NSX-T Federation Series (Pt.5): How Overlay Networking Works
Рет қаралды 8,288
Күн бұрын
@aritrade5266 7 ай бұрын
You are just amazing Mike. Most simplified explanation possible ❤❤
@NRDYTech 7 ай бұрын
Thank you!
@trevspires 3 жыл бұрын
Ur my hero - Sending this one to my customers FOR SURE. Possibly the most simple explanation of overlay networking that I have ever seen in 15 mins.
@bakeruk87 Жыл бұрын
Very well explained, especially the comment around a Layer 2/3 device only being concerned with certain fields in the ethernet packet. Nicely put!
@hamzasalahuddin Жыл бұрын
Thank you so much for explaining it from a VMware Admin perspective as it was easy to grasp it.
@jorgeabalo4054 3 жыл бұрын
oh man, such a great skills you have with explaining! voice, personality! good stuff man..
@NRDYTech 3 жыл бұрын
Thank you Jorge! I dislike my own voice, so I'm glad someone thinks it's good for this stuff! :)
@satori-. 5 ай бұрын
Awsum, thanks Mike !
@Prasanna_kul 2 жыл бұрын
Thanks this much more info in just 15 mins .....thanks a lot..!
@asharma538 3 жыл бұрын
Man you are amazing... very well explained
@grimsrue 3 жыл бұрын
This was a great explanation. I am not a network engineer by any stretch. My speciality is Virtualization. The overlay and underlay terms have been very confusing to me. I could never figure out how I could specify a segment in the NSX overlay and the network SAs not track me down and slap my hands. So correct me if I am wrong. What I took from your explanation is the edge VTEP IP is what the physical network is using at L3 for the packet IP header when routing out?
@NRDYTech 3 жыл бұрын
Thanks Erik! Edge TEP is only used when talking to other NSXT hosts (your vsphere hosts). It goes like this- VM A on host5 wants to talk to the internet. Packet is encapsulated by host5 with GENEVE- sent to the edge (source is host5 TEP, destination is edge TEP). Edge receives it and strips the overlay encapsulation entirely off. Now the source IP is VM A, and destination is the internet server. So the underlay never sees VM->VM IPs (due to being encapsulated between hosts), but WILL see those VM IPs if they exit the NSXT environment. Make sense?
@grimsrue 3 жыл бұрын
I assume that means that the subnet that is assigned to an Overlay segment has to be a range that will not conflict with another VLAN backed subnet in the physical network? Meaning that if a subnet is assigned to a NSX-T segment it has to own it completely? You can’t have a situation where physical hosts are being assign the same IPs as VM sitting in NSX-T on the same subnet? Especially if VMs are reaching out across the physical network to access DBs or NAS or VMs in other separate NSX-T instances?
@G7130 3 жыл бұрын
Had a solution architect wanting to run a MetroCluster and use NSX to replace OTV. I asked what will stretch the management L2 Vlan. He said NSX. I said you don’t put your management and run your vCenter and controllers on an overlay
@NRDYTech 3 жыл бұрын
I love NSX, but I would not put management on an overlay (NSX or otherwise) if it were my environment!
@Swapnas0308 2 жыл бұрын
Hi, im not from network background but this explained me much better about overlay network with GENEVE. Got a question. When orginial packet of Data, Innner IP and Inner Eth Header is wrapped by GENEVE header for encapsulation and VNI id is generated then how would the outer IP will find the destination TEP IP to pass the data along with the other Eth header to find the destination mac address of the host?
@abhijithks7419 3 жыл бұрын
Hey Mike: I am starting with nsx now. I actually come from a physical network background. Do you have any videos to spin up a nsx lab end to end ? Right from spinning up a esxi, Vcenter and nsx.? I know you have a nsx demo, but for esxi and vcenter ? Like a step by step video to set up in my lab or something.
@dazzassti Жыл бұрын
Firstly... Mate, your vids are amazing and I'm a big fan of your stuff..... One question though, is there any way to encrypt traffic in NSX? I always thought the encapsulation was encrypted but I'm finding out it's not... i.e. the separation between customers really needs to be encrypted E/W if you have multi-tenancy. Thoughts?
@NRDYTech Жыл бұрын
Nah, no encryption as of now for E-W traffic. Regarding the multi-tenant thing..I understand the concern and it's a valid one. In a nutshell, with NSX-T, you DO have the option to have separate infrastructure (virtual routers/T0/T1/Edges) and even Transport Nodes (vSphere Hosts/ESXi hosts). So if segmentation is a concern you can definitely ensure that no traffic can leak between tenants. That is the approach I'd take assuming there is great concern on tenant->tenant access. Obviously it doesn't solve the unencrypted thing though.
@dazzassti Жыл бұрын
@@NRDYTech great stuff... keep up the amazing work too. best wishes from the UK!
@maxbriet235 2 жыл бұрын
hello, Thx for your video just to be sure If I understand correcty the overlay network is internal to nsxt component if I try to contact a server on my physical network the "external world" don't see the geneve encapsulation just the classic exact?
@NRDYTech 2 жыл бұрын
Correct! You got it.
@peterdenheijer8519 3 жыл бұрын
Hoi Mike, Can you do something about VPN within NSX-T?
@hoanbui9758 3 жыл бұрын
Hi sir, Can I ask you some question about LB on NSX-T?
@NRDYTech 3 жыл бұрын
What's up?
Eric Sloof - Cloud Foundation Specialist
Рет қаралды 1,7 М.
govmlab
Рет қаралды 1,9 М.