|
|
This video is part of the appearance, “VMware Presents at Networking Field Day 22“. It was recorded as part of Networking Field Day 22 at 14:30-17:30 on February 14, 2020.
Watch on YouTube
Watch on Vimeo
In this video we demonstrate VMware NSX-T support for Red Hat OpenShift. NSX-T has helped OpenShift customers simplify their networking and network-based security for several years with the NSX Container Plug-in (NCP). NCP provides the following functionality:
- Automatically creates an NSX-T logical topology for an OpenShift cluster, and creates a separate logical network for each OpenShift namespace.
- Connects OpenShift pods to the logical network, and allocates IP and MAC addresses.
- Supports network address translation (NAT) and allocates a separate SNAT IP for each OpenShift namespace.
- Implements OpenShift network policies with NSX-T distributed firewall.
- Implements OpenShift Router with NSX-T layer 7 load balancer.
- Creates tags on the NSX-T logical switch port for the namespace, pod name, and labels of a pod, and allows the administrator to define NSX-T security groups and policies based on the tags.
NSX-T (via NCP) can apply micro-segmentation to OpenShift pods with predefined tags based rules and Kubernetes network policy per namespace. Predefined tag rules allow you to define firewall policies in advance of deployment based on business logic rather than using less efficient methods such as static IP addresses to craft security policy. With this method, security groups defined in NSX-T with ingress and egress policy and micro-segmented to protect sensitive applications and data down to the pod and container level. Finally, NSX-T provides OpenShift clusters with full network traceability and visibility. NSX-T has built-in operational tools for Kubernetes, including Port Connection, Traceflow, Port Mirroring and IPFIX
Personnel: Yasen Simeonov