tag:blogger.com,1999:blog-55556861639038613492024-03-13T18:11:49.201-07:00adventures in Network Virtualizationdiethhttp://www.blogger.com/profile/04376762260154166868noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-5555686163903861349.post-40844230717613063592015-11-09T06:52:00.003-08:002015-11-09T09:32:53.112-08:00Do you like PowerCLI and NSX? Add Layer 3 VDR/LDR capabilities to esxcli / PowerCLI<br />
Long time no write. I've been working with a quite a few customers recently and have been working on developing PowerCLI checks so that customers do not have to login to SSH terminals for every host to run NSX Sanity Checks. Remember to "Connect-VIServer" first!<br />
<br />
PowerCLI version of "net-vdl2 -l"<br />
<br />
<a href="https://drive.google.com/file/d/0B4Nt1AD7lxoUQzFVYlFyVUJpY1E/view?usp=sharing">netvdl_query.ps1</a> <br />
<br />
This will provide Format-Table outputs of Esxcli responses from all connected hosts in the targeted clusters. It lets you verify your VNI's are connected, online, and that controller connections are proper.<br />
<br />
Namespaces queried:<br />
$esxcli.network.vswitch.dvs.vmware.vxlan.get()<br />
$esxcli.network.vswitch.dvs.vmware.vxlan.list()<br />
$esxcli.network.vswitch.dvs.vmware.vxlan.network.list(vxlanvds)<br />
$esxcli.network.ip.interface.list("vxlan")<br />
$esxcli.network.ip.interface.ipv4.get()<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> .\netvdl2_query.ps1 Physical<br /><span style="font-family: "courier new" , "courier" , monospace;">hivemind.united.earth<br />VXLAN Global States:<br /><br />ControlplaneOutOfSync UDPport<br />--------------------- -------<br />No 8472<br /><br /><br />VXLAN VDS:<br /><br />GatewayIP GatewayMAC MTU NetworkCount SegmentID VDSID VDSName VmknicCount<br />--------- ---------- --- ------------ --------- ----- ------- -----------<br />192.168.24.1 ff:ff:ff:ff:ff:ff 9000 9 192.168.24.0 28 2c 38 50 93 cc 28 37-8e 56 33 cd 7c 1a ea cf nsxswitch 2<br /><br /><br />VTEP VMKNIC:<br /><br />Enabled ExternalID MACAddress MTU Name NetstackInstance OpaqueNetworkID OpaqueNetworkType PortID Portgroup<br />------- ---------- ---------- --- ---- ---------------- --------------- ----------------- ------ ---------<br />true N/A 00:50:56:6f:ca:99 9000 vmk1 vxlan N/A N/A 67108979 N/A<br />true N/A 00:50:56:68:17:93 9000 vmk2 vxlan N/A N/A 67108980 N/A<br /><br /><br /><br />AddressType DHCPDNS IPv4Address IPv4Broadcast IPv4Netmask Name<br />----------- ------- ----------- ------------- ----------- ----<br />STATIC false 192.168.24.4 192.168.24.255 255.255.255.0 vmk1<br />STATIC false 192.168.24.7 192.168.24.255 255.255.255.0 vmk2<br /><br /><br />VXLAN VNI:<br /><br />ARPEntryCount ControlPlane ControllerConnection MACEntryCount MulticastIP PortCount VXLANID<br />------------- ------------ -------------------- ------------- ----------- --------- -------<br />0 Enabled (multicast proxy,ARP proxy) 192.168.1.90 (up) 2 N/A (headend replication) 1 5001<br />0 Enabled (multicast proxy,ARP proxy) 192.168.1.90 (up) 2 N/A (headend replication) 2 5000<br />0 Enabled (multicast proxy,ARP proxy) 192.168.1.90 (up) 2 N/A (headend replication) 2 5006<br />0 Enabled (multicast proxy,ARP proxy) 192.168.1.90 (up) 2 N/A (headend replication) 1 5007<br />0 Enabled (multicast proxy,ARP proxy) 192.168.1.90 (up) 0 N/A (headend replication) 1 5002<br />0 Disabled 0.0.0.0 (down) 0 0.0.0.0 1 5004<br />0 Disabled 0.0.0.0 (down) 0 0.0.0.0 1 5005<br />0 Enabled (multicast proxy,ARP proxy) 192.168.1.90 (up) 2 N/A (headend replication) 2 5003<br />0 Enabled (multicast proxy,ARP proxy) 192.168.1.90 (up) 1 N/A (headend replication) 2 5009</span></span><br />
<br />
Next up is a PowerCLI check to make sure a vdrPort exists on your hosts, Please note this script defaults to using "nsxswitch" as the DV Switch Name to Check, and VNI 5000, you can alter the script or specify the switch name and VNI manually as parameters. This script is useful in making sure your hosts haven't encountered the<a href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2107951"> "Would Block" issue</a> which can affect both VTEP, and LIF creation.<br />
<br />
This verifies that a VDR instance has at least been created and was my initial work around to the net-vdr tool not being exposed by esxcli. It specifically looks for the "vdrPort" instance on your DV Switch.<br />
<br />
<a href="https://drive.google.com/file/d/0B4Nt1AD7lxoUSUN2UUtiUzZJdWM/view?usp=sharing">vdrPort_check.ps1</a><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> .\vdrPort_check.ps1 Physical nsxswitch 5001<br />hivemind.united.earth<br />1 vdrPort was found<br />hivemind2.united.earth<br />1 vdrPort was found<br />hivemind3.united.earth<br />1 vdrPort was found</span> <br />
<br />
<br />
Now to the bread and butter of the post. ESXCLI-NETVDR, have you wanted insight into your LDR/VDR instances on your hosts via PowerCLI but been left hanging because the Layer 3 information is no where to be found? The following VIB will let you get what you need! This allows access to a specific subset of net-vdr commands within ESXCLI, and more important extended into PowerCLI via the Get-ESXCLI object. Unfortunately at this time it is only CommunitySupported. <br />
<br />
<a href="https://drive.google.com/file/d/0B4Nt1AD7lxoUc1FWbEtVWjVKUnM/view?usp=sharing">esxcli-netvdr.vib </a><br />
<br />
