Learning VMware NSX - Second Edition E-Book

BIRMINGHAM - MUMBAI

Learning VMware NSX

Second Edition

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: November 2015

Second edition: August 2017

Production reference: 1210817

ISBN 978-1-78839-898-5

www.packtpub.com

Credits

Author

Ranjit Singh Thakurratan

Copy Editor

Safis Editing

Reviewer

Renjith Menon

Project Coordinator

Kinjal Bari

Commissioning Editor

Vijin Boricha

Proofreader

Safis Editing

Acquisition Editor

Prachi Bisht

Indexer

Mariammal Chettiyar

ContentDevelopmentEditor

Trusha Shriyan

Graphics

Kirk D'Penha

Technical Editor

Sayali Thanekar

Production Coordinator

Shantanu Zagade

About the Author

About the Reviewer

Renjith Menon is an IT systems engineer with over 12+ years of experience working in an environment covering IT systems administration, systems operations, systems health monitoring, systems upgrades, and deploying new software and services. He possesses diversified experience covering implementation of new systems and troubleshooting of software components along with maintenance and configuring of systems.

At work, on a daily basis, he deals with virtualization technologies, backup and replication technologies, most Microsoft server roles, and much more. He likes tech blogging and learning new technologies. He started his blogging journey back in 2007, and recently, he also started his personal blog.

You can follow him on Twitter at @vcrenjith.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.comand as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/178839898X.

If you'd like to join our team of regular reviewers, you can email us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

Introduction to Network Virtualization

Introducing network virtualization

Concepts of network virtualization

Introducing the NSX-V network virtualization platform

NSX features and services

NSX configuration maximums

Summary

NSX Core Components

Introduction to NSX core components

NSX manager

NSX controller clusters

VXLAN architecture overview

A sample packet flow

Transport zones

NSX Edge Services Gateway

Distributed firewalls

Cross-vCenter NSX

Summary

NSX Installation and Configuration

Preparing your environment

Downloading and deploying NSX Manager

Overview of the NSX Manager interface

Configuring NSX Manager

Managing NSX using the vSphere web client

Deploying the control plane (Controller Virtual Machines)

Deploying the data plane

Summary

NSX Functional Services

Primary and secondary NSX managers

Benefits of cross-vCenter NSX

Configuring VXLAN

Assigning a segment ID pool

Transport zones

Logical switching

L2 bridges

Deploying an NSX Edge logical router

Edge services gateway

Logical firewalls

Summary

Edge Services Gateway

DNS and DHCP services

DHCP service

DNS service

Routing

Configuring OSPF on Edge services gateway

Configuring logical distributed router OSPF

Configuring BGP

Configuring route redistribution

Logical Edge load balancers

Virtual private networks

SSL VPN-Plus

SSL VPN-Plus network access mode

IPSEC VPN

L2 VPN

More Edge services and configurations

Adding a sub-interface

Force sync NSX Edge with NSX Manager

Configuring remote syslog servers

Redeploying an NSX Edge

Summary

Service Composer

Service Composer

Security groups

Security policies

Security group and security policy mapping

Network extensibility

Summary

Monitoring

Endpoint Monitoring

Flow monitoring

Traceflow

Summary

Managing NSX

NSX Manager settings

Date and time settings

Syslog servers

DNS servers

Technical support logs

SSL certificates

Backup and restore

NSX Manager backup

NSX Manager domain registration

Configuring SNMP traps

Controller cluster operations

Summary

Conclusion

Preface

Networking is one of the most important and critical components of any IT architecture. Architects always want to lay the foundation and solve networking before compute and storage is looked at. This is why I have always felt the need to understand networking better and understand how things work.

Network virtualization technology gave me a behind the scenes, hands-on look at how networking works and the concepts that made it happen. The ability to deploy virtual appliances such as switches, load balancers, and routers and examine their functionality was very appealing. The pace at which I learned network virtualization gave me the confidence to grow in a field that I thought I lacked significant knowledge in. Throughout my journey, I understood that network virtualization not only made me think like a network engineer but also made me apply networking concepts very creatively to a virtualized environment, and this made it all the more appealing. What was complex before now became extremely simple.

The journey started in 2015 when I went around presenting at multiple VMUG UserCon sessions all around the country. My presentation was Getting started with VMware NSX - basics and best practices. My aim here was not to talk about what NSX can do but to talk about how easy it was to get started and to squash some common misconceptions about NSX. I wasn't sure if this was a topic worth talking about and wasn't expecting a large crowd. My time slot to present was right after lunch, which wasn't very appealing.

I was quickly proved wrong. In each and every city I presented, all of my sessions were completely full. People were eager to see how to get started with NSX and in fact, preferred this presentation over any NSX presentations happening at the same conference. This is when the first edition of Learning VMware NSX was born. Following the tremendous reception and feedback, we decided to have this second edition to ensure continuity and address changes in the network virtualization technology.

