NSX for Newbies – Part 5: Configure Logical Switch Networks

A logical switch is a distributed port group on a distributed switch. So why logical ? Because it gets a unique VNI (VXLAN Network Identifier) to overlays the L2 network.
On the post Part 4: Preparing for Virtual Networking we saw that one of the key step was to “join” the hosts (or cluster) to the same transport zone.
As a result, when we request from vSphere Web Client to create a new Logical switch, NSX Manager will provision a Distributed Port Group for all the VTEPs in the same transport zone. Just to reiterate, these logical switches (port groups) may span multiple clusters as well as L3 subnets.
Ultimately, virtual machines vNICs will connect to these port groups.
NOTE: don’t try to delete or manage manually these port groups from vCenter Server because NSX Manager is in charge!

In my lab I’m replicating a 3-Tier application which consist of a Web, App, DB networks as well as a Transit network going northbound from the dLR to the Perimeter NSX Edge Gateway. I haven’t reinvented the wheel but just replicating the VMware Hands on Lab (HOL) HOL-SDC-1403

The following icons aren’t VMware official but I just made them up on Visio using Cisco stencils.  If you’re interested on VMware styled NSX stencils set Maish Saidel-Keesing has made the “Unofficial VMware Visio Stencils“.

So we need to create the following four logical switches:

  • Web Tier
  • Appl Tier
  • DB Tier
  • Transit Network

From NSX Networking & Security > Logical Switches > + symbol. I’m starting here with the Transit network but the process is just the same for all four so I won’t repeat the screenshots.

 All you need to know is the name of the network, the overlay transport zone to use and the control plane mode. I’m here using Unicast.
Repeat the same steps for Web, App and DB tier and eventually the Logical Switches tab will look like this:

How do we verify the port groups have been created ? Simply check what port groups exist from the Networking > expand the Distributed Switch and look for port groups starting with vxw-dvs-<number>-virtualwire. Notice the name end with the name you gave to the Logical Switch.

Next step would be to migrate the existing VMs to these port groups and you can accomplish this by selecting the logical switch and then click the + icon (or expand the Actions menu and click Add VM)

Be sociable, share!Tweet about this on Twitter
Share on LinkedIn
Share on Facebook
Email this to someone


 Add your comment
  1. I know, old post, but what are you doing about the gateway? Or the subnet the VM was on prior to moving it to the LS?

  2. hi Giuliano,
    No sure whether you are still mantaining this blog.
    I have vxlan background in cisco and just touch NSX.
    there are some points I hope you can help verify:
    1.all data clusters and mgmt clusters should be connected to physical switches and routers, and these network devices forms a underlay network. While I believe only NSX mgmt ip and VTEP IPs are expose to physical switches and routers.
    2. all web app and db networks are hidng behind VTEP. and hosts in same segment id but different locations are able to communicate but encapsulated under vteps.
    3.what will trigger a update from controller to vtep?


    • 1. Yes
      2. True if you have cross-vc enabled yes
      3. Controllers manage the ARP, MAC and VTEP tables. They receive updates from the Distributed Logical Router Control VM which the edge responsible to exchange dynamic routing updates with perimeter ESG or physical routing devices.

  3. Giuliano, I just want to say thank you so much for this wonderful series. Very informative. I think you may be in Italy. If so, take care and stay safe.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Trackback

  1. NSX Link-O-Rama | vcdx133.com (Pingback)