O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

VMware NSX Cookbook

Book Description

Network virtualization at your fingertips

About This Book

  • Over 70 practical recipes created by two VCIX-NV certified NSX experts
  • Explore best practices to deploy, operate, and upgrade VMware NSX for vSphere
  • Leverage NSX REST API using various tools from Python in VMware vRealize Orchestrator

Who This Book Is For

If you are a security and network administrator and looking to gain an intermediate level for network and security virtualization, then this book is for you. The reader should have a basic knowledge with VMware NSX.

What You Will Learn

  • Understand, install, and configure VMware NSX for vSphere solutions
  • Configure logical switching, routing, and Edge Services Gateway in VMware NSX for vSphere
  • Learn how to plan and upgrade VMware NSX for vSphere
  • Learn how to use built-in monitoring tools such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring
  • Learn how to leverage the NSX REST API for management and automation using various tools from Python to VMware vRealize Orchestrator

In Detail

This book begins with a brief introduction to VMware's NSX for vSphere Network Virtualization solutions and how to deploy and configure NSX components and features such as Logical Switching, Logical Routing, layer 2 bridging and the Edge Services Gateway. Moving on to security, the book shows you how to enable micro-segmentation through NSX Distributed Firewall and Identity Firewall and how to do service insertion via network and guest introspection. After covering all the feature configurations for single-site deployment, the focus then shifts to multi-site setups using Cross-vCenter NSX.

Next, the book covers management, backing up and restoring, upgrading, and monitoring using built-in NSX features such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring. Towards the end, you will explore how to leverage VMware NSX REST API using various tools from Python to VMware vRealize Orchestrator.

