NSX Quick Start Guide

Modifiled on 14 MAY 2024

VMware NSX 4.1
NSX Quick Start Guide

You can find the most up-to-date technical documentation on the VMware by Broadcom website at:

https://docs.vmware.com/

VMware by Broadcom
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

©
Copyright 2021-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc.
and/or its subsidiaries. For more information, go to https://www.broadcom.com. All trademarks, trade
names, service marks, and logos referenced herein belong to their respective companies. Copyright and
trademark information.

VMware by Broadcom 2
 Contents

NSX Quick Start Guide 4

1 Overview 5

2 Preparing the Environment 8

3 Installing NSX 10
Step 1: Deploy NSX Managers 10
Step 2: Configure a VDS 12
Step 3: Create an Uplink Profile and Configure Host Transport Nodes 14
Step 4: Deploy NSX Edge Nodes and Create an Edge Cluster 15
Step 5: Configure Gateways and Segments 16
Step 6: Test East-West and North-South Connectivity 18

VMware by Broadcom 3
NSX Quick Start Guide

The NSX Quick Start Guide provides information on how to install NSX and quickly set up and
validate a basic NSX deployment in a vSphere environment.

Intended Audience
This guide is intended for system administrators who are familiar with vSphere and virtual
networking.

VMware by Broadcom 4
Overview
1
This guide documents the steps to install and validate the basic functionalities of NSX in a
vSphere environment. The vSphere feature VDS (vSphere Distributed Switch) will be used in the
installation of NSX.

Note that this guide documents a very basic deployment. It is a foundation which you can modify
and expand to include many features.

Detailed documentation of all the NSX features can be found in the NSX documentation set
(https://docs.vmware.com/en/VMware-NSX).

NSX is an implementation of a software-defined network. It provides network services such

as switching, routing, load balancing, firewalls, and VPN. In a vSphere environment, an NSX
deployment consists of the following components:

n vCenter Server (VC) - It provides NSX with access to the environment and objects it
manages, such as virtual distributed switches and VMs. In NSX, a VC is called a compute
manager. NSX supports multiple compute managers.

n ESXi hosts - After NSX modules are installed on an ESXi host, it is called a host transport
node. Network services for VMs running on the host can be provided by NSX.

n NSX Edge nodes - VMs that provide network services to all the NSX components. Also known
as edge transport nodes.

n NSX Managers - VMs that provide a browser-based GUI for administering the NSX
environment.

NSX has the following logical network components:

n Segment - A logical switch that can connect VMs to gateways and a tier-0 gateway to a
physical router.

n Tier-1 gateway - A logical router that routes traffic between segments.

n Tier-0 gateway - A logical router that connects tier-1 gateways to a physical router so that
segments have external connectivity.

The procedures in this guide will create the following NSX environment. It is assumed that a
physical router already exists in your data center.

VMware by Broadcom 5
NSX Quick Start Guide

Physical Router
192.168.50.1

Segment (192.168.50.0/24)

192.168.50.11 192.168.50.12

Edge Node 1 Edge Node 2

Tier-0 Gateway

Tier-1 Tier-1
Gateway Gateway
10.1.1.1 10.1.2.1 10.2.1.1

Segment Segment Segment

(10.1.1.0/24) (10.1.2.0/24) (10.2.1.0/24)

10.1.1.11 10.1.2.11 10.2.1.11

The steps in this guide are:

1 Deploy three NSX Manager VMs to form a manager cluster.

2 Configure a vSphere Distributed Switch (VDS).

3 Create an uplink profile and configure host transport nodes.

4 Deploy two NSX Edge VMs to form an edge cluster.

5 Create and configure one tier-0 gateway for north-south traffic.

6 Create and configure two tier-1 gateways to route traffic from tenant VMs.

7 Create and configure three segments (logical switches) for tenant VMs.

VMware by Broadcom 6
NSX Quick Start Guide

8 Deploy three test VMs to test north-south and east-west connectivity.

VMware by Broadcom 7
Preparing the Environment
2
Before installing NSX, prepare your vSphere environment and make sure that the requirements
documented in the NSX Installation Guide are met.

