What is a Logical Switch?
Functionality of a Logical switch is very similar to that of a physical switch i.e they allow isolation of applications and tenants for security purpose. A logical switch when deployed, creates a broadcast domain to allow isolation of the VM’s running in infrastructure. Logical switches uses VXLAN to provide separation of duties.
The logical switch operates in the overlay and is totally independent of the physical network (the underlay). Logical switches are connected to Transport Zones which spans across one or more cluster or all cluster across a virtual datacenter.
Prerequisites for creating a Logical Switch
Before you go and start creating logical switches in your environment, you have to make sure you meet following requirements:
- vSphere distributed switches must be configured. You cannot deploy logical switches on standard switches.
- NSX controllers must be deployed.
- Your compute host clusters must be prepared and ready to go.
- VXLAN must be configured.
- A Transport Zone and a segment ID pool must be configured.
Create/Delete Logical Switches
To create a Logical Switch, login to Web Client and navigate to Home > Networking & Security > Logical Switches and Click on the green “+” button.
Provide a name for the logical switch and select the transport zone to which this logical switch will be mapped.
By default, the logical switch inherits the control plane replication mode set in the Transport Zone. You can change this by selecting one of the available modes.
- IP discovery is enabled by default and allows Address Resolution Protocol (ARP) suppression between VMs connected to the same logical switch. There should not be any reason to disable this (optional).
- Enable MAC learning setting if your virtual machines are having multiple MAC addresses or using virtual NICs that are trunking VLAN’s. This setting builds a VLAN/MAC pairing table on each vNIC.
Delete Logical Switch
Before deleting logical switch, we have to make sure there are no VM’s connected to the LS we are trying to delete.
To make sure there are no VM’s connected to the LS, double click on it and navigate to Related Objects > Virtual machines tab and confirm there are no connected VM’s.
If there are any VM’s on the LS, remove them before proceeding with deletion.
Once all the connected VM’s are removed from LS, right click on it and click remove to delete the LS.
Assign and configure IP addresses
This topic is bit ambiguous as it’s not clear what is the actual requirement of this objective. You can’t assign IP address on a logical switch. You can either associate VM’s with a LS or you can connect the LS to an edge gateway.
Connect a Logical Switch to an NSX Edge
To meet this requirement, make sure you already have an:
- Existing NSX Logical Switch.
- Existing NSX Edge gateway.
To connect a LS to an edge, right click on the LS and select “Connect Edge”
Select the Edge interface that will be attached to the logical switch and hit Next.
Edit the Edge interface details. Provide it a name, and choose whether this will be an internal or an uplink port, set the connectivity status to “Connected”
Under configure subnet section, Add an IP addresses by clicking the green “+” button. Define the Primary interface IP and subnet mask. Optionally you can define a secondary IP address for the interface. Hit Next to continue.
Review your settings on ready to complete page and hit finish.
Deploy Services on a Logical Switch
This enables you to deploy 3rd Party Services to your logical switch. In my lab I don’t have any 3rd party services installed so I am unable to demonstrate this.
Below steps taken from the VMware NSX 6.2 Administration Guide explains how to attach a service profile to a LS.
- In Logical Switches, select the logical switch on which you want to deploy services.
- Click the Add Service Profile icon.
- Select the service and service profile that you want to apply.
- Click OK.
Sean Whiteny has demonstrated this in one of his article. You can read the article from here
Connect/Disconnect virtual machines to/from a Logical Switch
To connect VM’s to a LS, right click on LS and select “Add VM”
From available objects list, select the VM’s which will be connected to the LS and click on the right -> button and hit next.
Select the vNIC’s of the VM’s which will connect to the LS and hit Next.
On Ready to complete page, review your selection and hit finish.
Disconnect VM from Logical Switch
To Disconnect a Virtual Machine from a logical switch, right click on the Logical Switch, then select Remove VM.
Under Available Objects, select the VM that you would like to remove and hit -> button to add them under Selected Objects and hit OK.
Test Logical Switch connectivity
Logical switch connectivity tests confirms whether or not two hosts in a VXLAN transport network can communicate with each other. The VXLAN standard packet size is 1550 bytes for the ICMP ping. If the connectivity fails, ensure that you have MTU set correctly.
To test the LS connectivity, login to vSphere Web Client and navigate to Networking and Security > Logical Switches and double click the switch you want to perform the test on.
Select Monitor > Ping and select the source and destination host (between whom test will be performed) by clicking on browse button. Click on “Start Test”
If the test is successful, you will see similar results shown below.
Optionally you can test Broadcast across the VXLAN network. Select Broadcast and browse for the source host from where packet will be broadcasted and click on Start Test.
The test will show any unresponsive hosts to the broadcast.
Thats wrap up the objective 2.1 of the VCIX-NV Deploy exam. Stay tuned for next post of this series.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable