Sunday, September 29, 2019

NSX-T 2.5 Getting Started, Part 1

Since NSX-T 2.5 just came out, it's about time to do a full rebuild and getting started guide. NSX-T differs greatly from NSX-V in that the initial setup is quite a bit more complicated and doesn't have many guardrails or direct paths to initial set-up.

We'll be skipping the appliance deployment, because if you have troubles deploying an OVA this will probably be too difficult.

First off, we'll be using our applied Clos fabric for this, and we won't be multihoming these devices as of yet, as this post will be pretty lengthy as it is. Diagram is here:

With that in mind, the first step to configuring virtualized routing & switching for NSX-T is in the vCenter GUI. In this lab, I have two hosts in two separate clusters -

  • Payload: Virtual Tunnel Endpoints (VTEPs) exist primarily on the host, and are leveraged as port-groups for guest network connectivity
  • Management/Edge: No host VTEPs currently exist, as they are not required for the management VMs, nor for the Edge Appliances (Primary difference coming from NSX-V!)
Coming from the vCenter UI, it looks like this:
The NSX-T Edge Appliances need to ingest underlay networks via 802.1Q tags, instead of as individual port groups. Fortunately, vSphere has been able to do this for quite some time, so we use the lesser-known "VLAN trunking" 

From here, it's time to outline our Edge Design - BEFORE anything is built.
We'll use this as a guide throughout the configuration process., First, we set transport zones and device profiles:
We create the underlay (VLAN) transport zone to ensure that virtualized traffic can exit to the "real network":
We create the overlay network where the GENEVE VN-Segments will live next:
Then we configure the Layer 2 uplink profiles. Note: specifically configuring the Active uplink to FP-ETH0 is REQUIRED. The NSX Edges will not function without this, and NSX-T will never tell you why.
And the VTEP profiles. Note that this portion uses the name allocated in the transport node profile.
Finally, the host transport profiles. Here we set a profile that will use a single uplink for the N-VDS, add transport zones, etc. Note that the physical NIC name on the left needs to exactly match the physical NIC identifier in ESXi.
Now, we can finally start configuring transport nodes. Note that since we deployed profiles prior to this, there's not a whole lot to do as far as roll-out is concerned.




Ensure the edge appliance is ready:
Configure the edge cluster:
Now we're ready to configure routing and switching functionality. This can go several different ways, as VMWare has provided additional capabilities with regards to configuring NSX-T assets - declarative configuration methods. We'll cover that in detail, along with how to use it, in the next post!

No comments:

Post a Comment

Why Automate, Part 2: RESTFul APIs and why they aren't as hard as you think

Let's be realistic about the API craze - it seems everything has one, and everybody is talking about API consumption in their environmen...