VMware NSX: Physical (VLAN) TO Virtual (VXLAN) Bridging Configuration

I came across a scenario which require the connectivity between traditional workloads with legacy VLANs to virtualized networks using VXLAN, and thought of writing a quick blog post on the subject.

VMware NSX provides in-kernel software L2 Bridging capabilities that allow you to connect VLAN backed VMs to VMs connected to NSX based logical network (virtual wires).

Prior to NSX version 6.2, it was not possible to bridge a Logical Switch that was connected to a Distributed Logical Router: for that scenario it was required to connect the Logical Switch directly to an Edge Services Gateway.1

With NSX 6.2 on a given NSX Logical Switch, Distributed logical routing can co-exist with L2 bridging.

2

In my scenario, I have a database VM “AMS” which is connected to VLAN backed port group “VxRACK MGMT” with a VLAN ID 36

3.png

You can see Database VM “AMS” is connected to VxRACK MGMT port group:

4

And an Application VM “App-Windows” connected to “App-Tier” VxLAN backed logical switch (DLR).

7

8

To verify that “AMS” is isolated and cannot ping the application VM, let me try to ping the default gateway of application VM.

9

10.png

It’s been verified that the VM is isolated and the L2 Bridging is not configured yet.

Now let’s configure NSX L2 bridging:

We will enable NSX L2 Bridging between VLAN 36 and the “App-Tier” Logical Switch, so that VM “AMS” will be able to communicate with the rest of the network. With NSX-V 6.2 is now possible to have a L2 Bridge and a Distributed Logical Router connected to the same Logical Switch. This represents an important enhancement as it simplifies the integration of NSX in brownfield environments, as well as the migration from legacy to virtual networking.

11

Select the “App-Tier” logical switch and click ok:

12

Click on Distributed port group and select “VxRACK-MGMT” port group:

13To enable the L2 Bridging, click on the Publish Changes button, and wait until the page refreshes.

14

Verify the published configuration. You will notice the “Routing Enabled” message: it means that this L2 Bridge is also connected to a Distributed Logical Router, which is an enhancement in NSX-V 6.2.15.png

Let’s verify L2 connectivity between the “AMS” VM, attached on VLAN 36, and the machines connected “App-Tier” Logical Switch (App-Windows). First let me ping the default gateway of “App-Tier” logical switch:

16

Boom…….ping successful: we have verified connectivity between a VM attached on VLAN 36 and the Distributed Logical Router that is the default gateway of the network, through a L2 Bridge provided by NSX!

Now let’s ping the Application VM “App-Windows” from Database VM “AMS” which is on VLAN 36:

17

18.png

NSX L2 Bridging has been verified successfully. I hope you enjoyed the blog, if you think it’s worth sharing, please do.  Keep learning and sharing knowledge.

VMware NSX 6.2 Installation and Configuration: A to Z

This has been a long pending series of blog Posts on VMware NSX (6.2.2) Installation and configuration I wanted to share. Last month I have installed NSX 6.2.2 in my lab and wanted to share my experience.

I have written 12 blog posts in an attempt to cover the complete procedure for NSX installation and Configuration in vSphere environment from the scratch.

Below is the list of blog posts:

 

(1) VMware NSX Installation and Configuration Part 1 – Prerequisites for Deploying NSX in vSphere Environment:

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-1-prerequisites-for-deploying-nsx-in-vsphere-environment/

(2) VMware NSX Installation and Configuration Part 2 – Deployment of NSX Manager Virtual Appliance:

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-2-deploment-of-nsx-manager-virtual-appliance/

(3)VMware NSX Installation and Configuration Part 3 –NSX Manager vCenter Integration, SSO, Syslog & License configuration

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-3-nsx-manager-vcenter-integrationssosyslog-license-confguration/

(4) VMware NSX Installation and Configuration Part 4 – Deploy NSX Controller Cluster

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-4-deploy-nsx-controller-cluster/

(5) VMware NSX Installation and Configuration Part 5- Exclude Virtual Machines from NSX Firewall Protection

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-5-exclude-virtual-machines-from-nsx-firewall-protection/

(6) VMware NSX Installation and Configuration Part 6 – Prepare Host Clusters for NSX

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-6-prepare-host-clusters-for-nsx/

(7) VMware NSX Installation and Configuration Part 7- VXLAN Transport Parameters Configuration

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-7-vxlan-transport-parameters-configuration/

