Continuing from where we left off in part 2 the next step is to prepare the hosts. Host preparation simply means installing several VIBS to each of the hosts within the cluster to enable functionality such a distributed firewall, distributed routing and VXLAN. Within the Installation and Upgrade pane, click host preparation, select the cluster you wish to install, then click actions.
Click yes to confirm the install.
This will launch a process to install the VIBs to each host within the cluster.
Once the installation has completed you should see green ticks next to each host in the cluster along with the version number. On occasions the VIBs don’t install correctly and you need to either repeat the process or you can complete a manual install. My colleague Chris Tucker has written a great post detailing the process which can be found here
If you only want to use the Distributed Firewall (DFW) for micro-segmentation then you’ve installed all the required components and you can move to the security section to being rule configuration with service composer.
The next step is to configure VXLAN, click the “not configured” option next to one of the clusters.
Enter the details required for VXLAN configuration. Select the Distributed Switch, VLAN and MTU configuration for your environment. This is an important step as VXLAN requires an MTU size of at least 1600 bytes and also make sure the physical switches are configured to support this. I’ve chosen to use an IP Pool to provide addresses to the vmkernel ports used with VXLAN.
You can create a new pool in the drop-down menu if needed. Give the pool a name, default gateway, prefix length and DNS server. I’ve also given the pool 8 IP addresses to use but this will depend on how many hosts you have. Click OK to create the pool and click OK again to complete the VXLAN configuration.
Once configured you should see green ticks against each host in the environment.
What has actually happened in the background is NSX Manager has created a new vmkernel port on each host with a custom TCP/IP stack for use with VXLAN. The interface on the host is called a VTEP which stands for VXLAN Tunnel Endpoint and is where frame encapsulation occurs.
Now VXLAN is configured the next step is to prepare the logical networks. Click Logical Network Preparation, then click VXLAN Transport. This shows the port used by VXLAN. In earlier releases the default port was UDP 8472 but this has now been changed to the IANA standard port of 4789.
Next click on Segment ID. This is where the VXLAN network ID’s (VNIs) are configured. This is a similar concept to VLAN ID but VXLAN can scale to over 16 million ID’s compared to 4094 with VLANs. Click edit to configure.
Choose how many VNIs you need in the pool. Note the starting number is 5000 so it doesn’t overlap with VLAN’s. I’ve chosen 5000-5999 for my primary site.
Next configure the transport zone by clicking the green plus icon.
Give the transport zone a name and choose the replication mode. Explaining what a transport zone is and going through the options would make this post quite long so here is the link the VMware documentation.
In my lab I’m using Unicast as I will be deploying NSX Controllers later. I’ve also connected both the management and compute clusters to the transport zone. Click OK to finish.
To recap we have prepared the hosts, configured the VNIs to use with logical switches later and configured the transport zone. Part 4 will cover deploying NSX Controllers which allows us to start deploy logical networks into the environment.
To read our NSX solution brief, to book a meeting to discuss NSX with Ben or for more information on VMware NSX, click the button below:
To read other articles within this series, click below: