This short series will focus on how virtualization administrators and network engineers alike can easily and efficiently deploy VMware NSX and network virtualization into their existing environments. From the simple and seamless installation, building your first virtual network to management and administration of an NSX environment, this series will highlight how easy it is to gain the benefits of network function virtualization.
Integrating NSX Manager into vCenter
Integration of the NSX manager into vCenter is the first task to be undertaken. NSX manager helps create a management plane for the NSX environment. When this is connected it will provide the Networking and Security plugin. It exposes a RESTful API for consumption by a customer or a cloud management platform. Such examples of those that can integrate with this API are vCloud Automation Center or OpenStack. Log into the NSX manager web interface with the credentials you specified during installation. Open the management options by selecting the Manage vCenter Registration button. This opens the main management point of NSX manager. On the task bar along the left side select NSX Management Service. This will bring up the ability to edit the Lookup Service for SSO and vCenter Server configuration for NSX communication in a vCenter environment.
After this connection has been made confirm there is a green sphere indicating a successful connection. Upon confirmation along the left side select General under settings. For log information generated by NSX Manager it is important to define a syslog server. Select Edit and define the syslog server, port and protocol. This example uses the vCenter as the destination for NSX Manager logs.
Proceed to log into vCenter with administrative credentials. Note that there is a slight increase in login time the first time after NSX installation. This is due to the plugin being registered within vCenter. Within the landing screen of vCenter there is an additional plugin within the inventories. Networking & Security plugin will provide an administrative interface for installing, operating and managing a NSX enabled environment.
IP addressing for the lab
This lab requires addressing from the following subnets. Feel free to substitute these ranges as desired. The subnets listed here are used for reference throughout Part 1:
- Controller-Pool – 192.168.110.201-210
- VTEP-1 – 192.168.150.51-60
- VTEP-2 192.168.250.51-60
Integrating the NSX environment
The NSX controller is the control-plane of the NSX solution. It is deployed in a three-node cluster and the virtual appliances provide, maintain and update the state of all network function. Within the NSX domain the controllers are aware of all state information. Built upon the widely deployed clustering technologies NSX is designed to tolerate failure. Clusters can break, be destroyed, deleted or cease working and there is no impact to the NSX domain. As long as one NSX controller is active there will be network state information. This is due to the slicing of state information across nodes within the NSX controller cluster. Within the Networking & Security plugin the first touch point when preparing clusters you want to enable in your NSX environment. Select the Installation tab along the left side.
Select the green plus to add a NSX controller.
A dialogue box will appear prompting a variety of responses. It is important to populate information such as where the controllers are being deployed and to which datastore. The network that the controllers are connected to is the management port group on the Distributed Virtual Switch that spans the environment. Next select the IP Pool drop down and choose New IP Pool.
Populate the information for the IP Pool designated for the use by NSX controllers. Ensure you specify a valid DNS server.
With the password field populated it is time to click okay and deploy the controller. The controller is deployed from an .OVA template and will deploy in a couple of minutes.
When deployed it will have a Normal status and be accompanied by a green tick. Deploy two additional controllers to ensure a greater level of resiliency. Three is the recommended number by VMware.
Now that there are three controllers deployed and NSX manager configured we now have a control and management plane established. It is just the matter of host preparation. Host and Cluster preparation is very easy to do. It provides administrators to enable a small subsection of their virtualization environment to run VMware NSX. This footprint can expand based on demand and allows simple management of a virtualized network environment. Host preparation is found under the Installation tab. It will list the clusters that vCenter is aware of. Click Install to deployed the required VIBs to the hosts of each cluster. The three VIBs that are installed and registered to all hosts within the clusters are VXLAN, Distributed Firewall and Logical routing. Click Configure under the VXLAN column. This screen here allows configuration of the VXLAN network, which is used for Layer 2 Logical Switching across different hosts. The settings chosen here will be used in creating the VMkernel interface.
When selecting the VMkernel NIC IP addressing click the drop down to create a new IP pool.
This VTEP1-Pool will be used for the Management and Edge Cluster. Upon configuring the VTEP for the Compute Cluster a different subnet is chosen in this example.
Looking at the VXLAN Transport tab after configuring the pools indicate the IP addresses assigned to the VMKernal interfaces. Next is to configure the Segment ID. Under Logical Network Preparation click onto the Segment ID tab. Select Edit.
The Segment ID Pool specifies a range of VXLAN Network Identifiers (VNIs) for use when building Logical Network segments. Choose a small subset of the 16 million potential VNIs. It is important to note if VXLAN is in place in an existing network that you must consider VNIs in use already. The final piece in preparation is the configuration of a Transport Zone. Under the Transport Zone tab select the green plus and create a new Transport Zone. A transport zone is created to delineate the width of the VXLAN/VTEP replication scope and control plane. This can span one or more vSphere clusters. A NSX environment can contain one or more transport zones based on user requirements. The use of transport zone types is interchangeable and an environment can have unicast, hybrid and multicast communication planes. For this example select the three clusters, Management and Edge and Computer A and B clusters. For control plane mode select Unicast.
That is it. With that NSX is installed into your new or existing environment. It is very easy to integrate VMware NSX into your currently deployment. Everything we have done thus far is not disruptive. With the foundation of NSX in your environment and the ability to deliver switching, routing, firewalling and load balancing at scale via a GUI or API it is time to start designing your new virtual networks.
A thank you goes out to Ray Budavari for developing the OneCloud Environment and base topology that the VMware NSBU uses for training and development. The pod topology, naming convention and exercises our team uses are attributed to him. Thanks for reading, Anthony Burke