(8) VMware NSX Installation and Configuration Part 8- Creating a Logical Switch

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-8-creating-a-logical-switch/

(9) VMware NSX Installation and Configuration Part 9-Adding a Distributed Logical Router

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-9-adding-a-distributed-logical-router/

(10) VMware NSX Installation and Configuration Part 10- Adding an Edge Services Gateway

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-10-adding-an-edge-services-gateway/

(11) VMware NSX Installation and Configuration Part 11-Configuring OSPF on a Logical (Distributed) Router:

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-11-configuring-ospf-on-a-logical-distributed-router/

(12) VMware NSX Installation and Configuration Part 12-Configure OSPF on an Edge Services Gateway

https://virtualissar.wordpress.com/2016/09/09/vmware-nsx-installation-and-configuration-part-12-configure-ospf-on-an-edge-services-gateway/

Hope you liked the posts, do share comment and like if you find them helpful. Till then keep learning and sharing.

 

 

 

VMware NSX Installation and Configuration Part 3 –NSX Manager vCenter Integration,SSO,Syslog & License confguration

1 In a Web browser, navigate to the NSX Manager appliance GUI at https://IP or FQDN and log in as admin with the password that you configured during NSX Manager Installation.

2 Under Appliance Management, click Manage vCenter Registration.

1

3 Edit the vCenter Server element to point to the vCenter Server’s IP address or hostname, and enter the vCenter Server user name and password. For the user name, the best practice is to enter administrator@vsphere.local or an alternative account that you have created. Do not use the root account.

4 Check that the certificate thumbprint matches the certificate of the vCenter Server. If you installed a CA-signed certificate on the CA server, you are presented with the thumbprint of the CA-signed certificate. Otherwise, you are presented with a self-signed certificate.

5 Do not tick Modify plugin script download location, unless the NSX Manager is behind a firewall type of masking device. This option allows you to enter an alternate IP address for NSX Manager. Note that putting NSX Manager behind a firewall of this type is not recommended.

6 Confirm that the vCenter Server status is Connected.

2.png

3

4.png

7 If vCenter Web Client is already open, log out of vCenter and log back in with the same Administrator role used to register NSX Manager with vCenter. If you do not do this, vCenter Web Client will not display the Networking & Security icon on the Home tab. Click the Networking & Security icon and confirm that you can see the newly deployed NSX Manager

5.png

Configure Single Sign On:

SSO makes vSphere and NSX more secure by allowing the various components to communicate with each other through a secure token exchange mechanism, instead of requiring each component to authenticate a user separately.

You can configure lookup service on the NSX Manager and provide the SSO administrator credentials to register NSX Management Service as an SSO user. Integrating the single sign on (SSO) service with NSX improves the security of user authentication for vCenter users and enables NSX to authenticate users from other identity services such as AD, NIS, and LDAP.

With SSO, NSX supports authentication using authenticated Security Assertion Markup Language (SAML) tokens from a trusted source via REST API calls. NSX Manager can also acquire authentication SAML tokens for use with other VMware solutions. NSX caches group information for SSO users. Changes to group memberships will take up to 60 minutes to propagate from the identity provider (for example, active directory) to NSX.

Procedure:

1 Log in to the NSX Manager virtual appliance. In a Web browser, navigate to the NSX Manager appliance GUI at https://, and log in as admin with the password that you configured during NSX Manager Installation.

2 Click the Manage tab, then click NSX Management Service.

3 Type the name or IP address of the host that has the lookup service. If you are using vCenter to perform the lookup service, enter the vCenter Server’s IP address or hostname, and enter the vCenter Server user name and password.

4 Type the port number. Enter port 443 if you are using vSphere 6.0. For vSphere 5.5, use port number 7444. The Lookup Service URL is displayed based on the specified host and port.

6.png

7.png

8

Specify a Syslog Server:

If you specify a syslog server, NSX Manager sends all audit logs and system events to the syslog server. Syslog data is useful for troubleshooting and reviewing data logged during installation and configuration. NSX Edge supports two syslog servers. NSX Manager and NSX Controllers support one syslog server.

Procedure

1 In a Web browser, navigate to the NSX Manager appliance GUI at https://.

2 Log in as admin with the password that you configured during NSX Manager installation.

3 Click Manage Appliance Settings.

9.png

10.png

4 From the Settings panel, click General.

5 Click Edit next to Syslog Server.

6 Type the IP address or hostname, port, and protocol of the syslog server. If you do not specify a port, the default UDP port for the IP address/host name of the syslog server is used.

