VMware NSX networking: What you need to know before investing
A comprehensive collection of articles, videos and more, hand-picked by our editors
This summer VMware unveiled NSX 6.1, the first major update of its network virtualization platform.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The release seemed minor compared to the initial launch of NSX for vSphere in 2013, but it introduced important security, high availability and management features for public and hybrid cloud deployments.
Here are five VMware NSX 6.1 enhancements worth noting:
DHCP Relay: One of the major improvements in NSX 6.1 is the introduction of DHCP Relay, which helps you integrate existing DHCP servers into your virtual environment. DHCP Relay allows virtual machines (VMs) to obtain IP addresses and provides management of external DHCP servers. This ensures consistent IP addressing polices across data centers. You can configure the Distributed Logical Routers to forward DHCP requests generated by the VMs to external DHCP Servers, which allows for control of external DHCP servers from the Distributed Logical Routers. VMware has not documented the exact number of DHCP servers you can configure, but you can have several per logical router port.
Load balancing: NSX has supported load balancing for both Layer 4 (network) and Layer 7 (application) traffic since the initial release. In previous versions, NSX provided load balancing of the TCP traffic at Layer 4 and TCP, HTTP and HTTPS traffic at Layer 7. Now the load balancer configured at NSX Edge also supports load balancing of UDP traffic at Layer 4 and FTP traffic at Layer 7. VMware is also partnering with F5 to allow customers to use F5 load balancers in place of NSX load balancers. A third-party load balancer can be injected easily through NSX Edge.
Equal-Cost Multi-Path (ECMP) support: ECMP chooses the best possible path to a single destination as part of the packet-forwarding process. NSX 6.1 enables ECMP between the Distributed Logical Router and the NSX Edge, as well as from the NSX Edge to physical networking devices. ECMP provides a highly available environment for NSX Edge gateways and Distributed Logical Routers by enabling a high-bandwidth connection to the physical networks. It also helps in achieving the active-active configuration for NSX Edge. Existing NSX Edge environments can also be scaled out easily. Whichever the routing protocol, ECMP provides the ability to use all bandwidth on all the uplinks, and also load balance the traffic across the NSX Edge gateways.
Layer 2 VPN enhancements: NSX Edge already included a number of VPN services, but in the original version, it was not possible to configure an L2 VPN tunnel for an environment without an NSX Edge gateway. Since VMware’s primary focus has been to develop NSX further for cloud hosting providers, NSX 6.1 brings the new enhancements to the Layer 2 VPN. With NSX 6.1, you can connect non-NSX-enabled data centers, which help with easy migration of enterprise workloads to a shared IaaS cloud, and also enables hybrid cloud deployments.
Micro-segmentation and firewall enhancements: Micro-segmentation has been a major selling point for VMware NSX. Micro-segmentation provides security policies or basic firewalling rules at the vNIC level. Before any packets are forwarded from the virtual machines, the packets are checked by the firewall configured at the vNIC level. This firewall provides the granular control over the network traffic. Apart from configuring complex firewall rules, NSX firewalls also provide the ability to configure the reject actions. NSX 6.1 firewalls now provide firewall logs, advanced firewall rules and monitoring of CPU and memory as key features. Rules can also be configured to notify admins if CPU and memory thresholds are reached and require reconfiguration.
Apart from providing advanced firewall rules, there are other management features that have been introduced. One is a single console that manages security policy rules for distributed firewalls and NSX Edge. NSX 6.1 is also closely integrated with vCloud Automation Center. When self-service applications are connected to the NSX logical networks, security policies are enforced and applied automatically to protect them. This helps in both isolation and protection of the applications.
What do you need for a VMware NSX upgrade?
Upgrading to NSX 6.1 is very straight-forward. The basics, such as memory, disk space, hardware for installing various NSX components, have not been changed. If you have vSphere running in your environment, you need to upgrade to vSphere 5.5 before NSX 6.1 can be deployed. The NSX Manager takes care of upgrading the required components automatically, so there is nothing much to change in that part of the environment.
About the author:
Nirmal is an MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in directory services, failover clusters, Hyper-V, System Center, Windows Azure and Exchange Servers and has been involved with Microsoft Technologies since 1994.
Learn the inner-workings of VMware NSX
Pop Quiz: What do you really know about VMware NSX?
VMware NSX vs. Hyper-V networking