VMware NSX is a networking solution for virtual environments.
The main features it has:
- Virtual L2 networking (VXLAN)
- Hypervisor based switching and routing between hosts directly (instead using physical routing – north to south)
- Hypervisor based firewall for virtual machines
- Network appliances (by NSX Edge): VPN, Load Balancer, DHCP and more.
In order to install VMware NSX all you need is the NSX Manager ova.
- deploy it
- register it with a VC
- Voila! basic install done!
- VLAN with MTU 1600 for transferring VXLAN packets.
- dedicated NIC in each ESXi which will participate in forwarding/routing VXLAN packets.
After that the installation process:
- Prepare your clusters – sends to each host drivers/vibs and install them
- Install NSX Controller – managing NSX switches that inside each host (let them know on which ESXi a VM in VXLAN network is reside in order to unicast, updating routing table if connected to edge router, etc.)
Important to know:
- Configure Segment ID pool – those are your future VXLAN IDs, aka how many logical networks you can create.
- Prepare VXLAN from host prepare – install VTEP vmkernel port in order to encapsulate/decapsulate VXLAN packets and send them over the physical network to another ESXi.
In this point, the infrastructure is ready to create logical networks!
Let’s say that now you’ve configured NSX Switch (a module) on your hosts.
now lets go for a simple scenario -2xESXi in a single cluster:
Create new transport zone – this is only a container which will determine which clusters will be available to connect VMs to the logical networks configured beneath it. SEGMENT IDs FOR THE LOGICAL NETWORKS THAT WILL BE CREATED ARE TAKEN FROM SYSTEM WIDE CONFIGURATION, it means that:
- you can’t control which VXLAN ID will be created.
- All transport zones shares the same Segment ID pool!
Create logical switches (this will create your logical network…).
EACH LOGICAL SWITCH GETS A NEW VXLAN ID!
More about NSX Controller and logical (distributed) router:
Those two components, which are actually a deployed virtual appliance, are sending commands at the end to the NSX Switch.
NSX Switch needs the controller to:
- Know to which NSX Switch (aka ESXi host) to send VMs packets which are connect to specific VXLAN ID (vSwitch forwarding plane).
NSX Switch needs the logical router to:
- Know the routing table and then route by itself if both VMs are connected to it.
- forward the packet directly to another NSX Switch which has the destination VM.(?)
That’s what VMware called “East-West”.
NSX logical distributed router
I was wondering what is the difference between internal interfaces and uplink interfaces in this logical router.
Both can connect to separate networks and route packets.
if you choose internal, there is no reconfiguration of network adapters (wierd, how it works?).
if you choose uplink, the VM is reconfigured and connected to the port group you chose. of course uplink is limited to 10 network adapaters (because of hardware version limitation).
Remember! for L2/L3 switching/routing/forwarding the NSX vSwitch is independent! it does not send the packets to the virtual appliances! the code is running inside ESXi kernel module.
I recommend reading the following documents in the following order: