Part 1 – Config and Deploy NSX-T 3.2

VMWare NSX-T is VMware’s primary SDN solution with noted advantages such as micro-segmentation, extensive cloud-native apps support, and enhanced network security features. NSX-T gives us a single view of the entire network so we can apply end-to-end consistent security rules quickly and resolve connectivity incidents.

NSXT uses a protocol called Geneve to encapsulate traffic and this is similar to VXLAN. It requires a jumbo frame ( MTU > 1600 ). The underlying physical switch is unaware of what’s happening at the VNI Layers.

NSX-T Architecture

NSX-T Deployment Types

Single Site Deployment vs Multisite Deployment

In a Single site config, you will have a management cluster as shown along with several workload domains all in one site. All NSX managers will be on the same site in one cluster.

Multisite Deployment will have NSX managers spread around as shown with all NSX-T managers within less than 10 ms network/storage latency. In case of a 2-site config, one of our sites will have 2 NSX mgr and the peer site will have 1.

NSX-T Licensing

NSX-T licensing can be licensed as per below.

NSX-T Components

NSX-T Manager

The core component of NSX-T is the NSX manager and it’s deployed as an OVA. It has a management component and a control plane and always NSX-T is deployed in a cluster of three for redundancy.

The manager maintains the ARP table, MAC table, TEP table

If we lose 2 nodes, we can’t move things around because the controllers are down so we don’t know VTEP traffic. Even if all 3 are down, VM will be up but it won’t move anything around because the control plane is down.

Here are the relevant web links

• NSX and ESXi Compatibility Matrix (Transport Node)
• NSX and vCenter Server Compatibility Matrix ( Compute Manager )
• NSX Upgrade Path Matrix

NSX-T Concepts

VTEP – The NSX deploys an L2 layer over the L3 network. This is the connection where L2 is converted to L3 and back and forth.

NSX-T Deployment

We’ve now deployed esx 7.0 on all our esx hosts and have vCenter is now on 7.0. Hosts are connected to a distributed switch with vDS v7.0.

The table shows if compute manager is compatible with NSX-T

The table shows if the version of the transport node is compatible with NSX-T

NSX-T Deployment Prerequisites

• Ensure storage and network latency between these managers is under 10 ms
• Place all NSX-mgrs in the same cluster
• DNS, NTP, 4 free IPs

In this blog, we will add 3 NSX-T appliances to our environment. We begin by creating DNS records for the appliances and a management VIP record.

NSX Manager provides a web-based UI to manage your NSX-T env. Let’s check the NSX Manager VM form factor and its compute requirements.

NSX can be deployed as

• NSX Manager – Default
• NSX Edge appliance – controls to and fro from ESX
• NSX Public Cloud Gateway – Sits in Azure / AWS

We’ve now deployed esx 7.0 on all our esx hosts and have vCenter is now on 7.0. Hosts are connected to a distributed switch with vDS v7.0. For NSX-T we require an MTU of more than 1500.

Installation Workflow

The OVA deployment of the appliance is similar to any other appliance deployment on vCenter

Give the VM a name

Select a compute host

Review settings and click Next

Select deployment size as per your requirement

Choose disk type as thin provision

Select the network as a management network

Choose the IP address details and under role, name choose NSX Manager. NSX Global Manager is used for federation

Skip everything under the internal properties section.

Click Finish

The deployment will take around 10 mins and once done login via https://NSX_mgrIP

Navigate to System – Licenses – Add a license before you use NSX-T

Summary

Installing an NSXT 3.X is a process that does require careful planning. In the next post, we will show you how to prepare an NSX-T environment along with vCenter