Author Archives: Daniel Paul

About Daniel Paul

Based in Leipzig, Germany. Working on Network and Security solutions that support and protect modern applications.

Installing Antrea Container Networking and AVI Kubernets Operator (AKO) for Ingress

By | 22. January 2021

Update: January 2021 update with current versions (Antrea v0.12.0 AKO 1.13 / Controller 20.1.3) This post shows how to integrate Antrea Container Networking with NSX Advanced Load Balancer (NSX ALB) using AVI Kubernetes Operator (AKO) This example shows integration of a single K8S cluster with NSX ALB. If you plan to integrate more than one… Read More »

Configuring VMware NSX Cloud for consistent On-Premises and AWS Public Cloud Microsegmentation

By | 16. December 2020

This post is intended to show a very basic setup of VMware NSX Cloud to demonstrate the capability to enforce consistent microsegmentation policy for hybrid cloud environments. I will describe the setup of NSX Cloud and the operation of the Native Cloud Enforced Mode which relies on firewall functions delivered natively by AWS (or Azure).… Read More »

Using OpenVPN to connect on-premises Datacenter to AWS VPC

By | 9. December 2020

For a customer demo I needed a quick way to interconnect my on-premises environment with a AWS VPC without getting a AWS direct connect or the possibility to open the on-premises firewall for a NSX IPSEC tunnel. So I made it work with OpenVPN which just needs TCP Port 443 to be allowed on the… Read More »

Troubleshooting DNS on Kubernetes with NSX-T

By | 17. June 2020

After integrating NSX-T with K8S I sometimes get issues with coredns not working. Common root cause: K8S internal DNS infrastructure needs non-NAT’ed network access from container PODs to K8S Nodes and vice versa. As NSX-T NCP default behaviour is to NAT your K8S Namespaces this can – depending on you overall architecture – cause connection… Read More »

L7 Firewall – enforce Application Protocol by NSX-T Context Profile / AppID

By | 27. January 2020

This post introduces NSX-T L7 capabilities. You will create a MySQL Daemon on an VM and configure NSX-T Distributed Firewall to allow traffic on TCP 3306. When replacing this MySQL Daemon with sshd listening on 3306 NSX-T L4 firewall will not prevent access – by design. After enabling NSX-T L7 Firewall (Context Profile / Application… Read More »

Integrating CentOS 7.5 BareMetal Server with NSX-T 2.5

By | 20. December 2019

This post demonstrates how to integrate a bare-metal server on OS-Level into NSX-T overlay networking and security. As there was no bare-metal system in my demo environment available I created a CentOS 7.5 VM on a non-NSX enabled ESXi Server. Topology shown below After successful installation it should look like this Pre-Requisites: Have NSX-T up… Read More »