Introduction to Software Defined Network (SDN) · 8/10/20 2 Confidential │©2019 VMware, Inc. Agenda 3 • VMware Virtual Cloud Network and NSX Data Centre Architecture • NSX

8/10/20

1

Confidential │ ©2019 VMware, Inc. 1

1

Confidential │ ©2019 VMware, Inc.

Introduction to Software Defined Network (SDN)VMware NSX

2

8/10/20

2


Agenda

3

• VMware Virtual Cloud Network and NSX Data Centre Architecture

• NSX Feature and Capabilities• Layer 2, Layer 3 Function• Firewall, Micro Segmentation • Load Balance

• Product Demonstration

3

4Confidential │ ©2019 VMware, Inc.

Virtual Cloud Network

4

8/10/20

3

©2019 VMware, Inc. 5

BRANCH

DC

BRANCH

ESX

Decoupled

NSX Evolution

vSphere

5


vSphere

BRANCH

BRANCH

EDGE/IOT

TELCO/NFV

BRANCH

BRANCH

DCDC

DC

BRANCH

Virtual Cloud NetworkNSX Evolution

Tied Together—Everywhere.

vRNI

CLEAR VISIBILITY

NSX Intelligence

DEEP INSIGHT

6

8/10/20

4


Software Defined Networking Everywhere

Multi-VendorMultiple vendors

and multiple generations

Any TopologyL2 end-to-end, Spine/Leaf, L3

aggregation etc.

Heterogenous End-points

VMs, containers, bare metal servers

Cross Hypervisor

ESXi, KVM

Multiple CloudsPrivate, public,

hybrid, and edge clouds

7


Virtual Cloud Network

8

8/10/20

5

© 2017 VMware Inc. All rights reserved.

Your data center

Let’s begin with how things areand how things should be…

9

9


There are four basic things in a typical data center today.

10

There has been a lot of virtualization in the data center.

Except …

Applications

Compute Storage Networking

10

8/10/20

6


Applications

Compute

Networking!

11

NetworkingStorage

The lack of networking virtualization is holding back your ability to:

Keep up with the pace of business

Secure the data center

Support your apps

11


Optimized for rapid development and delivery of all applications, for safe consumption on any device

The Software Defined Data Center

Agile SecureEfficient

It’s Time to Virtualize the WHOLE Data Center

12

12

8/10/20

7

© 2016 VMware Inc. All rights reserved. Confidential – Not for Distribution

13


14

8/10/20

8


Network Virtualization Overview

Decoupled

Hardware

Software

General Purpose Networking Hardware

Network HypervisorRequirement: IP Transport

Virtual Network

Virtual Network

Virtual Network

Workload Workload Workload

L2, L3, L4-7 Network Services

General Purpose Server Hardware

Server HypervisorRequirement: x86

Virtual Machine

Virtual Machine

Virtual Machine

Application Application Application

x86 Environment

15

15


Data Center Networking Evolution to NSXfrom a drone’s-eye view

16

8/10/20

9


DC Hardware

17


vSphere

Abstraction

18

8/10/20

10


Consolidation

19


Challenges

!

!

Manual config

No agility

No E-W security

Limited Scale

Bottleneck

20

8/10/20

11


Network & Security services in hypervisor

NSX Manager

Controller Cluster

21


NSX Manager

Controller Cluster

Network VirtualizationNetwork & Security services in hypervisor

22

8/10/20

12


Network Virtualization

NSX Manager

Controller Cluster

Switching Routing LoadBalancing

VPN Connectivityto Physical

Micro-Segmentation

23


Non Blocking

Green or Brown field

Non Distributive

In Software

Network Agnostic

Distributed Services

Programmable (REST API)

Network Virtualization

24

8/10/20

13


Web App DB

App

25


Load BalancerNSX LB: One-Arm

NSX LB: In-lineMultiple health checks

Load Balancing Algorithms

SSL Offload

Different Topologies

Content Switching

High Availability


26

8/10/20

14


VNIC

DFWLine Rate (20+ Gbps)