It creates the following namespaces under ESXCLI:<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">network.vdr<br />network.vdr.nbr<br />network.vdr.route<br />network.vdr.lif</span><br />
<br />
The following commands:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">network.vdr.list<br />network.vdr.lif.list<br />network.vdr.nbr.clear<br />network.vdr.nbr.list<br />network.vdr.route.list</span><br />
<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"></span>Here it is in action from an SSH session, but this is not what it's for, it's for PowerCLI<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">[root@hivemind:~] esxcli network vdr list<br />default+edge-15<br /> VdrName: default+edge-15<br /> VdrId: 0x00001389<br /> NumberOfLifs: 1<br /> NumberOfRoutes: 1<br /> State: Enabled<br /> ControllerIP: 192.168.1.90<br /> ControlPlaneIP: 192.168.1.20<br /> ControlPlaneActive: Yes<br /> NumUniqueNexthops: 0<br /> GenerationNumber: 0<br /> EdgeActive: Yes<br /><br />default+edge-4<br /> VdrName: default+edge-4<br /> VdrId: 0x00001388<br /> NumberOfLifs: 7<br /> NumberOfRoutes: 10<br /> State: Enabled<br /> ControllerIP: 192.168.1.90<br /> ControlPlaneIP: 192.168.1.20<br /> ControlPlaneActive: Yes<br /> NumUniqueNexthops: 1<br /> GenerationNumber: 0<br /> EdgeActive: No</span><br />
<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"></span>So how can I use these mystical commands via PowerCLI, once the VIB is installed make sure to restart management agents, or reboot your host. The ESXCLI namespaces won't be available until hostd is restarted. In all my examples below I will query my LDR instance "default+edge-4"<br />
<br />
Start off by connecting to your vCenter "Connect-VIServer"<br />
Then grab an ESXCLI Object from a host.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> Connect-VIServer cosmos<br /><br />Name Port User<br />---- ---- ----<br />cosmos 443 NADESICO\<span style="font-family: "courier new" , "courier" , monospace;">dieth</span><br /><br /><br />PowerCLI C:\pcli\nsx> $esxcli = Get-ESXCLI -VMHost hivemind.united.earth<br />PowerCLI C:\pcli\nsx> $esxcli.network.vdr.list()<br /><br /><br />ControlPlaneActive : Yes<br />ControlPlaneIP : 192.168.1.20<br />ControllerIP : 192.168.1.90<br />EdgeActive : Yes<br />GenerationNumber : 0<br />NumUniqueNexthops : 0<br />NumberOfLifs : 1<br />NumberOfRoutes : 1<br />State : Enabled<br />VdrId : 0x00001389<br />VdrName : default+edge-15<br /><br />ControlPlaneActive : Yes<br />ControlPlaneIP : 192.168.1.20<br />ControllerIP : 192.168.1.90<br />EdgeActive : No<br />GenerationNumber : 0<br />NumUniqueNexthops : 1<br />NumberOfLifs : 7<br />NumberOfRoutes : 10<br />State : Enabled<br />VdrId : 0x00001388<br />VdrName : default+edge-4</span><br />
<br />
<br />
Want a list of just your VdrNames?<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> $esxcli.network.vdr.list() | Select-Object VdrName<br /><br />VdrName<br />-------<br />default+edge-15<br />default+edge-4</span><br />
<br />
How about all the connected logical interfaces? (I've selected a subset of the columns to fit into the blog)<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"><span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> <span style="font-family: "courier new" , "courier" , monospace;">$esxcli.network.vdr.lif.list("default+edge-4") | FT -Property LIFName,ID,ConnectedDvs,State,Mode -AutoSize</span><br /><br />LIFName ID ConnectedDvs State Mode<br />------- -- ------------ ----- ----<br />13880000000f Vxlan:5000 nsxswitch Enabled Routing, Distributed, Internal<br />138800000002 Vxlan:5001 nsxswitch Enabled Routing, Distributed, Uplink<br />13880000000c Vxlan:5005 nsxswitch Enabled Routing, Distributed, Internal<br />13880000000b Vxlan:5004 nsxswitch Enabled Routing, Distributed, Internal<br />13880000000a Vxlan:5002 nsxswitch Enabled Routing, Distributed, Internal<br />13880000000e Vxlan:5007 nsxswitch Enabled Routing, Distributed, Internal<br />13880000000d Vxlan:5006 nsxswitch Enabled Routing, Distributed, Internal</span></span><br />
<br />
How about all the neighbor information for a specific LIF? (Again I've selected a subset)<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"> PowerCLI C:\pcli\nsx> $esxcli.network.vdr.nbr.list("138800000002","default+edge-4") | FT -Property Network,Interface,Mac,SrcPort -AutoSize<br /><br />Network Interface Mac SrcPort<br />------- --------- --- -------<br />172.16.10.2 138800000002 02:50:56:56:44:52 0<br />172.16.10.1 138800000002 00:50:56:b8:1a:d0 67108868</span><br />
<br />
What if I want all LIFs neighbor information?<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> $esxcli.network.vdr.lif.list("default+edge-4") | %{ $esxcli.network.vdr.nbr.list($_.LIFName,"default+edge-4") } | FT Network,Interface,Mac,SrcPort -AutoSize<br /><br />Network Interface Mac SrcPort<br />------- --------- --- -------<br />172.16.254.3 13880000000f 00:50:56:b8:68:36 67108998<br />172.16.254.1 13880000000f 02:50:56:56:44:52 0<br />172.16.10.2 138800000002 02:50:56:56:44:52 0<br />172.16.10.1 138800000002 00:50:56:b8:1a:d0 67108868<br />172.16.5.1 13880000000c 02:50:56:56:44:52 0<br />172.16.4.1 13880000000b 02:50:56:56:44:52 0<br />172.16.12.1 13880000000a 02:50:56:56:44:52 0<br />172.16.19.2 13880000000e 00:50:56:b8:48:48 67108868<br />172.16.19.1 13880000000e 02:50:56:56:44:52 0<br />172.16.8.1 13880000000d 02:50:56:56:44:52 0<br />172.16.8.2 13880000000d 00:50:56:b8:33:92 67108984</span><br />
<br />
<br />
