What’s New in VCF 9 (with NSX) VMware Cloud Foundation (VCF) 9 introduces a series of impactful enhancements for network virtualization, with NSX taking center stage. This release brings higher scalability, smarter automation, and simplified operations that matter to network engineers, virtualization admins, and architects in on-premises environments. Key advancements: Summary:VCF 9 with NSX offers … Read more
Table of Contents 1. Introduction In today’s enterprise, agility and segmentation must be delivered at scale. Security teams need granular, context-aware controls that work across clouds, datacenters, and tenants, while network operations demand rapid onboarding and change management. Tag-based security in NSX-T is the solution, enabling scalable, policy-driven segmentation that moves as fast as your … Read more
Table of Contents Overview VMware NSX-T 4.x redefines data center networking. To secure, monitor, and automate at scale, engineers must understand the distinct paths of east-west (internal) and north-south (datacenter ingress/egress) traffic. This article delivers deep technical detail, production-proven advice, and fully-importable network diagrams—plus PowerShell and Python code for live traffic tracing. East-West vs. North-South: … Read more
Table of Contents For more NSX-T Content: https://digitalthoughtdisruption.com/category/nsx-t Executive Summary Robust NSX-T edge clusters are the backbone of high-availability, high-performance software-defined networks. This blog covers everything from proper sizing and intelligent placement to modern, automated deployments and failover. All examples are for NSX 4.x on vSphere, diagrams, Ansible/Terraform code, and practical PowerShell for end-to-end automation. … Read more
Table of Contents 1. Introduction to Dynamic Routing in NSX-T Dynamic routing protocols allow NSX-T environments to adapt to network changes in real time. OSPF and BGP automate path selection, improve failover, and support hybrid data centers. NSX-T 4.x supports: NSX-T uses the Tier-0 and Tier-1 Gateway model. Dynamic routing is typically configured on Tier-0 … Read more
Introduction VMware NSX-T has evolved significantly from 3.2.x to the robust 4.x series. For on-premises data center environments, staying current is critical for security, feature enablement, and long-term support. This guide provides a step-by-step deep dive into in-place upgrades from NSX-T 3.2.x to NSX-T 4.x, with a focus on production use cases and minimizing downtime. … Read more
Introduction Modern enterprise networks face relentless threats from ransomware, insider attacks, and increasingly sophisticated breaches. With the shift to hybrid and multi-cloud architectures, software-defined networking (SDN) platforms like VMware NSX-T are now critical for defense, detection, and rapid containment. Security war games, structured exercises using real-world attack and response scenarios, are the gold standard for … Read more
Introduction In the evolving landscape of hybrid IT, the fusion of Software-Defined Networking (SDN) with artificial intelligence (AI) is transforming how organizations enforce network policies and maintain compliance. Modern network architects and security admins are expected to manage distributed resources across Azure Local SDN and on-premises infrastructure, often under the weight of strict regulatory requirements. … Read more
Introduction In the evolving landscape of cloud security, network visibility is more critical than ever. As enterprises adopt hybrid and cloud-native architectures, understanding east-west and north-south traffic becomes essential for both operational insight and threat detection. In Microsoft Azure, Network Security Group (NSG) Flow Logs offer powerful telemetry by logging metadata about network traffic traversing … Read more
It is time to deploy a Stretched Tier-0 Gateway First we need to log into the Primary Global Manager Networking > Conenectivity > Segments ADD SEGMENT Name the Segment – I recommend putting something to indicate stretched uplink Choose the primary location and the primary VLAN Transport Zone Provide the VLAN ID and save No … Read more
To continue from where the previous article left off we will now import objects to the Global Managers Pre-Req: Check the status on all of your T0 GWs, T1 GWs, and segments Time to import Location 1’s Objects Log into your Primary Site NSX-T Global Manager System > Configuration > Location Manager Under your Primary … Read more
In this article I will cover creating an RTEP for Local 1 and Local 2 and validating the RTEP status. Creating the RTEP for Location 1 – Example Dallas System > Configuration > Location Manager > Locations > Location-1 LM (Dallas) > NETWORKING Click CONFIGURE on the RTEP cluster you’ve already created Select your edge … Read more
First lets create Tier-1 GW to provide connectivity between Location-1 and Location 2 (Dallas/FortWorth) through RTEP In your primary Global Manager go to Networking > Connectivity > Tier-1 Gateways Add Tier-1 GW Provide a name. I recommend putting something in the name to indicate this is a stretched T1 Keep failover to Non-Preemptive In Edges … Read more
A virtual routing and forwarding (VRF) gateway makes it possible for multiple instances of a routing table to exist within the same gateway at the same time. VRFs are the layer 3 equivalent of a VLAN. A VRF gateway must be linked to a tier-0 gateway. From the tier-0 gateway, the VRF gateway inherits the … Read more
In this article I will cover setting up your first two Global Managers and adding the local managers from your sites. Log into the newly deployed Global Manager System > Configuration > location Manager Make Active Provide the name of your Global Manager Confirm the GM is active SSH into the Global Manager Run the … Read more
Tier-1 Gateway (also known as Tier-1 Logical Router): provides default gateway services for VMs attached to segments. It connects to one tier-0 gateway for northbound connectivity and one or more overlay networks for southbound connectivity. Both types of gateways can include a distributed router (DR) and a service router (SR). Distributed routers are instantiated on … Read more
Tier-0 Gateway (also known as Tier-0 Logical Router): interfaces with the physical network and exchange routing information with external routers via static routing or eBGP. In active-standby mode, the gateway can also provide stateful services. The Tier-0 router performs gateway services between overlay and non-overlay hosts (for example, a physical server or the Internet router). … Read more
Once you have reached the welcome page you will have options For this example we will be deploying Tanzu on a vCF environment so click deploy under vSphere Next enter in your vCenter server name Username/password for your admin account Then click connect to confirm you can connect Deploy TKG Management Cluster Select your Data … Read more
A segment performs the functions of a logical switch. A segment gives tenant network administrators the logical equivalent of a physical Layer 2 switch, allowing them to connect a set of VMs to a common broadcast domain. A segment is a logical entity independent of the physical hypervisor infrastructure and spans many hypervisors, connecting VMs … Read more
NSX-T Edge nodes provide routing services and connectivity to networks that are external to the NSX-T deployment. NSX-T Edges are required for establishing external connectivity from the NSX-T domain, through a Tier-0 router over BGP or static routing. Additionally, you must deploy an NSX-T Edge for stateful services at either the Tier-0 or Tier-1 logical … Read more
