NSX-T Part2 – Simple Configuration Run-through

In my first NSX-T blog post “NSX-T Part1 – Simple Installation Run-through” you can read about how easy it is to install the base components of NSX-T. The next step is obviously to configure everything so we can benefit from it. So let’s get started!

1. Create Transport Zones

First of all, we need to configure the Transport Zone. A Transport Zone defines the potential reach of Transport Nodes (Hypervisor Hosts or NSX Edges). Transport Nodes in the same Transport Zone can communicate which each other. There are two different types of Transport Zones, Overlay, and VLAN. Hypervisor Hosts can only participate in one Transport Zone. NSX Edges can have multiple Transport Zones, e.g. an Overlay Transport Zone to facilitate the encapsulated communication between Transport Nodes and a VLAN based Transport Zone to connect the uplink to the outside world.

In this scenario, we create two Transport Zones, one for the Overlay communication and another one for the VLAN based uplink to the outside world. By the way, I am using the “Standard” N-VDS Mode. The ENS mode, also known as “Enhanced Datapath”, uses DPDK techniques and provides better performance for latency-sensitive applications such as NFV workloads.

2. Create an IP-Pool

The next step is to create an IP-Pool for Transport Nodes (Tunnel Endpoints, also known as vTEPs) participating in the Overlay Transport Zone. In my example, this is a simple class c network “192.168.50.100 – 192.168.50.150”.

3. Uplink Profiles

To configure the Transport Nodes with the right uplink configuration, we need to create an Uplink Profile. The Uplink Profile specifies the Teaming Policy, Transport VLAN, MTU size, and uplink configuration. It allows you to easily configure network adapters consistently across multiple Hosts and Edges.

We need to create a second Uplink Profile for the Edge VMs. The profile for the Edge VMs can only have one active and no standby uplink according to the NSX-T documentation. Which makes perfect sense as the failover will be handled on the ESXi host level and not on the VM level. In my case, I don’t have to specify a VLAN ID as the Edge VM will be connected to a vSphere Port Group that is already VLAN tagged.

4. Configure Host Transport Nodes

After we have prepared the IP-Pool and the Uplink Profile, we can create our first Transport Node under “Fabric/Nodes/Transport Nodes”. We need to specify a name as well as the ESXi host that will be configured as a Transport Node. Further down, we need to select the Transport Zone in which the node will participate.

On the N-VDS tab, we need to create a new Node Switch. The N-VDS Name will be selectable from the dropdown menu for further Transport Node creations, but as this is the first Node, we need to specify a name for the switch.

Select the Uplink Profile we have created in step 3 and select “Use IP Pool” from the dropdown for “IP Assignment”. As the IP Pool, specify the pool we have created during step 2. Make sure that you select the right physical nic from the dropdown to connect to the N-VDS. If you are not sure, compare the MAC address with the MAC address of the free adapter in the vSphere Client.

If everything looks good, click the “ADD” button to create the Transport Node.

Repeat the steps for all ESXi Hosts in the cluster or use the “CONFIGURE CLUSTER” option to configure and create Transport Nodes for all Hosts in one go. The end result should look similar to this.

In the vSphere Client, you should see that the physical NICs of the ESXi Hosts got assigned to the N-VDS switch of NSX-T.

5. Configure Edge Transport Nodes

As a next step, we need to create and configure the Edge Transport Node. This is another difference between NSX-v and NSX-T. The NSX-T Edge VMs are part of the Overlay and therefore tunnel endpoints just like the ESXi Hosts. Additionally, they are connected to VLAN based port groups to establish connections between the NSX-T logical networks and the outside world. Specify a name and select the Edge VM from the dropdown. Make sure that you choose both Transport Zones, that we have created earlier.

On the N-VDS tab, we need to specify two Edge Switches, one per Transport Zone. The first one is the one for the Overlay. We should be able to select the Switch name from the dropdown menu, as we have used it for the Host Transport Nodes before.

Specify the Uplink Profile we have created for the Edge earlier, select “Use IP Pool” for IP Assignment, and chose the “TE-IP-Pool” we have created for the Tunnel Endpoints. Under Virtual NICs, select the interface that is connected to the “NSX Tunnel vSphere Port Group”. Yes, you heard right, as mentioned before, the NSX-T Edge VM is part of the Overlay, and therefore it needs to have access to the tunnel network. Which essentially means, you need to have a vSphere Port Group, with access to the tunnel network, specified on each ESXi host that could possibly host the Edge VM.

If you are not sure which interface to select, check the MAC address within the vSphere Client.

Now we need to create a second N-VDS for the communication with the outside world, which will be used for the VLAN based Transport Zone that we have selected already. Click “+ADD N-VDS” and enter a name for the new Edge Switch.

In this case, we can use the same Edge Uplink Profile that we used for before, but we don’t specify an IP Assignment as this is no tunnel endpoint. Again, make sure you select the right interface under Virtual NICs and press “SAVE”.

6. Create Edge Cluster

The last step is to create an Edge Cluster. Even though I just have one Edge VM in my homelab, we still need to create an Edge Cluster to make any use of it. Important note! This is not a VMware recommended implementation, due to availability reasons, you should have 2 Edge VMs in your NSX-T Edge Cluster.

Start creating the Edge Cluster under “Fabric/Nodes/Edge Clusters”. Specify a name for the cluster and leave the default Edge Cluster Profile as it is. 

Choose “Edge Node” as member type and select the available Edge Node. Click “ADD” to create the Edge Cluster.

Done, we have successfully configured the necessary NSX-T components. Now we can start creating Logical Switches, Routers, etc… I hope this blog post helped you to get through the basic configuration of the NSX-T components. Additional sources can be found here.

Sources

• NSX-T 2.1 Install Guide
• NSX-T 2.1 Admin Guide
• NSX-T 2.1 Troubleshooting Guide
• NSX-T 2.2 Install Guide
• NSX-T 2.2 Admin Guide
• NSX-T 2.2 Troubleshooting Guide