Introduction xvii Chapter 1 Abstracting Network and Security 1 Networks: 1990s 1 Colocation 2 Workload-to-Server Ratio 3 Inefficient Resource Allocation 3 The Long Road to Provisioning 3 Data Centers Come of Age 4 Data Center Workloads 4 Workloads Won''t Stay Put 5 VMware 6 Virtualization 6 What is Happening in There? 6 Portability 8 Virtualize Away 8 Extending Virtualization to Storage 9 Virtual Networking and Security 9 NSX to the Rescue 10 The Bottom Line 13 Chapter 2 NSX Architecture and Requirements 15 NSX Network Virtualization 16 Planes of Operation 16 NSX Manager Role and Function 18 ESXi Hosts 19 vCenter Server 20 vSphere Distributed Switch 21 NSX VIBs 23 Competitive Advantage: IOChain 24 IOChain Security Features 24 NSX Controllers 25 NSX Controller Clustering 26 NSX Controller Roles 26 NSX Edge 28 ESG Sizing 30 NSX Role-Based Access Control 30 Overlay and Underlay Networks 32 Replication Modes for Traffic Going to Multiple Destinations 34 The Bottom Line 36 Chapter 3 Preparing NSX 39 NSX Manager Prerequisites 39 Open Ports and Name Resolution 40 Minimum Resource Requirements for NSX Data Center Appliances 40 vSphere HA and DRS 41 IP Addressing and Port Groups 43 Installing the Client Integration Plug-in 44 Installing NSX Manager 44 Associating NSX Manager to vCenter 46 Adding AD/LDAP to NSX 47 Linking Multiple NSX Managers Together (Cross- vCenter NSX) 51 Multi-site Consistency with Universal Components 51 Primary and Secondary NSX Managers 53 Preparing ESXi Clusters for NSX 54 Creating a Universal Transport Zone on the Primary NSX Manager 56 vSphere Distributed Switches Membership 57 Adding Secondary NSX Managers 58 The Bottom Line 59 Chapter 4 Distributed Logical Switch 61 vSphere Standard Switch (vSS) 62 Traffic Shaping 63 Understanding Port Groups 64 NIC Teaming 65 Ensuring Security 66 Virtual Distributed Switch (vDS) 67 Virtual eXtensible LANs (VXLANs) 68 Employing Logical Switches 71 Three Tables That Store VNI Information 73 Collecting VNI Information 74 Centralized MAC Table 75 VTEP Table 76 We Might as Well Talk about ARP Now 79 Filling In the L2 and L3 Headers 79 Switch Security Module 81 Understanding Broadcast, Unknown Unicast, and Multicast 83 Layer 2 Flooding 83 Replication Modes 83 Deploying Logical Switches 84 Creating a Logical Switch 85 The Bottom Line 85 Chapter 5 Marrying VLANs and VXLANs 87 Shotgun Wedding: Layer 2 Bridge 87 Architecture 88 Challenges 89 Deployment 90 Under the Hood 102 Layer 2 VPN 102 NSX Native L2 Bridging 103 Hardware Switches to the Rescue 103 Hardware VTEPs 103 Deployment 104 Under the Hood 104 The Bottom Line 105 Chapter 6 Distributed Logical Router 107 Distributed Logical Router (DLR) 107 Control Plane Smarts 108 Logical Router Control Virtual Machine 108 Understanding DLR Efficiency 111 Another Concept to Consider 115 Let''s Get Smart about Routing 117 OSPF 119 Border Gateway Protocol (BGP) 120 Oh Yeah, Statics Too 123 Deploying Distributed Logical Routers 125 The Bottom Line 134 Chapter 7 NFV: Routing with NSX Edges 137 Network Function Virtualization: NSX Has It Too 137 This is Nice: Edge HA A 138 Adding HA 139 Let''s Do Routing Like We Always Do 140 Deploying the Edge Services Gateway 144 Configuring BGP 151 Configuring OSPF 154 Configuring Static Routes 