vCloud Director 10 NSX-T backed OVDC – Add externel based network with dedicated physical NIC

Steven Schramm
15. April 2020
Reading time: 4 min
vCloud Director 10 NSX-T backed OVDC – Add externel based network with dedicated physical NIC

Mit der Veröffentlichung vom vCloud Director 10 ist auch die NSX-T-Integration verfügbar. Unser Kollege Steven Schramm zeigt euch in diesem Artikel welche Einschränkungen es für  NSX-T-unterstützte OVDCs im Vergleich zu NSX-V-unterstützenden OVDCs gibt und wie ihr damit umgehen könnt.

Since vCloud Director 10 is released, NSX-T integration is available. But at the moment there are still some limitations for NSX-T backed OVDCs compared to NSX-V backed OVDCs.
For Example the following features are currently not available for NSX-T backed OVDCs.

  • LoadBalancing
  • VPN
  • DHCP

Available features are:

  • Edge Firewall
  • NAT

It might be possible that some additional features will be delivered in future releases. For example Load Balancing, but that could need some time.

Lets focus on the main topic of this article. The NSX-T based network integration for VCD is limited to the following network types.

Isolated: This type of network provides a fully isolated environment where only the VMs in this VDC can connect to.
Routed: This type of network provides controlled access to machines and networks outside of the VDC via an edge gateway.
Imported: This type of network uses an existing NSX-T logical switch. To import an existing NSX-T logical switch System administrator rights are necessary. That means OVDC Administrators are not able to import existing NSX-T networks and need to open a request towards the responsible provider.

Some of you may remember the configuration steps how to add an vSphere distributed port group for NSX-V backed OVDCs. (1. Create external network and map vSphere dvPortGroup, 2. Create OVDC network and map to external network). This procedure is not available for NSX-T based OVDCs, since the supported network types are limited to the three described above.
So with the three supported network type you are easily able to create networks for the following purposes.

  • Edge Gateway
  • Routed overlay network
  • Isolated overlay network
  • Import overlay or VLAN logical switches using the physical uplinks of the transport node profile configuration

If you plan to add an external VLAN based network bound to  different physical Uplinks, you can follow the steps described below.

NSX-T configuration steps

  1. Create a new transport zone from type VLAN and create a new NVDS for that transport zone (same context menu)
     width=
  2. Create a new Uplink Profile with your preferred teaming policy, uplink interfaces, transport VLAN and MTU size. Following an example configuration.
     width=
  3. Edit ESXi based Transport Node profile, add the new transport zone and setup the new NVDS for the transport node profile.
     width=
  4. While setting up the new NVDS for the transport node profile, you will create the mapping between virtual uplink and physical interfaces.
    Further you will choose the Uplink profile which is responsible for the chosen teaming policy.
     width=
  5. The last step from NSX-T point of view is to create a new segment with the new transport zone assigned.
    Further the new segment must be configured for the right VLAN which should also be configured at the physical part of infrastructure.
    Following an example from our configuration, where no VLAN is configured since the physical interfaced are connected to untagged switch ports.
     width=

 

vCloud Director OVDC configuration steps

The NSX-T configuration steps are completed and the new VLAN logical switch is already created from NSX-T point of view. Lets summarize the available network types for NSX-T backed OVDCs.

  • Isolated
  • Routed
  • Imported

Now we need to decide which type of network is the right to add the previously created logical segment as external network to the NSX-T backed OVDC. To add an already existing logical segment to the OVDC we need to import that networ, so “Imported” is be the right network type.
Following I will describe the steps to import the previously created logical segment.

  1. Login to your vCloud Director Organization using the tenant URL
  2. Choose the OVDC where you plan to import the logical segment
  3. Switch to the “Networks” tab and click the “ADD” button

Check the radio box for “Imported” as shown in the following screenshot. Click “NEXT” afterwards.

 width=

  1. Now you are able to select the previously created logical segment.
  2. In the next windows fill in the “Name” and IP configuration for the network. Confirm these settings with “NEXT” until you are at the summarization page and comform with finish.

Conclusion

Importing a external VLAN backed network is a bit different and more complex than with NSX-V backed OVDCs in the past, but it is still possible.
The big difference compared to NSX-V is that all networks will be created inside of NSX-T. For NSX-V all overlay networks were created from NSX-V Management-Plane and all VLAN networks were created from vSphere itself.
From my point of view the new procedure with NSX-T backed OVDCs is very different from the NSX-V based procedure and a bit complex at the beginning, but later on it is an big advantage to have all networks in a single tool.
NSX-T as central tool for maintaining all networks inside your Datacenter will increase the overview and makes the troubleshooting easier.