Stateful L2-L4

Monitoring

Spoofguard

Identity firewall


Runs in kernel space

Distributed Firewall

27


VNIC

DFWMachine name

Application tier

Security posture

Regulatory requirements

Identity

Operating system

Intelligent Grouping

28

8/10/20

15


Advanced Security Service Insertion

Network Introspection

Guest Introspection

NetX

29


Filtered and SlicedVirtual Traffic

NSX APIsService Insertion

vCenter ServerNSX Manager

vCenter APIs

Traffic Visibility Service Insertion

30

8/10/20

16


DMZ Anywhere

31


DMZ Anywhere

32

8/10/20

17


Scalability

33


Isolation

34

8/10/20

18


Cloud Management Platform

Automating IT

35



Automating ITIaaS

36

8/10/20

19



Automating IT

PaaS

37



Automating IT

38

8/10/20

20


VMware Cross-Cloud Architecture

GSLB

App ContinuityA/S Data Center

39


VMware Cross-Cloud ArchitectureApp ContinuityA/S Data Center

GSLB

ReduceRTO

40

8/10/20

21


VMware Cross-Cloud Architecture

GSLB

Public CloudDC3

App ContinuityA/A Data Center

41


Container Inventory Observability and Analytics

Global View of all containers by namespaces or by clusters

42

8/10/20

22


Key NSX Data Center Use-cases

Security Cloud Native Automation Multi-Cloud Networking

43


EDGE/IOT

TELCO/NFV

DATA CENTER

BRANCH

BARE METAL

vSphere

BRANCH

DATA CENTER

EDGE IOT

CONTAINERS VIRTUAL MACHINES

DEEP INSIGHT

BROAD VISIBILITY

vRealize Network Insight

NSX Intelligence

SD-WANOrchestrator

NSX

DATA CENTER

Virtual Cloud NetworkNSX Provides Single Solution for VM, Containers, Bare Metal

ContainerNetworking

Container Security

ContainerAnalytics

VMware vSphere with Kubernetes

Upstream Kubernetes

VMware Tanzu

First-class Citizens

44

8/10/20

23


https://kubernetes.io/docs/concepts/security/overview/The 4C’s of Cloud Native Security

45

Confidential │ ©2019 VMware, Inc.©2018 VMware, Inc.

NSX Use Cases for Cloud-Native Apps

Enterprise-grade container networking

Advanced Container Networking

Micro-Segmentation for

MicroservicesGranular security at the

container level

Cross-Platform Visibility

Monitor container-to-container traffic

46

8/10/20

24


Container Inventory Observability and Analytics

Global View of all containers by namespaces or by clusters

47


NSX Container Plugin (NCP)

NCP infrastructure

NSX ManagerAPI Client

Increase Kubernetes Agility with NSX

NSX Manager

Kubernetes

Cloud Foundry

Tanzu (TKG)

vSphere with K8s

Hypervisor Bare-metal server

Broad Support for multi-cloud

Kubernetes API Server

OpenShift

*NCP Planned for TKG Release 2

New Platform 1

New platform 2

Agility and Scale

48

8/10/20

25


vRealize Network Insight360° across virtual, physical, and (multi) cloud

VMware ESXi

Public CloudsVMC, AWS, Azure, GCP

In-Guest & ContainersAppDefense,

NSX, PKS

VirtualNSX (V, T)

Physical Network & Firewalls

Edge/SD-WAN VeloCloud

Network Insight

Edge Flows & Metrics

Config, Streaming Telemetry

Policies, N/W Latency

Processes, Services

Native Cloud Constructs for

Net/Sec

Network• Visibility and Monitoring

• Traffic and Path Analysis, End-to-End Troubleshooting, Analytics

Security• Security (Micro-seg) Planning & Operations

• Analytics, Audit and Compliance

49


Converge Operations between Containers, Virtual, Physical

Connect the dots between containers and virtual and physical infrastructure

Plan security policies for micro-servicesBring network visibility to containers

Observability and Analytics

50

8/10/20

26


• Discover all applications in hours, not days/weeks.

• Complete your CMDB with actual application behavior.

• Reliable application groupings based on network traffic.

• Automatically discover application boundaries without any input.

• Keep application definitions up to date when new VMs are added.

Outcomes

Benefits

Flow-Based Application DiscoveryUsing Machine Learning on Traffic Patterns

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

DNS ServiceAD Service

Marketing Application

Web Tier

App Tier

DB Tier

Finance Application

Web Tier

App Tier

DB Tier

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VMVM

VM

ML Magic

51


Application Dashboard Updates

Summary Widget:

• Birdseye view on application status.

• Lists open events/problems.

• Lists traffic behavior changes in last 24 hours.

• Application “assembly”: VMs, Physical IPs, and/or K8s Services.

New Summary Widget

Topology in landscape

Intentional scrolling

52

8/10/20

27


NSX Architecture

53


NSX Data Center Architecture For Private Cloud, Public Cloud & Containers

CONTROLPLANE

DATAPLANE

MANAGEMENT PLANE – MULTI-COMPUTE

Private or Public cloud infrastructure

NSX Manager Cluster – Manager/Controller

NSX Manager Node

(VPN Gateway, DirectConnect, ExpressRoute)

Public Cloud

Linux VM Windows VMNSX Cloud Gateway

VMware Cloud on AWS

Private Cloud

NSX Edge VM or Bare Metal

ESXi KVM

N-VDS N-VDS

Multi-Hypervisor

Container

Cloud ServiceManager

Bare Metal

NSX NSX

Cloud Foundry Adapter

NSX Container Plugin

K8/OS Adapter

54

8/10/20

28


Load Balancing

Connectivity to physical

Edge FirewallVPN

NSX-T Networking and Security Services

Routing

DHCP

NAT

SessionsSAI1017BU - Apply Consistent Security Across VMs, Containers, and Bare MetalCNET1356BU - NSX-T Deep Dive: Load BalancingCNET2061BU - Next-Generation Reference Design with NSX-T: Part 1CNET2068BU - Next-Generation Reference Design with NSX-T: Part 2


Distributed Services Centralized Services

MetaData

Proxy

MetaDataProxy

55



Distributed Switching

NSX in the Data Center

Management Cluster:• NSX Manager Cluster (x3)• vCenter

Compute Cluster:• Workloads VMs• Kernel based network

services

Edge Cluster:• Centralized Stateful Services

(F/W, L/B, etc.)• VM or Bare Metal Form

Factor

Private Cloud/On-Prem DC

ESX KVM

Hypervisor TN

VM/ BM

Edge TN

vSphere

Mgmt. Cluster

Distributed Routing

Centralised Services

NSX Manager Cluster

56

8/10/20

29


57


NSX UI/API – Simplified UI vs Advanced UI/APIWhat is the difference – when to use what

Advanced UISimplified UI

(Policy API’s used)

58

8/10/20

30


NSX Terminology

Transport Node (TN)

Data plane node prepared for NSX and participating in traffic forwarding. Ex: Hypervisor, Edge Node, bare metal server with NSX Agent

NSX Virtual Distributed Switch (N-VDS)

NSX software component that performs switching on a Transport Node (N-VDS typically owns several physical NICs on the Transport Node)

Transport Zone (TZ)

Defines the boundary for logical networks over the physical infrastructure. (N-VDS on the transport nodes binds to specified Transport Zone)

Logical Segment (LS)

A virtual Layer 2 broad-cast domain created within a Transport Zone

N-VDS N-VDS N-VDS

host host hostNSX Edge

Transport Zone “TZ1”Overlay LS1

Overlay LS2LS not extended to this TN as it is not attached to TZ1

59

Unicast Packet Walk

• Web3 sends a unicast to Web1• A lookup is made for Mac1• If it’s a hit

– Frame is encapsulated– Sent unicast to remote TEPElse – Frame is flooded

60

HV3

Web1 Web3

LS

HV1TEP1 TEP3

MAC@ TEP IPMac1 à TEP1Mac2 à TEP2Mac3 à local

Mac1 à ?

Central Control Plane Cluster Mac1 à TEP1Mac2 à TEP2Mac3 à TEP3

MAC@ TEP IP

mac

1TE

P1m

ac1

mac1 Overlay

encapsulated frame

Mac1 ?

Web2

60

8/10/20

31

Disaster Recovery Today (Simple View)

CONFIDENTIAL 61

10.0.10/24 10.0.20/24

10.0.10.21 10.0.20.21 MajorRTOimpact

Change IP address,reconfigure security4

Primary Site Recovery Site

Recoverthe VM3

Replicate VM and Storage

2Physical network infrastructure Physical network infrastructure

SAN

1

Snapshot VM

SAN

Step 1&2(e.g VMware SRM)

61

Disaster Recovery with NSX Network Virtualization (Simple View)

CONFIDENTIAL

62

SAN SAN

10.0.30.21 10.0.30.21

Virtual Network10.0.30/24

80%RTO

Virtual Network10.0.30/24

NSX Controller NSX Controller

Snapshotnetwork security

2b1

Snapshot VMNetwork and securityalready exists

Recoverthe VM

3

Physical network infrastructure Physical network infrastructure2a

Replicate VM and Storage

10.0.10/24 10.0.20/24

Step 1 & 2(e.g VMware SRM)

Primary Site Recovery Site

62

8/10/20

32


• NSX Managed Edge• Stretch VLAN or VXLAN

• NSX Unmanaged / Standalone Edge

• VLAN-to-VXLAN support• Not dependent for NSX on-

premises

No NSX on-premises

NSX on-premises

L2VPNOn-premises to VMware Cloud on AWS SDDC for workload migration and vMotion

T0NSX-V Unmanaged Edge

(GUI Install / CLI for Updates)

IP Network

VLAN 100 L2VPN Client

DC 1 (No NSX)

VNI 100 L2VPN Server

SDDC 1

Same Broadcast Domain

VNI 100, VLAN 100

1

NSX-V Managed Edge(API only)

IP Network

VNI200 L2VPN Client

DC 2 (NSX)

T0

L2VPN Server

SDDC 2

Same Broadcast Domain

2

1

2

63


NSX Routing

64

8/10/20

33


Logical Router Components

Distributed Component(DR) spans transport nodes and provides distributed E-W logical-routing.

Runs as a service locally in the hypervisors which have been prepared as NSX transport nodes.

Service Component(SR) is the Logical Router component responsible for providing on/off ramp gateway functionality or other centralized services.

Centralized Services like : NAT, BGP.Runs inside an Edge node

ESXi/KVM Transport Nodes

NSX Installation Bundles

Distributed Router

LRP1 LRP2 LRP3

65


My Traffic Goes Where?!?NSX-T Edge Node Design for VVD/VCF

Spine WAN

Compute Hypervisors (vSphere)

Infrastructure Clusters: Edge Nodes, Management Nodes

Leaf

Edge Node hosting SR

DR on every hypervisor (in kernel)

66

8/10/20

34


NSX Firewall

67

Confidential │ ©2019 VMware, Inc. 68Confidential │ ©2018 VMware, Inc.

Perimeter-centric network security has proven insufficient. And before network virtualization, microsegmentation was operationally infeasible.

Data Center Network Security

68

Few or NoLateral ControlsInside Perimeter

Internet

Insufficient

Internet

OperationallyInfeasible

Before VMware NSX

68

8/10/20

35


WANInternet

Compute Cluster Compute Cluster

Perimeter Firewall(Physical)

NSX EDGE Service Gateway

Compute Cluster

SDDC (Software Defined DC)

DFW DFW DFW

DFW: E-W

NSX EDGE Service Gateway positioned to

protect border of the SDDC:

EDGE: North – South traffic protection

NSX DFW positioned for internal SDDC traffic protection:

DFW: East – West traffic protection

Physical

Virtual

Compute Cluster

ED

GE

: N-S

NSX Security in SDDC

CONFIDENTIAL 69

69

NSX-T Distributed Firewall

70

Micro-Segmentation

App

DMZ

Services

DB

Perimeterfirewall

AD NTP DHCP DNS CERT

Insidefirewall

Finance EngineeringHR

VM VM VM

VM VM VM

VM VM VM

VM VM VM VM VM

Zero Trust/Least Privilege Model

Each workload now has its own perimeter FW

Centralized Policy control with logical grouping

Prevents threats from spreading laterally (East-west)

Network Topology Agnostic

70

8/10/20

36

NSX-T Distributed FirewallWhat is Zero Trust ?

71

71

NSX-T Distributed Firewall

CONFIDENTIAL 72

General / Ethernet Rule Constructs

Rule Number:• Position of the rule from top to bottom• Order in which the rules are evaluated

Rule ID:• Unique 32 bit number assigned to a rule• Increasing when adding a new rule

Sources/Destinations: • IP Addresses• IP Sets

• Logical Switches • Logical Ports • NSGroups

Services:• Pre-defined or custom services or service groups• ALGs: FTP, MS_RPC, NBDG, NBNS, Oracle_TNS, Sun RPC

72

8/10/20

37


Simplified UI: Security Workflows

Represents an environment/zone

Includes:

§ Rules

§ Groups

Default domain is pre-configured

Additional domains can be added (optional)

Rules in a domain should have at least one Group in SRC/DST that is member of the same domain

Used for Arista integration (limits rules shared) *

* Future

Domain

GROUPS Security Policy

Prod

Rule

GROUPS SEcurityPolicy

Dev

Rule

73



Defines the default Distributed Firewall behavior

§ Blacklist (Default): Creates a default allow-all rule

§ Blacklist with logging

§ Whitelist: Creates a default deny-all rule

§ Whitelist with logging§ None: use existing DFW

Default.

