VMware's NSX Datacenter product is designed for a bit more than single enterprise virtual networking and security. When reviewing platform maximums (NSX-T 3.2 ConfigMax), the listed maximum number of Tier-1 routers is 4,000 logical routers. Achieving that number takes a degree of intentional design, however. When …

Read More

What is the point of all this software-defined infrastructure if you don't use it? In prior examples, it's a fairly straightforward path to SDN when deploying NSX Data Center, allowing a VI admin or network engineer to deploy virtual network resources via a GUI. This isn't the end of an effort, but the start of a …

Read More

Have you ever wondered what happened to all the privately-addressed traffic coming from any home network? Well, if it isn't explicitly blocked by the business, it's routed, and this is not good. Imagine what data leakage can occur when a user mistypes a destination IP - the traffic goes out to the Service Provider, who …

Read More

Note: I created a common baseline for pre-requisites in this previous post. We'll be following VMware's Avi + NSX-T Design guide. This will be a complete re-install. Avi Vantage appears to develop some tight coupling issues with using the same vCenter for both Layer 2 and NSX-T deployments - which is not an issue that …

Read More

Pre-Requisites Before beginning the Avi installer, I configured the following in my environment: Management Segment (NSX-T Overlay). This is set up with DHCP for quick automatic provisioning - no ephemeral addresses required Data Segments (NSX-T Overlay). Avi will build direct routes to IPs in this network for vIP …

Read More

For this example deployment, I'll be using my NSX-T Lab as the fabric, VyOS for the Overloaded Router role, and trying out hyperglass: Installation (VyOS) I already have a base image for VyOS with its management VRF set up - and updating the base image prior to deployment is a breeze due to the vSphere 7 VM Template …

Read More

If Avi Vantage IPAM cannot allocate an address for a new vIP, it will advertise an all-zeros host address - 0.0.0.0/32: This will cause Palo Alto PAN-OS to restart a peer - even if it is not the immediate downstream prefix. Palo Alto uses routed as their dynamic routing engine - so this is probably default behavior …

Read More

When encountering this error, please ensure that "Enable IPv6" is set under interfaces: Hope this helps! Happy IPv6ing!

Read More

Load Balancing is Important Load balancing is an important aspect of network mobility. How is a network useful if you can't move around within it? Cellular networks lose their appeal if you drop connectivity every time you roam between towers Wi-Fi networks are designed to facilitate smaller-scale movements. Imagine if …

Read More

It's probably safe to say that service provider networking is pretty unique. One particular design pattern - Looking Glasses - is extremely useful for complex dynamically routed networks. I'd really like to shift the gatekeeping needle here - networks that are complex enough to benefit from a looking glass should move …

Read More