VMware NSX-T 2.

2: Install, Configure, Manage

Lab Topology

© 2018 VMware Inc. All rights reserved.

 Physical Layout
Controller Cluster

sa-nsxctrl-01: 172.20.10.46
Your Personal Desktop

Student Desktop NSX Manager vCenter Server vIDM Edge Node 1 Edge Node 2

sa-nsxmgr-01 sa-vcsa-01 sa-nsxvidm-01 sa-nsxedge-01 sa-nsxedge-02

student-a-01
172.20.10.41 172.20.10.94 172.20.10.39 172.20.10.61 172.20.10.62
172.20.10.80
vdc-<kitname>-a.vmeduc.com
(Green Desktop background)

sa-esxi-01 sa-esxi-02 sa-esxi-03 sa-esxi-04 sa-esxi-05 sa-kvm-01 sa-kvm-02

172.20.10.51 172.20.10.52 172.20.10.53 172.20.10.54 172.20.10.55 172.20.10.151 172.20.10.152

Management and Edge Cluster Compute Cluster

SA-Management-Edge SA-Compute-01

Storage:
SA-Shared-02-Remote
vMotion: 172.20.12.0/24 .10

SA-Production: 172.20.11.0/24 .10 Control Center

SA-Production Network
SA-Management: 172.20.10.0/24
.10 dc.vclass.local SA-Management Network
172.20.10.10
vMotion Network

Note: Only one controller is deployed in this lab environment. In a real production environment, three controllers must be deployed.

VMware NSX-T: Install, Configure, Manage 2

© 2018 VMware Inc. All rights reserved.
Logical Layout
172.20.0.0/24
Fence Network

.80 .10

Student Control
Desktop .80 172.20.10.0/24 .10 Center
SA-Management
.10
172.20.11.0/24
SA-Production
.1
VyOS
Router

.1
192.168.100.0/24
Edge Network
.2
T0-LR-01

172.16.10.0/24 T1-LR-01 172.16.30.0/24

Web-Tier DB-Tier
.1 .1

.1

Web-LS App-LS 172.16.20.0/24 DB-LS

App-Tier

.11 .12 .13 .11 .11

T1-Web-01 T1-Web-02 T1-Web-03 T1-App-01 T1-DB-01

VMware NSX-T: Install, Configure, Manage 3

© 2018 VMware Inc. All rights reserved.
IP Addressing (1)

Domain name: vclass.local

Device FQDN IP Address

Control Center dc.vclass.local 172.20.10.10 (mgmt.)
(DNS/DHCP/Routing) 172.20.0.10 (fence network)
172.20.11.10 (sa-production)
Student Desktop student-a-01 172.20.10.80
vCenter Server sa-vcsa-01 172.20.10.94
VMware Identity Manager sa-nsxvidm-01 172.20.10.39

VMware NSX-T: Install, Configure, Manage 4

© 2018 VMware Inc. All rights reserved.
IP Addressing (2)

Device FQDN IP Address

Host ESXi 01 sa-esxi-01 172.20.10.51
Host ESXi 02 sa-esxi-02 172.20.10.52
Host ESXi 03 sa-esxi-03 172.20.10.53
Host ESXi 04 sa-esxi-04 172.20.10.54
Host ESXi 05 sa-esxi-05 172.20.10.55
Host KVM 01 sa-kvm-01 172.20.10.151
Host KVM 02 sa-kvm-02 172.20.10.152

Domain name: vclass.local

VMware NSX-T: Install, Configure, Manage 5

© 2018 VMware Inc. All rights reserved.
IP Addressing (3)

Device FQDN IP Address

NSX Manager sa-nsxmgr-01 172.20.10.41
NSX Controller 1 sa-nsxctrl-01 172.20.10.46
NSX Edge 1 sa-nsxedge-01 172.20.10.61
NSX Edge 2 sa-nsxedge-02 172.20.10.62
Upstream Vyos Router sa-vyos-01 172.20.10.1 (mgmt.)
172.20.11.1 (sa-production)
192.168.100.1 (ECMP link 1)
192.168.110.1 (ECMP link 2)

VMware NSX-T: Install, Configure, Manage 6

© 2018 VMware Inc. All rights reserved.
IP Addressing (4)

Device FQDN IP Address Gateway

Web Tier VM 1 T1-web-01 172.16.10.11 172.16.10.1
Web Tier VM 2 T1-web-02 172.16.10.12 172.16.10.1
Web Tier VM 3 T1-web-03 172.16.10.13 172.16.10.1
App Tier VM T1-app-01 172.16.20.11 172.16.20.1
DB Tier VM T1-db-01 172.16.30.11 172.16.30.1
Ubuntu Test VM 1 Ubuntu-01a Variable Variable
Ubuntu Test VM 2 Ubuntu-02a Variable Variable

