This session is presented by Ron Fuller @ccie5851 and Paul Mancuso @pmancuso
NSX has over 1700+ customers and growing. A few common usecases are micro-segmentation, remote access and IT automation. The sesison will focus on how to integrate Cisco Nexus/ACI and UCS environments.
NSX provides a faithful reproduction of networking services and infrastructures in software. It is a distrubuted architecture so as you scale out compute you scale out capacity. In addition there is an Firewall component and an integrated API for automation.
NSX Manager is the centralized management plane. Three NSX controllers make up the control plane. In addition the distributed Logical Router "dLR" controls adjecency.
NSX requires three clusters; an infrastructure and management cluster, compute cluster and an Edge cluster. These can be rack servers or integrated UCS blades. On the Edge cluster we would deploy Edge services like the dLR.
We suggest in the logical segmentation of traffic; Management, vMotion, VXLAN and storage networks for standard virtualization. NSX introduces two new VLANs, a transit network for VXLANs and one for Software Bridging between the virtual and physical network. We recommend that the software bridiging is done on the Edge cluster.
In a standard configuration, you end up with 3 IP stacks; Management, VXLAN and the VMotion network. VMware's VXLAN is multicast free. You can use either unicast or a hybrid mode. This is done through L2 frame encapsulation and VXLAN Tunnel EndPoints of "VTEP's".
VXLAN can be segregated by creating a Transport Zone which is a collection of VXLAN prepared ESXi clusters. Only 1 vDS per ESX cluster can be enabled for VXLAN. Note: if you are running NSX on those ESX clusters you do not need vSphere Enterprise to create a vDS. You get that capability through NSX licensing. Only the VMware vDS is supported so you cannot use Nexus framework.
NSX creates dvUplink port-groups for VXLAN enabled hosts. This uplink carries the VXLAN traffic. NSX Switching requires only two things: an MTU of 1600 and IP Connectivity. NSX is truely agnostic from an underlying switch perspective.
It is easy to say configure MTU 1600 in your environment put it does take some planning to ensure it is configured on your Cisco framework. VXLAN encapsulation traffic is a 1600 UDP frame. All links belonging to fabric mut be enabled with Jumbo MTU. The risk is that if it is not configured properly you could black hole network traffic so ensure you plan accordingly.
When we look at common Cisco Datacenter Pod topologies, NSX is agnostic. It is important however for VXLAN transport that the VLAN is common between Cisco Pods. For UCS Blades VMware does have some tuning guides for both the B series and C series blades to help you properly tune for NSX\VXLAN traffic. In addition there are NSX Design Guides for the NSX and Cisco UCS and Nexus 9000 infrastructure.