Home

NSX BGP Filters

In NSX BGP filters work like access lists for route advertisements (prefixes). The NSX BGP filters are prefix lists which work very similarly to firewall access lists. A prefix list contains one or more ordered entries which are processed sequentially. For each prefix entry you can specify inbound or outbound filters to allow certain routes to be advertised to or from the Edge Services Gateway/Distributed Logical Router.
For example you to want to prevent a route for 10.0.0.0/24 from being advertised in BGP from the NSX Edge Services Gateway.


Testing MAC Learning in the NSX L2 Bridge

One of our customers is preparing to migrate Virtual Machines from VLAN to VXLAN with the NSX L2 Bridge and asked me how to test the L2 Bridge and get confirmation that it is actually configured correctly and operational. All commands in this blog post are from the NSX Troubleshooting Documentation.

We can test if a bridge is functional by issuing a command on the NSX Manager.


On-boarding existing workloads and tenants to VMware NSX

In this blog post I would like to share some information regarding possibilities of on-boarding existing workloads or tenants in new or current VMware NSX deployments.

VMware NSX deployment projects I’ve been involved in mostly are designed and deployed in a greenfield environment where a customer has invested in hardware and software to run their new Cloud environment on. From this point forward new workloads and deployments are aimed to run on that infrastructure and the current (brownfield) environment has to be migrated or will be shut down in a certain amount of time. Migrating applications to NSX and securing them with means of NSX Micro-Segmentation involves obviously good knowledge of your application. In other words: Which Virtual Machines talks to each other, and over which protocols and ports? The more information you’ve got about those applications the better you are able to secure them. A tool like vRealize Network Insight can help a great deal here, but that’s a topic on each own. Another solution would be to have applications isolated with NSX Distributed Firewall allow rules with logging enabled. If you have a solution like Log Insight, you would then see all that traffic logged which includes the protocol communications between source and destination.

Figure 1: Micro-segmentation for a 3-tier application

Segmentation of a 3-tier App


VMware NSX and BGP Design and Configuration

Introduction

In this blog post I would like to share how BGP is configured on VMware NSX to automatically update routing information with the physical network.

Design

Recently I was involved in a project where we used BGP to peer the NSX environment with the physical network. The design we did was challenging because of scale. The NSX environment we deployed meant for a multi-tenant Cloud platform scaled for several hundreds of tenants.


How to create a Docker Cluster with Swarm on VMware Photon

Introduction

In this post I would like to share how to create a Docker Cluster with Swarm on the new VMware Project Photon.

Project Photon is an open source Linux container host which is optimized for running on VMware vSphere. It has a very small footprint, is extensible and supports the most common container formats including Docker, Rocket and Garden. You can find more information about Photon at the VMware GitHub site.


Page 1 of 212