSX-T (part 2: Methodology in action)

Micro-segmentation with NSX-T (part 2: Methodology in action)

Now that we have learned the theory in Microsegmentation with NSX-T (part 1: methodology), we can look at the application of this methodology in practice. Methodology in action So after all this, let’s see a little bit of this methodology in action. First of all, it is important to know which traffic is flowing in the environment. An excellent tool to help in this respect, would be vRealize Network Insight, but not every organization is able to use this, so…

Read More Read More

Microsegmentation with NSX-T (part 1: methodology)

Microsegmentation with NSX-T (part 1: methodology)

After a number of blogs on network-virtualization, I thought it was time to start writing some blogs on another of the major three use cases: Security, through micro-segmentation. In my line of work most organizations where I implement NSX (first V and now T) are primarily interested in the security aspects of the product. In my presentations on NSX I usually use two pictures to show what security is like in most traditional environments. It looks something like this: (for…

Read More Read More

Distributed Multi-Tier Routing in NSX-T

Distributed Multi-Tier Routing in NSX-T

I learned something today, which in hindsight is obvious. Hopefully this helps someone that runs into the same “strange” (but not so strange) behavior. I created the following topology today, to prepare for some NSX-T demo I am giving tomorrow: What I (among other stuff) wanted to show, was that routing between Test-Segments “D” and “E” and “A”, “B” and “C”, is completely distributed. So when VM’s from the different segments live on the same host, no physical hops are…

Read More Read More

Integrating NSX-T with Active Directory for RBAC (through VMware Identity Manager)

Integrating NSX-T with Active Directory for RBAC (through VMware Identity Manager)

So after using NSX-T for a while, with the built-in admin account, it is time to look into using RBAC for some granular control over who is allowed to do what, within NSX. So with NSX-T it isn’t as straight forward as it was in NSX-V. Integrating logins with AD requires a bit more work. With NSX-T it becomes necessary to work with the VMware Identity Manager. When looking at the ever-important Interoperability Matrix, we can see that the following version…

Read More Read More

Resetting expired admin password on NSX-T

Resetting expired admin password on NSX-T

So apparently it has been 90 days since the deployment of NSX-T and therefor, time for the admin password to expire ;): Unfortunately, this doesn’t give you the opportunity to login and then change the password (a feature I would really appreciate), but a reset is necessary. In the online documentation (https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html) the reset is done through a reboot into single user mode of one of the appliances and reset the password. However, in the online documentation one of the…

Read More Read More

NSX-T: Missing locale data for the locale “XX”.

NSX-T: Missing locale data for the locale “XX”.

So, as you may know, I am from the Netherlands (or Holland, although technically I am not, but that is a different discussion ;)). So within my lab-environment I sometimes use Dutch as the language-setting, for instance within Firefox, the browser I use(d) to configure NSX-T. But this issue also occurs in Chrome. Within IE (although I only used that to test if it was affected by this ;)), the page doesn’t load at all. When I try to open…

Read More Read More

Load Balancing with NSX-T – Part 1

Load Balancing with NSX-T – Part 1

So after I looked at the installation, the fabric and routing and switching, it is time to take a look at the higher level networking functions within NSX-T, like Load Balancing. The functionality itself has not changed very much since NSX-T (compared to V), but the way that it is consumed is different.

As described in an earlier blog (Routing with NSX-T (part 1)), NSX-T uses multiple entities within it’s fabric. Two of which being tier-0 and tier-1 gateways and load balancing can only exist on a tier-1 gateway. So when you use Load Balancing within NSX-T you have to deploy both tier-0 and tier-1 components.

Routing with NSX-T (part 2)

Routing with NSX-T (part 2)

So after the theory, it is time to create some routed networks. In order to do this, I created a design on what I want to accomplish. Part of the design is already in place, but for this blog I have created the part which is visible in the red square: So we already have a tier-0 gateway, connected to a tier-1 gateway, which is connected to several segments. The existing tier-1 is also used as a load balancer for…

Read More Read More

Routing with NSX-T (part 1)

Routing with NSX-T (part 1)

As someone who has worked with NSX-V for quite some time, routing within NSX-T is a little bit difficult to grasp. The terminology might be only slightly different, the concepts are completely different. Within NSX-V, you had E-W routing, through a DLR and N-S routing through one or more ESG’s, either in HA or in ECMP. That was all pretty straight forward. The addition of statefull service could only be performed by ESG’s and if so, the ESG’s would not…

Read More Read More