Selection available in Simplified UI

Rules will only show up on Advance UI

Whitelist/Blacklist Connectivity Strategy

74

8/10/20

38



Pre-defined Categories aligned with common policy model

Categories available for DFW and GW FW

Configure rule under relevant category

“All Rules” view available

Rules Top à Down (Left àRight)

Categories names can be changed using API

Categories: Distributed Firewall

75



Pre-defined Categories aligned with common policy model

Categories available for DFW and GW FW

Configure rule under relevant category

“All Rules” view available

Rules Top à Down (Left àRight)

Categories names can be changed using API

Categories: Gateway Firewall

76

8/10/20

39


Supports communication to a different system/application in a multi-site datacenter

Supports applications that use native cloud services

Supports URL domain on the internet

Allow traffic to FQDN/URLs for a particular VM

Enforced at DFW level. Uses DNS snooping

* In NSX-T 2.4, support of only OOTB pre-canned list of URLs

Overview

Benefits

FQDN/ URL WhitelistingFeature Overview

VMs/Physical Machines in a same or different datacenter/cloud

*.vmware.com

Native Cloud services

*.s3.amazonaws..com

*.office365.com

Domain on the internet*

Note: This feature does not cover URL classification & reputation. That is currently on roadmap and will be available in future releases

77


NSX Load Balance

78

8/10/20

40


Main LB benefits

- Scale out

- High Availability

Server Pool

Server Pool

79


Layer4 and Layer7 Load Balancing

- Layer 4 Load Balancing- Connection-based (TCP or UDP)- Selection: Round Robin, Least Connections, etc.

- Layer 7 Load Balancing- Content-based (HTTP / HTTPS)- Selection: based on URI, Domain name, etc.- URL manipulation (redirect specific pages, add

headers, etc)- SSL Offload- etc

Server Pool

Virtual Server20.20.20.20:80

Poolwww

Poolblog

www.mysite.com

blog.mysite.com

Virtual Server30.30.30.30:80

80

8/10/20

41


Offer deeper Health Monitor on Pool Members

Multiple Healthchecks on PoolsFeature

Benefit

Multiple Active MonitorsMultiple Healthchecks on Pools

T1+LB

Test HTTP + HTTPS

Server PoolS

S

S

81


HTTPS Off-Load

HTTPS Load Balancing (1/5)

Layer7 HTTPS VIP offers 3 modes:

• HTTPS Off-LoadBest balance between security, performance, and LB flexibility.

• Security:Traffic is fully encrypted from the Client up to the LB.

• Performance:Traffic is decrypted / encrypted only once.

• HTTPS End-to-End SSLBest security, and LB flexibility.

• Security:Traffic end to end encrypted.

• Performance:This mode has lower performance with traffic decrypted/encrypted twice.

3 modes (1/2)

Server PoolS

S

S

HTTPS HTTP

VIP L7HTTPS:443

HTTPS End-to-End SSL

Server PoolS

S

S

HTTPS HTTPS

VIP L7HTTPS:443

LB decryptsand forwards in clear

LB decryptsand re-encrypts before forwarding

82

8/10/20

42


SSL Passthrough

HTTPS Load Balancing (2/5)

Layer7 HTTPS VIP offers 3 modes:

• SSL PassthroughBest security, limited LB flexibility.

• Security:End-to-end encryption.

• Performance:Highest performance because LB does not terminate SSL traffic.

3 modes (2/2)

Server PoolS

S

S

HTTPS

VIP L7HTTPS:443

LB does not decryptand SSL connection is terminated on Pool Members

83


Load Balancer

- Load Balancer (LB)- A logical entity you create- Similar to physical or virtual load balancers

- Shareable LB objects- Can be used in multiple LBs- E.g. Monitors, SSL Profiles

- LB is realized when attached to LR- Only Tier-1 LR supported- 1:1 between LR and LB

Edge NodeVM or BM

Tier-1 Tier-1

LB1 LB2

Monitor1

Pool2Pool1 Pool3

VS1 VS2

Monitor2

Pool5

VS5 VS6

84

8/10/20

43


Features (1/3) Load Balancer Service (LBS)

Virtual Server

Pool

PassiveMonitor

ActiveMonitor

PersistenceProfile

Client-SSLProfile

Server-SSLProfile

ApplicationProfile

LB Rules

Fast-TCP

Fast-UDP

HTTP

HTTP

HTTPS TCP UDP

ICMP

Source-IP

Cookie

SNAT

Pool Members

ProtocolsWhat applications type can be load balanced.

