Which choice is a valid insertion point for North-South network introspection?
Which choice is a valid insertion point for North-South network introspection?
A valid insertion point for North-South network introspection is the Tier-0 gateway. North-South traffic typically refers to data that moves between the internal network and external networks. The Tier-0 gateway acts as the interface between these networks, making it a suitable point for implementing monitoring and security measures such as network introspection.
I will go with A as this is where the rules to redirect the traffic is applied making it the point of insertion
I Think is A: North-South Service Insertion for Network Introspection can be applied at Tier-0 and Tier-1 gateways. The insertion points are the uplinks of the Tier-0 or Tier-1 gateways. A partner service virtual machine (SVM) is deployed close to the NSX Edge node to process the redirected traffic. The SVM virtual appliance is connected over the service plane to receive redirected traffic. https://www.ramyafifi.com/post/micro-segmentation-with-nsx-data-center
Answer 1 by filtration and elimination. B => not the same network layer in the OSI model C => don't know what is it, it's seems not a feature D => SVM is for monitoring in other thing, and it deployed on the Vcenter, so seems irrelevant with the question
D. Partner SVM According to the VMware NSX Documentation, Partner SVM is a valid insertion point for north-south network introspection. Network introspection is a feature that allows you to insert third-party network services into the data path of your traffic. Partner SVM stands for Partner Service Virtual Machine and is a virtual appliance that runs on an NSX Edge node and provides network services from a partner solution.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-53D6C480-7AD3-4B23-922D-430C89992B57.html
you redirect traffic to the SVM, the insertion has to happen in the NS path so its limited to T0 or T1 GW
D. Partner SVM https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-53D6C480-7AD3-4B23-922D-430C89992B57.html
I don't believe the question is asking what service can be used to perform the introspection, it's asking WHERE the service can be run. A Partner SVM can be run on either a T1 or T0 gateway, so A is the correct answer.
you redirect traffic to the SVM, the insertion has to happen in the NS path so its limited to T0 or T1 GW
North-South Service Insertion for Network Introspection can be applied at Tier-0 and Tier-1 gateways. The insertion points are the uplinks of the Tier-0 or Tier-1 gateways
East-West Service Insertion, the insertion points are at each guest VM’s vNIC.