155 Routing with the DLR and ESG 156 Using CLI Commands 156 Default Behaviors to Be Aware Of 157 Equal Cost Multi-Path Routing157 The Bottom Line 160 Chapter 8 More NVF: NSX Edge Services Gateway 163 ESG Network Placement 163 Network Address Translation 164 Configuring Source NAT 166 Configuring Destination NAT 166 Configuring SNAT on the ESG 167 Configuring DNAT on the ESG 169 ESG Load Balancer 171 Configuring an ESG Load Balancer 173 Layer 2 VPN (If You Must) 178 Secure Sockets Layer Virtual Private Network 179 Split Tunneling 180 Configuring SSL VPN 180 Internet Protocol Security VPN 187 Understanding NAT Traversal 188 Configuring IPsec Site-to-Site VPN with the ESG 188 Round Up of Other Services 190 DHCP Service 191 Configuring the ESG as a DHCP Server 192 DHCP Relay 194 Configuring the DLR for DHCP Relay 196 DNS Relay 198 Configuring DNS Relay on the ESG 199 The Bottom Line 200 Chapter 9 NSX Security, the Money Maker 203 Traditional Router ACL Firewall 203 I Told You about the IOChain 204 Slot 2: Distributed Firewall 206 Under the Hood 207 Adding DFW Rules 210 Segregating Firewall Rules 214 IP Discovery 215 Gratuitous ARP Used in ARP Poisoning Attacks 216 Why is My Traffic Getting Blocked? 218 Great, Now It''s Being Allowed 219 Identity Firewall: Rules Based on Who Logs In 220 Distributing Firewall Rules to Each ESXi Host: What''s Happening? 220 The Bottom Line 222 Chapter 10 Service Composer and Third-Party Appliances 223 Security Groups 224 Dynamic Inclusion 225 Static Inclusion 226 Static Exclusion 226 Defining a Security Group through Static Inclusion 227 Defining a Security Group through Dynamic Inclusion 229 Customizing a Security Group with Static Exclusion 231 Defining a Security Group Using Security Tags 231 Adding to DFW Rules 233 Service Insertion 236 IOChain, the Gift that Keeps on Giving 236 Layer 7 Stuff: Network Introspection 236 Guest Introspection 237 Service Insertion Providers 238 Security Policies 239 Creating Policies 239 Enforcing Policies 243 The Bottom Line 245 Chapter 11 vRealize Automation and REST APIs 247 vRealize Automation Features 247 vRA Editions 249 Integrating vRA and NSX 250 vRealize Automation Endpoints 250 Associating NSX Manager with vRealize Automation 252 Network Profiles 253 vRA External, Routed, and NAT Network Profiles 255 Reservations 258 vRealize Orchestrator Workflows 261 Creating a Blueprint for One Machine261 Adding NSX Workflow to a Blueprint 264 Creating a Request Service in the vRA Catalog 265 Configuring an Entitlement 268 Deploying a Blueprint that Consumes NSX Services 271 REST APIs 273 NSX REST API GET Request 275 NSX REST API POST Request 275 NSX REST API DELETE Request 276 The Bottom Line 277 Appendix The Bottom Line 279 Chapter 1: Abstracting Network and Security 279 Chapter 2: NSX Architecture and Requirements 280 Chapter 3: Preparing NSX 280 Chapter 4: Distributed Logical Switch 281 Chapter 5: Marrying VLANs and VXLANs 283 Chapter 6: Distributed Logical Router 284 Chapter 7: NFV: Routing with NSX Edges 286 Chapter 8: More NVF: NSX Edge Services Gateway 287 Chapter 9: NSX Security, the Money Maker 289 Chapter 10: Service Composer and Third-Party Appliances 290 Chapter 11: vRealize Automation and REST APIs 291 Index 293.
Mastering VMware NSX for VSphere