VMware NSX provides a (heavily underestimated) SpoofGuard functionality, which prevents virtual machines to use IP addresses that are not approved by the network engineers. It guards for, guess what, IP spoofs. Virtual machines will not be able to change their IP addresses without administrative approval, which prevents issues with unauthorized changes or duplicate IPs.

SpoofGuard in NSX

SpoofGuard can operate in 3 modes:

– Approve everything (the default);
– Automatically approve first detected IP, manual approve changes;
– Manually approve all first detected IPs and changes.

While having control of the IP address changes in the virtual network is pretty … Read more



VMware NSX is completely software based. This means it’s flexible as heck and you can have a lot of instances running concurrently. It also means you can go crazy with your network topology designs and amount of tinkering you can do with your virtual network. I am someone who loves to tinker. Sometimes a bit too much. A consequence of this, is that I sometimes break my virtual test lab and have to re-install it and return to the starting point. This has happened … Read more