How to Deploy an NSX-T 3.0 Edge

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up everyone Mike's here I'm back today to talk about how to actually deploy an NSX T edge I will say if you haven't watched my other video on NSX T edges that provides a nice overview of what they are and why you need them definitely take a look at that first portion that said I'm gonna assume that you've got an NSX team manager deployed or you're comfortable with the idea of deploying it and you've got to access the vCenter other than that you're pretty much ready to employ an edge so let's get to it so we've got here we're locked into NSX T manager as always I'm gonna go over to the system tab and we're gonna take a look real quick at the current configuration from an edge standpoint so to do that we're gonna go to fabric nodes then edge transport nodes you'll see here I don't have any configuration done and it is tempting when you first get in here to just go straight to add edge VM but there was a little bit of work in the background they need to do before that and that's primarily around the transport zones so to do that we need to go configure a couple of transport owns and we also need to configure some VLAN backed segments these are basically your VLAN certain that are gonna go upstream from your nsx t edge into the physical network so that you can peer from for me so that you can peer from a BGP standpoint between the two so let's get to looking at that first we're gonna start with the transport zones we take a look at transport zones you'll see here I have two transports owns configured currently I have an overlay transport owned right here mg overlay TZ and I also have an edge VLAN transport owned I'm gonna go ahead to show you what the edge configuration looks like for this transfer zone you'll see it's basically just a name I gave it a name for the switch name of nsx VDS and then also for traffic type i selected VLAN this is critical if you select overlay this won't work and keep in mind this is only the transport owned so that we can hold our VLAN back segments for that upstream connectivity from the edge into the physical network so I'm gonna cancel out of that one that looks good and I'll show you the overlay transfer zone configuration briefly basically it's identical to the other one except we've selected overlay here instead of VLAN and this is the transport zone that's going to be added to our vSphere host where our VMS will actually sit inside of the nsx environment and that's what's going to give those VMs access to the segments that are on that transport zone and if you're a little fuzzy still on the transport zone idea definitely check out my video on transport zones I think it'll help clear a lot of that out so knowing those look good let's go look at our segments so we're gonna go over to networking segments and you'll see here I have a couple of segments so I have left VLAN v21 and right uplink v22 so basically I set these up so I could have kind of redundant VLAN uplink so the idea is pretty much I have an edge VM and it would have an uplink hooked on VLAN 21 going left and VLAN 21 going right and it would have bgp peering set up to both my top iraq routers on those each VLANs respectively so the idea is that from a redundancy standpoint if I lose one of those topper racks or if I have an issue on that VLAN no big deal I have the other one I can take in this case I'm gonna go stick with just one VLAN for the sake of just deploying the edge I will do another video on the multi-tap configuration and kind of the fully redundant setup and what it looks like but this will be a great foundational building block to get to that point so knowing we've got those will also the thing we want to look at here is the transfer zone so those segments are both in edge VLAN TZ which is av land transfer zone which is good that's what we want and this edge VLAN TZ is only going to be added to the edge VMs we don't need this on any of our hosts the overlay transfer zone here mg overlay TZ as I mentioned earlier will be added for the VM so that will be on both the edge as well as the actual vSphere host where our VM sit and the reason we needed on both is that when the VMS go to communicate the host is going to encapsulate that traffic engine eve which is basically like the X LAN and I'll do another video on that as well and it'll a encapsulated in genève and send it over to the edge the edge will D capsulate it and then it will drop it on to a basically a standard VLAN as just regular Ethernet traffic so the edge is kind of doing that overlay to VLAN trans relation and that's why it needs to have access to both the overlay VLAN or the overlay transfer zone as well as the VLAN transport zone for the edge so we'll go ahead and now take a look back at our edge configuration so if we go over to edge transform nodes we're gonna add an edge VM I know the details for this so I'm gonna go ahead and kind of fly through this this is pretty self-explanatory we're gonna give it a name and I'm gonna I have a DNS entry so I'm gonna fill that in here that's not absolutely required from a form factor standpoint you're not limited to these you can actually pick it you can actually deploy a small instance and later swap it out for a medium large or even extra large without any disruption actual traffic so don't be you know don't feel like you're into a box like you're limited to you know once you deploy you're stuck you will have to read to play a new one but as I mentioned you can swap it out and it's not too big of a deal so I'm gonna go as small for my lab I would say in your lab if you can swing medium I would recommend going that route but I'm gonna go small today so here we're gonna be prompted for a couple of accounts so we have our CLI account which we're gonna login that's kind of our default admin account that would typically be what you would log in to you know troubleshoot or you know whatever via SSH so I'm gonna enable SSH on that then we have our root account or otherwise known as our account you'll typically not need to access that I don't think I've ever logged into that on the edge then we're also gonna have this audit account so you'll see here I've typed in audit as the audit username that's the default if you want to change it you're welcome to it's just a read-only account but I'm good with the default and I'm gonna throw in my password there and hit next so this screen is asking for details