Hello everyone, hope the Part 1 was useful. Lets move on to the Hardware VTEP Gateway configuration on the S5048-ON ToR switches and validation.
Setting up the NSX Replication Cluster for ToR VTEPs
We need to set up a Replication Cluster in NSX which will take care of the BUM (Broadcast, Unknown Unicat and Multicast) traffic generated by the Hardware VTEPs. This is because NSX requires that the BUM traffic is handled in a compatible way like the Hypervisor VTEPs. Any BUM traffic generated by the Hypervisor VTEPs will be handled by the transport zone or logical switch control plane replication mode.
Enabing BFD on the ToR switches and NSX
VxLAN Instance configuration on S5048-ToR
Enable the VxLAN feature on the ToR switches using “feature vxlan” command. Configure the instance as below:
- Gateway IP refers to the VTEP IP Address which need to be reachable. Make sure that this IP is on a different network than the NSX Hypervisor VTEP IPs.
- Specify a controller instance IP and the port number (6640) for the ToR VTEP to establish a connection with the NSX Controllers.
Advertising VxLAN Access Ports to the Controller
Specify the VLAN ports on the ToR switch to be presented to NSX Controller. NSX Controller will then manage the VLAN mapping of these ports on ToR and as well as the VxLAN to VLAN mapping. For this demonstration, I will present a single port on ToR1 (orphan port)
Generating Self-Signed Certificate on the ToR VTEPs
Communication between the NSX Controller and Hardware VTEPs are via a secure channel. This requires a self-signed certificate to establish the connection
Use this command to generate a self-signed certificate: crypto cert generate self-signed cert-file flash://vtep-cert.pem key-file flash://vtep-privkey.pem
Repeat the procedure on ToR2 as well.
Adding ToR VTEPs to NSX
Navigate to the UI location as shown in the image. Add both the ToR VTEPs using the certificate thumbprint that you generated in the above step.
Once the connection is established, the status should change to up.
Verifying the Connection with Controller Cluster
This shows that both ToR VTEPs established secure connections with all the 3 controller nodes.
Verifying the BFD status with the replication cluster
This shows the VxLAN Tunnels established with the replication cluster nodes and the BFD status.
Verifying the NSX Manager state information
These are some of the commands to be executed from inside the NSX Manager.
Verifying the Controller state information
These are some additional commands to be executed from a node in the controller cluster.
Managing Hardware Bindings on the Logical Switch
On the logical switch which was created as a shared bridged segment, add the ToR switchports that were earlier advertised to the NSX Controllers.
Now we have this logical switch L2 stretched over to VLAN 60 on ports Tf1/20 on the ToR switches. This means that any VMs on the virtual cluster on this logical VxLAN segment will have L2 connectivity to the physical storage lake connected over to ports Tf1/20 on the ToR switches.
Verifying the VxLAN VNID – VLAN mapping on the S5048-ON ToR switches
Hope the article was informative. Thanks for reading.