Style and approach

The book follows a practical, recipe-based approach and teaches readers how to leverage VMware NSX and implement these recipes directly into their enterprise.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. VMware NSX Cookbook
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Foreword
  5. Contributors
    1. About the authors
    2. About the reviewer
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Get in touch
      1. Reviews
  7. Getting Started with VMware NSX for vSphere
    1. Introduction
    2. Choosing the right VMware NSX for vSphere edition
      1. Getting ready
      2. How to do it...
      3. There's more...
        1. VMware NSX editions
        2. Evaluating VMware NSX 
        3. Support and Subscription (SnS)
        4. VMware vRealize Log Insight for NSX
        5. VMware NSX Monitoring Tools
      4. See also
    3. Selecting ESXi hosts and network adapters
      1. VXLAN Offload
      2. Receive Side Scaling
    4. Downloading NSX for vSphere
      1. Getting ready
      2. How to do it...
        1. Checking the Product Interoperability Matrix
        2. Downloading media via the VMware downloads website
        3. Downloading media via the VMware Software Manager
      3. See also
    5. Deploying the NSX Manager virtual appliance
      1. Getting ready
      2. How to do it...
    6. Replacing the NSX Manager certificate
      1. Certificate Signing Request
      2. How to do it...
        1. PKCS#12 certificate
      3. How to do it...
    7. Registering vCenter server with NSX Manager
      1. Getting ready
      2. How to do it...
        1. Registering the NSX Manager with the vCenter server
        2. Registering the NSX Manager with the PSC
      3. How it works...
      4. There's more...
    8. Applying the NSX license
      1. Getting ready
      2. How to do it...
    9. Deploying the NSX Controller Cluster
      1. Getting ready
      2. How to do it...
        1. Configuring an NSX IP pool
        2. NSX Controller Cluster deployment
          1. DRS Anti-Affinity Rules
          2. Configuring DRS Anti-Affinity Rules via PowerCLI
      3. There's more...
        1. Separate vCenter environment
        2. Controller password parameters
    10. Preparing a vSphere cluster for NSX
      1. Getting ready
      2. How to do it...
      3. How it works...
        1. Enabling NSX in a brownfield environment
    11. Validating NSX VIB installation
      1. Distributed Firewall communication
      2. Controller communication
      3. Getting ready
      4. How to do it...
        1. Manually checking VIB installation
        2. Checking NSX component communication
  8. Configuring VMware NSX Logical Switch Networks
    1. Introduction
      1. VMware NSX Logical Switch and VXLAN
      2. VMware NSX Transport Zone
      3. VMware NSX Replication Modes
      4. VMware NSX Controller Disconnected Operation Mode
    2. Configuring VXLAN Networking
      1. Getting ready
        1. IP address for VTEP VMkernel
        2. Using DHCP for an IP pool
        3. VDS teaming options for NSX
          1. Single VTEP with LACP
          2. Multi-VTEP with Route Based on Originating Port ID
      2. How to do it...
        1. Configuring VXLAN Networking
        2. Validating VXLAN and VTEP configuration
      3. How it works...
        1. Testing VXLAN VTEP VMkernel
      4. There's more...
      5. See also
    3. Configuring a VXLAN Segment ID
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Creating a NSX Transport Zone
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    5. Creating a NSX Logical Switch
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    6. Connecting a Virtual Machine to an NSX Logical Switch
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    7. Testing an NSX Logical Switch
      1. Getting ready
      2. How to do it...
        1. Ping
        2. Broadcast
      3. How it works...
      4. There's more...
      5. See also
    8. Enabling the Controller Disconnected Operation Mode on a Transport Zone
      1. Getting ready
      2. How to do it...
      3. How it works...
  9. Configuring VMware NSX Logical Routing
    1. Introduction
    2. Configuring the Distributed Logical Router
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. DLR CVM hardware requirements
        2. HA interface
    3. Configuring the Distributed Logical Router for dynamic routing
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. Route redistribution
        2. Forwarding versus protocol address
        3. Graceful restart
    4. Deploying and configuring the NSX ESG in HA mode
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    5. Understanding and configuring the NSX ESG for routing
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
  10. Configuring VMware NSX Layer 2 Bridging
    1. Introduction
      1. Software-Based Gateway Layer 2 Bridging
      2. Bridging and Routing
        1. Hardware VTEP Gateway
    2. Configuring Software-Based Gateway Layer 2 Bridging
      1. Getting ready
      2. How to do it...
        1. Configuring bridging
        2. Verifying Bridging Configuration
      3. How it works...
      4. There's more...
    3. Selecting a hardware VTEP gateway
      1. Getting ready
      2. How to do it...
      3. There's more...
      4. See also
    4. Integrating Hardware VTEP Gateway with VMware NSX
      1. Getting ready
      2. How to do it...
        1. Configuring the Replication Cluster
        2. Connecting a Hardware VTEP Gateway to an NSX Controller
        3. Adding a Hardware VTEP Gateway to NSX
      3. How it works...
      4. See also
    5. Extending VMware NSX Logical Switch to Hardware VTEP Gateway
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  11. Configuring VMware NSX Edge Services Gateway
    1. Introduction
    2. Configuring a DNS relay
      1. Getting ready
