Security using VMware NSX

When using security within VMware NSX, the concept is very similar to Cisco ACI, and it involves using the Service Composer to create service chains. NSX contains a DFW, so no third party is necessary to get basic firewall rules. The rules are applied at the level of the virtual Network Interface Card (vNIC) using a kernel module that attaches to the physical network interface card. Because the work is done by the NIC, the performance is close to the line rate.

The DFW can run from layer 2 to layer 4 by default, with third-party add-ons going up to layer 7. As discussed earlier, layer 2 is the MAC layer, while layer 3 uses TCP/UDP source/destination information. At layer 4, the TCP/UDP ports are used as a filter. ...

Get Building Modern Networks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.