VMware NSX 6.2: From zero to full deployment

VMware NSX is the SDDC technology of the future. What ESX was once for Servers, NSX is now for Networks. I highly encourage everyone to make yourselves familiar with this technology. NSX with all its features is quite complex, but the entry point is quite simple and requires only basic vSphere and networking skills. This beginners guide explains how to deploy NSX in your homelab even with limited physical ressources by downsizing NSX Manager and NSX Controller VMs. The guide starts at zero and quickly explains how to deploy NSX and connect your first Virtual Machine to a VXLAN based logical switch that is able to communicate to the physical world through an NSX Edge Gateway.

What do you need to create the Lab?

  • vCenter 6 with some physical ESXi Hosts
  • vSphere Distributed Switch (dvSwitch)
  • NSX Manager Appliance (Download: NSX 6.2.2)
  • There is no special physical Switch requirement

This guide is not intended as a comprehensive guide to fully understand all aspects of NSX. It’s just a quick deployment guide with some tweaks for low resource Homelabs.

  1. Prepare your vSphere Platform (vCenter Server Appliance, ESXi Hosts, Cluster and dvSwitch).  I recommend to update everything to the latest version available, which is currently vSphere 6.0 Update 2 and NSX 6.2.2.
  2. Configure a NTP Server for ESXi Hosts and the vCenter Server to ensure time consistency.
  3. Deploy the NSX Manager Appliance, provided as OVA (Download: NSX 6.2.2). The deployment wizard is pretty straightforward, nothing special here if you have ever deployed a template. Make sure to configure a NTP Server, and enable SSH.
  4. The NSX Manager is preconfigured with 4 vCPU and 16GB Memory. That might be a little oversized for a tiny homelab. If your hardware has limited resources, shutdown the NSX Manager and reduce the configured resources. 2 vCPU and 8 GB Memory should be possible without any impact (Of course, this is not supported by VMware). However, you can set it even lower but keep an eye on the memory consumption. You can check it by logging in to the NSX Manager with SSH (password set during ova deployment) and run the command “show system memory”:
    nsx-manager-show-system-memory
  5. The NSX Manager needs to be registered with the vCenter Server. Open the NSX Manager with a browser and login as admin, with the password configured during the deployment.nsx-manager-webinterface-login
  6. Navigate to Manage vCenter Registration
    nsx-manager-webinterface-homescreen
  7. Configure the Lookup Service to the IP Address of your Platform Services Controller and the vCenter Server connection to your vCenter Server. For vCenters with an embedded PSC, the lookup service runs on the vCenter Server itself. The following information are required:
    – Lookup Service IP
    – Lookup Service Port (Default: 7444)
    – SSO Admin Credentials
    – vCenter Server Address (IP or DNS Name)
    – vCenter Server Admin CredentialsVerify that both Services are connected:
    nsx-manager-webinterface-configure-vcenter-connection
  8. Login to the vCenter Server Web Client. You should now see the Network & Security icon where NSX is configured. Open it:
    nsx-webclient-network-and-security-icon
  9. The first part of the configuration is to deploy NSX Controller nodes which are representing the Control Pane of NSX. NSX Controllers are Virtual Machines. At least 3 NSX Controllers are required for redundancy. Click the + symbol to deploy the first controller.
    nsx-installation-add-nsx-controller
  10. Select the options for the NSX Controller until the IP Pool configuration and click Select to select or create an IP Pool.
    nsx-installation-first-controller-configuration
  11. Click New IP Pool…
    nsx-installation-add-ip-pool
  12. Enter Network details. This should be the same layer 2 network as your vCenter Server, ESXi Hosts and NSX Manager. NSX Controllers are automatically configured with IP Addresses defined in the Static IP Pool. Configure the range with the number of IP Addresses you want to reserve for NSX Controllers.
    nsx-installation-add-static-ip-pool
  13. Finish the IP Pool configuration, select it and finish the Controller configuration:nsx-install-finish-controller-configuration
  14. Wait until the deployment has been finished.nsx-installation-deploying-nsx-controller
  15. Deploy 2 additional controllers in the same IP Pool and wait until all controller nodes are deployed and connected.
    nsx-installation-3-controllers-deployed
  16. NSX Controllers are preconfigured with 2 vCPU and 4GB Memory. For your tiny (unsupported) homelab you can also reduce NSX Controller resources, but this is a little bit more tricky because the “Edit settings” function is blocked by the vCenter. To disable vCenter Server protection you have to delete respective entries from the VPX_DISABLED_METHODS table. This method is also described by Tom Fojta.
    – SSH to the vCenter Server
    – Enable Bash
    – Connect to the vCenter Postgres Database
    – Identify Object IDs
    – Delete entries
    – Restart vCenter Server Service

    Command> shell.set --enabled True
    Command> shell
    vcsa:~ # /opt/vmware/vpostgres/current/bin/psql -U postgres
    psql.bin (9.3.9 (VMware Postgres 9.3.9.0-2921310 release))
    Type "help" for help.
    