Address Pool Address Range Subnet Mask Gateway

TEP-IP-Pool 172.20.11.151 – 170 /24 172.20.11.10

VMware NSX-T: Install, Configure, Manage 7

© 2018 VMware Inc. All rights reserved.
Login Credentials

Device Login Name Password

Windows VM vclass\Admininstrator VMware1!
vCenter Server administrator@vsphere.local VMware1!
ESXi Host root VMWare1!
KVM Host vmware VMware1!
VyOS Router vmware VMware1!
NSX Manager admin VMware1!
NSX Controller admin VMware1!
NSX Edge admin VMware1!
VMware Identity Manager admin VMware1!
3-Tier Tenant VM root VMware1!

VMware NSX-T: Install, Configure, Manage 8

© 2018 VMware Inc. All rights reserved.
Lab 1 Reviewing the Configuration of the Predeployed NSX Manager Instance
vCenter Server Control Center VyOS Router Student Desktop

Control
Center

sa-vcsa-01 sa-vyos-01 student-a-01.vclass.local

dc.vclass.local
172.20.10.94 172.20.10.10 172.20.10.1 172.20.10.80

Edge
Cluster

Management TEP Network nsxedge-01

Network 172.20.11.0/24
172.20.10.0/24
NSX Manager
sa-nsxmgr-01
T1-DB-01
172.20.10.41

nsxedge-02

T1-Web-03
Control Cluster

KVM Hosts NSX Controller

(Compute Cluster) nsxctrl-01

Ubuntu-01
T1-App-01
Ubuntu-02
ESXi Hosts
T1-Web-01 T1-Web-02
(Management & Edge Cluster)

ESXi Hosts
(Compute Cluster)

Note: No topology diagrams are needed for labs

© 2018 VMware Inc. All rights reserved.
19,
VMware 22Install,
NSX-T: andConfigure,
23. Manage 9
Deploying the NSX Control Cluster

NSX Manager
sa-nsxmgr-01
172.20.10.41

NSX Controller
nsxctrl-01
172.20.10.46

ESXi Hosts
(Management & Edge Cluster)

Your NSX Controller nsxctrl-01 can be deployed on any ESXi host in the Management & Edge Cluster, depending on the
available resource on each host.

For this lab environment, you create a single-node controller cluster. In a production environment, a three-node cluster
must be deployed to provide redundancy and HA.
VMware NSX-T: Install, Configure, Manage 10
© 2018 VMware Inc. All rights reserved.
Lab 3 Preparing the NSX Infrastructure
KVM Hosts
(Compute Cluster)

Management
172.20.10.151 Network TEP Network
172.20.10.0/24 172.20.11.0/24

T1-DB-01

T1-Web-03

172.20.10.152

Ubuntu-01 Ubuntu-02
T1-App-01
T1-Web-01 T1-Web-02

172.20.10.54 172.20.10.55

TEP IP Pool: 172.20.11.151 - .170 ESXi Hosts

(Compute Cluster)
Transport Zone: Global-Overlay-TZ

VMware NSX-T: Install, Configure, Manage 11

© 2018 VMware Inc. All rights reserved.
Managing Users and Roles with VMware Identity Manager

NSX Manager
sa-nsxmgr-01
172.20.10.41

Identity Manager
sa-nsxvidm-01
172.20.10.39

NSX Controller
nsxctrl-01
172.20.10.46

ESXi Hosts
(Management & Edge Cluster)

VMware NSX-T: Install, Configure, Manage 12

© 2018 VMware Inc. All rights reserved.
Lab 5 Configuring Logical Switching

T1-LR-01

172.16.10.0/24 172.16.30.0/24
Web-Tier DB-Tier
.1 .1

172.16.20.0/24
App-Tier

.1
Web-LS
App-LS DB-LS
.11 .12 .13 .11
.11

T1-Web-01 T1-Web-02 T1-Web-03 T1-App-01 T1-DB-01

VMware NSX-T: Install, Configure, Manage 13

© 2018 VMware Inc. All rights reserved.
Lab 6 Using Network I/O Control to Allocate Network Bandwidth

Web-LS

Web-Tier

test.img

Ubuntu-01a Ubuntu-02a
172.16.10.17 172.16.10.18

ESXi Host ESXi Host

Transport Node: sa-esxi-0X.vclass.local Transport Node: sa-esxi-0Y.vclass.local

NIOC Profile: Limit-VM-Traffic NIOC Profile: Limit-VM-Traffic

Note: The Ubuntu VMs should be on two different ESXi hosts in the Compute cluster.