11

Install and Assign NSX for vSphere License:

In vSphere 6.0, complete the following steps to add a license for NSX.

a Log in to the vSphere Web Client.

b Click Administration and then click Licenses.

c Click the Assets tab, then the Solutions tab.

d Select NSX for vSphere in the Solutions list. From the All Actions drop-down menu, select Assign license….

e Click the Add ( ) icon. Enter a license key and click Next. Add a name for the license, and click Next. Click Finish to add the license.

f Select the new license.

g (Optional) Click the View Features icon to view what features are enabled with this license. View the Capacity column to view the capacity of the license.

h Click OK to assign the new license to NSX.

12.png

13

14

In the next blog , i will talk about the NSC Controller cluster deployment and configuration.

VMware NSX Installation and Configuration Part 2 – Deploment of NSX Manager Virtual Appliance:

After downloading the NSX Manager virtual appliance OVA, we need to deploy it in the vSphere environment. It was a straightforward process as in case of any virtual appliance installation.

Just make sure to connect the NSX Manager appliance to the management network that can communicate with the vCenter server. Also make sure to make the appropriate DNS entries for NSX manager before deployment.1.png2.png3.png4.png5.png

Make sure you connect NSX Manager Appliance on the same network as vCenter server .6.png

Enter the password for the NSX manager CLI admin and host name for the NSX Manager Appliance.

78.png

Enter the DNS Server , Domain and NTP information.

9.png

Click Finish and wait for appliance deployment to complete .

After the deployment completes , open the web browser and go to the IP  address/FQDN of NSX manager Appliance.

10.png

After logging in as admin with the password you set during installation, click View Summary and make sure that the following services are running: vPostgres, RabbitMQ, and NSX Management Services.

1112.png

 

I will cover the NSX Manager integration with vCenter server and some other configuration on part 3 of blog posts. happy reading .

VMware NSX Installation and Configuration Part 1 – Prerequisites for Deploying NSX in vSphere Environment:

This has been a long pending series of blog Post on VMware NSX (6.2.2) Installation and configuration that I wanted to share. Last month I have installed NSX 6.2.2 in my lab, the first and most important thing before installation is to make sure all the prerequisite is in place for a smooth NSX installation.

Software Prerequisites for NSX 6.2.2:

VMware vCenter Server 5.5U3 with ESXi 5.5

VMware vCenter Server 6.0U2 with ESXi 6.0

At least three ESXi 5.5/6 host

For the latest interoperability information, you can refer to Product Interoperability Matrixes at

http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php

Hardware Prerequisites for NSX 6.2.2:1

Client and User Access Prerequisites:

  • If you added ESXi hosts by name to the vSphere inventory, ensure that forward and reverse name Resolution is working. Otherwise, NSX Manager cannot resolve the IP addresses.
  • Permissions to add and power on virtual machines
  • Access to the datastore where you store virtual machine files and the account permissions to copy file to that datastore
  • Cookies enabled on your Web browser, to access the NSX Manager user interface
  • From NSX Manager, ensure port 443 is accessible from the ESXi host, the vCenter Server, and the NSX appliances to be deployed. This port is required to download the OVF file on the ESXi host for deployment.
  • A Web browser that is supported for the version of vSphere Web Client you are using

Ports and Protocols Required by NSX:

The below ports must be open for NSX to operate properly:23.png

vSphere Distributed Switch:

The VxLAN based logical switching needs the vSphere distributed switch, vSphere standard switch is not a supported configuration with NSX.

NSX vSwitch is based on vSphere distributed switches (VDSs), which provide uplinks for host connectivity to the top-of-rack (ToR) physical switches. As a best practice, VMware recommends that you plan and prepare your vSphere distributed switches before installing NSX for vSphere. A single host can be

Attached to multiple VDSs. A single VDS can span multiple hosts across multiple clusters. For each host cluster that will participate in NSX, all hosts within the cluster must be attached to a common VDS.

NSX Installation workflow:

Installation involves deployment of multiple virtual appliances, ESXi host preparations and configuration across physical and virtual components.

4.png

I will be covering the installation of each components in separate blog posts starting with Installation and configuration of NSX Manager. Thanks for reading this, if you find the information useful, share it on social media.