Hello all,
welcome to virtualcloudblog.com and thanks for checking it out. Today, it’s time to NSX, and I’ll try to explain how to deploy a NSX Edge (high availability enabled) with source NAT (SNAT) and destination NAT (DNAT).
Let me add some NSX basic knowledge to keep everybody in sync.
What is NSX?
NSX is a VMware Network Virtualization and Security Platform. NSX delivers a completely new operational model for networking that forms the foundation of the Software-Defined Data Center (SDDC).
- NSX enables the creation of entire networks in software and embeds them in the hypervisor layer, abstracted from the underlying physical hardware.
- All network components can be provisioned in minutes, without the need to modify the application.
- Micro-segmentation and granular security are delivered to the individual workload.
The solution de-couples the network functions from the physical devices, in a way that is analogous to de-coupling virtual servers (VMs) from physical servers. In order to de-couple the new virtual network from the traditional physical network, NSX natively re-creates the traditional network constructs in virtual space — these constructs include ports, switches, routers, firewalls, etc.
Network administrators gain the capability to control the network using vCenter-like policy—VMware calls this approach software-defined networking. From a computer science perspective, it’s the abstraction of network control and services from physical hardware. Functions such as routing, load balancers, intrusion protection, and security exist as services within the hypervisor; as such, network admins configure and manage the virtual network from a single NSX control panel and API.
What is a a NSX Edge? and DLR?
Edge Services Gateway, providing access to the physical network (north-south traffic), followed by a Distributed Logical Router, which will provide connectivity for virtual machines using different logical switches (east-west traffic). The DLR will connect to the ESG to provide external routing using a transit logical switch.
NSX Edge Provides services such as Firewall, NAT, DHCP, VPN, Load Balancer and HA.
Steps to deploy NSX Edge
- Login into the vSphere Web Client and go to “Networking & Security“.
- Then, click “NSX Edge” (1) and then click the green cross (2), as shown in the following screenshot.
- Next step is to confirm the installation type, in my case, an Edge. Enter a name, this will appear in the vSphere inventory. If required you can enter a hostname, this will appear in the CLI, and a description and tenant. An Edge Appliance is deployed by default but I also inclued “HA”. (Please be aware of HA reports bugs with NSX 6.2.3 release)
- Configure the local admin password (minimum 12 characters plus the usual requirements), it may also be worthwhile enabling SSH for future troubleshooting purposes. Note the logging level is INFO and FIPS disabled (FIPS = any secure communication to or from the NSX Edge uses cryptographic algorithms or protocols that are allowed by United States Federal Information Processing Standards. FIPS mode turns on the cipher suites that comply with FIPS), and click Next.
- Configure deployment, Select the DataCenter and the Edge size. In this case, compact is more than enought. Below the Edge sizes.
- Compact: 1 vCPU, 512MB vRAM
- Large: 2 vCPU, 1GB RAM
- Quad-Large: 4 vCPU, 1GB RAM
- X-Large: 6 vCPU, 8GB RAM
- This Edge needs 2 Interfaces, one “internal” and one “pplink” (or external), because it will be used for NAT (SNAT and DNAT).
- Internal Interface: Enter name, click internal, and “connected to” it should be connected to an internal network “inside” NSX. Also enter a valid IP within the internal nework and mask. Rest options by default unless your MTU is not 1500.
- Uplink Interface: Enter name, click uplink, and “connected to” it should be connected to an external network “outside” NSX. Also enter a valid IP within the external nework and mask. This provides a route to the physical network for north-south traffic. Rest options by default unless your MTU is not 1500
Official NSX VMware Link: https://www.vmware.com/products/nsx.html
I hope it helps you!