This post is part of my VMware VCIX-NV Study Guide and covers the explanation and management of Transport Zones within NSX.
Documentation
Index
- Create Transport Zones
- Configure the control plane mode for a Transport Zone
- Add clusters to Transport Zones
- Remove clusters from Transport Zones
What is the Transport Zone?
The Transport Zone is the heart of the VXLAN network. It is the network where the Logical Switches (previously known as portgroups) send their data traffic. It is the network where the ESXi nodes create tunnels between themselves for the VXLAN termination, making each ESXi node a VTEP. The transport zone can span one or more vSphere clusters and your NSX environment can contain just one or more transport zones.
There are three modes a transport zone can operate in: Multicast, Unicast and Hybrid. This mode reflects on how NSX will replicate the VXLAN data (VTEP, ARP and MAC) between ESXi nodes.
Multicast mode is the recommended mode and uses the underlaying network for VXLAN replication, which requires multicast configuration (PIM, IGMP) on the underlaying network.
Unicast mode is where the VXLAN replication is handled by the NSX controllers. This is where the NSX controllers control and distribute the VXLAN data to the ESXi clusters inside the configured transport zone. Unicast mode does not require changes to the underlaying network, but is not as efficient as using multicast.
Hybrid mode is a combination of unicast and multicast replication. Locally inside the same first-hop switch will contain multicast replication and between multiple switches the NSX controllers will replicate through unicast. Physical switches need to have IGMP snooping configured, but there is no need for multicast routing (PIM).
Create Transport Zones
Requirements:
- NSX Manager and NSX controller(s) installed.
VMware Documentation: Add a Transport Zone
Add a Transport Zone
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Installation” menu. Choose the “Logical Network Preparation” tab.
- Select the “Transport Zones” sub-tab and click the “+” icon to start adding a transport zone.
- Give the new transport zone a name and an optional description, select the type replication and tick the clusters it will be servicing.
- Click “OK”.
Configure the control plane mode for a Transport Zone
Requirements:
- Existing Transport Zone to modify.
VMware Documentation: View and Edit a Transport Zone
Once you created a transport zone with a specific replication mode, you have the option to change that replication mode. If underlaying network requirements change over time, it is possible to migrate the VXLAN replication method this way.
Change control plane mode
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Installation” menu. Choose the “Logical Network Preparation” tab.
- Select the “Transport Zones” sub-tab and right click the transport zone you want to modify, choose “Edit Settings”.
- Select the new replication mode for this transport zone.
- Also tick the option “Migrate existing Logical Switches to the new control plane mode”. If you do not, you will have a mix of replication modes; the existing Logical Switches will remain using the previous replication mode and newly created Logical Switches will start using the new replication mode. Don’t do this without a very good reason, it will get messy.
- Click “OK”.
Add clusters to Transport Zones
Requirements:
- New cluster with prepared ESXi nodes.
- Existing Transport Zone to extend.
VMware Documentation: Expand a Transport Zone
Newly created clusters are not included in a Transport Zone by default, you need to manually add any new clusters. Prepare the cluster in the “Host Preparation” tab of the “Installation” menu. The process of adding the new cluster to an existing Transport Zone is described below.
Adding a cluster to a Transport Zone
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Installation” menu. Choose the “Logical Network Preparation” tab.
- Select the “Transport Zones” sub-tab and right click the transport zone you want to expand, choose “Add Clusters”.
- Tick the cluster you want to add to the Transport Zone in the “Select clusters” view and click “OK”.
Remove clusters from Transport Zones
Requirements:
- Existing Transport Zone with cluster to remove.
VMware Documentation: Contract a Transport Zone
When phasing out a cluster, you will need to manually remove this cluster from the Transport Zone it is a part of, before deleting the cluster. Make sure the cluster no longer has virtual machines connected to Logical Switches when doing this (you will get a warning about this as well).
Removing a cluster from a Transport Zone
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Installation” menu. Choose the “Logical Network Preparation” tab.
- Select the “Transport Zones” sub-tab and right click the transport zone you want the cluster removed from, choose “Remove Clusters”.
- Tick the cluster you want to remove from the Transport Zone in the “Select clusters” view and click “OK”.
January 19, 2015 at 15:02
Hey, are you sure that Multicast is the recommended mode? Doesnt sound right, cause you need PIM in your network, and Network Admins are not really happy about that…
January 19, 2015 at 19:16
Hi Mat,
Multicast is the most efficient way of replicating the VXLAN information across the ESXi hosts. Hybrid mode is close, having only the requirement for IGMP, but you’d want the controllers to focus on their primary tasks and not on having to update the ESXi on every little change.
I look at it this way; you’re going to have to involve the network admins in any case, due to the MTU requirement, and possibly the dynamic routing setup towards the network core from your Edges. I don’t personally see the reason to enable a full PIM network, when you can usually keep the VXLAN vmkNics on the same VLAN in most cases. Enabling IGMP is not that hard and won’t scare them off. Only in dual (or more) datacenter scenarios would you want to have a PIM enable network (and not span the VXLAN transport VLAN between the datacenters). But dual datacenter setups usually brings network administrators that are not afraid of the existing features in their own network equipment. 😉