Finally what if I want to clear the neighbor information?<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> $esxcli.network.vdr.lif.list("default+edge-4") | %{ $_.LIFName ; $esxcli.network.vdr.nbr.clear($_.LIFName,"default+edge-4") }<br />13880000000f<br />Complete<br />138800000002<br />Complete<br />13880000000c<br />Complete<br />13880000000b<br />Complete<br />13880000000a<br />Complete<br />13880000000e<br />Complete<br />13880000000d<br />Complete</span><br />
<br />
Alternatively to clear neighbor information on a per LIF basis:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> $esxcli.network.vdr.nbr.clear("13880000000f","default+edge-4")<br />Complete</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
Last but not least list all routes available via from your specific LDR/VDR instances:<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">PowerCLI C:\pcli\nsx> $esxcli.network.vdr.route.list("default+edge-4") | FT -AutoSize<br /><br />Destination Flags Gateway GenMask Interface Origin Ref Uptime<br />----------- ----- ------- ------- --------- ------ --- ------<br />0.0.0.0 UG 172.16.10.1 0.0.0.0 138800000002 AUTO 1 551207<br />172.16.4.0 UCI 0.0.0.0 255.255.255.0 13880000000b MANUAL 1 1768288<br />172.16.5.0 UCI 0.0.0.0 255.255.255.0 13880000000c MANUAL 1 1768288<br />172.16.7.0 UG 172.16.10.1 255.255.255.0 138800000002 AUTO 1 551207<br />172.16.8.0 UCI 0.0.0.0 255.255.255.0 13880000000d MANUAL 1 1768288<br />172.16.10.0 UCI 0.0.0.0 255.255.255.0 138800000002 MANUAL 1 1768288<br />172.16.12.0 UCI 0.0.0.0 255.255.255.0 13880000000a MANUAL 1 1768288<br />172.16.19.0 UCI 0.0.0.0 255.255.255.0 13880000000e MANUAL 11 1768288<br />172.16.254.0 UCI 0.0.0.0 255.255.255.0 13880000000f MANUAL 1 1768288<br />192.168.1.0 UG 172.16.10.1 255.255.255.0 138800000002 AUTO 6 551207</span>diethhttp://www.blogger.com/profile/04376762260154166868noreply@blogger.com0tag:blogger.com,1999:blog-5555686163903861349.post-62892722451208563632014-06-17T06:40:00.002-07:002015-11-08T17:46:59.029-08:00NSX Controllers and VXLAN Cluster Installation<div class="separator" style="clear: both; text-align: center;">
</div>
On to the next stage of deployment we need to setup our NSX Controllers and push out the VXLAN host modules and setup information to begin network virtualization. These NSX Controllers assist the hosts in setting up the NSX Edge distributed router services across the hosts participating the NSX deployment.<br />
<br />
To begin we should setup an IP Pool for your NSX Controllers to automatically assign out. Login to the vCenter Web Client, select the "Networking & Security" option on the left hand side bar from the home screen. From here select the "NSX Managers" option.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguoxVCahvX-5hGIbK2H48gh64W0xqNTTUU0hUewCIsrNa457eaLvnfHf_dzCi_cWtxaum1AvfUfIK5eBmduyp6JPwawoZETmNybbWQt1bbN1vfbd12aapBi6K26fkdVT6OOIgujxZml-s/s1600/nsxvcmanagers.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguoxVCahvX-5hGIbK2H48gh64W0xqNTTUU0hUewCIsrNa457eaLvnfHf_dzCi_cWtxaum1AvfUfIK5eBmduyp6JPwawoZETmNybbWQt1bbN1vfbd12aapBi6K26fkdVT6OOIgujxZml-s/s1600/nsxvcmanagers.PNG" height="221" width="320" /></a></div>
<br />
<br />
From here select the IP of your NSX Manager and then select the Manage tab, and the Grouping Objects subsection, select the IP Pools grouping object, and click on the + icon to add a new IP Pool.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOvkrWrvBu07qZ9PXyZ7JcZsA3G3_o-9YIfDlZpJxAfzB87Fednip2jCtW2ewoShI2esn2hinlSI4ToPOkiclM0qpNiUzQIbcvCN9wxSMYs8fVOynjljkVhHLfbTUqhTJTTUZyfQvhynk/s1600/nsxippools.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOvkrWrvBu07qZ9PXyZ7JcZsA3G3_o-9YIfDlZpJxAfzB87Fednip2jCtW2ewoShI2esn2hinlSI4ToPOkiclM0qpNiUzQIbcvCN9wxSMYs8fVOynjljkVhHLfbTUqhTJTTUZyfQvhynk/s1600/nsxippools.PNG" height="128" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVeRu1G4pgpIphB9r4lulZIj70zbV5I_lG8P9be7B4kynwPpse7OOUOAfoAyp3kmHqbe6WWJiw1DB0N8YCuJ7HAfN_yUVx_PGH0nMQ6N5-J_uSN31HFVLz504Iir8ZVbPicFM-zN4zU-M/s1600/nsxippooladd.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVeRu1G4pgpIphB9r4lulZIj70zbV5I_lG8P9be7B4kynwPpse7OOUOAfoAyp3kmHqbe6WWJiw1DB0N8YCuJ7HAfN_yUVx_PGH0nMQ6N5-J_uSN31HFVLz504Iir8ZVbPicFM-zN4zU-M/s1600/nsxippooladd.PNG" height="303" width="320" /></a></div>
<br />
<br />
You should run the NSX controllers in sets of odd numbers starting from 3 and up. So allocate a pool with a minimum of three addresses. The Add Pool process can also be done from the directly from the next section of the NSX Controllers deployment by clicking on the "Add Pool" option within the Add Controller dialog.<br />
<br />
With you're IP Pool configured we'll move onto defining and deploying the NSX Controllers.<br />
You can either click on the Back button inside the vCenter WebClient or goto Home and back to "Networking & Security". Choose Installation from the left hand side menu now.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP12EgTNhD01GXNR6YfVWqrhqjr99DfcCeSbjfXKgXb4-2fWF0GpTeszHt8cCV3lxMvAKhGVcu8JFk8qXLhzPoeW7egSisfm2X74O-inUBC7PmauHcfHo-n-WipLuZ2bwUqh4_I9JJTxY/s1600/nsxinstallation.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP12EgTNhD01GXNR6YfVWqrhqjr99DfcCeSbjfXKgXb4-2fWF0GpTeszHt8cCV3lxMvAKhGVcu8JFk8qXLhzPoeW7egSisfm2X74O-inUBC7PmauHcfHo-n-WipLuZ2bwUqh4_I9JJTxY/s1600/nsxinstallation.PNG" height="180" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPh7GVf-Rjhyphenhyphenh2Xztm2YioMBi4rqgA18CFp9FqL7KYUDRRVc960BdJqqjVqFnb8n_U2mnQ65zSGBFW202xVv8VyW39KMiv9Z-Qx6hgubOiHY0wV0wIdkdiZgC-SMC44Fhon1DUcjZpNEM/s1600/nsxaddcontroller.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPh7GVf-Rjhyphenhyphenh2Xztm2YioMBi4rqgA18CFp9FqL7KYUDRRVc960BdJqqjVqFnb8n_U2mnQ65zSGBFW202xVv8VyW39KMiv9Z-Qx6hgubOiHY0wV0wIdkdiZgC-SMC44Fhon1DUcjZpNEM/s1600/nsxaddcontroller.PNG" height="263" width="320" /></a></div>
