This was something I ran into a week or so ago in an NSX design – obviously not thinking right!
As a friendly reminder, disable the Edge firewall if you will be using ECMP mode on VMware NSX! There isn’t any message or warning if you enable ECMP mode with the Edge Firewall still on.
Here’s my understanding – since the firewall is a stateful service (this also applies to NAT/Load Balancing), it cannot work with asymmetric routing. For example, the 2nd Edge cannot be aware of a session that was started on the 1st edge (no SYN), so the traffic is dropped.
In my testing, it seems this impacts traffic traversing North to South, but routing South to North seems to work.
I did a quick video of my testing with my current lab environment to depict the results I see – which is the loss of network connectivity and pings from another routed segment.
You won’t be able to prepare sufficiently for this test without hands-on experience.
Currently, I have a 3 node nested ESXi environment with 6.5 ESXi and 6.3.3 NSX running on a vCD environment. I will be expanding this further and probably may follow Clinton’s lab design too – but trying out different things.
I took the new 2v0-642 NSX certification on Tuesday and lo and behold, I passed!
I am going to very careful so I do not violate any NDA, but I wanted to provide an updated perspective on the 2v0-642 test. As many of you know, 2v0-641 test has been around for several years and has been recently retired.
Moreover, many of the study guides available are on 641 – my understanding is 642 was quite different.
642 focuses on NSX 6.2x feature-set – one of the biggest changes is the addition of cross-vCenter vMotion.
So what did I do to prepare for this?
I took the VMware NSX for Internetworking Experts Fast Track [V6.1] Class. Yes, that’s right – I took the older class. Why? Well, I wanted to take a remote class and this was the closest thing available. I also don’t believe the Fast Track class is updated to 6.2, but I could be wrong.
However, this was a VERY good class that laid out many of the fundamentals I needed.
My instructor was good and even went over cross-vCenter vMotion and some of the changes for 6.2, which was not in the curriculum but very valuable.
Moreover, when I take any kind of class, I screenshot EVERY slide and write notes the instructor states. I reviewed ALL of this material for my exam preparation.
Labs, labs, labs. I can’t stress this enough – PLUS IT’S FREE!!!
A few labs I did over and over again – mostly focused on the 1725 labs:
HOL-1725-SDC-1 – VMware NSX Advanced Consumption
HOL-1725-USE-2 – VMware NSX Multi-Site DR with SRM
HOL-1703-SDC-1 – VMware NSX: Introduction and Feature Tour (while I did this in my class, it was a good refresher)
HOL-1703-USE-2 – VMware NSX: Distributed Firewall with Micro-Segmentation
I’m someone that needs to write/type things out and make a mental map of the technology and components. Therefore, I created this note sheet that I typed up a few days before the test: 2v0-642-UNOFFICIAL-StudyNotes
PLEASE take these notes as they are – it’s my (weird) way of studying for a test and how I interpret NSX.
I went through the test and flagged questions I was not entirely sure.
First pass took me maybe 35 minutes to complete – then I went to the beginning and went through the test again, focusing on the flagged questions I wasn’t too sure of.
Read each question CAREFULLY and eliminate the ones you know aren’t true.
Overall, I think I finished up with 45 to 50 minutes to spare.
Overall, I thought the test was challenging and asked very fair questions. It also made me kick myself on things I should have reviewed further – but that’s what a test is!
I’ll be working on my VCAP next – TBD if I’ll switch over to DCV or stay on NV. But I truly enjoyed the experience and look forward to the next test preparation.