around where we want to actually store our edge VM itself so where what clusters are gonna sit in you know what data store should it use all of those details so pretty self-explanatory I'm going to select my V Center I've only got one V Center added two NS 64 cluster I have a dedicated B store cluster this is just to vSphere hosts that I'm only gonna use for edge so I'm gonna use that to have multiple edge VM sitting on top of it so I'll select that resources is fine I'm from a data store standpoint just any data store they have capacity on is fine IP assignment this is gonna ask for a management IP so this is the management IP of the edge VM itself I recommend going static with this all of the time if you can obviously you have the option to go DHCP as well I'm gonna populate my details there right now it is important to note that you need to add the cider there the slash 24 in this case if you don't add that you'll keep getting errors and you won't be allowed to proceed past this screen at my default gateway and I'll select the management port group so this is whatever port group is on the host where we're deploying this VM to and this port curb needs to have access or be tagged appropriately if necessary to whatever that management IP is that I just specified which was 172 16.2 51 dot 110 so in my case that's my VLAN 251 so I'm gonna select that and I will say if you do this wrong it's not a huge deal you can actually go into B Center you pretty much will see if if you select the wrong one the VM will come up it'll boot everything looks good but then in NSX it'll say registration pending if that's the case you can actually go into B Center and just change the port group to the proper one I've screwed that up more times than I can count so no big deal so I'll hit save there I'm gonna populate the rest of the details these are pretty self-explanatory all right we'll hit next now so once we get to the actual configuration so you have the edge VM itself and then inside of the edge VM what this is doing is we're deploying an N VDS which is basically a vSphere distributed switch on steroids inside of the VM itself and that is going to be responsible for the encapsulation and decapsulation of that overlay or genève traffic so that is the whole purpose of the configuration we're about to do is that its work as essentially it's long a switch in the VM itself so it can be kind of a tricky concept I think the best way to really understand it is just do it a couple times and it really makes sense but hopefully this will help so let's go through it so we have to give it a name so I'm gonna go with the same name I did for my transport own I'd like to keep it consistent so I'm gonna do NSX VDS for transport own this is going to ask basically it's saying what transport zones do you want on this switch which basically means you know what networks do we have access to in my case or in most cases you're gonna need basically an overlay Network so again whatever overlay transfers owns apply to your workloads or VMs whatever the case is that needs to be on the edge and then also you need the edge VLAN transport own which is used for your upstream connectivity to the physical network so I'm gonna select that as well next we're gonna need an uplink profile so basically you'll see here I have I have one created actually mg edge uplink profile VLAN 20 all this profile is doing is saying how many up links should this edge VM have and what VLANs should they be on what port groups should they map to that kind of thing and I actually I specify the port group mapping here but I think in this case I'm gonna go ahead and we'll configure a profile from scratch so I'm not gonna select one of the existing ones I'll go ahead and create one so if we select create new profile we get prompted this will say NSX dude edge profile and I like to add the VLAN that it's sitting on just to remind myself so this VLAN is gonna be the tempe land and as i mentioned this is just a name but i like to do it just because i have OCD so that way actually so when i'm looking at later i'll actually understand what VLAN I threw it on and if I made a mistake I can kind of pick it out pretty quickly but the the important thing here is that should match whatever is here this is your transport VLAN this is your tap VLAN for the edge or tunnel endpoint VLAN so this is the VLAN where basically the edge is going to receive and send all of the overlay traffic inside of the NSX domain itself so this VLAN should actually be different than the VLAN that is used for the tech VLAN for your hosts so I know it sounds a little confusing in my case I use VLAN 19 for my overlay VLAN or TEFL and for my host and I use VLAN 20 for my edge tab now the big requirement here is of course that I can route between the two and also I need jumbo MTU enabled a minimum of 1600 to support that overlay encapsulation because there is some overhead there so I'm gonna go and throw my VLAN in here VLAN 20 and then this is really the key thing here so right above here you'll see if we were doing any link aggregation for channels that kind of thing we could specify that here I'm not and that doesn't really apply as much to this situation so really all you need to focus on is the teaming section so the default teaming is really looking at your overlay traffic and what I'll do here is basically specify what up links I want to be active and what up links I want to be standby if if that applies in this case I'm just gonna go with one uplink and the thing to know about this is this concept can be really confusing at first because a lot of people are tempted to think this should be like you know you're selecting an actual interface or app or group or something like that but it's not you're actually putting in a placeholder or more of a variable that you will then map to app or group when we actually deploy the edge so I'll show you guys what I mean just to illustrate the point I'm gonna name this interface my active uplink whatever that first interface is I'm gonna kind of nicknamed it mg1 if I wanted to I could do mg2 like that or I could do five or six or whatever I want to name it it's just a placeholder I also specified teaming policy as failover order which means if I had mg 1 here and mg 2 here basically would be active standby if I wanted active active I would actually do a load balance source and then I could do something like I was just doing a minute to get where I do mg 2 