      2. How to do it...
      3. There's more...
    3. Configuring a DHCP server
      1. Getting ready
      2. How to do it...
      3. There's more...
    4. Configuring an Edge Firewall
      1. Getting ready
      2. How to do it...
      3. There's more...
    5. Configuring Network Address Translation
      1. Getting ready
      2. How to do it...
        1. Configuring an SNAT rule
        2. Configure a DNAT rule
      3. How it works...
      4. There's more...
    6. Configuring Load Balancing
      1. Getting ready
      2. How to do it...
        1. Deploying an NSX Edge Load Balancer
        2. Configuring an NSX Edge Load Balancer
        3. Verifying the NSX edge load balancer configuration
      3. How it works...
      4. There's more...
    7. Configuring IPSEC VPN
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Configuring SSL VPN
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    9. Configuring High Availability
      1. Getting ready
      2. How to do it...
      3. How it works...
  12. Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard
    1. Introduction
      1. DFW Topology and Policy
      2. See also
    2. Verifying NSX DFW component status
      1. Getting ready
      2. How to do it...
        1. Verifying Firewall Installation Status
        2. Verifying vShield Stateful Firewall (vsfwd) Status and Connection
      3. How it works...
      4. See also
    3. Configuring IP Discovery for Virtual Machines
      1. Getting ready
      2. How to do it...
      3. How it works...
        1. Verifying the Learnt IP address
    4. Working with SpoofGuard
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    5. Excluding Virtual Machines from DFW Protection
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    6. Configuring DFW Session Timeout
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Creating Security Policy Rules from the Firewall Table Menu
      1. Getting ready
      2. How to do it...
        1. Creating Firewall Sections
        2. Creating Firewall Rules
      3. How it works...
        1. DFW Rule ID and Logs
        2. DFW Saved Configurations
      4. See also
    8. Creating Security Policy Rules from the Service Composer menu
      1. Getting ready
      2. How to do it...
        1. Creating a Security Group using Static Inclusion
        2. Creating a Security Group using Dynamic Membership
        3. Creating a Security Group using Security Tag as the Dynamic Membership Criteria
        4. Creating a Security Policy
      3. How it works...
    9. Verifying DFW rules
      1. Getting ready
      2. How to do it...
        1. Using NSX Manager central CLI
        2. Using ESXi Host CLI
    10. Leveraging the DFW Applied To field
      1. Getting ready
      2. How to do it...
        1. Changing Firewall Default Applied To settings from the Firewall Table Menu
        2. Changing Service Composer Firewall Default Applied To Settings
      3. There's more...
      4. See also
    11. Deploying Network or Guest Introspection Services
      1. Getting ready
      2. How to do it...
        1. Registering Service Definition
        2. Deploying the Service VM
        3. Installing VMware Tools for Guest Introspection
      3. How it works...
        1. Blocking Non-IP Layer 2 Traffic
      4. There's more...
      5. See also
    12. Configuring the Identity Firewall
      1. Getting ready
      2. How to do it...
        1. Registering a Microsoft Active Directory Domain with NSX Manager
        2. Creating Security Rules using Active Directory Objects
      3. How it works...
      4. There's more...
  13. Configuring Cross-vCenter NSX
    1. Introduction
    2. Configuring Primary and Secondary NSX Manager(s)
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. Enhanced Linked Mode
        2. NSX Manager roles
        3. Universal Synchronization Service Management and Troubleshooting
    3. Creating a Universal Transport Zone and adding a vSphere cluster to the Universal Transport Zone
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Creating a Universal Logical Switch
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Creating a Universal Logical Router
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
        1. Deployment models
        2. Local Egress
    6. Adding a VM to a Universal Logical Switch
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Understanding and configuring the Universal Distributed Firewall
      1. Getting ready
      2. How to do it...
        1. Creating Universal IPSets
        2. Adding a web-tier-to-web-tier Universal Firewall Rule and Universal Section
        3. Adding a web-tier-to-app-tier Universal Firewall Rule
        4. Adding a app-tier-to-db-tier Universal Firewall Rule
      3. How it works...
      4. There's more...
  14. Backing up and Restoring VMware NSX Components
    1. Introduction
    2. Backing up NSX Manager
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Restoring NSX Manager
      1. Getting ready
      2. How to do it...
    4. Restoring NSX Controller Nodes
      1. Getting ready
      2. How to do it...
      3. There's more...
      4. See also
    5. Restoring a Logical Switch Backing Port Group
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Restoring NSX Edge
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    7. Exporting NSX DFW Rules configuration from the Firewall Menu
      1. Getting ready
      2. How to do it...
      3. There's more...
    8. Restoring NSX DFW Rules configuration from the Firewall Menu
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Exporting NSX Security Policy from the Service Composer Menu
      1. Getting ready
      2. How to do it...
    10. Restoring NSX Security Policy from the Service Composer Menu
      1. Getting ready
      2. How to do it...
  15. Managing User Accounts in VMware NSX