We'll need to wait while the first controller is deploying. Any attempt to add another during deployment may cause the current to fail. Wait until the controller deploys, powers up and then lists with a status of Normal with a green checkmark. Once the first controller is up continue adding controllers. Add at least three controllers; for maximum availability and failover place each controller on a separate datastore. Deploy controllers in sets of odd numbers.<br />
<br />
Once you're controllers are prepared, we'll be moving onto the next tab Host Preparation. This portion of the installation will push out the ESXi host side components for the Distributed Firewall, and VXLAN services. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPFZDDt2cex4xmhCYzySJIx1sfksY9SCvp3gMuz1HNgooKG-SkVfWx4i74vafrMoxxlUZyBSjFcpnZga7Lu_9GEUAkoLdDxCK0EdlbCoCigwgsseqJJIPThJmVlDZDVZVq8iRWrWQGMPw/s1600/nsxhostprep.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPFZDDt2cex4xmhCYzySJIx1sfksY9SCvp3gMuz1HNgooKG-SkVfWx4i74vafrMoxxlUZyBSjFcpnZga7Lu_9GEUAkoLdDxCK0EdlbCoCigwgsseqJJIPThJmVlDZDVZVq8iRWrWQGMPw/s1600/nsxhostprep.PNG" height="134" width="320" /></a></div>
Just click on Install here and let NSX do it's magic to configure the hosts, go grab something to drink.<br />
Once you're cluster has completed setup of the NSX package and the Distributed Firewall package you will see our familiar green check mark under both Installation status, and Firewall. The installation field also keeps track of the version of the components installed.<br />
<br />
The next step requires a dvSwitch, so we're going to configure one, add hosts to it, and then come back to the installation of the VXLAN service. Click on the Home icon in the vCenter Web Client and then select the Networking inventory section.<br />
<br />
From the Networking screen right click on your Datacenter and select New distributed switch<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7aoQ4kJPSBXyTK4LUriaEX8nPHFNpp9zwt4GRXEdLEE9h665FUFHPQwX20YCl7dIw-iQy9u4kKDZmM2lpZXmvVnGH1vgRhfGXUFAPyuL2-MRW-aseDDfQDT0tquD6rH9-fn3eeePPGow/s1600/nsxadddswitch.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7aoQ4kJPSBXyTK4LUriaEX8nPHFNpp9zwt4GRXEdLEE9h665FUFHPQwX20YCl7dIw-iQy9u4kKDZmM2lpZXmvVnGH1vgRhfGXUFAPyuL2-MRW-aseDDfQDT0tquD6rH9-fn3eeePPGow/s1600/nsxadddswitch.PNG" height="320" width="304" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAXQxXZtb1kviKk9-2t4mlz44swkh9UiJdMgdS_7Yo5Yl3b-jNJPcwPX9mLVdnYXg7q3WOBNKmXtSNfGbRqE03n1_CnZijSvR0FtT0zSVHjAaLGPAE-06wc0PIreMhC11C74xq6rjgrxc/s1600/nsxdswitchname.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAXQxXZtb1kviKk9-2t4mlz44swkh9UiJdMgdS_7Yo5Yl3b-jNJPcwPX9mLVdnYXg7q3WOBNKmXtSNfGbRqE03n1_CnZijSvR0FtT0zSVHjAaLGPAE-06wc0PIreMhC11C74xq6rjgrxc/s1600/nsxdswitchname.PNG" height="186" width="320" /></a></div>
Set the Switch name. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-fvX9YDcA_wMJN2z0hd4ivC_typVBLdTF4aWPlc_rrly5O4Wot0vgrpERebizbCrCGJ7nH8EFVVWnBwI_-N28DnMtaeHbbCE4RX5qNQExMmoic1oSWNOrtmsmAc2RfQgswNmvWtJSQ50/s1600/nsxdswitchversion.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-fvX9YDcA_wMJN2z0hd4ivC_typVBLdTF4aWPlc_rrly5O4Wot0vgrpERebizbCrCGJ7nH8EFVVWnBwI_-N28DnMtaeHbbCE4RX5qNQExMmoic1oSWNOrtmsmAc2RfQgswNmvWtJSQ50/s1600/nsxdswitchversion.PNG" height="188" width="320" /></a></div>
Set the distributed switch version, both 5.5, and 5.1 are useable.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHCi2ZdVRQkhbU_SAjhK__cv55qwSzfyijz_1Q_uwjdj4gqO1JaIOctXZKVkowZ4JxU5wDjnUhWPY9pYx7sLGxxD05VJB_wfkmdPVqPaSWQlac-d9XCGf2Zf2Fw78O-1t6P3l5U8vL8OA/s1600/nsxdswitchuplinks.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHCi2ZdVRQkhbU_SAjhK__cv55qwSzfyijz_1Q_uwjdj4gqO1JaIOctXZKVkowZ4JxU5wDjnUhWPY9pYx7sLGxxD05VJB_wfkmdPVqPaSWQlac-d9XCGf2Zf2Fw78O-1t6P3l5U8vL8OA/s1600/nsxdswitchuplinks.PNG" height="187" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzvNrYacOdjOaBimzXKip6StpsmQ9co9aFU9gpZdPbxS_MubBl1KRcovr4zprO7NogcDXqGfC_iLM4GsMGG1iNQD2M2OsMf6-auoPF9QOnI8vOP30IBSv6-qoHm2OcU71GQe3Mgzo0yG8/s1600/nsxdswitchuplinks.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
Set the number of uplinks to match exactly to the number of uplinks you have. This is a demo / proof of concept lab so I am only utilizing one uplink. In production it's highly recommended to have two uplinks for maximum availability. If this Distribute switch is only going to be utilized for VXLAN purposes I recommend not creating the default port group. As when VXLAN is prepared a portgroup is automatically created for the vmknic VTEPs and any new Logical Switch created within will also have it's own portgroup generated.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNqfoQc_pxzwespWRewTE8kfUKq3ZFbMdomTo0q5yJ7Y_x8GAceIZZxTMw4D7HMfMWgb47m4MXT394UXVGD8doBC5d6fMjLp-KkT_VmeewUfnNIPXNBbc1qv8IcPJz1GEbGpMO7TdUhp8/s1600/nsxdswitchfinish.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNqfoQc_pxzwespWRewTE8kfUKq3ZFbMdomTo0q5yJ7Y_x8GAceIZZxTMw4D7HMfMWgb47m4MXT394UXVGD8doBC5d6fMjLp-KkT_VmeewUfnNIPXNBbc1qv8IcPJz1GEbGpMO7TdUhp8/s1600/nsxdswitchfinish.PNG" height="187" width="320" /></a></div>
Finish up and move on to Adding hosts.<br />
<br />
Right click on your new dvSwitch and select Add or Manage Hosts<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSqPGcARywXUK3B81A217ik3ZsANmk7F5Ppjc1z1iYZAoW9M-eVgIuoskxl95TmgEjWdAjRD77RtK0Oj5cAZmh5QjGJDe9Um3VBCLZqcBkbGWU9_HBir84wbgeCHsZAIMCFYfnS5X8li4/s1600/nsxdswitchaddhost.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSqPGcARywXUK3B81A217ik3ZsANmk7F5Ppjc1z1iYZAoW9M-eVgIuoskxl95TmgEjWdAjRD77RtK0Oj5cAZmh5QjGJDe9Um3VBCLZqcBkbGWU9_HBir84wbgeCHsZAIMCFYfnS5X8li4/s1600/nsxdswitchaddhost.PNG" height="320" width="267" /></a></div>
<br />
Select Add for the operation type, and click on next.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMuwSnvNIE6Y15I8ov7jv44OQmMvwO3wpF5dbw9Cz_iwyY9WcR54zod03u3UsWEmGWdhwlsFp-svl7GUO0uKbd0YdrHDw8MPwtx012XG2XbQyW2zNJLlrj0tHYNFiKK_Ya64kFUwjQ3jY/s1600/nsxdswitchaddhosts.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMuwSnvNIE6Y15I8ov7jv44OQmMvwO3wpF5dbw9Cz_iwyY9WcR54zod03u3UsWEmGWdhwlsFp-svl7GUO0uKbd0YdrHDw8MPwtx012XG2XbQyW2zNJLlrj0tHYNFiKK_Ya64kFUwjQ3jY/s1600/nsxdswitchaddhosts.PNG" height="196" width="320" /></a></div>
Click on the green + New Hosts button if you are missing hosts from this list click the incompatible hosts list and you will be provided with a window and information about any hosts any why they cannot join. Select all the hosts you want to admin to the distributed switch. <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyswjAC_d5vnigzjVoXSXliMqE4ag-9_XUHJkOpCeIEUtneF3IHmJLO-Y4uBKmtn-h1xNg_zA3DJzEnk-I8GZBM5N_S5COrtxQdP0HFQ4N95SeIwcnpS5EKS3yh55B47cpvksUR4p99Bs/s1600/nsxdswitchaddhostsselect.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyswjAC_d5vnigzjVoXSXliMqE4ag-9_XUHJkOpCeIEUtneF3IHmJLO-Y4uBKmtn-h1xNg_zA3DJzEnk-I8GZBM5N_S5COrtxQdP0HFQ4N95SeIwcnpS5EKS3yh55B47cpvksUR4p99Bs/s1600/nsxdswitchaddhostsselect.PNG" height="196" width="320" /></a></div>
<br />
If you are a lucky man, all your hosts are the exact same hardware with all their NIC connected the same way and you can use template mode to join the hosts.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixSZhlmBXjRBrwGOR5BgyoQF85zYVPe9HH7qU4dLYnY120Gcc7PbXVEhd70qkITfojkfPaFUm0VJ4_Zm16pxaIXLclyWxuqJDDz2qXObKpvoRj_NmjSbxKz_ZazVpCmCnZWbup6YJc0ro/s1600/nsxdswitchtemplatemode.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixSZhlmBXjRBrwGOR5BgyoQF85zYVPe9HH7qU4dLYnY120Gcc7PbXVEhd70qkITfojkfPaFUm0VJ4_Zm16pxaIXLclyWxuqJDDz2qXObKpvoRj_NmjSbxKz_ZazVpCmCnZWbup6YJc0ro/s1600/nsxdswitchtemplatemode.PNG" height="197" width="320" /> </a></div>
<div class="separator" style="clear: both; text-align: left;">
Next select the host to use as a template.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmWyzxUjUPnTIiYZcqkzsMaOiw6e2UvIsZI0ICG2aMzMXK7miGUP1X5eQplpTSipMmcL3KHBSb3WkLyyXHNSvWifEf_Fsg_GUuWAalTLqkZSXqEpLBuGiM3uojUtfrNFl1e5D3WGwO8Tg/s1600/nsxdswitchselecttemplate.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmWyzxUjUPnTIiYZcqkzsMaOiw6e2UvIsZI0ICG2aMzMXK7miGUP1X5eQplpTSipMmcL3KHBSb3WkLyyXHNSvWifEf_Fsg_GUuWAalTLqkZSXqEpLBuGiM3uojUtfrNFl1e5D3WGwO8Tg/s1600/nsxdswitchselecttemplate.PNG" height="198" width="320" /></a></div>
Choose which tasks we are going to perform. We only need to assign uplinks, so we can remove the option to manage VMKernel Adapters.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYMkSNvN7vJbmMRF2yBB3qE7S6ZA8meIN2FM-VcztZ601YZ0Bt98AMrQ3E75eRtdihanbd0snq9GnuBEEOkM6vIQd6Cc2Min9cQOZzQiaiHAbfSaPobHnsDnUhVa6DIjffwjfSbHQqI8I/s1600/nsxdswitchselecttasks.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYMkSNvN7vJbmMRF2yBB3qE7S6ZA8meIN2FM-VcztZ601YZ0Bt98AMrQ3E75eRtdihanbd0snq9GnuBEEOkM6vIQd6Cc2Min9cQOZzQiaiHAbfSaPobHnsDnUhVa6DIjffwjfSbHQqI8I/s1600/nsxdswitchselecttasks.PNG" height="198" width="320" /></a></div>
<br />
Set the uplinks for your template host, and then hit the Apply to all<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0tXRnUMZO4E_uAGvoPgnhbl-kFVEDDVkWYa5wtZzgYghfptw4BJNC7UBwEfVNl9DnmQpY3Hc4687mYr3xc-ov0fiO28eo-Aglxh7w2hMGUlr4euWVK-yBLIb4ldos0QJER4wgTynjPls/s1600/nsxdswitchtemplateassignapply.PNG" height="197" width="320" /> </div>
<div class="separator" style="clear: both; text-align: left;">
vCenter will now asses the impact! Since we are not moving VMKernel Adapters or VM, and as long as you're not stealing a physical NIC that is already backing another distributed or standard switch that holds a VMKernel Adapter your screen should be telling you No impact.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJyNoHYMLKrleA7sAt8HDSo60S3-MXEBNCl1IaIpKj_P-1LQ5aALnVQrjDYYbM0yIqDYA35-G1JnE9U1aSvN4uGnSTaIjTyWDVl4tCPd4cVvIRFNjqXsVYc0TpbEJF0d_O6eQxUiXMDB4/s1600/nsxdswitchimpact.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJyNoHYMLKrleA7sAt8HDSo60S3-MXEBNCl1IaIpKj_P-1LQ5aALnVQrjDYYbM0yIqDYA35-G1JnE9U1aSvN4uGnSTaIjTyWDVl4tCPd4cVvIRFNjqXsVYc0TpbEJF0d_O6eQxUiXMDB4/s1600/nsxdswitchimpact.PNG" height="197" width="320" /></a></div>
The final victory lap of setting up the distributed switch, after we're done here we can move back to the Networking & Security inventory section from the vCenter Web client home screen to begin configuration for VXLAN.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfMDQyhOCAHITrOgYdO2yOmSmb-9D0r9vb60JFEvwbxkJYBtIL2KQYHt5gF9FIyJ7U6eQ_bAgciRu4oKiZp06O5-bLaNsWA4B1MATYrAWVEd-YlgLbvKtDJL1jIJyKODA7j-oIBEZBwW0/s1600/nsxfinallap.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfMDQyhOCAHITrOgYdO2yOmSmb-9D0r9vb60JFEvwbxkJYBtIL2KQYHt5gF9FIyJ7U6eQ_bAgciRu4oKiZp06O5-bLaNsWA4B1MATYrAWVEd-YlgLbvKtDJL1jIJyKODA7j-oIBEZBwW0/s1600/nsxfinallap.PNG" height="197" width="320" /></a></div>
