SDN-Techtalk | Steven Schramm

VCF 9 - VKS with NSX VPCs and AVI

Wed, 11 Feb 2026 21:00:00 +0100

Introduction

In my last blog post I wrote about the integration of VKS with NSX and VPCs. As LoadBalancer I used the NSX native version and the AVI integration was not covered. In addition to the last blog post I will describe now how VPCs can be used for VKS in combination with AVI. If you already used AVI for VKS in the past you might be aware of some limitations like the vNIC limit of the Service Engines. The impact of this scalability limition is reduced with the VPC based AVI integration. Further the AVI tenancy feature will be combined with NSX projects to esure the isolation for the workload is implemented on all different products. For VKS it is implemented with vSphere Namespaces, for NSX the tenancy is implemented by using NSX projects sumpplemented by VPCs and for AVI the NSX projects are automatically combined with a AVI tenant for each NSX project. Sure there are still some limitations and problems in the new integration, but if not it would be boring.

VCF 9 - VKS with NSX VPCs

Fri, 27 Jun 2025 22:00:00 +0100

Introduction

K8s is already a crucial part in the VMware ecosystem for many years and the level of integration in other products like NSX and AVI changed a lot in the past. That is also true for the naming like “vSphere with Tanzu”, “vSphere IaaS” and “VKS” and perhaps more changes in the future. For this blog post we will bring some spotlight to the integration for VKS with NSX VPCs, which is from my point of view a great enhancement from tenancy point of view.

Is it possible to use the NSX bridge within NSX Federation to extend a network for a single global segment to a VLAN in multiple locations?

Wed, 12 Feb 2025 12:20:00 +0100

Introduction

NSX Federation is a multi site solution for NSX available since NSX 3.0. After Federation was released, the feature set was very limited and many features like VRF and NSX bridge were not supported with Federation.

Overview of some enhancements with NSX 4.x:

Support of Physical Servers in Federated Environments (4.0.0.1)
Support of DFW Exclusion List (4.0.1.1)
DFW Time-based rules (4.0.1.1)
Overall Enable/Disable of Location DFW (4.0.1.1)
L2 Bridge (4.1.0.0)
Higher latency allowed between locations: Increased from 150 msec to 500 msec (4.1.0.0)
VRF Lite feature can now be used with global T0 routers as parent T0 (4.2.1)

In this article we will focus on the feature of NSX bridge and validate if it is possible to stretch the same layer2 network simultaneously in both locations.

AVI NSX Cloud - Is it possible to preserve the client IP for traffic forwarded by a One-Arm LoadBalancer?

Sat, 11 Jan 2025 03:35:00 +0100

Introduction

LoadBalancing is a crucial feature to increase the availability and reduce the time to complete a failover for IT services. In the first moment it seems to be not to complex. You have multiple instances of your service and you forward the traffic to both of those instances to share the load. But there a dozens of different applications and services with totally different requirements. Some of those applications are very simple and are dependent to local sessions or states inside a database. Other applications are stateless or the state is synced between the different instances. Based on those requirements the following LoadBalancing features are a subset of the important features to understand.

Improving NSX Datacenter TEP performance and availability - Multi-TEP and TEP Group High Availability

Thu, 02 Jan 2025 12:00:00 +0100

Introduction

Some of you are using NSX for many years already and are aware of the different changes and improvements implemented in the last years. I personally started with NSX in version 2.3 and one of the first important improvements I recognized is “MultiTEP” for edge nodes from type VM. It was released with NSX 2.5 and officially added to the reference design guide.

By the way: The reference design guide is still a great resource to learn the design pricipals for NSX implementaions. This is especially interesting for those who might be new to NSX.

Antrea Egress - Controlling the egress IPs for K8s Pods within Tanzu

Sat, 21 Dec 2024 19:54:18 +0100

Introduction

The integration of K8s platforms within a enterprise network environment is always a challenge regarding security and routing of certain K8s pods. Multiple pods are running in the same K8s cluster but might have different functinalities and requirements to access services outside of the K8s platform. What should you do, if you are unable to assign a specific outgoing IP to a specific pod or group of pods? In this case you are forced to treat all the pods within a specific K8s cluster the same way and create firewall rules based on this. That does mean all the different pods within a K8s cluster will have the same network permissions and it is very challenging to implement further isolation.

ABOUT ME

Mon, 01 Jan 0001 00:00:00 +0000

Hi, I’m Steven - Networking and Cloud enthusiast

and I’ve been navigating the exciting world of IT and networking since 2011. This blog is my space to share insights, technical challenges, and solutions that I test and explore hands-on in my very own homelab.

What started with a humble HP Microserver has grown into a robust environment, now hosting enterprise-level solutions like NSX and Tanzu. My homelab isn’t just a hobby—it’s a proving ground for cutting-edge technologies and a reflection of my passion for continuous learning.