NSX-T Edge Nodes
- NSX-T Edge in very simple terms, it’s an on/off ramp for Overlay Network. This means Outgoing Data Traffic from Overlay Network and Incoming Data Trafic into Overlay Network all travel through NSX-T Edge
- This is only applicable to NSX-T Overlay Networks and not to the vLAN Backed Segments (Using vLAN Transport Zones). For vLAN Backed Segments default Gateway will reside Outside the NSX-T. It could be a Router or L3 Switch. For Overlay Network default Gateway will reside within the NSX-T
- You don’t need NSX-T Edge when having vLAN Backed Segments, But in some scenarios, you will have to expand vLAN Backed Segment to the Edge Nodes. Depending on your NSX-T Design
- It’s recommended to use different TEP vLAN for Edge Transport Nodes (NSX-T Edge Nodes) from Host Transport Nodes (But for POC and Lab Testing you can use the same vLAN for both Host and Edge TEP Networks)
- NSX-T Edge Comes in two form factors, VM Appliance and Bare-Metal Servers
- Each NSX-T Edge can run Multiple Virtual Routers and NSX-T Edge placed in a Cluster for Redundancy
Refer to the NSX-T Reference Design Guide 3.0 from VMware for comprehensive information
NSX-T Reference Design Guide 3.0
Logical Diagram – Nested Environment
Things to know before NSX-T Edge Deployment
- Basically, NSX-T Edge deploys in Clusters to have redundancy, each NSX-T Edge will connect to a separate Upstream Switch in the Network to have redundancy. (In Our Lab Setup, We will create an Uplink Profile using the vLAN 106 connecting to the same ToR Switch, Since I only have single Switch). This vLAN will be used to carry the NSX-T Overlay Traffic and vLAN Backed Segments Traffic if we chose to expand the vLAN Transport Zone to the NSX-T Edge. There are two places you need to configure this vLAN, On Physical Network and On ESXi Hosts
- There is another vLAN (vLAN 107) We will use when configuring Tier-0-Gateway‘s External Interfaces (These Interfaces use to establish the connectivity with your Router / L3 Switch for (North-South Connectivity) – This vLAN is different from Edge Uplinks’ Profile vLAN
- Management vLAN / IP Address for NSX-T Edge Nodes
- TEP Network (Transport vLAN) for NSX-T Edge (vLAN 106 – Edge Uplink Profile)
- Jambo MTU must be configured on vDS (vSphere Distributed Switch)
- Transport Zones (Edge vLAN Backed Transport Zone) – This Transport Zone is used for the bridge between Edge Nodes and Upstream Router/L3 Switch
Note:
Created additional vDS Port Group to Trunk Edge Nodes Traffic (Previously I have used vSS (vSphere Standard Switch) Port Group as Trunk Port. Since Edge Installation will Create N-vDS, I want to use the vDS Switch Uplink Ports
NSX-T, Edge Deployment and Configuration
Prerequisites fulfilment for NSX-T Edge Installation
- Edge Uplink Profile Creation – NSXT-Edge-Uplink
System – Fabric – Profiles
I have not specified the MTU Size specifically since It’s configured Globally as 1600. You can configure to override the Global Settings
In Edge Uplink Profile, Only a Single Uplink has been supported, Therefore I have configured One Active Uplink you can see My NSX-T Edge VMs only have a Single vNIC for Data Traffic
Note: NSX-T Edge doesn’t support Multiple Uplinks in the same Teaming (Active or Standby) as you can see the below errors related to this,
NSX-T Edge Uplink – Single Teaming- Active, Active
NSX-T Edge Uplink – Single Teaming- Active, Standby
But you can create Two Teaming as shown below if you want to have Multiple Uplinks
NSX-T Edge Uplink – Two Teaming- Active, Active
- Transport Zones Creation – NSX-T Edge Transport Zone
System – Configuration – Fabric – Transport Zones
- IP Pool for Edge TEP Network – Edge TEP DHCP Pool
Networking – IP Management – IP Address Pools
We have completed all the prerequisites for NSX-T Edge Deployment now.
* Screenshots captured from VMware vCenter Console and NSX-T Manager Console on Dec 22, 2021.