VMware NSX 6.

2 Beginners Guide - From Zero to Full

Deployment for Labs
Posted by fgrehl on April 29, 2016 Leave a comment (16) Go to comments

VMware NSX is the SDDC technology of the future. What ESX was
once for Servers, NSX is now for Networks. I highly encourage everyone to make yourselves familiar
with this technology. NSX with all its features is quite complex, but the entry point is quite simple and
requires only basic vSphere and networking skills. This beginners guide explains how to deploy NSX
in your homelab even with limited physical ressources by downsizing NSX Manager and NSX
Controller VMs. The guide starts at zero and quickly explains how to deploy NSX and connect your
first Virtual Machine to a VXLAN based logical switch that is able to communicate to the physical
world through an NSX Edge Gateway.
What do you need to create the Lab?
• vCenter 6 with some physical ESXi Hosts
• vSphere Distributed Switch (dvSwitch)
• NSX Manager Appliance (Download: NSX 6.2.2)
• There is no special physical Switch requirement
This guide is not intended as a comprehensive guide to fully understand all aspects of NSX. It's just a
quick deployment guide with some tweaks for low resource Homelabs.
1. Prepare your vSphere Platform (vCenter Server Appliance, ESXi Hosts, Cluster and dvSwitch).
I recommend to update everything to the latest version available, which is currently vSphere
6.0 Update 2 and NSX 6.2.2.
2. Configure a NTP Server for ESXi Hosts and the vCenter Server to ensure time consistency.
3. Deploy the NSX Manager Appliance, provided as OVA (Download: NSX 6.2.2). The
deployment wizard is pretty straightforward, nothing special here if you have ever deployed a
template. Make sure to configure a NTP Server, and enable SSH.
4. The NSX Manager is preconfigured with 4 vCPU and 16GB Memory. That might be a little
oversized for a tiny homelab. If your hardware has limited resources, shutdown the NSX
Manager and reduce the configured resources. 2 vCPU and 8 GB Memory should be possible
without any impact (Of course, this is not supported by VMware). However, you can set it even
lower but keep an eye on the memory consumption. You can check it by logging in to the NSX
Manager with SSH (password set during ova deployment) and run the command "show system
memory":

5. The NSX Manager needs to be registered with the vCenter Server. Open the NSX Manager with
a browser and login as admin, with the password configured during the deployment.
6. Navigate to Manage vCenter Registration
7. Configure the Lookup Service to the IP Address of your Platform Services Controller and the
vCenter Server connection to your vCenter Server. For vCenters with an embedded PSC, the
lookup service runs on the vCenter Server itself. The following information are required:
- Lookup Service IP
- Lookup Service Port (Default: 7444)
- SSO Admin Credentials
- vCenter Server Address (IP or DNS Name)
- vCenter Server Admin CredentialsVerify that both Services are connected:
8. Login to the vCenter Server Web Client. You should now see the Network & Security icon
where NSX is configured. Open it:

9. The first part of the configuration is to deploy NSX Controller nodes which are representing the
Control Pane of NSX. NSX Controllers are Virtual Machines. At least 3 NSX Controllers are
required for redundancy. Click the + symbol to deploy the first controller.
10.Select the options for the NSX Controller until the IP Pool configuration and click Select to
select or create an IP Pool.

11.Click New IP Pool...

12.Enter Network details. This should be the same layer 2 network as your vCenter Server, ESXi
Hosts and NSX Manager. NSX Controllers are automatically configured with IP Addresses
defined in the Static IP Pool. Configure the range with the number of IP Addresses you want to
reserve for NSX Controllers.

13.Finish the IP Pool configuration, select it and finish the Controller configuration:
14.Wait until the deployment has been finished.

15.Deploy 2 additional controllers in the same IP Pool and wait until all controller nodes are
deployed and connected.