VMware NSX-T: Install, Configure, Manage 14

© 2018 VMware Inc. All rights reserved.
Lab 7 Configuring Guest VLAN Tagging

GVLAN-LS
(VLAN 10)

Transport Zone: Global-Overlay-TZ

Subinterface Subinterface
192.168.1.1 192.168.1.2
(VLAN 10) (VLAN 10)

Ubuntu-01a Ubuntu-02a
172.16.40.11 172.16.40.12

VMware NSX-T: Install, Configure, Manage 15

© 2018 VMware Inc. All rights reserved.
Lab 8 Deploying and Configuring NSX Edge Nodes
Edge Cluster

NSX Manager
sa-nsxedge-01 sa-nsxmgr-01
172.20.10.41
172.20.10.61

Identity Manager
sa-nsxedge-02 sa-nsxvidm-01
172.20.10.62 172.20.10.39

NSX Controller
nsxctrl-01
172.20.10.46

ESXi Hosts
(Management & Edge Cluster)

VMware NSX-T: Install, Configure, Manage 16

© 2018 VMware Inc. All rights reserved.
Lab 9 Configuring Tier-1 Logical Routing

T1-LR-1

T1-LR-Web-RP T1-LR-App-RP
172.16.10.1 172.16.30.1

T1-LR-App-RP
172.16.10.0/24 172.16.20.0/24 172.16.30.0/24
172.16.20.1
Web-Tier App-Tier DB-Tier

Web-LS App-LS DB-LS

.11 .12 .13 .11 .11

T1-Web-01 T1-Web-02 T1-Web-03 T1-App-01 T1-DB-01

VMware NSX-T: Install, Configure, Manage 17

© 2018 VMware Inc. All rights reserved.
Lab 10 Configuring Tier-0 Logical Routing
Student Control Vyos
Desktop Center Router
172.20.10.0/24 172.20.11.0/24
.80 .10 .10 .1

192.168.100.1 192.168.110.1
BGP AS 200

BGP AS 100
Uplink-LS-1 Uplink-LS-2

Uplink-1-RP Uplink-2-RP
192.168.100.2 192.168.110.2
T0-LR

100.64.x.x/31
T1-LR-1
T1-LR-Web-RP T1-LR-App-RP
172.16.10.1 172.16.30.1

172.16.10.0/24 172.16.20.0/24 T1-LR-App-RP 172.16.30.0/24

Web-Tier App-Tier 172.16.20.1 DB-Tier

Web-LS App-LS DB-LS

VMware NSX-T: Install, Configure, Manage 18

© 2018 VMware Inc. All rights reserved.
Lab 11 Configuring Equal Cost Multi-Pathing
Student Control Vyos
Desktop Center Router
172.20.10.0/24 172.20.11.0/24
.80 .10 .10 .1
192.168.100.1 192.168.110.1
BGP AS 200

BGP AS 100
Uplink-LS-1 Uplink-LS-2
ECMP

Uplink-1-RP Uplink-2-RP
192.168.100.2 192.168.110.2
T0-LR

100.64.x.x/31
T1-LR-1
T1-LR-Web-RP T1-LR-App-RP
172.16.10.1 172.16.30.1

172.16.10.0/24 172.16.20.0/24 T1-LR-App-RP 172.16.30.0/24

Web-Tier App-Tier 172.16.20.1 DB-Tier

Web-LS App-LS DB-LS

VMware NSX-T: Install, Configure, Manage 19

© 2018 VMware Inc. All rights reserved.
Lab 12 Configuring Centralized Ports
Student Control Vyos
Desktop Center Router
172.20.10.0/24 172.20.11.0/24
.80 .10 .10 .1

192.168.100.1 192.168.110.1

T0-LR

Edge Cluster-01
T1-LR-1
CP-T1-Overlay T1-LR-App-RP
172.16.50.1 172.16.30.1

T1-LR-Web-RP T1-LR-App-RP
172.16.10.1 172.16.20.1

CP-T1-Port
-Overlay

CP-LS-Overlay Web-LS App-LS DB-LS

.11 .12 .13 .11 .11

172.16.50.12
Ubuntu-02a T1-Web-01 T1-Web-02 T1-Web-03 T1-App-01 T1-DB-01

VMware NSX-T: Install, Configure, Manage 20

© 2018 VMware Inc. All rights reserved.
Lab 13 Configuring Network Address Translation
Student Control Vyos
Desktop Center Router
172.20.10.0/24 172.20.11.0/24
.80 .10 .10 .1