n For NSX Manager and host transport node, see the section NSX Manager VM and Host
Transport Node System Requirements in the NSX Installation Guide. Note the recommended
size of the NSX Manager VM that is appropriate for your NSX deployment and the VM's vCPU
and memory requirements.

n For NSX Edge, see the section NSX Edge VM System Requirements in the NSX Installation
Guide. Note the recommended size of the Edge VM that is appropriate for your NSX
deployment and the VM's vCPU and memory requirements.

n Download the NSX Manager and NSX Edge .ova files. Choose "NSX Manager / NSX Global
Manager / NSX Cloud Service Manager for VMware ESXi."

n The deployment of NSX documented in this guide uses a vSphere Distributed Switch (VDS).
The VDS version must be 7.0 or later.

The following tables list the components, objects, and information that will be needed when you
install NSX. The object names, VLAN numbers, and IP addresses are examples. Replace them
with names, numbers, and addresses that are appropriate for your environment.

Component Notes

vCenter Server (VC) In a datacenter (named DC1 in this guide) in VC, create a cluster (NSX- cluster) .

ESXi hosts Three hosts are required, named ESXi-1, ESXi-2, and ESXi-3. Put them in NSX-cluster.
ESXi-1 and ESXi-2 must have enough CPU cores and memory for one manager node,
one edge node, and one test VM. ESXi-3 must have enough CPU cores and memory
for one manager node and one test VM. The number of CPU cores and the amount of
memory depend on the size of the manager and edge nodes that is appropriate for your
deployment.

Storage There must be enough storage for 3 manager VMs, 2 edge VMs and 3 test VMs.
Approximately 1.4 TB. The storage you reserve is referred to as Storage-1 in this guide.

The following networking information is required when installing NSX. Some of the information
should already exist. You can gather the rest of the information before starting the installation to
make the process go more smoothly. The subnet mask is /24 for all the IP addresses in this guide.

VMware by Broadcom 8
NSX Quick Start Guide

Setting Notes Your Value

VLAN 11 For management traffic

VLAN 12 For NSX overlay traffic

VLAN 50 For traffic between the tier-0 gateway and

physical router

PG-mgmt VC dvportgroup backed by VLAN 11

(management VLAN)

Management subnet 192.168.10.0/24, default gateway: 192.168.10.1,

subnet mask: 255.255.255.0

TEP (tunnel endpoint) subnet 192.168.20.0/24, default gateway:

192.168.20.1, subnet mask: 255.255.255.0

VC IP address 192.168.10.10 (VLAN 11)

ESXi-1 IP address 192.168.10.11 (VLAN 11), 192.168.20.11 (VLAN 12)

ESXi-2 IP address 192.168.10.12 (VLAN 11), 192.168.20.12 (VLAN

12)

ESXi-3 IP address 192.168.10.13 (VLAN 11), 192.168.20.13 (VLAN

12)

NSX-mgr-1 IP address 192.168.10.14 (VLAN 11)

NSX-mgr-2 IP address 192.168.10.15 (VLAN 11)

NSX-mgr-3 IP address 192.168.10.16 (VLAN 11)

Edge-1 IP address 192.168.10.17 (VLAN 11), 192.168.20.17 (VLAN

12)

Edge-2 IP address 192.168.10.18 (VLAN 11), 192.168.20.18 (VLAN

12)

Physical router's downlink IP 192.168.50.1 (VLAN 50)

address

Tier-0 gateway's external 192.168.50.11 (VLAN 50)

interface IP address on Edge-1

Tier-0 gateway's external 192.168.50.12 (VLAN 50)

interface IP address on Edge-2

Tier-0 gateway's virtual IP 192.168.50.13 (VLAN 50)

(VIP)

Segment 1 subnet 10.1.1.0/24

Segment 2 subnet 10.1.2.0/24

Segment 3 subnet 10.2.1.0/24

Test-VM-1 IP address 10.1.1.11

Test-VM-2 IP address 10.1.2.11

Test-VM-3 IP address 10.2.1.11

VMware by Broadcom 9
Installing NSX
3
The basic steps of installing NSX in a vSphere environment are: deploying NSX Manager VMs,
converting ESXi hosts into host transport nodes, and deploying NSX Edge VMs.

