Hi, today’s article will be about NSX-T, segments and various other things, but I apologize in advance if I write nonsense here. I’m not a network and NSX specialist, but I needed to create some functionality, which on NSX-V I did in 30 seconds, here it took me a bit and kept me awake at night because everything is built differently.
The article will be about creating Segments that will have access to the Internet, as well as from my home network I will be able to access these segments so that I can test different solutions in my nested lab.
I searched the depths of the Internet, many people showed how to configure it, but everywhere there were additional routers, additional VLANs and other things. For me it was an excess of form over content, I just had to have vCenter VDS from portgup that had a given subnet and computers from this subnet would go outside through my home router more or less something like in the picture below
My current lab setup is
| Name | IP | GW |
| Laptop | 192.168.100.65/24 | 192.168.100.4 |
| VCSA | 192.168.100.102/24 | 192.168.100.4 |
| Pesxi(physic) | 192.168.100.100/24 | 192.168.100.4 |
| Nsxa(manager) | 192.168.100.105/24 | 192.168.100.4 |
On vCenter I only have a Standard switch where all VMs are connected
Let’s start the preparations:
- For the first stage, let’s create a vDS to which we will connect all our segments
As you can see, the setup here is very simple, you can say default. The next step is to increase the MTU on the switch, even though NSX requires MTU 1600, Tanzu 1700 I set it to 9000 if I wanted to test something else.
The last step that we need to do on vCenter is to connect the host
Once everything is configured, we can move to the NSX-T. On NSX I have already done a basic configuration, more precisely, a very basic one, i.e. added license and connected Compute Manager.
The first step is to create the Transport Zone. We create two types of Overlay and VLAN
On the NSX UI Home page, navigate to System > Configuration > Fabric > Transport Zones and click +ADD ZONE.
And in the same way the second transport zone
Now we will create, in my opinion, the most important piece of the whole puzzle, namely the profile for TEP Overlay.
On the NSX UI Home page, navigate to System > Configuration > Fabric > Profiles and click +ADD PROFILE.
The items we need to include here are
| Name | Edge-Overlay-Profile |
| Teaming | [Default] Active Uplink -> Uplink1 |
| Transport VLAN | 51 |
It is very important here to specify the VLAN number, which is not the same VLAN as our entire network. I, as I have a lab at home, do not have any vlans, and as they say, everything flies everywhere and why not ?. The VLAN number I entered here is random, although with my knowledge of how it works, I thought 51 sounded cool like Area51 where we never know what’s going to happen to us.
But let’s get down to business after creating a profile
We must/can create IP pools
On the NSX UI Home page, navigate to Networking > IP Management > IP Address Pools and click ADD IP ADDRESS POOL.
a. Provide the configuration details in the ADD IP ADDRESS POOL window. a. Enter TEP-IP-Pool in the Name text box.
b. Click Set under Subnets and select ADD SUBNET > IP Ranges.
d. In the IP Ranges/Block text box, enter 172.20.11.151-172.20.11.170 and press Enter.
e. Enter 172.20.11.0/24 in the CIDR text box.
f. Enter 172.20.11.1 in the Gateway IP text box.
g. Click ADD on the ADD SUBNETS page.
- Click APPLY on the Set Subnets page.
4.Click SAVE.
Here we can use any addressing because this traffic will be within only EDGE <–> ESX as well as it will be wrapped with our VLAN number so we can even use addresses from our mgmt network.
We now move on to configuring our Host
- On the NSX UI Home page, navigate to System >
- Configuration > Fabric > Nodes > Host Transport Nodes
- From the Managed by drop-down menu, select your Compute Manager
- Expand the cluster view
- Select the Cluster or in my case Node check box and click CONFIGURE NSX.
We configure our host
We choose VDS -> Standard
As the name, we give our created VDS from the drop-down list
As Transport Zone, we add our two transport zones
Now the most important thing is to choose the right uplink profile that will be used for the VTEP connection
For me it looks like this
At the very bottom, we still need to select an uplink from our VDS that will be connected to our Profile uplink.