<br />
Back to the vCenter WebClient Home screen and back into Networking & Security and our Installation section, and click on the Configure option under the VXLAN column. I have already created another IP Pool through the same process we went through to create an NSX Controller IP Pool, once again the Add Pool option is also available in the IP Pool drop down. Be keen to match the VMKNic Teaming Policy with one that matches your uplinks. I have chosen explicit failover as my VXLAN will be going over a single link. Options are:<br />
<br />
All Distributed Switch Versions:<br />
<br />
Fail Over: which will give you an explicit fail over order and use a Active / Standby set up for all uplinks <br />
<br />
Static Etherchannel: which will give you an Active/Active Route by IP Hash for uplinks<br />
<br />
Load Balance - SRCID: utilizes the normal route based on originating virtual port id <br />
Load Balance - SRCMAC: utilizes the alternate load balance algorithm based on source MAC address;<br />
<br />
Distributed Switch 5.1:<br />
LACP Active: which will give you route by IP Hash for uplinks<br />
LACP
Passive: which will give you route by IP Hash for uplinks; but the physical switch must be in Active state, or the Link will not be brought online.<br />
<br />
Distributed Switch 5.5: <br />
Enhanced LACP: Utilizes the Enhanced LACP configuration your vSphere 5.5 distributed Switch<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuboO6GURW4QN5TXdGbVf-wPzhHSDBNYNZaMO8m91w1ysvU10KVcv0EzfYoH0HJgztLRO6wF1maJp59n8hoH9OmnSz-IMQfzBgQ5s5KULtmgSvk5g0krTk2VMbJrn5sJcz30yXDXLPEVA/s1600/nsxinstallationvxconfigure.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuboO6GURW4QN5TXdGbVf-wPzhHSDBNYNZaMO8m91w1ysvU10KVcv0EzfYoH0HJgztLRO6wF1maJp59n8hoH9OmnSz-IMQfzBgQ5s5KULtmgSvk5g0krTk2VMbJrn5sJcz30yXDXLPEVA/s1600/nsxinstallationvxconfigure.PNG" height="128" width="320" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFisjcl7-_4XFy8CBJkRgEQ7aXfDCflomFt4LO08wxEngnjLbHaveWla8B3QxUuI089fHtbCuwK_9XnVCVYFMOM8Fm5FuPIqTI4iuCHR7OZ2vYovs7j38yNKzb7nZQ2DFE-8I9UvYZ9sY/s1600/nsxinstallationvxconfigurescreen.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFisjcl7-_4XFy8CBJkRgEQ7aXfDCflomFt4LO08wxEngnjLbHaveWla8B3QxUuI089fHtbCuwK_9XnVCVYFMOM8Fm5FuPIqTI4iuCHR7OZ2vYovs7j38yNKzb7nZQ2DFE-8I9UvYZ9sY/s1600/nsxinstallationvxconfigurescreen.PNG" height="244" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
If you set your Recent Task panel to show All Users' Tasks you should see the the an Add Virtual NIC Task for each host, along with an Add Distributed Port Group, and many Update opaque data tasks. </div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1AyDIg4PHtDIed2hUBtwAY1yJnssy73VUmvBGSj-5N1G0kWDA3um5oRnVvXJXxMM6AuNNoRfrHozyz9ZTLe-FzyTVohZG0pQY-wZbOO7dg6Xg6IOe0forGU2_uthCkkuzlo5wxDCS_d4/s1600/nsxtasks.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1AyDIg4PHtDIed2hUBtwAY1yJnssy73VUmvBGSj-5N1G0kWDA3um5oRnVvXJXxMM6AuNNoRfrHozyz9ZTLe-FzyTVohZG0pQY-wZbOO7dg6Xg6IOe0forGU2_uthCkkuzlo5wxDCS_d4/s1600/nsxtasks.PNG" height="320" width="208" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
If you switch over to the Logical Network Preparation tab, and the VXLAN Transport section you should now see all hosts listing with a green check mark and the VMKnic IP's that have been set up as VTEP endpoints.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxVb_aqfyUekZG6cuccd3hFSrwwflceJO8388C_JtJ_tcqZzpxA15ZO2CY8Vt3ohToRceG8YJfazBT2mEqJJB2uEkGvYgr4peSKbBL40_IV7LeSiJkep957VVUqU4InfBh9uuxSorJUQA/s1600/nsxlogicalnetvxlantrans.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxVb_aqfyUekZG6cuccd3hFSrwwflceJO8388C_JtJ_tcqZzpxA15ZO2CY8Vt3ohToRceG8YJfazBT2mEqJJB2uEkGvYgr4peSKbBL40_IV7LeSiJkep957VVUqU4InfBh9uuxSorJUQA/s1600/nsxlogicalnetvxlantrans.PNG" height="83" width="320" /></a></div>
Next move onto the Segment ID section, and define a Segment ID Pool, set a range that is equal to the number of VXLAN you expect to deploy. You only need to define a Multicast range if you are using ESXi 5.1 hosts or plan on using Hybrid mode. I will only be setting up Unicast mode so I have no configured any multicast informaiton.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQS-1p4JvuLsUUADf5DjhZ3BfexHovFu1xT-GoofbpIdPuhs9t4IZnTnjIPzXA9fKbyVvlG1h2QO5L6YTgCFC3VdH-2AQ9BIhITSGH6mD8g6vWAlyp977da7UmRsUDIDMB3hM0y_Bivyk/s1600/nsxvxlansegment.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQS-1p4JvuLsUUADf5DjhZ3BfexHovFu1xT-GoofbpIdPuhs9t4IZnTnjIPzXA9fKbyVvlG1h2QO5L6YTgCFC3VdH-2AQ9BIhITSGH6mD8g6vWAlyp977da7UmRsUDIDMB3hM0y_Bivyk/s1600/nsxvxlansegment.PNG" height="212" width="320" /></a></div>
Next move onto the Transport Zones section and click on the Green + to add a new Transport zone. Choose the type of Transport method, Multicast which is compatible with 5.5, and 5.1 and is required if you have any 5.1 hosts. Unicast which is compatible with 5.5 only, and Hybrid which uses both Multicast and Unicast. Select the cluster and distributed switch pairs you wish to join this Transport Zone.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_dVkYZSgiIZHo3DPkVrjzNIW7zOTJ6nIfiDVu01_B4OW2wOdLxwXX1fOQbI4BaQReMcQWaifWkQUJXozpZHxNeBO0C0kRDgJBdCVY4zOuyGlywL1_kFqsWHkJQ9Lizs3EbnqY4cvys9Y/s1600/nsxvxlannewtranszone.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_dVkYZSgiIZHo3DPkVrjzNIW7zOTJ6nIfiDVu01_B4OW2wOdLxwXX1fOQbI4BaQReMcQWaifWkQUJXozpZHxNeBO0C0kRDgJBdCVY4zOuyGlywL1_kFqsWHkJQ9Lizs3EbnqY4cvys9Y/s1600/nsxvxlannewtranszone.PNG" height="218" width="320" /></a></div>
