NSX-T

Table of Contents 1. Introduction to Dynamic Routing in NSX-T Dynamic routing protocols allow NSX-T environments to adapt to network changes in real time. OSPF and BGP automate path selection, improve failover, and support hybrid data centers. NSX-T 4.x supports: NSX-T uses the Tier-0 and Tier-1 Gateway model. Dynamic routing is typically configured on Tier-0 … Read more

Introduction VMware NSX-T has evolved significantly from 3.2.x to the robust 4.x series. For on-premises data center environments, staying current is critical for security, feature enablement, and long-term support. This guide provides a step-by-step deep dive into in-place upgrades from NSX-T 3.2.x to NSX-T 4.x, with a focus on production use cases and minimizing downtime. … Read more

Introduction Modern enterprise networks face relentless threats from ransomware, insider attacks, and increasingly sophisticated breaches. With the shift to hybrid and multi-cloud architectures, software-defined networking (SDN) platforms like VMware NSX-T are now critical for defense, detection, and rapid containment. Security war games, structured exercises using real-world attack and response scenarios, are the gold standard for … Read more

It is time to deploy a Stretched Tier-0 Gateway First we need to log into the Primary Global Manager Networking > Conenectivity > Segments ADD SEGMENT Name the Segment – I recommend putting something to indicate stretched uplink Choose the primary location and the primary VLAN Transport Zone Provide the VLAN ID and save No … Read more

To continue from where the previous article left off we will now import objects to the Global Managers Pre-Req: Check the status on all of your T0 GWs, T1 GWs, and segments  Time to import Location 1’s Objects Log into your Primary Site NSX-T Global Manager System > Configuration > Location Manager Under your Primary … Read more

In this article I will cover creating an RTEP for Local 1 and Local 2 and validating the RTEP status. Creating the RTEP for Location 1 – Example Dallas System > Configuration > Location Manager > Locations > Location-1 LM (Dallas) > NETWORKING Click CONFIGURE on the RTEP cluster you’ve already created Select your edge … Read more

First lets create Tier-1 GW to provide connectivity between Location-1 and Location 2 (Dallas/FortWorth) through RTEP In your primary Global Manager go to Networking > Connectivity > Tier-1 Gateways Add Tier-1 GW Provide a name.  I recommend putting something in the name to indicate this is a stretched T1 Keep failover to Non-Preemptive In Edges … Read more

A virtual routing and forwarding (VRF) gateway makes it possible for multiple instances of a routing table to exist within the same gateway at the same time. VRFs are the layer 3 equivalent of a VLAN. A VRF gateway must be linked to a tier-0 gateway. From the tier-0 gateway, the VRF gateway inherits the … Read more

In this article I will cover setting up your first two Global Managers and adding the local managers from your sites. Log into the newly deployed Global Manager System > Configuration > location Manager Make Active Provide the name of your Global Manager Confirm the GM is active SSH into the Global Manager Run the … Read more

Tier-1 Gateway (also known as Tier-1 Logical Router): provides default gateway services for VMs attached to segments. It connects to one tier-0 gateway for northbound connectivity and one or more overlay networks for southbound connectivity. Both types of gateways can include a distributed router (DR) and a service router (SR). Distributed routers are instantiated on … Read more

Tier-0 Gateway (also known as Tier-0 Logical Router): interfaces with the physical network and exchange routing information with external routers via static routing or eBGP. In active-standby mode, the gateway can also provide stateful services. The Tier-0 router performs gateway services between overlay and non-overlay hosts (for example, a physical server or the Internet router). … Read more

A segment performs the functions of a logical switch. A segment gives tenant network administrators the logical equivalent of a physical Layer 2 switch, allowing them to connect a set of VMs to a common broadcast domain. A segment is a logical entity independent of the physical hypervisor infrastructure and spans many hypervisors, connecting VMs … Read more

NSX-T Edge nodes provide routing services and connectivity to networks that are external to the NSX-T deployment. NSX-T Edges are required for establishing external connectivity from the NSX-T domain, through a Tier-0 router over BGP or static routing. Additionally, you must deploy an NSX-T Edge for stateful services at either the Tier-0 or Tier-1 logical … Read more

In this article I will cover creating Global Groups in NSX-T Federation.  Then we will create a policy and a rule to test web traffic in order to show that the new policy/rule applies at both site locations. Log into the Global Manager In the primary global manager go to Inventory > Groups Add Group … Read more

NSX-T-T now allows LDAP/AD as an alternative to using the VMware identity manager solution.  This is perfect for environments that only need to control authentication of the NSX-T environment. When integrating with Active Directory, NSX Manager allows users to log in using their samAccountName, or userPrincipalName. If the @domain portion of the userPrincipalName does not match the … Read more

FQDN Analysis allows administrators to gain insight into the type of websites accessed within the organization, and understand the reputation and risk of the accessed websites. How to configure: Security > North South Security > URL Analysis You need to enable the service which is disabled by default Highlight your edge and click enable Yes … Read more

A transport node is a node that is capable of participating in an NSX-T Data Center overlay or NSX-T Data Center VLAN networking. Any node can serve as a transport node if it contains an N-VDS. Such nodes include but are not limited to NSX Edges. How to Prepare ESXi Hosts System > Configuration > … Read more

The Tunnel endpoint (TEP) enables Transport nodes to participate in an NSX-T overlay. The NSX-T overlay deploys a Layer 2 network on top of an existing Layer 3 network fabric by encapsulating frames inside packets and transferring the packets over an underlying transport network. The underlying transport network can be another Layer 2 network, or … Read more

Whether part of a fresh installation or continue growth and expansion of an existing environment, transport zones will need to be created. Transport zones dictate which hosts and, therefore, which VMs can participate in the use of a particular network. A transport zone does this by limiting the hosts that can “see” a segment—and, therefore, … Read more