Posted in VMware NSX-T

NSX-T Manager 3.1.x Deployment – Prerequisites to prepare ESXi for NSX-T Installation (cont’d)

   November 24, 2021

Before start installing NSX-T binaries, There are several prerequisites to complete.

Prerequisites to prepare Host Transport Nodes (In this scenario ESXi Nodes)

1. IP Pools for TEPs (Tunnel Endpoints)

TEPs will be created automatically, TEP IP Pools can be from different Networks (Subnets), Each Host in the Cluster can place into a different TEP Network but it’s recommended to have the same Network for all the Host Transport Nodes in the same Cluster if it’s in same L2 Network (Broadcast Domain). TEPs IP Addresses can be obtained via DHCP as well, if you have DHCP Server configured in your Network (Make sure have separate Network (vLAN) configured for TEPs)

What is TEP

The Tunnel Endpoint (TEP) is the connection point at which the encapsulation and decapsulation take place. Some things to be aware of, An IP Pool is a Container created for assigning IP Addresses to Tunnel Endpoints (TEPs). Each Transport Node has a Tunnel Endpoint (TEP).

Do Host TEPs have to be on the same vLAN?

  • TEPs are used as the Source and Destination for GENEVE Encapsulated Packets. Only applies to Overlay Traffic not applied vLAN Backed Segments (vLAN Transport Zones)
  • As explained Host TEPs don’t need to be on the same L2 Network. Ex:- Host1’s TEP IP – 10.0.0.1/24, Host2’s TEP IP – 20.0.0.1/24

When using L3 Networks for TEP don’t forget to open the required Firewall Ports. Firewall Ports can be found here,

Discover What Ports are Needed by VMware Products and Solutions

Networking – IP Management – IP Address Pools

 

When creating Subnets for IP Pools, if select IP Block instead of IP Range, Gateway, DNS Servers and DNS Suffix can’t be included

2. Uplink Profiles

  • We need to have NSX-T Uplink Profiles. An uplink profile defines Policies for the Uplinks from the Transport Nodes or the Edge Nodes (both use Uplink Profiles). The settings defined by Uplink Profiles can include Teaming Policies, Active and Standby Links, Transport vLAN ID (What vLAN will we use for our TEPs Traffic?), and MTU Setting. If we’re doing things such as LACP/Link Aggregation from our Transport Nodes to the Physical Network, we can specify those details in the Uplink Profiles as well. It is worth mentioning that LACP with NSX-T is not supported on KVM (At the time this post is written).
  • Teaming – Within the Uplink Profile, you’ll see an option labelled “Teaming” – this is sometimes confusing. A teaming in NSX-T, is essentially where you decide how the Uplinks should work from a redundancy (Active/Active vs. Active/Standby) and Traffic Load Balancing standpoint.
  • MTU – You’ll notice that in most of the UI in NSX-T, the MTU value by default is 1600. This is to allow for the overhead of GENEVE Encapsulation for Overlay Traffic, but I want to mention one important note: if you’re running NSX-T in your Home Lab, you need to make sure that your Home Lab Network can support Jumbo Frames! If not, everything will “seem” to function fine, but you may run into trouble with Overlay Traffic functioning. My recommendation is to set your Home Lab Switch to something over 1800+ MTU.

System – Configuration – Fabric – Profiles – Uplink Profiles
Create (TEPs associated with Uplinks)

There are three Teaming Policies including Failover Order Policy. Those are;

  • Load Balance Source
  • Load Balance Source MAC Address

For more details on uplink profiles, I highly recommend the official NSX-T Documentation, as well as the Design Guide. You can find the links for both below;

Uplink Profile Documentation

NSX-T Design Guide

3. Transport Zones

Overlay Transport and vLAN Transport Zones
  • A Collection of Transport Nodes that are connected by the GENEVE Overlay
  • They can be ESXi, KVM, Bare Metal, or NSX-T EdgeNodes
  • There are two types of Transport Zones, Overlay Transport Zone and vLAN Transport Zone (Transport Zone is not a Security Boundary)
VLAN Transport Zones
  • We can create vLAN Segments under vLAN Transport Zone (vLAN-Backed Port Groups will be created in ESXi Hosts)
  • NSX-T Edge Nodes provide connectivity to these vLAN-Backed Transport Zones, also connect VNI-Backed Segments as well
  • NSX-T Edge will become the bridge for the GENEVE Overlay Network

In this environment, we will create new Overlay Transport and vLAN Transport Zones. We will not use the default Transport Zones created by NSX-T Manager deployment.

System – Configuration – Fabric – Transport Zones

Create an Overlay Transport Zone

Create a vLAN Transport Zone

* Screenshots captured from VMware vCenter Console and NSX-T Manager Console on Nov 24, 2021.