Posts

Showing posts from 2021

VXLAN versus GENEVE (NSX-V vs. NSX-T)

Image
  August 14th, 2021 With the ramp-up of NSX-T overlay networks and transition away from NSX-V overlay networks, it's a good time to look at one of the fundamental differences between them. NSX-V uses VXLAN as its encapsulation protocol while NSX-T uses the more recent GENEVE encapsulation protocol. Each require the physical networking devices have their MTU adjusted to 1600 bytes or greater. We'll take a detailed look at why that is. First, the basics: VXLAN is: short for Virtual eXtensible Local Area Network Is defined in rfc 7348 - https://datatracker.ietf.org/doc/html/rfc7348 Uses UDP port 4789 8 byte header GENEVE is: short for Generic Network Virtualization Encapsulation Is defined in rfc 8926 -  https://datatracker.ietf.org/doc/html/rfc8926 Uses UDP port 6081 16 byte header From the prospective of the physical network, an overlay network is essentially an application. NSX-T is an application using well known UDP port 6081. Switching perspectives to the overlay's...

"Twice NAT" with NSX-T T0 Gateway

Image
  Network address translation, or more commonly NAT, is most often used to do source NAT or destination NAT. In rare instances, SNAT or DNAT isn't enough to get ip packets to their destination. Enter twice nat. While twice NAT isn't a function I've needed often, it was a function drilled into me while studying for various Cisco exams. I used to watch Christian Matei explain it over at INE and it really helped me to understand what twice NAT is and how to configure it on Cisco devices. Previous to my time working with NSX-T, I'd only utilized twice NAT once. A few years back, a customer wanted to build and IPsec tunnel from the organization HQ to a branch office. The private ip space used by HQ and the branch used overlapping ip space. We used twice NAT to NAT the source and destination ip address in a single NAT rule ( similar to this guy ) before shoving it all into an IPsec tunnel. Previous to working with NSX, circumstances requiring twice NAT were uncommon.  While w...

NSX-V Load Balancer: Inline vs One-arm

Image
  NSX-V Load Balancer: Inline vs One-arm In this post I am going to talk about the NSX-V load balancer. In particular, I wanted to talk about the difference between inline and one-arm architecture versus inline and one-arm configuration. I chose to blog about this because it seems to confuse many of my customers. I also found it quite confusing at first since the documentation doesn't provide enough detail to build an intuition on how the architecture and configuration work together to make a functioning load balancer. However, the NSX documentation is a good starting point. NSX-V's Administration Guide on page 315 explains the basics about the load balancer: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/nsx_64_admin.pdf This time around I decided to demonstrate how one-arm load balancer configuration and one-arm architecture differ, as well as inline configuration and inline architecture differ. Click this link below for my youtube video. Loadbalancer...