<br />We're now done with the VXLAN set up. The final tab in the Installation section is Service Deployments this is used to push out VMware Endpoint, and VMware Data Security. Also as third party services are registered with NSX you will be able to deploy them from this tab. I will discuss these services in later posts.<br />
<br />
To being adding VXLAN Logical Switches, select the Logical Switches section, and click on the green +.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSw0m4wa7KV8PbDatn9lm8YJBjicd7iegeEe2WfCR17fNatIZd1HDgnb3csug3W-9i3mNJXMgqUa-b6VQ6MJz_OJ7kvUyB_CdQ7HqW1kx63z7wsI7PBln2e9C_7P7L8wGTyyCU8Q-xb4Q/s1600/nsxvxlannewlogical.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSw0m4wa7KV8PbDatn9lm8YJBjicd7iegeEe2WfCR17fNatIZd1HDgnb3csug3W-9i3mNJXMgqUa-b6VQ6MJz_OJ7kvUyB_CdQ7HqW1kx63z7wsI7PBln2e9C_7P7L8wGTyyCU8Q-xb4Q/s1600/nsxvxlannewlogical.PNG" height="149" width="320" /></a></div>
If you switch over to the Networking view to check out your Distributed Switch you should now see two distributed port groups defined. vxw-vmknicPg-<dvs-##>-<vlanid>-<UUID>, and a vxw-<dvs-##>-virtualwire-<vtepgroup>-sid-<segmentid>-<logical switch name><br />
<br />
These break down to mean:<br />
vxw is for VXLAN Wire<br />
dvs-## is the dvs Managed object reference identifier<br />
vlanid is the VLAN the VXLAN VTEPs are running in<br />
UUID is a randomized unique identifier <br />
vtepgroup is the VTEP group id the VXLAN is defined in<br />
segmentid is the assigned segment id in use by this VXLAN wire<br />
logical switch name is the name you assigned to the Logical switch <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrHqDwpKX4DL6RhC97IQfpVrH6O4ociv4LKL3iGJmOqehF7WUEoqpBOAP4AaPMY4q0784nTUyZO-iUh6d7WesdQ1Bh0vBfHUFQoGNb_yjK-AdWoK_QNzmJZab6c191avQdAhQ1aB_GnvA/s1600/nsxdvswitchvxportgroups.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrHqDwpKX4DL6RhC97IQfpVrH6O4ociv4LKL3iGJmOqehF7WUEoqpBOAP4AaPMY4q0784nTUyZO-iUh6d7WesdQ1Bh0vBfHUFQoGNb_yjK-AdWoK_QNzmJZab6c191avQdAhQ1aB_GnvA/s1600/nsxdvswitchvxportgroups.PNG" height="66" width="320" /></a></div>
<br />Next post I will cover setting up an NSX Edge as a routing point out of the VXLAN networks.diethhttp://www.blogger.com/profile/04376762260154166868noreply@blogger.com0tag:blogger.com,1999:blog-5555686163903861349.post-31505478661518819302014-06-13T07:53:00.002-07:002015-11-08T17:46:59.024-08:00Setting up NSX-V 6.0.4After Deploying the OVA, you will need to first sync your NSX-V Manager (Similar to the old vShield / vCloud Networking and Security Manager) up with your vCenter.<br />
<br />
Login to the Web Interface of your NSX-V Manager<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk_Z5UoRTCzn2809C0DNF-Hz_4C8tTyqKkzOps0pKp6saQhckpviaPnHpElNHCkIumWXyQjDRIFI1WE9ENObPvsJw_Y2OGkMpBAy_m6SmmVLOvahnSdqdvjNUz0j54GRIVtOtiaH8qqb4/s1600/nsxlogin.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk_Z5UoRTCzn2809C0DNF-Hz_4C8tTyqKkzOps0pKp6saQhckpviaPnHpElNHCkIumWXyQjDRIFI1WE9ENObPvsJw_Y2OGkMpBAy_m6SmmVLOvahnSdqdvjNUz0j54GRIVtOtiaH8qqb4/s1600/nsxlogin.PNG" height="185" width="320" /></a></div>
<br />
The credentials are set up when you deploy the OVA.<br />
<br />
You'll be brought to the NSX-V Manager home screen, which contains some very useful information in the upper right hand corner you can see the IP, the version, the hostname, and the username you have currently logged in with:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndadAv9mIxuvD9vdOwN00A-4Q7sTgp0UT8yP4EGnF9AehmYYA2dLw3LdOc2j2w8ZQaanaUXhiDNNoeDodIT1dEssf8tYJm1yISLEivXYeUVblCij_wv4XK1bediS_69QjCwsOxcLOSbE/s1600/nsxhome.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndadAv9mIxuvD9vdOwN00A-4Q7sTgp0UT8yP4EGnF9AehmYYA2dLw3LdOc2j2w8ZQaanaUXhiDNNoeDodIT1dEssf8tYJm1yISLEivXYeUVblCij_wv4XK1bediS_69QjCwsOxcLOSbE/s1600/nsxhome.PNG" height="127" width="320" /></a></div>
You'll want to click on the "Manage vCenter Registration" button, which will bring you to a page where you can configured both the Lookup Service and your vCenter Server. I recommend configuring the vCenter Server connection first, and then the Lookup Service. I recommend using a specifically created Service account for the NSX-V Manager connection this way any tasks initiated by NSX-V can be easily identified. The Lookup Service should be configured with your "administrator@vsphere.local" SSO account. <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5JoJC6wxpxQiperxxQYAOp8HJvF6Q53oiBydbDut1jpJOy2FIT-uoBwY2oLfHS-2HoqwG_238kGKmegXttVeXEepKM_TDBoP0hOXBPSP4n0ftvcWlugC9di6uxZDM4KoKcIE6Lemmdlk/s1600/nsxvcedit.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5JoJC6wxpxQiperxxQYAOp8HJvF6Q53oiBydbDut1jpJOy2FIT-uoBwY2oLfHS-2HoqwG_238kGKmegXttVeXEepKM_TDBoP0hOXBPSP4n0ftvcWlugC9di6uxZDM4KoKcIE6Lemmdlk/s1600/nsxvcedit.PNG" height="183" width="320" /></a></div>
<br />
Once the vCenter Server and Lookup Service the next step is to set up Configuration Backups. You can backup to either FTP, or SFTP locations.<br />
<br />
