Deploy Parameters Tab: NSX

Enter IP addresses and host names for NSX installation.

The requirements vary depending on whether or not you are using Application Virtual Networks (AVNs).

Table 1. Management Cluster
Parameter	Value
NSX Manager	Enter the host name and IP address for the NSX Manager. The host name can match your naming standards but must be registered in DNS with both forward and reverse resolution matching the specified IP. The IP address must be part of the management VLAN. This is the same VLAN and IP address space where the vCenter, PSC, and ESXi management VMKernels reside.
NSX Controller IP Pool Start Address	In IP Address, enter the starting IP address of the IP address range. Each IP in the range, including the starting and ending IP address, must be unused in your environment.
NSX Controller IP Pool End Address	In IP Address, enter the end IP address of the IP address range. Each IP in the range, including the starting and ending IP address, must be unused in your environment.

Table 2. Management Domain - Segment IDs
Parameter	Value
NSX Segment ID Range	Default values for the segment ID range. The segment ID range is used for NSX virtual wires. These are not exposed outside of the NSX environment. Only modify these values if the default range is being used in another NSX deployment within your environment.
NSX Multicast Address Range	Multicast addresses are required to transport BUM overlay traffic for the NSX-V hybrid replication mode, which is used by default in Cloud Foundation. Define a set of values that correspond to the NSX Segment ID range.

Application Virtual Networks

By default, Cloud Foundation uses NSX Data Center for vSphere to deploy and configure virtual networks, called application virtual networks (AVNs). AVNs use a single IP network address space that spans across data centers. If you do not want to deploy and configure AVNs, select No from the drop-down menu. Deselect AVNs if you want to deploy vRealize Suite components to VLAN-backed networks.

If you enable AVN, use the deployment parameter sheet to provide the information to create two AVNs; Region A and xRegion. The vRealize Suite components get deployed to these AVNs.

AVN	vRealize Component
Region A	vRealize Log Insight
Region A	vRealize Automation Proxy Agents
xRegion	vRealize Operations Manager
xRegion	vRealize Automation
xRegion	vRealize Suite Lifecycle Manager

Two NSX Edge Services Gateways (ESGs) and a Universal Distributed Logical Router (UDLR) route traffic between the AVNs and the public network. The ESGs handle north-south traffic and the UDLR handles east-west traffic. Routing to the management network and external networks is dynamic and based on the Border Gateway Protocol (BGP).

Application Virtual Network Architecture

Table 3. Edge Services Gateways (ECMP)
Parameter	Value
ESG Name Node 1	Enter a name for the first ESG.
ESG Uplink 1 IP Address Node 1	Enter the first uplink IP address to use Node 1. This is the IP address connected to the first ToR switch.
ESG Uplink 2 IP Address Node 1	Enter the second uplink IP address to use for Node 1. This is the IP address connected to the second ToR switch.
ESG Name Node 2	Enter a name for the second ESG.
ESG Uplink 1 IP Address Node 2	Enter the first uplink IP address to use for Node 2. This is the IP address connected to the first ToR switch.
ESG Uplink 2 IP Address Node 2	Enter the second uplink IP address to use for Node 2. This is the IP address connected to the second ToR switch.

Prepare your top of rack (ToR) switches by configuring Border Gateway Protocol (BGP) on the switches, defining the Autonomous System (AS) number and Router ID, and creating interfaces to connect with Edge Services Gateways (ESGs).

Table 4. Top of Rack Switches for BGP Peering
Parameter	Value
Top of Rack 1 - IP Address	Enter the IP address of the first ToR switch.
Top of Rack 1 - BGP Neighbor Password	Enter the BGP neighbor password for the first switch.
Top of Rack 1 - Autonomous System ID	Enter the AS ID for the first switch.
Top of Rack 2 - IP Address	Enter the IP address of the second ToR switch.
Top of Rack 2 - BGP Neighbor Password	Enter the BGP neighbor password for the second switch.
Top of Rack 2 - Autonomous System ID	Enter the AS ID for the second switch. This should match the AS ID for the first switch.

