Table of Contents
Welcome to the third post of the NSX Federation series. In part 1 of this series, I discussed the architecture of the NSX-T federation, and part 2 was focussed on my lab walkthrough.
In this post, I will show how to configure federation in NSX-T.
If you have missed the earlier posts of this series, you can read them using the below links:
1: NSX-T Federation-Introduction & Architecture
Let’s get started.
Federation Prerequisites
Before attempting to deploy and configure federation, you have to ensure that the following prerequisites are in place:
- There must be a latency of 150 ms or less between sites.
- Global Manager supports only Policy Mode. The federation does not support Manager Mode.
- The Global Manager and all Local Managers must have NSX-T 3.0 installed.
- NSX T Edge Clusters at each site are configured with RTEP IPs.
- Intra-location tunnel endpoints (TEP) and inter-location tunnel endpoints (RTEP) must use separate VLANs.
What is RTEP?
RTEP stands for Remote Tunnel End Point and encapsulates overlay traffic between 2 sites. RTEPs come into the picture only if the Edge cluster is used to configure a stretched Tier0/Tier1 gateway that spans more than one location. RTEPs across sites must have connectivity to each other.
Geneve traffic traversing across the sites must be encapsulated and de-encapsulated by a TEP. This is taken care of by RTEP which is used for cross-site traffic from Edge node to Edge node between sites.
1: Deploy NSX-T Global Manager
Global Manager is nothing but a regular NSX-T deployed with the role “NSX Global Manager”
Once Global Manager boots up, login to the appliance by opening url https://<nsxt-gm-fqdn>/ and activate the appliance using a valid key.
2: Configure Global Manager
After installing the Global Manager, we need to activate it. This is done in the Global Manager UI under System > Configuration > Location Manager > Global Manager
Provide a name for the Global manager and hit the save button.
Wait for the Global Manager to become active and cluster status reporting as Stable.
Note: If you need to deploy an additional global manager, you must define the compute manager first. For lab/POC environments, a single global manager will suffice.
To add local NSX-T managers, click on the Add On-Prem Location button.
Provide a name for the Location and add the site’s local NSX-T manager.
To obtain the SHA thumbprint, login to NSX-T manager and run the command: get certificate api thumbprint
After punching in relevant details, click on check compatibility and save once the compatibility check has been passed.
Wait for the local NSX-T Manager sync to complete and the status of the manager to change to available.
Add additional local NSX-T Managers and make sure the sync status for all managers is completed.
3: Create RTEP Pool
Next, we have to create an IP pool for Remote TEP.
4: Configure RTEP on Local NSX-T
Login to the site’s local NSX-T manager and navigate to System > Get Started and click on ‘Configure Remote Tunnel Endpoint’
Select Edge Cluster/Edge nodes and specify the following:
- host switch which will handle RTEP traffic.
- VLAN for the RTEP network.
- IP Pool for RTEP that you created earlier.
Note: The Teaming Policy can be left blank.
Clicking on save will configure RTEP on edge nodes.
A new transport zone is instantiated on edge nodes during this process.
Repeat this process for all NSX-T that are deployed across sites and which will participate in the Federation.
Once the federation configuration has been completed, you can manage all location NSX-T managers from the global manager console itself.
You can also switch to the Inventory view to see all the regions that have been configured to take part in the federation.
And that’s it for this post. In the next post of this series, I will demonstrate the deployment/configuration of stretched gateways/segments and BGP config, etc.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