On the left hand side bar click on "Backups & Restore", or the "Backups & Restore" button from the NSX-V Home screen. Click on the Change button for FTP Server Settings. All fields do need to be populated in this screen unlike vShield / vCloud Networking & Security your backups do require a passphrase now. I would recommend schedule daily backups. I suggest to exclude Audit logs, System Events, Flow Records to keep the size of the backups minimal. Of course your individual needs may be different than mine so do not exclude information that you may depend on.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW9bZJtwK68rAGoyYR6tXka1u6Ay72nsctYqCdNrZVLvejFwbRPIXQIyWoRzYAWNXDDGudJA1dIrqahoKFvoCuxBheTM0L2Geiw8JTJUfwhS4e3HdKNfjRYTpcFRs0_aUPS1RyNPHvsoo/s1600/nsxbackups.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW9bZJtwK68rAGoyYR6tXka1u6Ay72nsctYqCdNrZVLvejFwbRPIXQIyWoRzYAWNXDDGudJA1dIrqahoKFvoCuxBheTM0L2Geiw8JTJUfwhS4e3HdKNfjRYTpcFRs0_aUPS1RyNPHvsoo/s1600/nsxbackups.PNG" height="121" width="320" /></a></div>
<br />
<br />
Your NSX-V Manager is now set up, but wait there's MORE!<br />
<br />
We need to grant permissions to users. If you followed my recommendation you used a service account to register NSX-V Manager to your vCenter server. This will be the only vCenter level account that can actively manager the Networking & Security section in vCenter. In the next step we'll grant access to a vCenter user.<br />
<br />
This time, login to your vCenter Web Client using the service account we used to register NSX-V to vCenter. Once authenticated and logged in Select the "Networking & Security" section, and then Select the "NSX Managers" under the "Networking & Security Inventory" section. I've highlighted this area in Yellow in my screenshot:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKp03so4xtHg7HigI6bXudtXDO4MCNQgddeE_t5V3Auw4tbu99qjWP7ePLxy6QAB9ZMZsUmhE276BIgKrsJef28bbBZ77-xt68K5SvWfXYWYj2HzfxMELj5f42917ZeWLGL_ioHmYF56o/s1600/nsxvcmanagers.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKp03so4xtHg7HigI6bXudtXDO4MCNQgddeE_t5V3Auw4tbu99qjWP7ePLxy6QAB9ZMZsUmhE276BIgKrsJef28bbBZ77-xt68K5SvWfXYWYj2HzfxMELj5f42917ZeWLGL_ioHmYF56o/s1600/nsxvcmanagers.PNG" height="221" width="320" /></a></div>
<br />
<br />
Once you click on this it will bring you to a list of the NSX Managers. Select the IP Address associated with your NSX-V Manager, and then click on the "Manage" Tab, and then select the "Users" subsection of this tab. From here you can add additional administrators to NSX-V. These users need to already be defined in vCenter.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipTZsgf80V7Xm09SvyRTgRlmaajMFBd8IG-2WsenB_c-nzQ3wt5BFGXy3zddD27Uuy3n_vw3ZrA8dtKahYI_Yw4W-_lGz2k0495FjAJPYIzuAhbpEQUXJPKvHjo8MBVj0cDE3d_u6gjmQ/s1600/nsxvcmanagersusers.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipTZsgf80V7Xm09SvyRTgRlmaajMFBd8IG-2WsenB_c-nzQ3wt5BFGXy3zddD27Uuy3n_vw3ZrA8dtKahYI_Yw4W-_lGz2k0495FjAJPYIzuAhbpEQUXJPKvHjo8MBVj0cDE3d_u6gjmQ/s1600/nsxvcmanagersusers.PNG" height="58" width="320" /></a></div>
<br />
<br />
Once you have added the accounts that you wish to allow to access NSX-V to this list they will have access to the "Networking & Security" module based upon the Role granted to the user. Now log out from the vCenter server as you were connected with the service account!<br />
<br />
<a href="http://3dclouds.blogspot.com/2014/06/nsx-controllers-and-vxlan-cluster.html">Next we'll explore setting up NSX Controllers & VXLAN </a><br />
<br />
<br />
<br />
<br />
<br />
<br />diethhttp://www.blogger.com/profile/04376762260154166868noreply@blogger.com0tag:blogger.com,1999:blog-5555686163903861349.post-34436688394789326412012-10-18T22:03:00.002-07:002014-12-04T16:18:37.971-08:00introWelcome to adventures in 3D Virtualization. - I do not represent VMWare, ASUS, Corsair, or nVidia in anyway shape or form. Please contact your graphics supplier for drivers.<br />
<br />
We'll start off with my machine specs:<br />
<br />
<br />
PNY GTX 560 Ti 1GB (Primary)<br />
PNY Quadro 4000 2GB GDDR5 (Secondary)<br />
64GB Corsair 1600mHz DDR3 (Running XMP Profile 1)<br />
ASUS Sabertooh X79 <br />
Core i7 3930K<br />
Issues with hardware: resolved / replaced mobo there was a bad pin on the CPU socket<br />
<br />
<strike>DIMM_D1 and DIMM_D2 list a loaded chip as "Abnormal", same chip loads as OK in A/B/C 1/2 slots. Rotated all chips around can only get board to load with A1 B1 C1/2 filled instead of optimum A1/B1/C1/D1 for full Quad channel.</strike><br />
<br />
Software Specs:<br />
<br />
ESXi 5.1 build 799733<br />
Chilly e1000e net driver vib <a href="http://www.ivobeerens.nl/2011/12/13/vmware-esxi-5-whitebox-nic-support/">driver setup</a> - needed for the Intel NIC on the SaberX79<br />
nVidia vib <a href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2033434">kb2033434</a> - (looks like it's been removed)<br />
<a href="http://v-front.blogspot.com/p/esxi-customizer.html">ESXi Customizer</a><br />
<a href="http://www.v-front.de/p/esxi5-community-packaging-tools.html">ESXi TGZ2VIB converter</a><br />
<br />
<br />
Use the converter to change chilly's network driver from a tgz to a vib.<br />
<br />
Use the customizer to make an imager, add chilly's package to the iso.<br />
Rename the Custom.iso to Chilly.iso<br />
<br />
Use the customizer on your new custom to make another image, add the nvidia vib this time.<br />
Burn your latest Custom.iso, When I tried to install the nVidia VIB on my initial install I received a there is not enough space to install the module message.<br />
<br />
Install the ESXi.....diethhttp://www.blogger.com/profile/04376762260154166868noreply@blogger.com0