Welcome back!

This is part 5 of 20 blogs I am writing covering the exam prep guide for the VMware Certified Advanced Professional – Network Virtualisation Deployment (3V0-643)  VCAP6-NV certification.

At the time of writing there is no VCAP Design exam stream, thus you’re automatically granted the new VMware Certified Implementation Expert – Network Virtualisation (VCIX6-NV) certification by successfully passing the VCAP6-NV Deploy exam.

Previous blogs in this series:

Part 1 – Intro
Part 2 – Objective 1.1
Part 3 – Objective 1.2
Part 4 – Objective 1.3

This blogs covers:
Section 2 – Create and Manage VMware NSX Virtual Networks
Objective 2.1 – Create and Manage Logical Switches Skills and Abilities

• Create/Delete Logical Switches
• Assign and configure IP addresses
• Connect a Logical Switch to an NSX Edge
• Deploy services on a Logical Switch
• Connect/Disconnect virtual machines to/from a Logical Switch
• Test Logical Switch connectivity

 

Create Logical Switches

A NSX Logical Switch just like a physical VLAN is assigned an ID. This is the VNI or VXLAN Network Identifier (discussed in Part 3).

The VNI range starts at 5000 and ranges up to 16.7 million. At present there is a limit of 10,000 VNIs due to the vCenter limitation of 10,000 dvPortGroups.

The logical switch operates in the overlay and is totally independent of the physical network (the underlay). With Transport Zones (TZ) spanning multiple clusters it’s possible for a Logical Switch joined to a specific TZ to be available across multiple clusters, data centre-wide. Issues with Layer 2 adjacency vaporised. Nice.

Just like any network design you will want to work out your logical network segments. Each logical switch is a boundary for these e.g. logical switch ‘X’ with a VNI of 5010 might be a 10.0.0.0/24 subnet; and logical switch ‘Y’ with a VNI of 5020 might be a 10.1.0.0./24 subnet. Later in this series we will cover the NSX Distributed Logical Router (DLR) which can be configured to route these networks.

To Create a Logical Switch:

Log into the vSphere Web Client.

Click Networking and Security, then Logical Switches.

Click the green + sign to add a logical switch.

I am going to create a logical switch called ‘Database Tier’, I add it to the Global_TZ Transport Zone which spans both of my Compute Clusters, accept the default  Replication Mode of Unicast, and click OK.

Note: By default, the Replication Mode of the logical switch is determined by the mode configured in the Transport Zone. Read the NSX Install Guide more on this if your interested.

Note: The IP Discovery option is enabled by default and it enables ARP suppression between VMs on the same segment (i.e. VM knows IP but not MAC thus must do an ARP Broadcast to entire VXLAN Segment to determine the MAC). The NSX Controllers maintain an ARP table and is pushed to the ESXi hosts which respond to local ARP Responses. Read the NSX Install Guide.

Note: The Enable MAC Learning option is disabled by default. VMware says to enable this option if your VMs have multiple NIC and MAC addresses. Read the NSX Install Guide.

Once I have created the logical switch I see it in the Web Client:

If I now go look at one of my Compute Cluster hosts I can see the logical switch has been created on the Compute vDS with a VNI of 5000.

As the TZ that the logical switch is connected to spans both my Compute and Edge Clusters (containing 2 hosts each) the logical switch is available on all 4 hosts.

To Delete a Logical Switch:

Pretty straight forward process.

Select your logical switch, click the blue cog and select ‘Remove‘. This will delete the logical switch.

Note: You will not be able to remove a logical switch if you have VMs or any Edge Gateway interfaces connected to it, so remove those dependencies first.

 

Assign and configure IP addresses

Yeah, I don’t know why this section is here as you can’t assign IPs to a logical switch. You can attach a logical switch to a Distributed Logical Router (DLR) or Edge Services Gateway (ESG) and configure the interface IP address and subnet prefix- but thats not on the switch.

The next section covers adding a logical switch to an existing ESG. You will see the IP addressing etc.

 

Connect a Logical Switch to an NSX Edge

When you connect a logical switch to an Edge Services Gateway or a Distributed Logical Router it allows East-West routing between logical switches; or North-South routing to the outside world.

Log into the vSphere Web Client.

Click Networking and Security, then Logical Switches.

Select a logical switch, click the blue cog and select Connect Edge.

Select the Edge Gateway and click Next.

An ESG can have a maximum of 10 interfaces. In the below picture my ESG has 1 interface configured with an Uplink to an external network (the Internet).

Select a free interface and click Next. (Note: I actually selected vnic8 not vnic1 as shown)

The only information I have entered on the below screen is the Primary IP Address and Subnet Prefix Length.

The Database_Tier logical switch which I am adding to this ESG I have defined as the 192.168.1.0/24 subnet. The Primary IP Address (192.168.1.1) will be the Gateway for this network.

Click Finish to complete adding the logical switch to the ESG.

If I now go and Manage the ESG, I can see the interface I just configured.

I have a Windows 2012R2 VM (win2k8-a) and added it to the Database-Tier logical switch.

I open the console on win2k8-a and configure the following IPv4 details:

I can now ping the Database-Tier gateway address: 192.168.1.1 and also the Uplink interface to the external network 10.0.0.5.

 

Deploy services on a Logical Switch

This allows you to deploy 3rd Party Services to your logical switch.

As I do not have any 3rd party appliances installed the icon does not even show for me.

From page 46 in the VMware Administration Guide here is the process:

 

Connect/Disconnect virtual machines to/from a Logical Switch

This is pretty straight forward.

To Connect Virtual Machines:

Log into the vSphere Web Client.

Click Networking and Security, then Logical Switches.

Select the Logical Switch then click the blue cog and select Add VM.

Select your VM/VMs and click OK.

 

To Disconnect Virtual Machines:

Log into the vSphere Web Client.

Click Networking and Security, then Logical Switches.

Select the Logical Switch then click the blue cog and select Remove VM.

Select your VM/VMs and click OK.

 

Test Logical Switch connectivity

From the vSphere Web Client you can test logical switch connectivity between ESXi hosts connected to a VXLAN network. The test is an ICMP PING and the default MTU size is 1550 bytes. The test is per logical switch.

Log into the vSphere Web Client.

Click Networking and Security, then Logical Switches.

Double-Click the switch you want to perform the test on.

Select the Source host.

Select the Destination host.

Click Start Test. The test will run and show you the results.

 

You can additionally test Broadcast across the VXLAN network.

Click Broadcast.

Select Source host, followed by Start Test.

The test will show any unresponsive hosts to the broadcast.

 

You also test from the command line on a ESXi host.

SSH into a host.

Run the following command:

vmkping ++netstack=vxlan -s 1572 -d 172.16.0.13

Note: -s is size, -d option sets DF (Don’t Fragment) bit on the IPv4 packet

 

Well that wraps up this blog on exam objective 2.1.

Check out part 6 covering objective 2.2 – Layer 2 Bridging.

Thanks for reading.

Be Social, please share!