Read the following topics next:

n Step 1: Deploy NSX Managers

n Step 2: Configure a VDS

n Step 3: Create an Uplink Profile and Configure Host Transport Nodes

n Step 4: Deploy NSX Edge Nodes and Create an Edge Cluster

n Step 5: Configure Gateways and Segments

n Step 6: Test East-West and North-South Connectivity

Step 1: Deploy NSX Managers

NSX Manager is the application that you use to administer your NSX environment. In a production
environment, for fault tolerance, you should deploy a cluster of three NSX Manager nodes, each
running on a separate ESXi host.

Note: The object names and configuration values that are used in the steps below are example
values mentioned in Chapter 2 Preparing the Environment. Replace them with names and values
that are appropriate for your environment.

Deploy the First NSX Manager

The first manager node is deployed through VC's Deploy OVF Template wizard.

1 In VC, right click NSX-cluster and select Deploy OVF Template.

2 Follow the prompts and provide the following information.

Location of the ova file The location where you downloaded the ova file.

Virtual machine name NSX-mgr-1

Location for the VM NSX-cluster

Compute resource 192.168.10.11 (ESXi-1's IP address)

Deployment configuration Select the size that you determined in the preparation step.

VMware by Broadcom 10
NSX Quick Start Guide

Storage Storage-1

Virtual disk format Thin Provision

Network 1 PG-mgmt (the management port group used by VC)

IP allocation Static Manual

IP protocol IPv4

Hostname nsx-mgr-1

Rolename NSX Manager

NSX Site Name Site-1

Default IPv4 Gateway 192.168.10.1

Management Network IPv4 Address 192.168.10.14

Management Network Netmask 255.255.255.0

DNS Server list 192.168.38.1

NTP Server list 192.168.38.2

3 Wait for the deployment to finish. The Recent Tasks panel at the bottom of the vSphere
Client window will indicate when the task is complete.

4 Power on the NSX Manager VM.

5 Log in to NSX-mgr-1 at https://192.168.10.14.

6 Go to System > Licenses and click Add to add your NSX license.

7 Go to System > Fabric > Compute Managers and click Add to add the VC as a compute
manager.

Follow the prompts and provide the following information:

Name VC-1

FQDN or IP Address 192.168.10.10

Username The administrator's login name to the VC.

Password The administrator's password.

8 Click Add at the warning Thumbprint is Missing.

9 Wait until Registration Status is Registered. You can click Refresh to refresh the status.

Deploy NSX Managers 2 and 3

1 Go to System > Appliances.

2 Click Add NSX Appliance.

3 Follow the prompts and provide the following information:.

Hostname nsx-mgr-2

Management IP/Netmask 192.168.10.15/24

VMware by Broadcom 11
NSX Quick Start Guide

Management Gateway 192.168.10.1

DNS Servers 192.168.38.1

NTP Servers 192.168.38.2

Node Size Select the size that you determined in the preparation step.

Compute Manager VC-1

Compute Cluster NSX-cluster

Host 192.168.10.12

Datastore Storage-1

Virtual Disk Format Thin Provision

Network PG-mgmt

Enable SSH Make a selection based on your datacenter's policy.

Enable Root Access Make a selection based on your datacenter's policy.

System Username root

Root Password

CLI Username admin

CLI Password

Audit CLI Username audit

Audit CLI password

4 Click Install Appliance.

5 Wait until the NSX Manager node is installed and available.

6 Repeat steps 2-5 and deploy NSX Manager 3 with management IP 192.168.10.16 on ESXi host
192.168.10.13.

Step 2: Configure a VDS

You can use an existing VDS or configure a new one. If you use an exising VDS, you must set its
MTU to 1600 or higher.

Note: The object names and configuration values that are used in the steps below are example
values mentioned in Chapter 2 Preparing the Environment. Replace them with names and values
that are appropriate for your environment.

To configure a new VDS, use the following procedure.

Create a VDS in VC
1 In VC, under Networking, right click the datacenter and select Distributed Switch > New
Distributed Switch.

VMware by Broadcom 12
NSX Quick Start Guide

2 Follow the prompts and provide the following information.

Name VDS-NSX

Location DC1

Spefify a distributed switch version Select the version for your vSphere environment.

Number of uplinks 1

Network I/O Control Enabled

3 After VDS-NSX is created, right click it and select Add and Manage Hosts.

4 Select the three ESXi hosts (192.168.10.11, 192.168.10.12 and 192.168.10.13).

5 In the Manage physical adapters step, for each host, map vmnic1 to Uplink 1 (the default
uplink name) on VDS-NSX.

Change the MTU value for VDS-NSX

1 In VC, under Networking, right click VDS-NSX and select Settings > Edit Settings.

2 In the MTU (Bytes) field, enter 1600.

Create a port group in VDS-NSX

1 In VC, under Networking, right click VDS-NSX and select New Distributed Port Group.

2 Provide the following information.

Name PG-all-VLAN

VLAN type VLAN trunking

VLAN trunk range 0-4094

VMware by Broadcom 13
NSX Quick Start Guide

Step 3: Create an Uplink Profile and Configure Host

Transport Nodes
For a host to be a part of an NSX deployment, NSX modules must be installed on the host. After
the installation, the host is known as a host transport node.

Note: The object names and configuration values that are used in the steps below are example
values mentioned in Chapter 2 Preparing the Environment. Replace them with names and values
that are appropriate for your environment.

Create an uplink profile

1 In NSX Manager, go to System > Fabric > Profiles > Uplink Profiles.

2 Click Add.

3 In the Name field, enter Uplink-profile-1.

4 Under Teamings, select Default Teaming and enter uplink1 for Active Uplinks.

5 In the Transport VLAN field, enter 12.

Configure ESXi host transport nodes

1 In NSX Manager, go to System > Fabric > Hosts.

2 In the Clusters tab, expand Cluster-NSX.

3 Click 192.168.10.11 and click Configure NSX.

4 Provide the following information.

Name 192.168.10.11

IP Address 192.168.10.11

Host Switch Name VDS-NSX

Transport Zone nsx-overlay-transportzone, nsx-vlan-transport-zone

Uplink Profile Uplink-profile-1

IP Assignment Use Static IP List

Static IP List 192.168.20.11

Gateway 192.168.20.1

Subnet Mask 255.255.255.0

5 Under Teaming Policy Switch Mapping, uplink1 must be mapped to the name of the VDS
uplink.

6 Wait until the NSX Configuration column displays Success. You can click the Refresh button
to refresh the window.

7 Repeat steps 4-7 for ESXi-2 (Static IP List should be 192.168.20.12) and ESXi-3 (Static IP List
should be 192.168.20.13).

VMware by Broadcom 14
NSX Quick Start Guide

Alternatively, you can configure a transport node profile and use it to configure all three hosts in
one step. For more information, see the NSX Installation Guide.

Step 4: Deploy NSX Edge Nodes and Create an Edge Cluster

NSX Edge nodes are where most of the networking and security services run.

Note: The object names and configuration values that are used in the steps below are example
values mentioned in Chapter 2 Preparing the Environment. Replace them with names and values
that are appropriate for your environment.

Deploy NSX Edge Nodes

1 In NSX Manager, go to System > Fabric > Nodes > Edge Transport Nodes.

2 Click Add Edge Node.

3 Provide the following information.

Name Edge-1

Host name edge-1.hr.example.com

Form Factor Select the appropriate edge node size.

CLI User Name admin

CLI Password

Allow SSH Login Select an option based on your datacenter policy.

System Root Password

Allow Root SSH Login Select an option based on your datacenter policy.

Audit User Name audit

Audit Password

Compute Manager VC-1

Cluster Cluster-NSX

Host 192.168.10.11

Datastore Storage-1

IP Assignment Static

Management IP 192.168.10.17

Default Gateway 192.168.10.1

Management Interface PG-mgmt

DNS Servers 192.168.38.1

NTP Servers 192.168.38.2

Edge Switch name nvds1

Transport Zone nsx-overlay-transportzone, nsx-vlan-transport-zone

Uplink Profile Uplink-profile-1

VMware by Broadcom 15
NSX Quick Start Guide

IP Assignment Use Static IP List

Static IP List 192.168.20.17

Gateway 192.168.20.1

Subnet Mask 255.255.255.0

DPDK Fastpath Interfaces Click Select Interface and select the port group PG-all-VLAN, which was
created in Step 2: Configure a VDS.

4 Wait until the Configuration State column displays Success. You can click the Refresh button
to refresh the window.

5 Repeat steps 4-6 to deploy Edge-2 on host 192.168.10.12 with management IP 192.168.10.18
and static IP 192.168.20.18.

Create an Edge Cluster

1 In NSX Manager, go to System > Fabric > Nodes > Edge Clusters.

2 Click Add Edge Cluster.

3 In the Name field, enter Edge-cluster-1.

4 Move Edge-1 and Edge-2 from the Available window to the Selected window.

5 Click Add.

Step 5: Configure Gateways and Segments

A segment is a logical switch that VMs can connect to. A tier-1 gateway routes traffic between
segments. A tier-0 gateway connects tier-1 gateways to a physical router so that segments have
external connectivity.

Note: The object names and configuration values that are used in the steps below are example
values mentioned in Chapter 2 Preparing the Environment. Replace them with names and values
that are appropriate for your environment.

Create a VLAN Segment to Connect to the Physical Router

1 In NSX Manager, go to Networking > Segments.

2 Click Add Segment.

3 Provide the following information.

Segment Name External-segment-1

Connected Gateway None

Transport Zone nsx-vlan-transportzone

VLAN 50

VMware by Broadcom 16
NSX Quick Start Guide

Create a Tier-0 Gateway

1 In NSX Manager, go to Networking > Tier-0 Gateways.

2 Click Add Tier-0 Gateway.

3 Enter a name for the gateway, for example, T0-gateway-1.

4 Select the HA (high availability) mode Active Standby.

5 Select the Edge cluster Edge-cluster-1.

6 Click Save and continue configuring this gateway.

7 Click Interfaces and click Set.

8 Click Add Interface.

9 Enter a name, for example, IP1-EdgeNode1.

10 Enter the IP address 192.168.50.11/24.

11 In the Connected To (Segment) field, select External-segment-1.

12 In the Edge Node field, select Edge-1.

13 Save the changes.

14 Repeat steps 8-13 to configure a second interface called IP2-EdgeNode2. The IP address
should be 192.168.50.12/24. The Edge Node should be Edge-2.

15 In the HA VIP Configuration field, click Set to create a virtual IP for the tier-0 gateway.

16 Enter the IP address 192.168.50.13/24.

17 Select the interfaces IP1-EdgeNode1 and IP2-EdgeNode2.

18 Save the changes.

Configure Routing on the Physical Router and Tier-0 Gateway

1 On the physical router, configure a static route to the subnets 10.1.1.0/24, 10.1.2.0/24, and
10.2.1.0/24 via 192.168.50.13, which is the virtual IP address of the tier-0 gateway's external
interface.