We click Finish and our host is now being configured
After a short while, our host is beautifully configured and lights up green
At this point, we could deploy Edge, but we still need a PortGroup to attach it to. Importantly, I do not know why, if you read this, you can leave me info in the comment, we do it from the NSX level and not from the vCenter level.
On the NSX UI Home page, navigate to Networking > Connectivity > Segments > NSX.
Click ADD SEGMENT and configure the segment
We name it and connect it to the Transport Zone VLAN and pass all VLANs through it
After configuring, as you can see, quite simple, we can deploy our first Edge
On the NSX UI Home page, navigate to System > Configuration > Fabric > Nodes > Edge Transport Nodes.
Click +ADD EDGE NODE.
The name will be the name of our virtual machine and the hostname would be good (probably it is recommended that it be resolved by DNS)
I added an entry to my DNS
And I go to configuration
We set passwords remember that NSX has requirements for passwords
• It must not contain the username as a substring
• A character must not be repeated consecutively more than three times
• It must be at least 12 characters long and must follow three of the following four rules:
• It must have at least one uppercase letter
• It must have at least one lowercase letter
• It must have at least one number
• It must have at least one special character
We choose where the VM deployment is to be made
We make settings for management
And we configure the TEP movement
The most important thing here is that we have to select the same uplink profile as the host as well as we have to select the portgroup we have created within the segment. Importantly, and I didn’t say Portgroup before, it must be in the same switch as our host. Importantly, all of this must use the same physical card. But don’t ask why.
Now we take a coffee break and wait for our Edge to form
As our Edge configures, we see that everything is UP with the Success status
For testing we can PING from esx to vxlan
We check on what interface ESXi is connected to VXLAN
esxcfg-vmknic -l
And we do PING checking communication with edga’s IP address on VXLAN not on mgmt
vmkping -4 -I vmk10 -S vxlan 172.20.11.152
With the Edge configured in this way, we move on to the easiest thing, i.e. creating the T-0 and T-1 routers. However, before routers, we still need to make a cluster with Edge because we refer to a cluster and not to a single node
On the tab next to it, we add Edge Cluster with any name with a default profile and our just configured node will be here as a member
We add two new segments.
One will be the VLAN segment where we will connect our T-0 to our Overlay (home) network
The second Segment will be the Overlay segment, which is actually our portgroup in which we will deploy our VMs
I have created the following Segments
VLAN
Since I don’t have any VLANs at home, I set the VLAN to 0
Overlay
The IP address we set will be our GW address
We create our T-0
On the NSX UI Home page, navigate to Networking > Connectivity > Tier-0 Gateways
Click ADD GATEWAY > Tier-0.
I will still use NAT in my lab, so what is important when creating T-0, we must set the HA mode to Active Standby
In the Edge Cluster tab, select our cluster
After saving, click YES to continue
We go to the tab
INTERFACES and add an external address for our router
I set my name to Internet, chose another address from my home network and connected it to the segment we just created
At this point, our T-0 router should be reachable from our home network
And so it is
We also add static routing for all networks and set our home router as the next hop
So much for the T-0
With the T-1, things are much simpler
We choose the name and to which T-0 is to be connected and what is to be broadcast, I always choose Static Routes, Segments and NAT
The last stage is connecting our Segment to T-1
After configuration, this is what Topology looks like from the NSX level
What I still do is set NAT to all networks if I wanted to connect more segments to this solution
And on my home router, I upload to the subnet of my Static Route segment. I will not show you this because each of us has a different router at home.
At this point, we’re done. Everything should work, so we will test it soon and I hope that this article will help you configure and create many interesting HomeLab-s.
Network Tests
LAPTOP -> T-0
LAPTOP -> T-1
VM-00(172.16.22.2) -> VM-01(172.16.22.3)
VM-00 -> T-1
VM-00 -> T-0
VM-00 -> Internet
LAPTOP -> VM-00
Can you clarify this sentence and how it is done?
“And on my home router, I upload to the subnet of my Static Route segment.”
I have gone through your article, which is great, but when I ping from my laptop to the 172.16.22.1 address, it does not respond.
Also, the very last screenshot of the NAT – do you have a clearer picture and steps? Maybe I am not doing that correctly, so I cannot ping the T1.
you need to setup on your home router static route which allow you to reach new network