IPv4 and IPv6TCP, UDP with multiple port range supportHTTP, HTTPS Note: WebSocket also supported.

LB MethodHow end-users connections are split across back-end servers.

Round-Robin, Weighted_RR,Least-Connection, Weighted_LC,IP-Hash

PoolsHow backend servers are configured.

StaticDynamic (NSGroup)

PersistenceHow LB guaranties a specific user sticks to the same pool member.

Source-IPCookie (Insert, Prefix, Rewrite)

MonitorsHow LB validates application health on each pool member.

Active (LB generates HTTP/S, TCP, UDP, ICMP probes)Passive (LB monitors client connections)

LB-SNATHow LB provides LB-SNAT.

Transparent (No LB-SNAT)Automap (LB-SNAT using LB IP@)IP List (LB-SNAT using IP list)

85



Virtual Server

Pool

PassiveMonitor

ActiveMonitor

PersistenceProfile

Client-SSLProfile

Server-SSLProfile

ApplicationProfile

LB Rules

Fast-TCP

Fast-UDP

HTTP

HTTP

HTTPS TCP UDP

ICMP

Source-IP

Cookie

SNAT

Pool Members

L7 LB RulesOption to allow LB to manipulate client requests and/or server responses.

Rules with Regex support(For instance: Host load balancing, URL block, urlrewrite, response header rewrite, etc)

L7 AccelerationHow LB off loads pool members.

TCP multiplexing(LB gather all different clients web requests in the same persistence pool members TCP connections. Works for HTTP and HTTPS)

SSLHow HTTPS traffic is load balanced.

SSL Offload(LB terminates HTTPS and talk HTTP to server)

SSL End-to-End(LB terminates HTTPS and talk HTTPS to server)

SSL Passthrough(LB does not terminate HTTPS and talk HTTPS to server)

SNI support(LB presents different certificates to client based on host name presented by client)

Client Certificate authentication(LB asks and validates client cert)

FIPS compliance, pre-defined cipher lists, SSLv3 support

86

8/10/20

44



Virtual Server

Pool

PassiveMonitor

ActiveMonitor

PersistenceProfile

Client-SSLProfile

Server-SSLProfile

ApplicationProfile

LB Rules

Fast-TCP

Fast-UDP

HTTP

HTTP

HTTPS TCP UDP

ICMP

Source-IP

Cookie

SNAT

Pool Members

Connection ThrottlingHow LB protects VIPs + pool members against excessive load.

Client side:. Max conc. connections. Max new conn / sec

Server side:. Max conc. Connections

High AvailabilityWhat active LB synchronizes to standby LB.

L4 Flow StateSource-IP Persistence StateHealthcheck State

MonitoringWhat LB status and statistics are offered.

VIP/Pool statusVIP/Pool Sessions (Current/Max/Total/Rate)VIP/Pool Bytes (In/In-Rate/Out/Out-Rate)VIP/Pool HTTP requests (Total/Rate)

Miscellaneous Sorry ServerTCP ProfileDownload all LB configuration (API)

87


Demo1Full creation of LB + Services via UI

Tier-1 LR

Web1 Web2

Tier-0 LR1. Create a Load Balancer

1

2. Attach to a Tier-1 LR

2

3. Create a Pool with Healthcheck

Pool

3

Virtual Server 4. Create a Virtual Server

4

5. Attach to the Load Balancer

5

An instance or logical entity similar to a virtual load balancer

VIP + Port

88

8/10/20

45


Demo1Full creation of LB + Services via UI

89


Demo2Full creation of LB + Services via API

Tier-1 LR

Web1 Web2

Tier-0 LR1. Create a Load Balancer

1

2. Attach to a Tier-1 LR

2

3. Create a Pool with Healthcheck

Pool

3

Virtual Server 4. Create a Virtual Server

4

5. Attach to the Load Balancer

5

An instance or logical entity similar to a virtual load balancer

VIP + Port

90

8/10/20

46


Demo2Full creation of LB + Services via API

91


https://labs.hol.vmware.com/HOL/catalogs/catalog/1212Hand On Lab

92

8/10/20

47


Thank You

93

Documents

Introduction to Software Defined Network (SDN) · 8/10/20 2 Confidential │©2019 VMware, Inc. Agenda 3 • VMware Virtual Cloud Network and NSX Data Centre Architecture • NSX