What are Transport Zones:
Transport zones define how VMs on the host can communicate with each other and are used to separate dev/test environments. Members inside the transport zone can communicate with each other by default thus transport zone is just a span of logical segments.
Members within the transport zone aren’t able to communicate with each other ( eg: VM’s in the test transport zone won’t communicate with the prod transport zone) thus it limits a host’s ability to see only logical switches it needs to see.
There are two types of transport zones.
Overlay TZ: Create an overlay Transport zone to communicate with overlay segments within the NSX ( eg: App, DB, Web etc ). This transport zone is used by the host as well as Edge.
VLAN TZ: This transport zone focuses on VLAN uplinks used by Edge and Host transport nodes. A VLAN N-VDS gets installed when you add a node to this TZ. Create a VLAN-based transport zone to communicate with the non-overlay networks that are external to NSX-T Data Center.
Create Transport Zones
We will create an overlay transport zone and a VLAN transport zone.
On the NSX UI Home page, navigate to System > Configuration > Fabric > Transport Zones and click +ADD.
Option | Action |
Name | Prod-Overlay-TZ |
Switch Name | Prod-Overlay-NVDS |
Traffic Type | Overlay |
Option | Action |
Name | Prod-VLAN-TZ |
Switch Name | Prod-VLAN-NVDS |
Traffic Type | VLAN |
Create Uplink Profile
An uplink profile defines how you want your network traffic to go outside of NSX-T env. It’s to decide things like my TEP VLAN, MTU, and load balancing. In short, it’s how connectivity should work from NVDS to the network for the TEP network.
We will create two uplink profiles – So, so we have two different VLAN ID’s for Host TEP(1634) as well as Edge TEP(2713)
Option | ID | PortGroup |
VLAN | 1634 | NSXT-Overlay ( Host Uplink ) |
VLAN | 2713 | Edge Transport Overlay ( Edge TEP uplink) |
Let’s create one for the host transport node. Navigate to System >Profiles >Uplink Profile >Click on +
Transport VLAN 1634 mean all hosts attached to this uplink profile will get a Tunnel Endpoint IP from this VLAN. I have configured DHCP for this VLAN on my TOR.
Teaming Policies
Option | Action |
Failover | Active/Standy config |
Load Balance Source | uses the virtual port ID of VM to distribute the load |
Load Balance Source on MAC | uses hash value so CPU load is higher |
Select Load Balanced Source. And type ‘uplink-1,uplink-2’ in the ‘Active Uplink’ field as we go with the Active/Active configuration.
Give the VLAN ID for the esx that we are tagging.
One of the requirements for NSX-T overlay so that we use a higher MTU of over 1700 so, overlay traffic can be forward but in most cases this will be configured on the physical switch. If we are using VDS ( instead of NVDS we don’t need to configure anything here but for NVDS we must type an MTU value here. My hosts are on 7.0 so we are to skip it here which means if we leave it empty the default value of 1700 is taken.
I’ve defined a host uplink profile for my KVM Hosts as well
We must create one more uplink profile for the Edge Transport Node. Follow the same process for VLAN ID 2713. So, we have two different VLAN IDs for Host TEP as well as Edge TEP.
Verify the EDGE Uplink profile.
That now completes our task of creating profiles and we can see this info In NSX-T Manager – System > Fabric >Profiles > Uplink Profiles
Creating NSX-T IP Pools for TEPs
We will need to create two IP pools which is an internal IP address management system.
- VTEP pool
- Host TEP IP-Pool
Go to the IP management > IP address pools > Add IP ranges
Summary
Installing an NSXT 3.1 along with vCenter 7.0 is a process that does require careful planning. In the next post, we will migrate an existing environment configured with nvDS to a Converged NSX node switch type.