The VMware NSX Edge Services Gateway (ESG) is a virtual machine appliance which functions as a gateway and services appliance within the NSX platform. This video focuses on the routing capabilities of the ESG, as well as its interactions with the NSX Distributed Logical Router (DLR). The ESG is commonly used as a routing gateway at the boundary of an NSX environment, also known as a North – South gateway. Like the DLR, the ESG supports dynamic routing protocols in OSPF and BGP, as well as route redistribution. To provide additional architectural flexibility, up to 8 ESGs may peer with a single DLR in an Equal Cost Multi-Path (ECMP) configuration in order to maximize available bandwidth.
The Distributed Logical Router (DLR) in the VMware NSX platform provides an optimized and scalable way of handling East – West traffic within a data center. East – West traffic is the communication between workloads residing within the same data center, which is only increasing in modern data centers. In order to route between segments, traffic must be forwarded to a routing device, rather than directly to its destination. This non-optimal traffic flow is generally referred to as “hair pinning”.
The DLR component of the NSX platform prevents the “hair-pinning” by introducing an East – West routing element within the hypervisor kernel. Each host has a routing kernel module can perform routing between the segments its hosted virtual machines are connected to. The DLR is capable of advertising those connected networks to other routing devices by way of the OSPF and BGP dynamic routing protocols
Not all virtual networks are going to be connected to the physical world in the same way; some VXLAN logical switches may need to be directly layer 2 adjacent to an existing VLAN backed network, or need to reach a gateway or service interface that resides on a physically defined VLAN. These are some reasons VLAN to VXLAN bridge(s) may need to be implemented within VMware NSX. This is most common in the case of a migration effort to, or if a layer 2 domain containing workloads attached to both VXLAN and VLAN backed networks required.
The VMware NSX Distributed Firewall is unique in the market for its ability to operate at the vNIC level, in kernel in the hypervisor – giving you control you’ve never had before.
Why virtualized environments will ultimately incorporate network virtualization; why networking and security go hand in hand; and how organizations can get started TODAY on the journey with security components.
This is the fifth and last video of a series of 5 demos that show how the NSX Security Model works through several use cases. Don’t just believe what you see, try it yourself for free with VMware Hands-On-Labs (see below):
This is the fourth of a series of 5 demos that show how the NSX Security Model works through several use cases. Don’t just believe what you see, try it yourself for free with VMware Hands-On-Labs (see below):
Across industries, the race is on to digital transformation. It’s all about business innovation and redefinition. The transformations are huge: Tesla isn’t just a car manufacturer; it’s a software business that makes cars. CITI is a software business that makes loans. GE is a software business that makes industrial equipment.
Register for this VMworld 2016 session to learn about the future of VMware NSX.
Like most of the customers we talk with, your business is also going through a transformation. Lots of change. Lots of disruption. Lots of innovation. More apps, representing more services and new business models. More lines of business empowered to make decisions about the IT they’ll use to take their innovations to market. And there’s no doubt that a huge enabler of all of this has been the cloud.
Consider what some of the leading industry pundits are predicting:
- By 2019, the majority of virtual machines (VMs) will be delivered by IaaS providers.
- By 2019, more than 30% of the 100 largest vendors’ new software investments will have shifted from cloud-first to cloud-only.
- By 2020, a corporate “no-cloud” policy will be as rare as a “no-internet” policy is today
- By 2020, 50% of applications running in public cloud environments will be considered mission-critical by the organizations using them (Gartner)
Through all of this, networking is undergoing fundamental change. It’s evolving to support both traditional and 3rd Platform architectures. It’s expanding and becoming more agile and flexible to support tomorrow’s application infrastructures spanning different hypervisors and containers, and living partly on-premises and partly across multiple public clouds.
At the heart of all of this change is VMware NSX. When you consider that just three years ago, VMware NSX did not even exist as a product, it is amazing to see the sheer number of production customers across every market segment and every region across the world.
At VMworld 2016, in Session NET9989-S, join VMware Chief Technology Strategy Officer Guido Appenzeller for a preview into what lies ahead for VMware NSX and network virtualization.
Created by Humair Ahmed on Jul 22, 2016 1:36 PM. Last modified by Humair Ahmed on Jul 25, 2016 2:19 PM.
This design guide is in initial draft status and feedback is welcome for next updated version release.
Please send feedback to email@example.com.
The goal of this design guide is to outline several NSX solutions available for multi-site data center connectivity before digging deeper into the details of the Cross-VC NSX multi-site solution. Learn how Cross-VC NSX enables logical networking and security across multiple vCenter domains/sites and how it provides enhanced solutions for specific use cases. No longer is logical networking and security constrained to a single vCenter domain. Cross-VC NSX use cases, architecture, functionality, deployment models, design, and failure/recovery scenarios are discussed in detail.
This document is targeted toward virtualization and network architects interested in deploying VMware® NSX Network virtualization solution in a vSphere environment.
The design guide addresses the following topics:
- Why Multi-site?
- Traditional Multi-site Challenges
- Why VMware NSX for Multi-site Data Center Solutions
- NSX Multi-site Solution
- Use Cases
- Architecture and Functionality
- Deployment Models
- Design Guidance
- Failure/Recovery scenarios
Cross VC NSX Overview
VMware NSX provides network virtualization technology that decouples the networking services from the underlying physical infrastructure. By replicating traditional networking hardware constructs and moving the network intelligence to software, logical networks can be created efficiently over any basic IP network transport. The software based approach to networking provides the same benefits to the network as server virtualization provided for compute.
Pre-NSX 6.2, although NSX provides the flexibility, agility, efficiency and other benefits of network virtualization, the logical networking and security was constrained to the boundaries of one vCenter domain.
Although it was possible to use NSX with one vCenter domain and stretch logical networking security across sites, the benefits of network virtualization with NSX was still limited to one vCenter domain. Figure 17 below shows multiple vCenter domains which happen to also be at different sites all requiring separate NSX controllers and having isolated logical networking and security.
Thanks to all the contributors and reviewers of this document.
This will also soon be posted on our NSX Technical Resources website (link below):
Feedback and Comments to the Authors and the NSX Solution Team are highly appreciated.
– The VMware NSX Solution Team
Download Multi-site Options and Cross-VC NSX Design Guide.pdf (15.5 MB).
This is the third of a series of 5 demos that show how the NSX Security Model works through several use cases. Don’t just believe what you see, try it yourself for free with VMware Hands-On-Labs (see below):