Deploying Edge Node VM on N-VDS of Compute Transport Node


Deploying Edge Node VM on N-VDS of Compute Transport Node


Deploying Edge Node VM on N-VDS of Compute Transport Node
Deploying Edge Node VM on N-VDS of Compute Transport Node

Segments which are overlay networks require N-VDS which is a virtual switch specific to NSX-T.

Virtualized workloads VMs are connected to segments hosted on N-VDS of compute hosts. The compute guest VMs will be attached to N-VDS of compute host.

Transport Nodes in NSX-T run instance of N-VDS

NSX-T has two types of Transport Nodes:
1. Edge Transport Node
Available in two form factors – VM and Bare Metal, these are required for services like routing, VPN, load balancing, connectivity with physical network, edge firewall, NAT. They represent a pool of capacity and will be grouped by Edge Node Cluster.

2. Hypervisor Transport Node
These are hosts which are NSX configured.
When hypervisor transport node is created in NSX-T, effectively N-VDS is created on the host. This N-VDS will have dual uplinks for availability purpose.
While configuring NSX on hosts, you specify settings like Transport Zones and N-VDS settings which include uplink profile, TEP IP addressing, uplink information.
Uplink profile has teaming policy, active and standby uplink information, VLAN for TEP and MTU information.

In the above topology, Edge Node VM uses N-VDS of compute transport node for connectivity with upstream physical network.
fp-eth0 interface of Edge Node VM is uplinked to Trunk Segment – External LS 1
Likewise fp-eth1 interface of Edge Node VM is uplinked to Trunk Segment – External LS 2
Management vnic of Edge Node VM is connected to Management segment created on host – Management LS

To the right of above diagram are the transport zones associated with compute transport node and the transport zones associated with edge transport node.

As you see, Overlay Transport Zone is available on both – compute transport node and edge transport node.
ESXi is VLAN backed Transport Zone available only on compute transport node.

VLAN-1 and VLAN-2 are VLAN backed transport zones which are available only on the edge transport node. 

Logical Topology used in this lab

The above is a single tier topology which uses only Tier 0 Gateway.
It is recommended to use the multi tier topology with Tier 1 Gateway because it inherently supports multi tenancy.
A tenant in NSX-T has a specific Tier 1 Gateway and hence Tier 1 Gateways are also called as tenant gateways.

Transport Zones for Overlay and VLAN backed traffic

Transport Zones are created as above:
– ESXi and Overlay transport zones will be used on Compute Transport Nodes
– Overlay, VLAN-1 and VLAN-2 transport zones will be used on Edge Transport Nodes.

Uplink Profile for Compute Host


The uplink profile above shows that Transport VLAN ID 2 has been used for TEP interface on compute host.
TEP interfaces are used for encapsulation and de encapsulation of Geneve traffic.
Geneve is the protocol used in NSX-T for building tunnels between Tunnel End Points which are present on Edge Transport Nodes and also on Compute Transport Nodes.
In addition to the default teaming policy, two teaming policies U1 and U2 are created. These new teaming policies are failover based with single uplink.
These teaming policies can be effectively used to pin traffic of a specific VLAN backed segment.

We will first be creating a compute transport node profile and then use this profile for configuring NSX on compute hosts.

Transport Zones on Compute Transport Nodes

Overlay and ESXi transport zones are selected in the Compute Transport Node Profile.

N-VDS settings of Compute Transport Nodes

The above settings are settings on N-VDS of a Compute Transport Node Profile.
vmnic4 and vmnic5 on the hosts will be used for N-VDS.
IP Pool has been created for assigning IP addresses to TEP interfaces on compute transport nodes.
Uplink profile for compute transport nodes is selected.

Compute Host Transport Nodes with single N-VDS for Overlay and VLAN backed ESXi Transport Zones

Using the compute transport node profile created earlier, the compute hosts have been configured as compute transport nodes.
Effectively N-VDS is installed on the compute hosts along with appropriate transport zones – ESXi and Overlay.

Trunk Segments on N-VDS of compute host for attaching fp-eth0 and fp-eth1 of Edge Transport Node
VLAN backed Edge Trunk Uplinks for connectivity of Edge Node VM

The above segments are created for creating external interfaces on Tier 0 Gateway.
Segment EDGE-VLAN-1 uses a VLAN tag of 5 and segment EDGE-VLAN-2 uses VLAN tag of 51

Uplink Profile on Edge
The uplink profile for Edge Transport Node uses another VLAN ID 4 for TEPs on Edge.
When Edge uses N-VDS of compute host for uplink connectivity then two different subnets should be used for TEPs on compute and TEPs on edge.
Additional teaming policies have been created which will be used for pinning traffic on VLAN backed segment.

Transport Zones on Edge Transport Node

The above transport zones are used on Edge Transport Nodes.
Overlay transport zone for Geneve backed traffic
VLAN-1 transport zone which will be used for peering with upstream router 1
VLAN-2 transport zone which will be used for peering with upstream router 2

N-VDS settings on Edge Transport Node
The above shows N-VDS setting of Edge Transport Node.
Appropriate TEP pool for Edge has been selected.
Uplink profile related to Edge has been selected.
Notice that fp-eth0 and fp-eth1 on Edge Node VM are getting uplinked to Edge-Trunk-Uplink-1 and Edge-Trunk-Uplink-2 respectively which are VLAN backed segments on N-VDS of compute host.


After the Edge Node VMs are configured properly, we then need to configure Edge Node Cluster as shown below.
 

Tier 0 Gateway requires edge node cluster for peering with physical network.
Active-Active high availability mode has been used in this lab.

Tier 0 Gateway
Next, interfaces need to be created on the Tier 0 Gateway.
Interfaces on Tier 0 Gateway
Configure local BGP AS number on Tier 0 Gateway.

Configure BGP neighbors on Tier 0 Gateway.

Configure route redistribution on Tier 0 Gateway.

Validation:
The below mentioned validation commands are run on Edge Node VM 1
BGP peerings on Tier 0 SR of Edge Node VM 1
Routing Table on Tier 0 SR of Edge Node VM 1
Reachability between Tier 0 SR of Edge Node VM 1 and upstream interfaces on routers
BGP routes on Tier 0 SR of Edge Node VM 1

The below command output is from TOR1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s