The next part of my lab is to start creating logical switches, connecting VMs and configuring routing. Routing can be achieved by either centralised routing or distributed routing. Centralised routing represents NSX Edge as an on-ramp/off-ramp setup, this can provide east-west routing but is not optimised as the traffic must be hair-pinned to where the NSX is deployed even when VMs which belong to separate logical switches but reside on the same host. Distributing routing prevents hair-pinning and provides a far more efficient by providing hypervisor level routing.
First I must start with creating logical switches - logical switch creates a logical broadcast domain (segment) that is mapped to a unique VXLAN to which VMs can be logically wired - VXLAN encapsualtes the VM traffic and carries it over the physical network. Logical switches can span the configured Transport Zone. See Part 3 for more information on VXLAN and Transport Zones.
Open the Web Client - Network & Security – Installation - Logical Switches. Click Add
Give the logical switch a name that describes what it will be used for, in the example this logical switch will be what I use to connect to my NSX Edge Services Gateway (ESG) for north-south routing - this will be covered in part 5.
Choose the replication mode - I choose Unicast for my lab. When using Unicast the physical network doesnt need to be configured. See NSX Reference Design for more details
I also create two more logical switches for my lab - AppTier and DBTier. These will be separate L2 logical broadcast domains.
Now simply add the VMs to the logical switch - notice the segment ID for each logical switch. To add a VM either edit the settings on a VM and add it that way or choose to add a VM from the logical switch actions menu.
Now my VMs are connected to a logical L2 broadcast domain - VMs within this can communicate across hosts and across clusters. I now need to enable routing to other logical switches to communicate east-west
As above I will be using distributed routing - this is provided by the Logical Distributed Router (LDR) control VM and kernel modules on the ESXi hosts. The LDR is a router appliance with directly connected interface to all hosts where configured. LDR control VM provides the control plane that supports dynamic routing protocols such as BGP and OSPF, it exchanges routing updates with the next hop and communicates with the NSX Manager and the controller cluster. Kernel modules on the ESXi hosts provide the data plane - these are the VIBs installed in Part 3. These modules include routing information that is pushed through the controller cluster and perform route and ARP lookups. Kernel modules are equipped with logical interfaces connecting to different logical switches - each interface has an entry for the default gateway of its logical segment.
Go to Network & Security – Installation - NSX Edges. Choose Logical Distributed Router, add name and hostname and to deploy the appliance. Choose username and password - this is to access the console of the appliance or by SSH.
Choose the compute resource where the appliance will reside. The appliance can be vMotion’d around at a later date it does not need to be pinned to a host. Choose a HA interface - I have mine connected to a management vDS port group
Now we need to create interfaces - an interface can be an uplink to the next hop or an internal interface for the logical switches. I start by connecting an uplink interface, an uplink can be a vDS port group or a logical switch. I have created a logical switch that I will connect this uplink to, the next part I will attach the NSX Edge to the same logical switch for north-south routing. I then add a logical interface - this interface for me will be 192.168.100.254.
I then add internal interfaces and connect them to the logical switches I have created. I assign an IP to these interfaces which will act as the default gateway for VMs attached to the logical switch
I then need to assign a default gateway, this is the next routing hop which will be the ESG appliance detailed in the next part. Note i choose the uplink interface and the IP for the gateway will be the IP assigned to ESG
Check the summary and finish
Now if I jump on a VM and configure default gateway to reflect the interfaces created above.
- VM - Lab-App01
- IP - 192.168.11.10
- Subnet - 255.255.255.0
- Gateway - 192.168.11.254
Once configured I can ping the gateway (interface on LDR)
I can also now ping the other interfaces on different logical switches (L2 segment).
Now we have east-west communications
To check the routing information jump on the console of the LDR or SSH and login with the credentials set previously.
show ip route
The next part will detail the NSX Edge Service Gateway (ESG) deployment and north-south routing