-
EVPN With Arista and NSX-T
Some time ago I bumped into a blog post from Rutger Blom about implementing EVPN integration between NSX-T and vYOS. As I was involved in my recent past with Arista in DC deployments, I was curious to see it working with EOS, and here I’ll share the result of my setup. The picture below shows… Continue reading
-
Layer 3 Port Mirror with NSX-T
There are various and good blog posts describing how to implement the different port mirror (aka SPAN – Switched Port Analyzer) session types available in NSX-T. Since v3.2 all types (Logical SPAN and Remote L3 SPAN) can be configured from policy view. In this post, I would like to touch on Remote L3 SPAN session… Continue reading
-
Using Aria Operations for Logs to monitor FW connections
One of the basic and emphasised best practices when you deploy NSX-T DFW for micro-segmentation, is to forward the DFW packet logs to a standard Syslog solution, being the most recommended ones Aria Operations for Logs (former vRealize Log Insight), so in this way you can track the packets matching against the firewall policies on… Continue reading
-
NSX-T E-W Network Introspection failure scenarios
East-West Network Introspection in NSX-T, in host-based mode, is based on the deployment of SVMs (Service Virtual Machines) in each host Transport Node that is member of the cluster (in this way it reduces the traffic hairpinning, compared to the cluster-based mode). This post will try to describe the reaction to failure scenarios related to… Continue reading
-
NSX Distributed Firewall log forwarding over TLS
When you are configuring Distributed FW on NSX to implement micro-segmentation, you are probably planning (or at least you should) to activate log forwarding in order to monitor the connections controlled by the FW. If at some point you decide that you want to enable log forwarding over TLS, I’ll share the steps to do… Continue reading