2 In NSX Manager, go to Networking > Tier-0 Gateways.

3 Edit T0-gateway-1.

4 Under Routing > Static Routes, click Set and click Add Static Route.

5 In the Name field, enter default.

6 In the Network field, enter 0.0.0.0/0.

7 Click Set Next Hops.

8 In the IP Address field, enter 192.168.50.1.

9 Click Add.

VMware by Broadcom 17
NSX Quick Start Guide

10 Save the changes.

Alternatively, you can configure dynamic routes. For more information, see the NSX
Administration Guide.

Create Two Tier-1 Gateways

1 In NSX Manager, go to Networking > Tier-1 Gateways.

2 Click Add Tier-1 Gateway.

3 Provide the following information.

Tier-1 Gateway Name T1-gateway-1

Edge Cluster Edge-cluster-1

Linked Tier-0 Gateway T0-gateway-1

4 Under Route Advertisement, enable All Connected Segments & Service Ports.

5 Save the changes.

6 Repeat steps 2-5 and create T1-gateway-2. Specify the same edge cluster.

Create Three Overlay Segments for VMs

1 In NSX Manager, go to Networking > Segments.

2 Click Add Segment.

3 Provide the following information.

Segment Name LS1.1

Connected Gateway T1-gateway-1

Transport Zone nsx-overlay-transportzone

Subnets 10.1.1.1/24

Note: For an overlay segment that is attached to a tier-1 gateway, in the Subnets field,
specify an IP address for the tier-1 gateway. This address will be the default gateway for VMs
attached to this segment.

4 Repeat steps 2-3 and create LS1.2 (Subnets: 10.1.2.1/24, Connected Gateway: T1-gateway-1)
and LS2.1 (Subnets: 10.2.1.1/24, Connected Gateway: T1-gateway-2).

5 Verify that LS1.1, LS1.2, and LS2.1 are created under the appropriate VDS in VC.

Step 6: Test East-West and North-South Connectivity

You can use the ping command to test east-west and north-south connectivity.

Deploy Test VMs

1 Deploy Test-VM-1 (IP address 10.1.1.11, default gateway: 10.1.1.1) on ESXi-1.

VMware by Broadcom 18
NSX Quick Start Guide

2 In VC, edit Test-VM-1's settings. Set Network adapter 1 to LS1.1.

3 Deploy Test-VM-2 (IP address 10.1.2.11, default gateway: 10.1.2.1) on ESXi-2.

4 In VC, edit Test-VM-1's settings. Set Network adapter 1 to LS1.2.

5 Deploy Test-VM-3 (IP address 10.2.1.11, default gateway: 10.2.1.1) on ESXi-3.

6 In VC, edit Test-VM-3's settings. Set Network adapter 1 to LS2.1.

Test East-West Connectivity

1 From Test-VM-1, ping the IP address of Test-VM-2 and Test-VM-3. For example:

#ping 10.1.2.11
Pinging 10.1.2.11 with 32 bytes of data:
Reply from 10.1.2.11: bytes=32 time=2ms TTL=110
Reply from 10.1.2.11: bytes=32 time=3ms TTL=110
Reply from 10.1.2.11: bytes=32 time=3ms TTL=110
Reply from 10.1.2.11: bytes=32 time=3ms TTL=110
Ping statistics for 10.1.2.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms

2 From Test-VM-2, ping the IP address of Test-VM-1 and Test-VM-3.

3 From Test-VM-3, ping the IP address of Test-VM-1 and Test-VM-2.

Test North-South Connectivity

1 From Test-VM-1, ping 192.168.50.1 (the downlink interface of the physical router).

2 From Test-VM-2, ping 192.168.50.1.

3 From Test-VM-3, ping 192.168.50.1.

VMware by Broadcom 19
NSX Quick Start Guide

Configuring Other Features

There are many other networking and security features that you can configure. For more
information, see the complete NSX documentation set at https://docs.vmware.com/en/VMware-
NSX.

VMware by Broadcom 20