The aim of the book is to connect to that day-to-day administrator and that network engineer and make it easy for them to understand NSX. The book explains the basics and covers the deployment of various features of network virtualization in simple, clear language and with screenshots to allow you to visualize the workflow as you read.

I hope you enjoy working with this second of edition Learning VMware NSX, and that it helps you learn how to use and understand NSX and network virtualization. We are constantly looking for feedback and advice, so feel free to reach out to us by all means necessary.

What this book covers

Chapter 1, Introduction to Network Virtualization, gets you started with an introduction to network virtualization and an overview of its concepts.

Chapter 2, NSX Core Concepts, talks about all the different components of NSX and how they work together.

Chapter 3, NSX Installation and Configuration, covers deploying and configuring NSX.

Chapter 4, NSX Functional Services, discusses the deployment and configuration of different NSX services such as logical switching, L2 bridging, and Edge gateway services.

Chapter 5, Edge Services Gateway, goes deeper into the services offered by Edge gateway and looks at deploying and configuring them.

Chapter 6, Service Composer, discusses different NSX security policies, because one of the most important capabilities of NSX is its security features.

Chapter 7, Monitoring, looks at enabling the monitoring of our environment using NSX.

Chapter 8, Managing NSX, talks about NSX administrative tasks such as backup and restore along with NSX manager settings.

Chapter 9, Conclusion, concludes the second edition of the Learning VMware NSX series and provides additional reference links and author contact information.

What you need for this book

Although you can dive right into this book, I recommend setting up a modest home lab of three servers running VMware ESXi and vCenter. You are also encouraged to spend time exploring the hands-on labs offered for free by VMware. The specific NSX labs that will help you greatly are HOL-1703- SDC-1 and HOL-1703- USE-2. The labs help you get started with NSX without having to worry about the intricacies of having to set it up.

You can get to hands-on labs by visiting http://labs.hol.vmware.com and searching for the two labs I mentioned previously.

Who this book is for

The book is for anyone who is interested in learning more about software-defined network virtualization tools. System administrators, network administrators, solution engineers, sales engineers, and solution architects are some of those who will find this book very educational.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Log in to the NSX manager with the username admin and the password that was set during deployment time."

A block of code is set as follows:

acl is_foo hdr_dom(host) -i fooacl is_bar hdr_dom(host) -i baruse_backend pool_1 if is_foouse_backend pool_2 if is_bar

Any command-line input or output is written as follows:

[root@host:~] esxcli softwarev vib list | grep esx

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "You will see the Deploy OVF Template screen."

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply email [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/LearningVMwareNSXSecondEdition_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Introduction to Network Virtualization

This chapter begins with a brief introduction to network virtualization, followed by an overview of its concepts. We then introduce VMware's NSX-V network virtualization solution that allows you to deploy and manage your own software-defined networking stack. We will go over all the features and services of NSX, followed by its configuration maximums. By the end of this chapter, you will have a thorough understanding of the concepts of network virtualization, and NSX-V as a network virtualization solution.

In this chapter, we will cover:

Introducing network virtualization

Concepts of network virtualization

Introducing the NSX-V network virtualization platform

NSX features and services

NSX configuration maximums

Summary

Introducing network virtualization

Today's datacenter demands are a paradigm shift from what they were a decade ago. As the cloud consumption model is being rapidly adopted across the industry, the need for on-demand provisioning of compute, storage, and networking resources is greater than ever. One of the biggest contributing factors to enable the cloud consumption model is server virtualization.

Server virtualization has enabled fast consumption of compute resources along with add-on functionality and services. Snapshots, clones, and templates are all now easier than ever with server virtualization.

If you have worked in a datacenter, you would agree that networking is always challenging to work with. Once the networking design is established, any changes that need to be made are always challenging because of a lack of flexibility due to increasing complexity and demands on the environment. While compute and storage have rapidly improved in their speed of deployment and consumption, networking continues to remain a challenge in today's environments, where simple tasks such as creating a new VLAN are becoming increasingly complex and time consuming.

Network virtualization is the virtualization of network resources using software and networking hardware that enables faster provisioning and deployment of networking resources. Network virtualization lays the foundation for software-defined networking, which allows instant deployment of services to be offered to the consumers. Services such as Edge gateways, VPN, DHCP, DNS, and load balancers can be instantly provisioned and deployed because of the software aspect of network virtualization. The networking hardware allows for physical connectivity, while the software is where all the network logic resides allowing for a feature-rich network service offering.

Network virtualization allows for consumption of simplified logical networking devices and services that are completely abstracted from the complexities of the underlying physical network. Lastly, network virtualization is key for a software-defined data center (SDDC).

Concepts of network virtualization

Now that we have defined what network virtualization is about, let's go over some of the key concepts of network virtualization and software-defined networking:

Decoupling