steffen_richter's Posts

To add to that - this "Security-only" feature is a niche use case. It works as its designed - to work with DVPGs only here. In regular NSX, NSX cant manage DVPGs - they dont belong to NSX, but vSphere. You have to choose. N-VDS is deprecated on ESXi since 3.x in general, 4.x only supports VDS on ESXi (or C-VDS as we say, Centralized vDS). Does not have to do anything with the Security-only use case. You can achieve the same thing with the "regular" way of doing things in NSX-T. You´d only have to create some config items in NSX on your own then (Transport Zone, Uplink Profile, Transport Node Profile) and could easily create VLAN segments from within in NSX and fully manage them from there. With the Security-only use case you´d still be creating the PGs from the vSphere Client on the vDS itself, managing parts of its configuration from there, other parts (some Segment Profiles) from within NSX. So if you can deal with creating VLAN Segments from within NSX UI, I´d def. go with the "regular" way of doing things. BR Steffen

Does not sound like an NSX issue to me. If you are not using Routing devices of NSX, this sounds like you are using VLANs only, no Overlay? If the answer is yes and you are using two different physical uplinks on the portgroups on the ESXi host, then NSX does not really do anything here - just transporting packets from a VM-vNIC thrrough a vSwitch to a pSwitch and back. Check your router and the traffic originating source VM(s). BTW - your NSX release is out of general support since January of last year ;). BR Steffen

I think you posted that question in the wrong directory - this is only for NSX Documents ;). Maybe a mod can please move it? -------------------------- Zu Deiner Frage - NSX wird (i.d.R.) auf vSphere installiert. Daher gibt es keine HCL in dem Sinne für NSX. Der Server muss für ESXi unterstützt sein. Was heißt "NSX-T inkl. Microsegmentation" genau? Nur DFW mit VLAN-Segmenten? Dann reicht im Grund ein ESXi-kompatibler Server und ordentliche Netzwerkkarten. Oder solls (evtl. im späteren Verlauf mal) auch logisches Switching und Routing sein? Oder irgendein anderes Feature, welche Edge Nodes benötigt? Dann sieht der Hardware-Support aufgrund der Edge Nodes und der Overlay-Technologie doch schon etwas anders aus. Für die Auswahl der NICs im Kontext NSX ist dieses Whitepaper ganz interessant. Viele dieser Netzwerk-Features sind aber eher für Overlay-Traffic relevant (GENEVE Offload, etc.).  https://images.nsx.techzone.vmware.com/sites/default/files/associated-content-noindex/vmw-tech-book-nsx-t-data-center-103.pdf Falls Edge Nodes als VM oder Bare Metal eingesetzt werden sollen ist hier einiges zu finden: https://docs.vmware.com/en/VMware-NSX/4.1/installation/GUID-3E0C4CEC-D593-4395-84C4-150CD6285963.html sowie https://docs.vmware.com/en/VMware-NSX/4.1/installation/GUID-14C3F618-AB8D-427E-AC88-F05D1A04DE40.html VG Steffen

When is the Design Guide updated to 3.0 finally? The GA of the product has been more than 4 months ago now. If VMware wants the customers to adapt the product, a current Reference Desgin Guide is mandatory. We are still deploying mostly 2.5 because the customers dont feel confident without an official design guidance confirming several critical design decisions - apart from missing guidance on newer features like VRF or Federation. VMware, its about time to get a tad bit more agile in this topic, please!

If you take a look at the Lifecycle Matrix you can see that NSX-v has its end of general support in January 2022, and there will be no further NSX-v releases. NSX-T is somehow its successor - same same but different. Not sure if I´d call it a replacement, but T is the way forward.

With all the changes in 2.4 I cannot believe that there is *still* no updated reference guide available. Makes life in the real world really hard. And some customers want to see such stuff too, otherwise they will not accept a given design. At least the VVD has some tidbits in the Workload Domain section about T, though they do not cover it all or go into too much detail. Is there any chance that there will be Reference Guide for 2.4 finally, or maybe only for 2.5? Hard to convince customers to adopt T with that much delay, esp. in these times.

Just for those who get the same error message, this one is usually the one that does the trick for me, and I always forget about it: 2. Allow self signed certificate in Postman (Toggle switch off in settings) Thanks krishnanmurali​! BR Steffen