1      Introduction

How to manage CE device by NSX

First NSX communicate with CE by SSL. NSX send OVSDB information to CE, CE will change OVSDB data, and then CE will send and configure this changed part to device by NETCONF protocol.

2      Installation prepare

2.1      Component

Vmware：

Esxi: version 6.0 above

Vcenter: version 6.0 above

NSX: version 6.3.3 above

CE：

System software：CE6855HI-V200R005C00 (above)

Supported hardware:  CE8860EI/ CE8850EI/ CE7850EI/ CE7855EI/ CE6850&51HI/ CE6850U-HI/ CE6860EI/ CE6870EI/ CE6855&56HI/ CE6875EI/ CE6875EI/ CE6865EI/ CE8850-64CQ-EI/ CE6875-HI

2.2      Topo & IP plan

Use OSPF publish all routing for underlay. Only Leaf2 need vxlan.

3      Installation

3.1     Install Vmware&Vcenter Installation

3.2     Install NSX manager

3.3     Install NSX controller

3.4      CE integration with NSX

3.4.1        CloudEngine Switch connection with NSX

3.4.1.1        Enable OVSDB(Open vSwitch Database) and configure controller on Leaf2_CE6855HI;

Get certificate file before integration;

#

ssl policy nsx

 certificate load pem-cert vtep8-cert.pem key-pair rsa key-file vtep8-privkey.pem auth-code cipher 1234

#

ovsdb server

  ssl ssl-policy nsx

  controller ip 192.91.66.91 port 6640 max_backoff 8000 inactivity_probe 5000

  ovsdb server enable

#

3.4.1.2        Add hardware device in NSX;

The connectivity status of switch in NSX is up.

3.4.2        Vxlan L2 service provisioning by NSX controller

3.4.2.1        Establish L3 connection between Spine and Leaves by OSPF as underlay network;

3.4.2.2        Configure Nve interface with source IP in Leaf2;

#

interface Nve1

 source 1.1.1.1

#

3.4.2.3        Create Logical switch with vni 5000 in NSX,then bind VM1,VM3 to it,then bind hardware switch interface(Leaf2) to it;

Then bind hardware switch interface(Leaf2_port) to it;

Check the Vxlan configuration on Leaf2;

Necessary configuration of Vxlan is distributed by NSX is on Leaf2 and VxLan tunnels between Leaf2 and VTEPs in hypervisor are established;

3.4.2.4        Configure IP address in the same segment for VM1,VM3 and Bare-Metal1,then “Ping”each other;

BareMetal1 to VM1 and VM3:

VM1 to VM3:

VM3 to VM1:

The Ping result is successful which means the L2 communication is OK.

3.4.3        Vxlan L3 service provisioning by NSX controller

3.4.3.1        Create Logical switch with vni 5000 in NSX,bind VM1,VM3 to it,then bind hardware switch interface(Leaf2_Port1) to it;

Then bind hardware switch interface(Leaf2_10GE1/0/47) to it;

3.4.3.2        Create Logical switch with vni 5001 in NSX,bind VM2,VM4 to it,then bind hardware switch interface(Leaf2_Port2) to it;

Then bind hardware switch interface(Leaf2_10GE1/0/48) to it;

3.4.3.3        Check the Vxlan configuration on Leaf2;

Necessary configuration of Vxlan is distributed by NSX is on Leaf2 and VxLan tunnels between Leaf2 and VTEPs in hypervisor are established;

3.4.3.4        Create ESG with NSX,and bind Logical switch 5000 and Logic switch 5001 to it;

3.4.3.5        Configure IP address in the same segment for VM1,VM3 and Bare-Metal1,and configure IP address in different segment for VM2,VM4 and Bare-Metal2,then “Ping”each other, expected result 2 is obtained;

BareMetal1 to VM2 , VM4 and BareMetal2:

BareMetal2 to VM1, VM3 and BareMetal1:

VM1 to VM2 and VM4;

The Ping result is successful which means the L3 communication is OK.

ARP table on ESG.

微信扫描下方二维码或直接访问数通开发者社区网站

华为数通开发者社区二维码

https://devzone.huawei.com/cn/network/portal.html