HOL-1703 - Hardware VTEP Integration with Arista

Loading...

 

OOPS

Your browser doesn't support required HTML5 capabilities.

This simulation works best with the latest version of Firefox, Chrome, or Safari.

OOPS

This simulation may not have fully loaded correctly. Please reload the page, or download again.

OOPS

An error occurred.

This is an interactive simulation

Drive it with your mouse... or your finger

The blue boxes show you where to click

 

Left Arrow KeyRight Arrow KeyYou can also use the arrow keys to step forward or backward

Shortcuts jump to different parts of the simulation

OK, got it!

This portion of the lab is presented as a Hands-on Labs Interactive Simulation. This simulation will enable you to navigate the software interface as if you are interacting with a live environment.

The orange boxes show where to click, and you can also use the left and right arrow keys to move through the simulation in either direction.

Verify NSX Manager and Controller Status

We will start by viewing the Status of the NSX Controller nodes, and Software Version of the NSX Manager. We will also check our NSX Controllers are all connected. Next, we will view the Logical Switch, and Hosts and Clusters deployments for the environment.

  1. Click Logical Switches on the left hand side Navigator menu.
  2. Click the Home back-button at the top of the left hand side Navigator menu.
  3. Click Hosts and Clusters on the left hand side Navigator Menu.
  4. Click vm1 under the Arista Cluster.
  5. View the IP Addresses and Network adapter 1 information.

Note: that Network adapter 1 is connected to the Logical Switch vxw-dvs-virtualwire-3-sid-5002-db, and the IP Address is 172.16.10.11

Launch Remote Console for vm1

Now we will check the IP configuration of vm1 that is sitting on an NSX Logical Switch.

  1. Click the Remote Console icon on the Taskbar.
  2. Click the Remote Console for vm1.
  3. Type the command ifconfig, and hit Enter.

Note: this displays the IP Address of vm1, 172.16.10.11, sitting on a Logical Switch.

Launch Remote Console for server

Now we will check the IP configuration of the server VM that is sitting a VLAN-backed port group, and communication to vm1 on a Logical Switch.

  1. Click the Remote Console icon on the Taskbar.
  2. Click the Remote Console for server.
  3. Type the command ifconfig, and hit Enter.

Note: this displays the IP Address of the server VM, 172.16.10.12, sitting on a VLAN in the Arista network.

  1. Type the command ping 172.16.10.11, and hit Enter.

Note: the 100% packet loss between the VMs that are located on the same network segment. This is to show that there is currently no communication between vm1 and server.

Test Communication from vm1 to server

Now we will test communication from vm1 to the server VM.

  1. Click the window for the vm1 Remote Console.
  2. Type the command ping 172.16.10.12, and Enter.

Note: the 100% packet loss between the VMs that are located to the same network segment. This is to show that there is currently no communication between server and vm1.

Configure CloudVision and VXLAN services in Arista Switch

Now we will configure the Arista switch for the CloudVision and VXLAN services.

  1. Click the Firefox icon on the Taskbar to reopen the vSphere Web Client.
  2. Click the Console icon on the Taskbar.
  3. Click the Console window for the HW-GW Arista Switch.
  4. Type the command conf t, and hit Enter.

Note: typing conf t ( or config terminal) takes the switch into the global configuration mode, where we can change global settings.

  1. Type the command cvx to access the CloudVision configuration settings, and hit Enter.
  2. Type the command no shutdown to enable the controller agent, and hit Enter.

Once the CloudVision is enabled, the VXLAN Control service should be enabled.

  1. Type the command service vxlan to access the VXLAN control service, and hit Enter.
  2. Type the command no shutdown to enable the VXLAN control service, and hit Enter.
  3. Type the command exit to exit the VXLAN control service settings, and hit Enter.
  4. Type the command exit to exit the controller agent configuration settings, and hit Enter.

Configure CloudVision Management Services on Arista Top of Rack Switches

This step and the following 3 configuration steps are necessary on each TOR switch that needs to connect to the VXLAN Control Service running on CloudVision.

  1. Type the command management cvx to access the CloudVision management services settings, and hit Enter.
  2. Type the command server host 10.114.211.204 to input the CloudVision management host IP, and hit Enter.
  3. Type the command no shutdown to enable the CloudVision management service, and hit Enter.
  4. Type the command exit to exit the CloudVision management settings, and hit Enter.

Create VXLAN Tunnel Endpoint Interface

Next we will configure the VXLAN interface.

  1. Type the command interface vxlan 1 to create and access the new VXLAN interface settings, and hit Enter.
  2. Type the command vxlan source-interface loopback0 to assign the VTEP (VXLAN Tunnel Endpoint) interface to be loopback0, and hit Enter.
  3. Type the command vxlan controller-client to enable the VTEP interface as a VXLAN controller-client, and hit Enter.
  4. Type the command vxlan udp-port 4789 to assign the VXLAN UDP port as 4789, and hit Enter.
  5. Type the command no shut (this is shorthand version of the command for no shutdown) to enable the VTEP interface, and hit Enter.
  6. Type the command exit to exit the VTEP settings, and hit Enter.

Enter NSX Controller Agent Information for Arista CloudVision

The Hardware Switch Controller (HSC) provides an integration point between the NSX controllers and the VCS, which provides a means for software and hardware switches to exchange state. Now we will connect the HSC service to an NSX Controller. There are typically several redundant NSX Controllers; but only one of them needs to be specified and the others will be automatically discovered.

  1. Type the command cvx to access the CloudVision configuration settings, and hit Enter.
  2. Type the command service hsc to access the HSC configuration settings, and hit Enter.
  3. Type the command manager 10.114.221.235 6640 to configure the NSX Controller IP address and port to connect with the HSC, and hit Enter.
  4. Type the command no shutdown to enable the HSC service, and hit Enter.
  5. Type the command end to exit the Configuration Terminal mode, and hit Enter.

Displaying HSC SSL certificate

Now we must gather the SSL certificate generated by the CVXs OVSDB instance. The SSL certificate generated by the HSC service is used to register CVX with an NSX controller.

  1. Type the command show hsc certificate to display the SSL certificate of the HSC, and hit Enter.
  2. At bottom of the HSC certificate to the section that displays the actual SSL certificate:
-----BEGIN CERTIFICATE-----
...
----END CERTIFICATE----- 
HW-GW(config)#
  1. Click the highlighted SSL Certificate to copy and save for use to register the CloudVision to NSX later.

Note: in a real world environment, we would highlight all of the text from the -----BEGIN CERTIFICATE----- to the bottom line, including ----END CERTIFICATE-----, and then right click and copy the text to a notepad or text file.

Registering Arista CloudVision with NSX

Having configured the hardware VTEP, the NSX controller needs to be configured to communicate with CloudVision and obtain VTEP information for its inventory of hardware switches. The registration of Arista CloudVision in the NSX UI is relatively straightforward in vCenter.

  1. Click the Firefox icon on the Taskbar to open the vSphere Web Client.
  2. Click the Home icon at the top of the vSphere Web Client.
  3. Navigate to the Networking & Security.
  4. Click the Service Definition tab.
  5. Click the Hardware Devices menu.

Our first step to registering our hardware gateway is to add our hosts to the Replication Cluster. The Replication Cluster is the set of Hypervisors that will act as RSNs (Replication Service Nodes).

  1. Click Edit under the Replication Cluster.
  2. Select the host, sm21.ft.local from the Available Objects list.
  3. Click the Blue arrow to add the selected host to the Selected Objects list.
  4. Select the host, sm22.ft.local from the Available Objects list.
  5. Click the Blue arrow to add the selected host to the Selected Objects list.
  6. Verify both hosts have been added to the Selected Objects list.
  7. Click OK.
  8. Click the Green plus sign to add a new Hardware Devices.
  9. Type the name HW-GW in the Name field.
  10. Click into the Certificate field
  11. Click in the field again to paste the SSL Certificate previously copied from the hsc, and hit Enter.
  12. Click OK.

This completes the registering of a Hardware Gateway to NSX, and our new Hardware Gateway, HW-GW should show up as Up.

Note: that BFD (Bidirectional Forwarding Detection) is enabled by default, meaning the Arista switches will establish BFD sessions to the RSNs. This is critical for protecting against the silent failure of an RSN and VMware will only support configurations running BFD.

Binding a Logical Switch to a Physical Switch/Physical port/VLAN

Once Arista CloudVision is added to NSX, a Logical Switch can be mapped programmatically to any physical port/VLAN advertised by this gateway. These next few steps will illustrate the mapping of a logical switch to a particular port using NSX UI.

  1. Click Logical Switches from the left hand Navigator menu.
  2. Select the logical switch with a Segment ID of 5002, and Name "db".
  3. Click the Actions menu dropdown.
  4. Click Attach Hardware Ports.

Three columns are available:

Switch: Arista CloudVision will control several hardware switches, so this selection is necessary to identify which one is effected by this configuration.

Port: the HSC provides a list of physical ports available for binding on the physical switch.

VLAN: specify which VLAN tag will be used on the particular port selected. A VLAN value of 0 represents an access port, where the extended Logical Switch traffic will be sent untagged on the port.

  1. Click Select on the right hand side of the Port center column.
  2. Select hardware port Ethernet18 from the Available Objects list.
  3. Click the Blue arrow to add the hardware port to the Selected Objects list.
  4. Verify Ethernet18 has been added to the Selected Objects list.
  5. Click OK.
  6. Type the number "160" is entered into the VLAN field.
  7. Click OK.

Once this selection is done, the Logical Switch is extended to the physical world at Layer 2 on the physical switch/physical port/VLAN specified.

Note: that several bindings can be achieved for a particular Logical Switch

Test Communication from vm1 to server VM

  1. Click the Remote Console icon on the Taskbar.
  2. Click the Remote Console for vm1.
  3. Type the command ping 172.16.10.12, and hit Enter.

Test Communication from server VM to vm1

  1. Click the Remote Console icon on the Taskbar.
  2. Click the Remote Console for server.
  3. Type the command ping 172.16.10.11, and hit Enter

Conclusion of Hardware VTEP with Arista

We have now successfully registered an Arista CloudVision hardware switch VTEP to NSX, mapped a Logical Switch to a VLAN port in the Arista CloudVision switch environment, and tested communication between VMs on each side of the virtual and physical networks.

This completes the Hands-on Lab Interactive Simulation of Hardware VTEP with Arista integration.

To return to the lab, click the link in the top right corner or close this browser tab.

Unsaved changes! You may continue editing other frames before saving.
Save Changes
1661.
1666.
1685.
1699.
1712.
1718.
1723.
1737.
1740.
1788.
1793.
1808.
1820.
1825.
1836.
1842.
1843.
1852.
1871.
1880.
1887.
1888.
1905.
1907.
1912.
1913.
1921.
1926.
1934.
1939.
1944.
1953.
1956.
1966.
1991.
2004.
2008.
2015.
2019.
2031.