16.NSX Controllers are preconfigured with 2 vCPU and 4GB Memory. For your tiny
(unsupported) homelab you can also reduce NSX Controller resources, but this is a little bit
more tricky because the "Edit settings" function is blocked by the vCenter. To disable vCenter
Server protection you have to delete respective entries from the VPX_DISABLED_METHODS
table. This method is also described by Tom Fojta.
- SSH to the vCenter Server
- Enable Bash
- Connect to the vCenter Postgres Database
- Identify Object IDs
- Delete entries
- Restart vCenter Server Service
Command> shell.set --enabled True
Command> shell
vcsa:~ # /opt/vmware/vpostgres/current/bin/psql -U postgres
psql.bin (9.3.9 (VMware Postgres 9.3.9.0-2921310 release))
Type "help" for help.

postgres=# \connect VCDB

You are now connected to database "VCDB" as user "postgres".
VCDB=# select * from VPX_DISABLED_METHODS;
entity_mo_id_val | method_name | source_id_val |
reason_id_val
------------------+--------------------------------+---------------
+---------------
vm-68 | vim.VirtualMachine.reconfigure | vShield_SVM |
vShield_SVM
vm-81 | vim.VirtualMachine.reconfigure | vShield_SVM |
vShield_SVM
vm-82 | vim.VirtualMachine.reconfigure | vShield_SVM |
vShield_SVM
(1 rows)

VCDB=# delete from VPX_DISABLED_METHODS where entity_mo_id_val = 'vm-68';

DELETE 1
VCDB=# delete from VPX_DISABLED_METHODS where entity_mo_id_val = 'vm-81';
DELETE 1
VCDB=# delete from VPX_DISABLED_METHODS where entity_mo_id_val = 'vm-82';
DELETE 1
VCDB=# select * from VPX_DISABLED_METHODS;
entity_mo_id_val | method_name | source_id_val | reason_id_val
------------------+-------------+---------------+---------------
(0 rows)
postgres=# \q
vcsa:~ # service-control --stop vmware-vpxd
vcsa:~ # service-control --start vmware-vpxd
17.After the vCenter Server service has been restarted you should be able to edit NSX Controller
Resources. It is possible to resize NSX Controllers to 2 GB without any major issues. If you
want to go lower, verify memory consumption by logging in to the NSX Controller with SSH
and run the command "show system statistics graph memory/memory-used:value". Memory
Usage here is 800MB:

18.Now you have to prepare ESXi Hosts to be compatible with NSX. Navigate to Network and
Security > Installation > Host Preparation, select your Cluster and click Install. This will
install 2 VIB on all ESXi hosts in the Cluster. The installation is completely transparent to
virtual machines. Maintenance Mode is not required.
19.Refresh the vSphere Client to check the Status and wait until the installation has been finished.

20.To allow ESXi hosts to talk to each other and to the physical network, they need Tunnel
Endpoints (VTEP Interfaces). Click Not Configured in the VXLAN tab, configure VXLAN
settings and add an IP Pool for VTEP interfaces. Make sure to size the IP Pool according to the
number of ESXi Hosts:
21.Navigate to Network and Security > Installation > Logical Network Preparation >
Segment ID, and configure the Segment ID pool to the Number of VXLANs your are planning
to use:
22.To determine the replication boundaries of a VXLAN Network, a global transport zone is
required. Navigate to Network and Security > Installation > Logical Network Preparation >
Transport Zones, and click +

23.Add a Global Transport Zone and set the Replication mode to Unicast. This setting allows NSX
Controllers to talk to each other without any multicast requirements on physical switches. Select
 all clusters that needs to be part of the Transport Zone.

24.Now the initial NSX configuration is finished and you are ready to configure the first Logical
Switch. A Logical Switch is basically a VXLAN Network or Portgroup where Virtual Machines
are connected to. Navigate to Network and Security > Logical Switches click +

25.Name the Logical Switch and set the replication mode to Unicast.
26.To connect the "virtual" Logical Switch beyond the VXLAN you need a NSX Edge. The Edge
Gateway is a Virtual Machine with 2 network interfaces, one connected to the VXLAN and one
connected to the outside network. The Edge Gateway acts as Router. Navigate to Network and
Security > NSX Edge and click +

27.Set the installation type to Edge Services Gateway and enter a name
28.Set Admin credentials and enable SSH.
29.Set the Appliance Size and configure the NSX Edge Appliance placement
30.Configure Edge Interfaces. Place one interface to your physical connected portgroup and a
second to the internal Logical Switch.
31.Finish the deployment wizard and wait until the deployment has been finished.
32.The VXLAN is now connected to the physical network. For ease of use I am going to enable
DHCP on the logical switch. Doubleclick the new edge gateway and open the DHCP tab.
33.Add DHCP Pool configuration
34.Activate DHCP and publish changes.
 35.Navigate to Network and Security > Logical Switches and connect a Virtual Machine to the
Logical Switch

Congratulations! You have successfully deployed NSX in your Homelab. The Virtual Machine can
communicate with the physical network through the Edge Gateway.