In Part 4 of this series we will start deploying some Logical Switches. The focus of this series in walking administrators through performing tasks in the NSX environment. Details on how Logical Switching functions can be found here within the NSX Compendium. The series has so far enable us to install and prepare NSX. We have deployed the controllers, associated the manager and built the VMkernel interfaces for VXLAN communications. It is time now to build out some logical switching. The term logical switch, virtual segment, network segment or vWire can or will be used interchangeably. Under the Network and Security plugin within vCenter click on the Logical Switches menu. You will note that there is a blank window with no fields filled. Lets populate our first logical switches. For our above topology we need four logical switches. They are:
- Transport Network
- Web Logical Switch
- App Logical Switch
- Database Logical Switch
The Transport network logical switch forms a point to point network between the uplink of the logical router and the internal interface NSX edge. To deploy a Logical Switch, click the Green plus. Populate the fields required. Note the Transport Zone is the previously configured Transport Zones assigned to clusters within the NSX domain.
It is possible to isolate customers and create varying overlapping control planes providing potential isolation. It is possible to change the way the VTEP replication works for the control plane on a per switch level independent to global transport zone.
Repeat this for the three tiers and the Transport Network. Notice the Segment ID increment. We set the range as 5000-5999 earlier and these were the first logical switches we made. Now we have made our switches it is time to attach our workload. Click the little plus icon with three blue boxes.
Attach the Virtual Machines associated with the network segment you want to put them on.
The next screen prompts the administrator to select which vNICs associated to the VM need to be attached to the logical network segment. Now the infamous ping test.
There is connectivity between two VM’s on different hosts with L2 adjacency. Whilst there is VXLAN encapsulation amongst hosts as far as the guest workloads are concerned they are only Layer 2 adjacent. The fact is that there is L3 encapsulation through the data centre and these workloads could be at opposite ends of a datacenter.
Don’t worry. The application used here is a three-tier working application with a functioning load balancer, VPN, Firewall, routing and more.
Stayed tuned. Routing, Firewalls, Load balancers and more NSX goodness to come.