    postgres=# \connect VCDB
    You are now connected to database "VCDB" as user "postgres".
    VCDB=# select * from VPX_DISABLED_METHODS;
     entity_mo_id_val |          method_name           | source_id_val | reason_id_val
    ------------------+--------------------------------+---------------+---------------
     vm-68            | vim.VirtualMachine.reconfigure | vShield_SVM   | vShield_SVM
     vm-81            | vim.VirtualMachine.reconfigure | vShield_SVM   | vShield_SVM 
     vm-82            | vim.VirtualMachine.reconfigure | vShield_SVM   | vShield_SVM 
    (1 rows)
    
    VCDB=# delete from VPX_DISABLED_METHODS where entity_mo_id_val = 'vm-68';
    DELETE 1
    VCDB=# delete from VPX_DISABLED_METHODS where entity_mo_id_val = 'vm-81';
    DELETE 1
    VCDB=# delete from VPX_DISABLED_METHODS where entity_mo_id_val = 'vm-82';
    DELETE 1
    VCDB=# select * from VPX_DISABLED_METHODS;
     entity_mo_id_val | method_name | source_id_val | reason_id_val
    ------------------+-------------+---------------+---------------
    (0 rows)
    postgres=# \q
    vcsa:~ # service-control --stop vmware-vpxd
    vcsa:~ # service-control --start vmware-vpxd

    nsx-install-unlock-VPX_DISABLED_METHODS-vcsa

  17. After the vCenter Server service has been restarted you should be able to edit NSX Controller Resources. It is possible to resize NSX Controllers to 2 GB without any major issues. If you want to go lower, verify memory consumption by logging in to the NSX Controller with SSH and run the command “show system statistics graph memory/memory-used:value”. Memory Usage here is 800MB:nsx-controller-memory-consumption
  18. Now you have to prepare ESXi Hosts to be compatible with NSX. Navigate to Network and Security > Installation > Host Preparation, select your Cluster and click Install. This will install 2 VIB on all ESXi hosts in the Cluster. The installation is completely transparent to virtual machines. Maintenance Mode is not required.
    nsx-host-preparation
  19. Refresh the vSphere Client to check the Status and wait until the installation has been finished.nsx-host-preparation-finished
  20. To allow ESXi hosts to talk to each other and to the physical network, they need Tunnel Endpoints (VTEP Interfaces). Click Not Configured in the VXLAN tab, configure VXLAN settings and add an IP Pool for VTEP interfaces. Make sure to size the IP Pool according to the number of ESXi Hosts:
    nsx-configure-vxlannsx-add-static-pool-for-vtep-interfaces
  21. Navigate to Network and Security > Installation > Logical Network Preparation > Segment ID, and configure the Segment ID pool to the Number of VXLANs your are planning to use:
    nsx-installation-logical-network-preparation
    nsx-edit-segment-ids
  22. To determine the replication boundaries of a VXLAN Network, a global transport zone is required. Navigate to Network and Security > Installation > Logical Network Preparation > Transport Zones, and click +
    nsx-installation-add-transport-zone
  23. Add a Global Transport Zone and set the Replication mode to Unicast. This setting allows NSX Controllers to talk to each other without any multicast requirements on physical switches. Select all clusters that needs to be part of the Transport Zone.nsx-installation-transport-zone-configuration
  24. Now the initial NSX configuration is finished and you are ready to configure the first Logical Switch. A Logical Switch is basically a VXLAN Network or Portgroup where Virtual Machines are connected to. Navigate to Network and Security > Logical Switches click +
    nsx-add-logical-switch
  25. Name the Logical Switch and set the replication mode to Unicast.
    nsx-add-logical-switch-configuration
  26. To connect the “virtual” Logical Switch beyond the VXLAN you need a NSX Edge. The Edge Gateway is a Virtual Machine with 2 network interfaces, one connected to the VXLAN and one connected to the outside network. The Edge Gateway acts as Router. Navigate to Network and Security > NSX Edge and click +nsx-add-edge-gateway
  27. Set the installation type to Edge Services Gateway and enter a namensx-edge-configuration-name
  28. Set Admin credentials and enable SSH.
    nsx-edge-configuration-settings
  29. Set the Appliance Size and configure the NSX Edge Appliance placementnsx-edge-configuration-deploymentnsx-edge-configuration-placementnsx-edge-configuration-deployment-finished
  30. Configure Edge Interfaces. Place one interface to your physical connected portgroup and a second to the internal Logical Switch.
    nsx-edge-inferfaces
    nsx-edge-outside-interface
    nsx-edge-outside-portgroup
    nsx-edge-internal-interface
    esx-edge-internal-logical-switch
  31. Finish the deployment wizard and wait until the deployment has been finished.
  32. The VXLAN is now connected to the physical network. For ease of use I am going to enable DHCP on the logical switch. Doubleclick the new edge gateway and open the DHCP tab.nsx-edge-dhcp-service
  33. Add DHCP Pool configurationnsx-edge-add-dhcp-pool
  34. Activate DHCP and publish changes.nsx-edge-enable-dhcp
  35. Navigate to Network and Security > Logical Switches and connect a Virtual Machine to the Logical Switch
    nsx-add-vm-to-logical-switch

Congratulations! You have successfully deployed NSX in your Homelab.

Leave a Reply

Your email address will not be published. Required fields are marked *