like that and that would be active active in my case so I'm just gonna leave it with one uplink to keep things simple we've got our transport VLAN there we don't need to specify the MTU here because the default globally for NSX is 1600 and I'm fine with that because I know my lab environment is 1700 on the physical side so I've got some Headroom so I'm gonna hit add so now we're referencing that up like profile which is good and you'll see here under the teaming policy switch mapping that it actually shows mg 1 and it asked me to select an interface now in this case it's not actually asking me for an interface it's asking me for a port group because remember we have a vSphere host and we're deploying a an edge VM on top of it and that edge VM needs to map to some kind of port underneath it so in my case I have everything tagged within NSX so that way I can just trunk all VLANs to the VM and then I can just pretty much do all the tagging and NSX if you're not doing you know trunking all VLANs to your VM it's totally fine you just need to make sure when you select this that you select the proper technolon in your environment in my case as i mentioned i'm trunking everything so i'm gonna select my all trunk port group and since i applied that transport VLAN of 20 i would be fine I'll be able to talk on VLAN 20 I do need to also specify an IP address as well this is going to be an IP address used for that Thep communication now if I had multiple interfaces I would need more than one IP in my case I only listed one interface so I need one IP and I'm just gonna do a static IP list so to do that I'm gonna hit that and then just enter an IP I'll do 10 25 2010 and then for Gateway I'll enter this information and my subnet mask all right so now if I minimize this you'll actually see how it changed and now it shows NSX VDS which is just the name I gave it so everything here is good so having kind of reviewed this I'm gonna hit finish and we'll see what happens all right so the edge is deploying so I'm gonna go ahead and expand this out a bit so we can see it and we should see very soon if I could actually go over back into vSphere we should see the edge VM actually deploying so let's take a look so you'll see here right here it shows deploy OVF template edge o one and it's actually configuring it under the edge cluster that I specified and there's the VM itself obviously it's gonna take a minute to deploy so I'm gonna flip back over to nsx manager typically what I prefer to do is hit deploy and then just stay here a few minutes it will take some time it needs to deploy the OVF copy all the files booted up then it needs to apply the configuration and then reach out back to NSX T manager so just give it a few minutes be patient it will come back if it doesn't or if it's get stuck at registration pending as I mentioned before typically it means you selected the wrong port group or your underlying network is is not set up properly with typically things like you know you can't reach the manager or firewall rules that kind of things so I'm gonna fast-forward the recording so that you guys don't have to sit through the remainder of this and then we'll get back to it as soon as that's done you all right so it looks like it's done I will tell you guys I fast-forwarded quite a bit it actually sat on that node not ready State for at least five minutes so it took quite a while I'd say kind of start to finish was probably about ten minutes once I hit go until it actually completed so again be patient with it it will take a little bit of time that said so it looks like everything is good there so the node deployed successfully so all is well there you'll notice here if we expand this node status shows down so let's click that see if it gives us anything useful so because I know why it's saying that I'm just curious if it's actually giving us any information on this so it's not so I will tell you guys the reason it's doing that is because we deployed an edge but nsx T requires an edge to be inside of what we call an edge cluster within nsx t and i know that might be confusing because my vSphere hosts that I deployed NSX T edges on to is also called an edge cluster but it's not to be confused with each other so let me go back here actually back here to edge transport nodes and I'm going to close this out there we go so it actually did come back up so I was actually under the belief that it was because I didn't add it to the edge cluster but that was not the case so everything's good I was just impatient that said we do need to add it to an edge cluster so let's do that to do that we're gonna go to edge clusters hit add and we'll just give it a name edge cluster a woman is good for me you'll see here it has edge cluster profiles so this is basically BFD or bi-directional forwarding detection settings so this is more along the lines of you know I have two edges at Jo one and edge o two and I want to know I want to tune you know how often do they ping each other with PFD and and when should I declare my neighbor down and decide to take over their responsibilities that's really what is in these profiles so by default the one that comes with Dennis XT is pretty good but you are welcome to go in there and change them and you know play with that a little bit if you need to so in this case I'm good with this the default I do need to add this into the cluster and if you recall I talked about how you could always add additional edges later and swap them out that kind of thing this is kind of one of the ways you can do that so I've got edge o on I want to add it to this cluster and the cluster is just like a normal cluster and just about anything it's it's pretty much a pool of capacity so I'm gonna hit add and it's pretty much instantaneous alright guys so that's it so we got our edge to flow it successfully with no major issues we did it in kind of a bare-bones configuration you can always get a little more fancy as I mentioned you can do things like multi tap and multiple edges and active active and deploy or t0s and we can go a little further with this and we certainly will subscribe to my channel watch my next videos be sure to give me feedbacks a healthy everyone appreciate at the time have a good day [Music]

Info

Channel: NRDY Tech

Views: 4,580

Rating: undefined out of 5

Keywords: nsx-t, nsxt, nsx-v, nsx esg

Id: mTjtvBpl0qM

Channel Id: undefined

Length: 19min 36sec (1176 seconds)

Published: Sat May 30 2020