    1. Introduction
      1. NSX Manager virtual appliance user account
    2. Creating a service user account for vCenter server registration
      1. Getting ready
      2. How to do it...
        1. Creating a user account
        2. Adding an SSO user account as an SSO administrator
        3. Registering NSX Manager registration with the vCenter server
      3. How it works...
      4. There's more...
    3. Granting access to NSX
      1. Getting ready
      2. How to do it...
        1. Assigning a vCenter role to a user account
        2. Assigning an NSX role to a user account
      3. How it works...
    4. Creating and Managing CLI user accounts in NSX manager
      1. Getting ready
      2. How to do it...
        1. Entering configuration mode in the NSX Manager CLI
        2. Creating a CLI user account in the NSX Manager CLI
        3. Granting REST API access to a CLI user account
        4. Changing the enable password and CLI user account password
        5. Verifying and saving configuration in the NSX Manager CLI
        6. Clearing a VTY session
      3. How it works...
      4. There's more...
      5. See also
  16. Upgrading VMware NSX
    1. Introduction
    2. Preparing for VMware NSX upgrade
      1. Getting ready
      2. How to do it...
        1. Checking the VMware Product Interoperability Matrices
        2. Checking the VMware NSX upgrade path
        3. Checking for Third-Party Integrations Compatibility
        4. Reviewing VMware NSX for vSphere Release Notes and Upgrade Documents
        5. Reviewing deprecated and discontinued features
        6. Downloading VMware NSX upgrade bundles
      3. There's more...
    3. Verifying VMware NSX working state
      1. Getting ready
      2. How to do it...
        1. Verifying NSX Manager virtual appliance working state
        2. Verifying NSX components working state
        3. Verifying vSphere components
      3. There's more...
    4. Upgrading VMware NSX Manager
      1. Getting ready
      2. How to do it...
      3. There's more...
    5. Upgrading NSX controller node
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Upgrading VMware NSX Host Clusters
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    7. Upgrading VMware NSX Edge
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Upgrading Network and Security Service Deployments
      1. Getting ready
      2. How to do it...
      3. There's more...
  17. Managing and Monitoring VMware NSX Platform
    1. Introduction
      1. NSX Logs
        1. NSX Manager
        2. vCenter Server
        3. ESXi host
        4. NSX Edge Gateway VM
      2. Monitoring tools
        1. Flow Monitoring
        2. Application Rule Manager
        3. Endpoint Monitoring
      3. vRealize Log Insight for NSX
      4. vRealize Network Insight
    2. Monitoring NSX using NSX Dashboard
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    3. Configuring the NSX Components Syslog
      1. Getting ready
      2. How to do it...
        1. Configuring the NSX Manager syslog
        2. Configuring the NSX Controller Node Syslog
        3. Configuring the NSX Edge Log
      3. How it works...
      4. There's more...
    4. Configuring and viewing the NSX Distributed Firewall Log
      1. Getting ready
      2. How to do it...
        1. Configuring the NSX DFW logs
        2. Viewing the NSX DFW log from the ESXi host console
      3. How it works...
    5. Configuring vRealize Log Insight for NSX
      1. Getting ready
      2. How to do it...
        1. Installing VMware NSX for the vSphere Content Pack
        2. Navigating the NSX Content Pack Dashboards
        3. Filtering DFW rules from the interactive analytics menu
      3. How it works...
    6. Enabling NSX Flow Monitoring
      1. Getting ready
      2. How to do it...
        1. Enabling Flow Monitoring collection
        2. Enabling and exporting Flow Monitoring collection
      3. How it works...
    7. Using Application Rule Manager
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    8. Using NSX Endpoint Monitoring
      1. Getting ready
      2. How to do it...
        1. Verifying the prerequisites for endpoint monitoring
        2. Starting endpoint monitoring data collection
      3. How it works...
  18. Leveraging the VMware NSX REST API for Management and Automation
    1. Introduction
      1. vCenter-Managed Object Reference ID (MoRef ID)
    2. Using the REST API with the Postman REST client
      1. Getting ready
      2. How to do it...
        1. Requesting the HTTP GET REST API via Postman
        2. Requesting the HTTP POST REST API via Postman
      3. How it works...
    3. Using the REST API with cURL
      1. Getting ready
      2. How to do it...
        1. Requesting the HTTP GET REST API via cURL
        2. Requesting the HTTP POST REST API via cURL
      3. How it works...
        1. Generating a cURL script from Postman
      4. There's more...
    4. Using the REST API with PowerShell
      1. Getting ready
      2. How to do it...
        1. Requesting the HTTP GET REST API via PowerShell
        2. Requesting the HTTP POST REST API via PowerShell
      3. How it works...
      4. There's more...
    5. Using the REST API with Python
      1. Getting ready
      2. How to do it...
        1. Requesting the HTTP GET REST API via Python
        2. Requesting the HTTP POST REST API via Python
      3. How it works...
      4. There's more...
    6. Using the vRealize Orchestrator plugin for NSX
      1. Getting ready
      2. How to do it...
        1. Checking the VMware Product Interoperability Matrices
        2. Downloading the vRO plugin for NSX
        3. Installing the vRO plugin for NSX
        4. Running an NSX-vRO workflow
      3. How it works...
      4. There's more...
      5. See also
  19. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think