Sam Walker

VCP-NV 6 Blueprint dissection - Section 4

Blog Post created by Sam Walker on Sep 15, 2015

Section 4 – Install and Upgrade VMware NSX

Objective 4.1 – Configure Environment for Network Virtualization

Configure the physical infrastructure (MTU, Dynamic Routing for edge, etc.)

MTU set to 1600 (1550 is the minimum, but 1600 recommended for additional VLAN headers in the IP packet).

For using hybrid or multicast replication methods:

  • Hybrid – IGMP Snooping on TOR Switches where multicast is enabled
  • Multicast – Multicast across entire network (as with previous non NSX deployments of a stretched L2 network

Prepare a new vSphere infrastructure

  • Ensure vSphere environment meets minimum requirements (vCenter 5.5, ESXi 5.0)
  • Ensure using properly designed clusters with HA and DRS
  • Ensure hosts and vCenter has forward and reverse DNS correctly configured.

o Configure Quality of Service (QoS)

o Configure Link Aggregation Control Protocol (LACP)

Configure an existing vSphere infrastructure

Ensure environment prerequisites are met (vCenter server 5.5, ESXi hosts 5.0+.  If features of later VDS are required, upgrade the vCenter, hosts, then VDS.  * The default settings for a vDS is to be the same as the vCenter version; i.e., vCenter 5.5 = vDS 5.5.


Follow NSX design principals around separate management & edge clusters, number of hosts in the mgmt cluster, network architecture (TRILL / Spine & Leaf fabric), VLANs being contained within a single rack, etc.

o Upgrade VMware Tools

Ensure VMware tools is at version 8.6 or later to enable additional guest introspection features (vShield Endpoint & data security).  This version of tools is released with ESXi 5.0 patch 3.

Also – VM hardware version 7 or 8.

Explain how IP address assignments work in VMware NSX

IP Pool – defined range of IPs


                                (see where used on below DHCP screenshot)




Identify minimum permissions required to deploy NSX in a vSphere environment

“You must have a vCenter Server user account with administrative access to synchronize NSX Manager with the vCenter Server . If your vCenter password has non-Ascii characters, you must change it before synchronizing the NSX Manager with the vCenter Server.”

  • The NSX Installation and Upgrade guide, P17


Objective 4.2 – Deploy VMware NSX Components

Install NSX Manager

Deploy OVA template, specify IP, NTP, credentials, etc

Register NSX Manager with vCenter Server

https://<nsxmgr>, login, ‘Manage vCenter Registration’, configure lookup service (https://lookupserver:443/lookupservice/sdk on vSphere 6, otherwise, port number is 7444), and the vCenter server (just IP on port 443).

 Install NSX License


Prepare ESXi hosts

Have to install the VIBs.  This is done through NSX Manager:


Deploy NSX Controllers


Deploy an odd number – 1,3,5, etc - recommendation is to deploy 3 with anti-affinity DRS rules (manually created).  Result = design of mgmt cluster has min 3 hosts.

Assign Segment ID pool and Multicast addresses

From 5000 to 16,777,216.  Keep within a sensible range, i.e., don’t specify all so it’s possible to separate deployments out with different VXLAN ID (if necessary). I.e., using multiple vCenter servers.


It is possible to use a range of 10000

Configure VXLAN Transport


Choice of three replication modes:

  • Multicast – still relies on multicast across the physical network; L2 IGMP Snooping and L3 PIM. Required if running 5.1 or earlier hosts.  This option is the most efficient of network bandwidth.
  • Unicast – no physical network changes required.   At each site, one host will act as a UTEP (Unicast Tunnel EndPoint) per VXLAN and to receive the frame and replicate it to all hosts that participate in that VXLAN.
  • Hybrid – No requirement for L3 PIM, but local multicast is enabled (so IGMP Snooping is a requirement). As with Unicast, there will be a nominated MTEP (Multicast Tunnel EndPoint) per site for cross-site communication.  This will receive the frame from cross-site and send it to the physical network to be re-distributed by Multicast.

Install NSX Edge


Install vShield Endpoint


Click ‘Next’, choose Datacenter, Cluster, storage, Mgmt Network and click on ‘Finish’.

Install Data Security


Click ‘Next’, choose Datacenter, Cluster, storage, Mgmt Network and click on ‘Finish’.


Do ‘Endpoint’ first, then ‘Data Security’.

Create an IP pool

Taken from the official documentation as it’s a little difficult to screenshot:


1 Log in to the vSphere Web Client.

2 Click Networking & Security and then click NSX Managers.

3 Click an NSX Manager in the Name column and then click the Manage tab.

4 Click the Grouping Objects tab and then click IP Pool.

5 Click the Add New IP Pool icon.

6 Type a name for the IP pool and type the default gateway.

7 Type the primary and secondary DNS and the DNS suffix and the prefix length.

8 Type the IP address ranges to be included in the pool and click OK.



Objective 4.3 – Upgrade Existing vCNS/NSX Implementation

Verify upgrade prerequisites have been met

Usual prereqs for installation (vCenter at 5.5, ESXi at 5.0+), plus vCNS must be at 5.5. 

Plus, uninstall vShield Data Security & ensure vShield Edge deployments are at 5.5.

Plus DRS as it’s used when upgrading host VIBs.

Upgrade vCNS 5.5 to NSX 6.x

1)      NSX Manager.  Download upgrade bundle, apply through the NSX Manager GUI upgrade page. Re-enable SSH.  Once complete, upgrade the box to 12GB RAM & 4 vCPU.

2)      Upgrade logical switches.  Under host preparation, choose to Upgrade compute clusters

3)      Upgrade Firewall


4)      Upgrade NSX Edge Devices


Upgrade vCNS Virtual Wires to NSX Logical Switches

See step 2 above

Upgrade to NSX Components

o Upgrade to NSX Firewall

See step 3 above

o Upgrade to NSX Edge

                See step 4 above

o Upgrade vShield Endpoint from 5.5 to 6.x

Installation status column will read ‘Upgrade’.  Click it.


o Upgrade to NSX Data Security

Start the installation from scratch.  No direct in-place upgrade offered.

Upgrade NSX Manager from 6.0 to 6.x

Download upgrade bundle, apply through the NSX Manager GUI upgrade page. 

Update vSphere Clusters after NSX upgrade

Under host preparation, choose to Upgrade compute clusters


Objective 4.4 – Expand Transport Zone to Include New Cluster(s)


Explain the function of a Transport Zone

A Transport Zone contains the clusters that you want to communicate with each other.  It defines the span of logical switches; logical switches are created in the TZ. A TZ can span multiple VDS

Add a Transport Zone


Expand/Contract a Transport Zone







Edit a Transport Zone



Change the replication mode (Multicast, Unicast and Hybrid (see section 4.2 of this doc) & migrate existing logical switch to this control plane.

Change the Control Plane mode for a Transport Zone

As above