192.168.100.1 192.168.110.1

T0-LR
Edge Cluster-01

T1-LR-1 T1-LR-2-NAT

NAT Translated IP
80.80.80.1

172.16.101.1
NAT-LS-RP

NAT-LS
172.16.101.0/24

T2-NAT-01
172.16.10.0/24 172.16.20.0/24 172.16.30.0/24
172.16.101.11
Web-LS App-LS DB-LS

VMware NSX-T: Install, Configure, Manage 21

© 2018 VMware Inc. All rights reserved.
Lab 14 Configuring Load Balancing
Student Control Vyos
Desktop Center Router
172.20.10.0/24 172.20.11.0/24
.80 .10 .10 .1
192.168.100.1 192.168.110.1

T0-LR

T1-LR-1

Web-LB

Web-Pool Backup Pool

Web-LS

Virtual Server: Web-VIP

T1-Web-01 T1-Web-02 VIP: 192.168.100.7 T1-Web-03
172.16.10.11 172.16.10.12 Service: HTTP
172.16.10.13

VMware NSX-T: Install, Configure, Manage 22

© 2018 VMware Inc. All rights reserved.
Lab 15 Configuring NSX Distributed Firewall

T1-LR-1

172.16.10.0/24 172.16.20.0/24 172.16.30.0/24

Web-LS App-LS DB-LS

Allow Intra-tier HTTP traffic

Allow Inter-tier SSH traffic Allow Inter-tier MySQL traffic

Default Layer 3 Rule: Drop all traffic

VMware NSX-T: Install, Configure, Manage 23

© 2018 VMware Inc. All rights reserved.
Lab 16 Configuring NSX Edge Firewall
Student Control Vyos
Desktop Center Router
172.20.10.0/24 172.20.11.0/24
.80 .10 .10 .1

192.168.100.1 192.168.110.1

T0-LR

Block SSH from Outside X

T1-LR-1
Web-Tier App-Tier

172.16.10.0/24 172.16.20.0/24
Web-LS App-LS

VMware NSX-T: Install, Configure, Manage 24

© 2018 VMware Inc. All rights reserved.
Lab 17 Configuring SpoofGuard

T1-LR-1

Web-LS
T1-SpoofGuard-Profile

X
X

T1-Web-01 T1-Web-02 T1-Web-03 T1-Web-03

172.16.10.11 172.16.10.12 172.16.10.13 172.16.10.14
00:50:56:ae:1d:9d 00:50:56:ae:92:cd 00:23:20:43:72:E6 00:23:20:43:72:E6

VMware NSX-T: Install, Configure, Manage 25

© 2018 VMware Inc. All rights reserved.
Lab 18 Configuring Syslog

Student Desktop
student-a-01.vclass.local
172.20.10.80
Syslog
Server

NSX Manager
NSX Controller Edge Node 1 Edge Node 2

sa-nsxctrl-01 sa-nsxmgr-01 sa-nsxedge-01 sa-nsxedge-02

172.20.10.46 172.20.10.41 172.20.10.61 172.20.10.62

VMware NSX-T: Install, Configure, Manage 26

© 2018 VMware Inc. All rights reserved.
Lab 20 Configuring Logical SPAN for Port Mirroring

SA-Compute-01 Cluster

sa-esxi-0X.vclass.local sa-esxi-0Y.vclass.local
172.16.40.0/24
Host Web-Tier Host
Web-LS

.13 .11 .12

TCPDUMP

T1-Web-01 Ubuntu-01a Ubuntu-02a

Web-Tier-Logical-SPAN Web-Tier-Logical-SPAN
SOURCE DESTINATION

VMware NSX-T: Install, Configure, Manage 27

© 2018 VMware Inc. All rights reserved.
Lab 21 Configuring ERSPAN for Remote Mirroring across IP Networks

Student Desktop

Wireshark Control
.80 172.20.10.0/24 .10 Center
SA-Management
.10
Web01-ERSPAN 172.20.11.0/24
DESTINATION SA-Production
.1
VyOS
Router
.1
192.168.100.0/24
.2 Edge Network
T0-LR-01

T1-LR-01

Web-Tier 172.16.10.0/24 Web-LS

.11 .12

T1-Web-01 T1-Web-02
Web01-ERSPAN
SOURCE

VMware NSX-T: Install, Configure, Manage 28

© 2018 VMware Inc. All rights reserved.
 Note: No topology diagrams are needed for labs 19, 22 and 23.

VMware NSX-T: Install, Configure, Manage 29

© 2018 VMware Inc. All rights reserved.