Nest Lab Tech Doc 2.6
Nest Lab Tech Doc 2.6
Nest Lab Tech Doc 2.6
HOW TO BUILD A
NESTED NSX-T 2.3 LAB
Explore the features and capabilities of
VMware NSX-T
Table of Contents
INTRO: WHY BUILD A NESTED NSX-T LAB? ..................................... 3
WHAT WE ARE GOING TO DEPLOY..................................................... 3
1. GETTING STARTED............................................................................ 4
2. DEPLOY AND CONFIGURE VCENTER SERVER APPLIANCE 6.5U1
.................................................................................................................. 5
3. DEPLOY AND CONFIGURE 3 X NESTED ESXI 6.5U2 VIRTUAL
APPLIANCE VMS .................................................................................... 5
4.DEPLOY NSX-T MANAGER, 1 X CONTROLLER & 1 X EDGE .......... 7
5. DEPLOY THE NSX-T CONTROLLER ................................................. 8
6. DEPLOY AN NSX-T EDGE.................................................................. 9
7. CONFIGURE NSX-T .......................................................................... 11
8. VIRTUAL NETWORKING .................................................................. 18
9. SECURITY, THE DISTRIBUTED FIREWALL (DFW) ........................ 23
2. Deploying NSX-T
• NSX-T Manager, 1 x Controller & 1 x Edge and
setup both the Management and Control
Cluster Plane
• Configure NSX-T with IP Pool, Transport Zone,
add vCenter Server as Compute Manager,
Create Logical Switch, Prepare ESXi hosts,
Create Uplink Profile & Add configure ESXi
hosts as a Transport Node
1. Getting started
I like to start with a list of DNS names and IP addresses for each
item that I’m going to create and add these names and IP in my
DNS server, so I know they are ready as I deploy them.
To deploy an Edge:
• From the main menu, select Fabric, then select
Nodes.
• Select Add Edge VM
• Provide a name, hostname and form factor of small
• Next
• Provide CLI and root password credentials
• Next
• I select the same Compute Manager that I used to
deploy the Controller
• Select the Cluster and Datastore
• Next
• For IP Assignment, select Static and provide the
Management IP with the netmask and the Default
Gateway. This interface will only be used for
managing the Edge and not used for network routing.
In this example it’s 192.168.1.139/24
• The Management Interface is nsxt-mgmt.
• The data paths are additional Edge interfaces, which
will be used for network routing.
o #1 set to nsxt-mgmt
o #2 set to nsxt-mgmt
o #3 set to nsxt-nested
7. Configure NSX-T
I’m going to use the Getting Started Setup Wizard to deploy
NSX-t to my nested hosts. The Getting Started wizard helps
you prepare ESXi Hosts, KVM Hosts, and NSX Edge VMs for
NSX deployment. A successful deployment results in a
Transport Node(s) for your traffic needs. You can use wizard
multiple times to perform other configuration tasks.
Note: I don’t like the Transport Node names being the auto
generated GUID, so I changed them by selecting the
Transport Node ID name, then selecting Edit, and change the
8. Virtual Networking
• Click Add
Firewall Section
Firewall sections are used to group a set of firewall rules. A
firewall section can be made up of one or more individual
firewall rules. Let’s create a section for our application.
First rule
• Name, Any to Web
• Source, Any
• Destination, select to Edit Rule Destination
o Object Type, select Logical Switch
o Highlight Web-LS
o Click OK
Second Rule
• Name, Web to App
• Source, Select the Web-LS logical switch
• Destination, select to Edit Rule Destination
• Object type: IP Set
• At the bottom, I select Create New IP Set
o Name: App IPs
o Address, select Add, Enter our App-01 VM IP,
172.16.120.11
o Click OK
• Click OK
When I’m competed with all the rules, it should look like this:
VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com
Copyright © 2018 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by
one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. and its subsidiaries in the United States and
other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.