NSX-T 2.5 Getting Started, Part 1

calendar Sep 29, 2019 · 3 min read · eBGP VMWare Home Lab Network Security Datacenter Networking Spine and Leaf iBGP Routing & Switching Studies BGP NSX-T  ·
Share on: linkedin copy

Since NSX-T 2.5 just came out, it's about time to do a full rebuild and getting started guide. NSX-T differs greatly from NSX-V in that the initial setup is quite a bit more complicated and doesn't have many guardrails or direct paths to initial set-up.

We'll be skipping the appliance deployment, because if you have troubles deploying an OVA this will probably be too difficult.

First off, we'll be using our applied Clos fabric for this, and we won't be multihoming these devices as of yet, as this post will be pretty lengthy as it is. Diagram is here:

Diagram

With that in mind, the first step to configuring virtualized routing & switching for NSX-T is in the vCenter GUI. In this lab, I have two hosts in two separate clusters -

  • Payload: Virtual Tunnel Endpoints (VTEPs) exist primarily on the host, and are leveraged as port-groups for guest network connectivity
  • Management/Edge: No host VTEPs currently exist, as they are not required for the management VMs, nor for the Edge Appliances (Primary difference coming from NSX-V!)

Coming from the vCenter UI, it looks like this:

vSphere Cluster UI

The NSX-T Edge Appliances need to ingest underlay networks via 802.1Q tags, instead of as individual port groups. Fortunately, vSphere has been able to do this for quite some time, so we use the lesser-known "VLAN trunking"

New Distributed Port Group

New Distributed Port Group Port Settings

From here, it's time to outline our Edge Design - BEFORE anything is built.

Host Diagram

We'll use this as a guide throughout the configuration process., First, we set transport zones and device profiles:

We create the underlay (VLAN) transport zone to ensure that virtualized traffic can exit to the "real network":

Edit Underlay Transport Zone

We create the overlay network where the GENEVE VN-Segments will live next:

Edit Overlay Transport Zone

Then we configure the Layer 2 uplink profiles. Note: specifically configuring the Active uplink to FP-ETH0 is REQUIRED. The NSX Edges will not function without this, and NSX-T will never tell you why.

Edge Uplink Profile

And the VTEP profiles. Note that this portion uses the name allocated in the transport node profile.

Host Uplink Profile

Finally, the host transport profiles. Here we set a profile that will use a single uplink for the N-VDS, add transport zones, etc. Note that the physical NIC name on the left needs to exactly match the physical NIC identifier in ESXi.

Host Transport Node Profile

Now, we can finally start configuring transport nodes. Note that since we deployed profiles prior to this, there's not a whole lot to do as far as roll-out is concerned.

NSX Cluster Configuration

Set Deployment Profile

NSX Cluster Status

Add Edge VM

Configure Edge Deployment

Configure Edge Node Settings

Configure NSX

Ensure the edge appliance is ready:

Edge Transport Nodes

Configure the edge cluster:

Add Edge Cluster

Now we're ready to configure routing and switching functionality. This can go several different ways, as VMWare has provided additional capabilities with regards to configuring NSX-T assets - declarative configuration methods. We'll cover that in detail, along with how to use it, in the next post!