- Describe VMware NSX Architecture
· Identify the components in a VMware NSX
stack
In
general components are:
NSX
Manager:
{Management Plane} Maps 1:1 With vCenter, centralized management plane,
management UI and API for NSX, installs VXLAN, DLR and DF kernel module+ UWA on
ESXi hosts
NSX
Controller:
{Control Plane} clustered odd deployment, [tables: ARP, MAC, VTEP, Routing] paxos
algorithm for master selection, “slicing”
NSX
Edge:
{Data Plane}
NSX
vSwitch:
{Data Plane}
UWA: SSL client that communicates with NSX
Controllers
Hypervisor kernel
modules* <->UWA<->NSX Controller
*(all except DFW, for
this case DFW->NSX Manager)
UWA ->Message Bus
Agent->NSX Manage
UWA aka netcpa daemon on ESXi
DF aka vsfwd daemon on ESXi
UWA aka netcpa daemon on ESXi
DF aka vsfwd daemon on ESXi
Check
this architecture reference if you want to see a picture of interaction and
more reading on NSX:
· Identify common physical network
topologies
Need
to ans (by yourself) WTF is an spine /leaf architecture
Leaf
switch or access switch: typically inside of rack and gives access to physical
servers to network. (ToR)
L2|L3
connectivity is not L2 and L3, which means that from rack point of view servers
get access to all networking, usings trunks for spanning VLANs from virtuanl
networking (Load Base Teaming or LACP for link aggregation)
Gateway
functionality and terminates respectively each VLAN: VXLAN tunnel, VMotion, Management.
Uses Routing protocol to connects to Spine switch, no trunking or shit like that is
allowed just OSPF, ISIS,BGP
Spine
switch or aggregation switch: typically gives connectivity between racks or
leaf switches (EoR)
It has only interfaces that connect to
leaf switches and ECMP can be use.
Spine/Leaf can be oversubscription:
“THE TOTAL AMOUNT OF BANDWIDTH AVAILBALE
TO ALL SERVERS CONNECTED TO A GIVEN LEAF SWITCH DIVIDED BY THE AGGREGATE AMOUNT
OF UPLINK BANDWIDTH PROVIDES THE OVERSUBSCRIPTION”
check
references for more information and samples founded over the Internet.
· Describe a basic VMware NSX topology
· Differentiate functional services
delivered by a VMware NSX stack
Switching .- Enabling extension of
a L2 segment / IP segment anywhere in the fabric irrespective of the physical
layer network design.
Routing
.- routing between IP subnets can be done in logical space without traffic
going out to the physical router (Remember Hairpinning?) This routing is performed in the hypervisor kernel with a minimal CPU / memory overhead.
Distribute
Firewall .- security enforcement is done at the
kernel and VNIC level itself (remember Goldilocks Zone??)
Logical
Load Balancing
. - Suport for L4-L7 load balancing with ability to do SSL
termination
VPN.-
SSL VPN services to enable L2 and L3 VPN series
Connectivity
to physical networks.- L2 and L3 Gateway functions are
supports within NSX-v to provide communication between workloads deployed in
logical and physical spaces.
next topic will be posted including some extra lectures and references as well, at the end will post the entire pdf since blog post looks like shit.
cya hogs!!
No hay comentarios:
Publicar un comentario