Table 5. Application Virtual Networks
Parameter	Value
Region A VXLAN - Logical Switch Name	Enter a name to use for the Region A logical switch.
Region A VXLAN	Enter the gateway IP and CIDR notation to use for the Region A VXLAN.
Region A VXLAN - DNS Search Domain	Enter the DNS search domain for Region A.
Region A VXLAN - DNS Zone	Enter the DNS zone for Region A.
xRegion VXLAN - Logical Switch Name	Enter a name to use for the xRegion logical switch.
xRegion VXLAN	Enter the gateway IP and CIDR notation to use for the xRegion VXLAN.
xRegion VXLAN - DNS Search Domain	Enter the DNS search domain for xRegion.
xRegion VXLAN - DNS Zone	Enter the DNS zone for xRegion.

Table 6. NSX-V Licensing Model
Parameter	Value
NSX-V Licensing Model	Choose an option from the drop-down menu, depending on your NSX Data Center for vSphere license. You must have an Enterprise license in order to create a Universal Distributed Logical Router (UDLR). Otherwise, you will created a Distributed Logical Router. With UDLR, you can manually set up a failover region (Region B). DLR does not support this.

Table 7. Universal Segment IDs and Multicast Ranges (only with NSX-V Enterprise license)
Parameter	Value
NSX Universal Segment ID Range	Enter the start and end values for the universal segment ID pool. The universal segment ID pool specifies a range for use when building logical network segments. Cross-vCenter NSX deployments use a unique universal segment ID pool to ensure that the universal logical switches VXLAN network identifiers (VNIs) are consistent across all secondary NSX Managers. When determining the size of each segment ID pool, keep in mind that the segment ID range controls the number of logical switches that can be created. If VXLAN is in place in another NSX deployment, consider which VNIs are already in use and avoid overlapping VNIs. Non-overlapping VNIs is automatically enforced within a single NSX Manager and vCenter environment. Local VNI ranges can't be overlapping. However, it's important for you make sure that VNIs do not overlap in your separate NSX deployments. Non-overlapping VNIs is useful for tracking purposes and helps to ensure that your deployments are ready for a cross-vCenter environment.
NSX Universal Multicast Address Range	Enter the start and end values for the universal multicast address range. You must ensure that the multicast address range specified does not conflict with other multicast addresses assigned on any NSX Manager in a cross-vCenter NSX environment. Do not use 239.0.0.0/24 or 239.128.0.0/24 as the multicast address range, because these networks are used for local subnet control, meaning that the physical switches flood all traffic that uses these addresses. For more information about unusable multicast addresses, see https://tools.ietf.org/html/draft-ietf-mboned-ipv4-mcast-unusable-01.

Table 8. (Universal) Distributed Logical Router
Parameter	Value
(Universal) Distributed Logical Router - MTU Size	Depending on your NSX-V license, enter the MTU for the UDLR or DLR. The minimum MTU is 1600 and the recommended MTU is 9000. The value entered here must match the MTU of the physical network.
UDLR/DLR Node Name	Enter name to use for the UDLR/DLR.
UDLR/DLR ESG Autonomous System (AS) ID	Enter an AS ID to use for the UDLR/DLR. This should be different from the AS ID for the ToR switches.
UDLR/DLR ESG BGP Neighbor Password	Enter a BGP neighbor password to use for the UDLR/DLR.
UDLR/DLR ESG Node 1 IP Address	Enter an IP address from the pool of IP addresses reserved for the UDLR/DLR subnet to assign to the uplink interface connecting the UDLR/DLR to ESG node 1.
UDLR/DLR ESG Node 2 IP Address	Enter an IP address from the pool of IP addresses reserved for the UDLR/DLR subnet to assign to the uplink interface connecting the UDLR/DLR to ESG node 2.
UDLR/DLR ESG Forwarding IP	The forwarding address is the IP address that you assign to the distributed logical router's interface facing its BGP neighbor (its uplink interface). Enter an IP address from the pool of IP addresses reserved for the UDLR/DLR subnet.
UDLR/DLR ESG Protocol IP	The protocol address is the IP address that the logical router uses to form a BGP neighbor relationship. It can be any IP address in the same subnet as the forwarding address, but this IP address must not be used anywhere else. Enter an IP address from the pool of IP addresses reserved for the UDLR/DLR subnet. When Cloud Foundation configures BGP peering between an edge services gateway (ESG) and a logical router, it uses the protocol IP address of the logical router as the BGP neighbor IP address of the ESG.
UDLR/DLR Network CIDR Notation	Reserve an unused /24 subnet for UDLR/DLR configuration. Enter the CIDR notation for the UDLR/DLR network.