This is going to be a short one! I received an interesting question from Sander Martijn about retrieving all IP routes from an NSX Edge. There is no API endpoint available in NSX to get the current routes and the only way this information can get retrieved is using the NSX Central CLI. You can easily see all routes on the Central CLI by using the command: show edge edge-id ip route.

PowerNSX has an Invoke-NsxCli cmdlet which executes the Central CLI with a specific query. Because of this, you can retrieve the routes with a PowerShell script and … Read more


VMware NSX provides a (heavily underestimated) SpoofGuard functionality, which prevents virtual machines to use IP addresses that are not approved by the network engineers. It guards for, guess what, IP spoofs. Virtual machines will not be able to change their IP addresses without administrative approval, which prevents issues with unauthorized changes or duplicate IPs.

SpoofGuard in NSX

SpoofGuard can operate in 3 modes:

– Approve everything (the default);
– Automatically approve first detected IP, manual approve changes;
– Manually approve all first detected IPs and changes.

While having control of the IP address changes in the virtual network is pretty … Read more



VMware NSX is completely software based. This means it’s flexible as heck and you can have a lot of instances running concurrently. It also means you can go crazy with your network topology designs and amount of tinkering you can do with your virtual network. I am someone who loves to tinker. Sometimes a bit too much. A consequence of this, is that I sometimes break my virtual test lab and have to re-install it and return to the starting point. This has happened … Read more