VCIX-NV Objective 2.1 – Create and Manage Logical Switches

NSX 0 Comment

Recovering from dual hernia surgery and changing job roles…….it’s me and I’m back. Moving back into the Blueprint, we are working on Objective 2.1 – Create and Manage Logical Switches. We will be covering the following points in this blog post.

  • Create and Delete Logical Switches
  • Assign and configure IP addresses
  • Connect a Logical Switch to an NSX edge
  • Deploy services on a Logical Switch
  • Connect/Disconnect virtual machines to/from a Logical Switch
  • Test Logical Switch connectivity

First it would probably be appropriate to make sure that we know what a logical switch can do. Just like its physical counterpart, an NSX switch can create a logical broadcast domain and segment. This keeps broadcasts from one switch from spilling over to another and saving network bandwidth. Feasibly you can argue that the network bandwidth is a bit more precious than real network bandwidth because it requires not only real network bandwidth but also requires processing on the side of the hosts (whereas normal network bandwidth would be processed by the ASIC on the physical network switch).

A logical switch is mapped to a unique VXLAN which then encapsulates the traffic and carries it over the physical network medium. The NSX controllers are the main center where all the logical switches are managed.

In order to add a logical switch, you must obviously have all the needed components setup and installed (NSX manager, controllers, etc) I am guessing you have already done that.

  1. In the vSphere Web Client, navigate to Home > Networking & Security > Logical Switches.
  2. If your environment has more than one NSX Manager, you will need to select the one you wish to create the switch on, and if you are creating a Universal Logical Switch, you will need to select the primary NSX Manager.
  3. Click on the green ‘+’ symbol.
  4. Give it a name and optional description
  5. Select the transport zone where you wish this logical switch to reside. If you select a Universal Transport Zone, it will create a Universal Logical Switch.
  6. You can click Enable IP Discovery if you wish to enable ARP suppression. This setting is enabled by default. This setting will minimize ARP flooding on this segment.
  7. You can click Enable MAC learning if you have VMs that have multiple MAC addresses or Virtual NICs that are trunking VLANs.

The next point, assign and configure IP addresses, is a bit confusing. There is no IP address you can “assign” to just the logical switch. There is no interface on the switch itself. What I am guessing they meant to say here was that you should be familiar with adding an Edge Gateway interface to a switch, and adding a VM to the switch. Both of these would in a roundabout way assign and configure a subnet or IP address to a logical switch. That’s the only thing I can think of anyways.

The next bullet point is, connecting a logical switch to an NSX Edge. This is done quickly and easily.

  1. While you are in the Logical Switches section (Home > Networking & Security > Logical Switches), you would then click on the switch you want to add the Edge device to.
  2. Next, click the Connect an Edge icon.
  3. Select the Edge device that you wish to connect to the switch.
  4. Select the interface that you want to use.
  5. Type a name for the interface
  6. Select whether the link will be internal or uplink
  7. Select the connectivity status. (Connected or not)
  8. If the NSX Edge you are connecting has Manual HA Configuration selected, you will need to input both management IP addresses in CIDR format.
  9. Optionally, edit the MTU
  10. Click Next and then Finish

The next bullet point covers deploying services on a logical switch. This is accomplished easily by:

  1. Click on Networking & Security and then click on Logical Switches.
  2. Select the logical switch you wish to deploy services on.
  3. Click on the Add Service Profile Icon.
  4. Select the service and service profile that you wish to apply.

There is an important caveat here, the icon will not show up unless you have already installed the third party virtual appliance in your environment. Otherwise your installation will look like mine and not have that icon.

The next bullet point, Connecting and Disconnecting VMs from a Logical Switch is also simply done.

  1. While in the Logical Switch section (kind of a theme here huh?), right click on the switch you wish to add the VM to.
  2. You have the option to Add or Remove VMs from that switch – as shown here in the pic

The final point, testing connectivity, can be done numerous ways. The simplest way would just be to test a ping from one VM to another. This could be done on pretty much any VM with an OS on it. You can even test connectivity between switches (provided there is some sort of routing setup between them. If you only had one VM on that segment (switch) but you had a Edge on it as well, you could pin the Edge interface from the VM as well. There are many ways to test connectivity. And with that, this post draws to a close. I will be back soon with the next Objective Point 2.2 Configure and Manage Layer 2 Bridging.