Microsegmentation in VMware NSX on Software Gone Wild

VM NIC firewalls have been around for years (they’re also the reason I got my first invitation to the awesome Troopers conference), but it sounds so much better when you call them Microsegmentation (not the one I talked about @ Troopers this year).

Marketing gimmicks aside, VMware NSX includes an interesting in-kernel stateful firewall, and Brad Hedlund was kind enough to explain the intricacies of that feature in Episode 27 of Software Gone Wild


  1. Excellent show, very informative. Brad's NSX knowledge and Ivan's question were a perfect mix. Very compelling and I have recommended the dist FW solution a couple of times, but I like the non use of overlay's as a segment solution for multi tier applications and the movment. Going through the ACI review now and their policy use of the VXLAN reserved bits gives one some "reservation". .

    Oh I Ivan. I like the "evil bit" comment. I have to remember that one.

    Good show fellas
    1. Thank you! BTW, here's the Evil Bit RFC: https://tools.ietf.org/html/rfc3514
  2. If only things were black and white as the 1s and 0s of the "evil" bit :-)
  3. Enjoyed the show. You guys talked about having the related services co-located on the same hosts and it was mentioned that *show notes* will be updated with the link. Is the link availble ?
    1. I know we mentioned a link and the need to include it, but I honestly can't remember what we were talking about. Is this what you were looking for or something else?

Add comment