Deploy Cross VC NSX – Step by Step Lab (1/3)

Goal: Deploy Cross VC NSX without Local Egress

Characteristics

  1. Single Universal Control VM is deployed at Primary Site
    1. UDLR Status @ Primary Site: Deployed
    2. UDLR Status @ Secondary Site: Active
  2. One Universal Transit Logical Switch for UDLR to ESGs at Both sites.
  3. All egress North-South traffic is via one site.

Requirements

  1. External PSC
  2. Two vCenters in Linked Mode.
    Note: Enhanced Linked Mode is not a prerequisite or requirement for cross-vCenter NSX. Without Enhanced Linked Mode, you can still create cross-vCenter universal transport zones, universal switches, universal routers, and universal firewall rules. However, without Enhanced Linked Mode in place, you must log in to the individual vCenter Servers to access each NSX Manager instance.
  3. Time synchronization
  4. Network Connectivity
    1. IP Connectivity between two sites
    2. 1600 MTU for VXLAN
    3. RTT Latency < 150 ms

My Environment

  1. My Environment
    1. HomeLab running on Single ESX Host .
    2. vCenters in Linked mode
    3. Network between the sites: 192.168.10.0/24 is spanning across both Sites. (In real world, it will not be the case)
      192.168.10.0/24 is used by NSX Managers, ESX Hosts in both the sites and UCC.
      Note: UCC communicates with all NSX managers and ESX host.

      I created dvPortgroup 192_168_10_x in both sites.
    4. Set MTU to 1600 for both the dvSwitches

Steps to setup cross VC NSX

  1. Register NSX Managers with vCenter Servers
  2. Configure Site A NSX Manager
    1. Create IP Pool for UCC.
    2. Deploy NSX Controllers in Management Cluster
    3. Prepare ESX Hosts in compute and edge cluster for NSX
    4. Configure VXLAN
    5. Add local Segment ID Pool. Segment IDs should not overlap. Local Segment IDs of Site A should not overlap with Local Segment IDs of Site B and also with Universal Segment IDs
      1. Site A -> 6001-6100
      2. Site B -> 7001-7100
      3. Universal -> 5001-5100
    6. Set NSX Manager as Primary NSX Manager
    7. Create Universal Segment ID Pool
    8. Add Universal Transport Zone
    9. Create Universal Logical Switch
    10. Connect VMs to Logical Switch
    11. Create UDLR
    12. Update Controller State
  3. Configure Site B NSX Manager
    1. Add the NSX Manager as Secondary NSX Manager
    2. Prepare Hosts
    3. Configure VXLAN
    4. Add local Segment ID Pool
    5. Add Clusters to Universal Transport Zone
  4. Test Workload Mobility
    1. Environment
      1. 2 Web VMs in SiteA connected to LogicalSwitchWeb
      2. 2 App VMs in Site A connected to LogicalSwitchApp
    2. Test1
      1. Connectivity between WebVM01 and WebVM02
      2. Connectivity between AppVM01 and AppVM02
      3. Connectivity between WebVM01 and AppVM01
    3. Test 2
      1. Migrate WebVM02 to SiteB
      2. Connectivity between WebVM01 (SiteA) and WebVM02 (SiteB)
      3. Connectivity between AppVM01(SiteA) and WebVM02(SiteB)
    4. Test 3
      1. Migrate AppVM02 to SiteB
      2. Connectivity between AppVM01(SiteA) and AppVm02(SiteB)
      3. Connectivity between WebVM01(SiteA) and AppVm02(SiteB)
      4. Connectivity between WebVM02(SiteB) and AppVm02(SiteB)

Screenshots

  1. Register NSX Managers with vCenter Servers

  1. Create IP Pool for UCC [ Site A]
  2. Deploy Controllers at Primary Site
    For this lab I am deploying one controller node but in production deploy minimum three controller nodes in different esx hosts.


  3. Prepare Compute and Edge Cluster in Site A for NSX. For this lab I am using collapsed compute and edge cluster model; Use compute cluster for deploying NSX edges
  4. Configure VXLAN [Site A]
  5. Create Segment ID Pool
  6. Assign Primary Role to Site A NSX Manager
    USS status before setting the NSX Manager as Primary





  7. Assign Segment IDs to Universal Segment ID Pool

  8. Create Universal Transport Zone

  9. Create Universal Logical Switch

  10. Deploy UDLR Control VM

  11. Update controller State
  12. Add Site B NSX Manager as Secondary NSX Manager






  13. Prepare Hosts on Secondary NSX Manager
  14. Configure VXLAN on Site B Hosts
  15. Add Local Segment ID pool

  16. Add Site B Clusters to Universal Transport Zone

Testing

  1. Create New Logical Switch (U-AppServers)
  2. Add internal interface in UDLR to connect this switch
  3. VMs and IPs
    1. VMs
    2. Logical Switches

  4. Test1
    1. Connectivity between WebVM01 and WebVM02
    2. Connectivity between AppVM01 and AppVM02
    3. Connectivity between WebVM01 and AppVM01
  5. Test 2
    1. Migrate WebVM02 to SiteB


    2. Connectivity between WebVM01 (SiteA) and WebVM02 (SiteB)

      Note: DUPlicates are due to enabling promiscuous mode in physical ESX host. ( I had enabled in my home lab as I don’t have external routers to create multiple networks required for this lab)
    3. Connectivity between AppVM01(SiteA) and WebVM02(SiteB)

      Note: DUPlicates are due to enabling promiscuous mode in physical ESX host. ( I had enabled in my home lab as I don’t have external routers to create multiple networks required for this lab)
  6. Test 3
    1. Migrate AppVM02 to SiteB
    2. Connectivity between AppVM01(SiteA) and AppVm02(SiteB)
    3. Connectivity between WebVM01(SiteA) and AppVm02(SiteB)
    4. Connectivity between WebVM02(SiteB) and AppVm02(SiteB)

Will continue in next blogpost.

NSX Managers not shown in Web Client after vCenter Restart
NSX Home Lab (1/6) – Deploy NSX Components
No tags for this post.

Leave a Comment