VMWare NSX-T is VMware’s primary SDN solution with noted advantages such as micro-segmentation, extensive cloud-native apps support, and enhanced network security features. NSX-T gives us a single view of the entire network so we can apply end-to-end consistent security rules quickly and resolve connectivity incidents.
NSXT uses a protocol called Geneve to encapsulate traffic and this is similar to VXLAN. It requires a jumbo frame ( MTU > 1600 ). The underlying physical switch is unaware of what’s happening at the VNI Layers.
NSX-T Architecture
| Management + Control Plane | NSX-T manager , vCenter etc |
| Data Plane | Transport Node – ESXi, KVM, Edge node |
NSX-T Deployment Types
Single Site Deployment vs Multisite Deployment
In a Single site config, you will have a management cluster as shown along with several workload domains all in one site. All NSX managers will be on the same site in one cluster.
Multisite Deployment will have NSX managers spread around as shown with all NSX-T managers within less than 10 ms network/storage latency. In case of a 2-site config, one of our sites will have 2 NSX mgr and the peer site will have 1.
NSX-T Licensing
NSX-T licensing can be licensed as per below.
| License Type | Features Included |
| Standard | Switching + Routing + DNS/DHCP + Basic firewall |
| Professional | Standard + Cloud Integration |
| Advanced | Pro + IPV6 + AD Integration + Container Networking + Multi-vCenter, TO VRF’s, Load Balancing/ Health check etc |
| Enterprise Plus | Pro + NSX Federation + NSX Intelligence |
NSX-T Components
NSX-T Manager
The core component of NSX-T is the NSX manager and it’s deployed as an OVA. It has a management component and a control plane and always NSX-T is deployed in a cluster of three for redundancy.
The manager maintains the ARP table, MAC table, TEP table
If we lose 2 nodes, we can’t move things around because the controllers are down so we don’t know VTEP traffic. Even if all 3 are down, VM will be up but it won’t move anything around because the control plane is down.
Here are the relevant web links
- NSX and ESXi Compatibility Matrix (Transport Node)
- NSX and vCenter Server Compatibility Matrix ( Compute Manager )
- NSX Upgrade Path Matrix
NSX-T Concepts
VTEP – The NSX deploys an L2 layer over the L3 network. This is the connection where L2 is converted to L3 and back and forth.
NSX-T Deployment
We’ve now deployed esx 7.0 on all our esx hosts and have vCenter is now on 7.0. Hosts are connected to a distributed switch with vDS v7.0.
The table shows if compute manager is compatible with NSX-T
The table shows if the version of the transport node is compatible with NSX-T
NSX-T Deployment Prerequisites
- Ensure storage and network latency between these managers is under 10 ms
- Place all NSX-mgrs in the same cluster
- DNS, NTP, 4 free IPs
In this blog, we will add 3 NSX-T appliances to our environment. We begin by creating DNS records for the appliances and a management VIP record.
NSX Manager provides a web-based UI to manage your NSX-T env. Let’s check the NSX Manager VM form factor and its compute requirements.
NSX can be deployed as
- NSX Manager – Default
- NSX Edge appliance – controls to and fro from ESX
- NSX Public Cloud Gateway – Sits in Azure / AWS
We’ve now deployed esx 7.0 on all our esx hosts and have vCenter is now on 7.0. Hosts are connected to a distributed switch with vDS v7.0. For NSX-T we require an MTU of more than 1500.
Installation Workflow
The OVA deployment of the appliance is similar to any other appliance deployment on vCenter
Give the VM a name
Select a compute host
Review settings and click Next
Select deployment size as per your requirement
Choose disk type as thin provision
Select the network as a management network
Choose the IP address details and under role, name choose NSX Manager. NSX Global Manager is used for federation
Skip everything under the internal properties section.
Click Finish
The deployment will take around 10 mins and once done login via https://NSX_mgrIP
Navigate to System – Licenses – Add a license before you use NSX-T
Summary
Installing an NSXT 3.X is a process that does require careful planning. In the next post, we will show you how to prepare an NSX-T environment along with vCenter