VXLAN segments are built between VXLAN tunnel end points (VTEPs). Each VXLAN tunnel has a segment ID. You must specify a segment ID pool for the primary NSX Manager to isolate your network traffic. If an NSX controller is not deployed in your environment, you must also add a multicast address range to spread traffic across your network and avoid overloading a single multicast address.

When determining the size of each segment ID pool, consider that the segment ID range controls the number of logical switches that can be created. Choose a small subset of the 16 million potential VNIs. Do not configure more than 10,000 VNIs in a single vCenter because vCenter limits the number of dvPortgroups to 10,000.

The NSX Managers in your cross-vCenter NSX environment must all use non-overlapping segment ID pools. Additionally, the universal segment ID pools should not overlap with any segment ID pool in the cross-vCenter NSX environment. Non-overlapping VNIs is automatically enforced within a single NSX Manager and vCenter environment. However, it's important for you make sure that VNIs do not overlap in your separate NSX deployments. Non-overlapping VNIs is useful for tracking purposes and helps to ensure that your deployments are ready for a cross-vCenter NSX environment.

If any of your transport zones use multicast or hybrid replication mode, you must add a multicast address or a range of multicast addresses.

Having a range of multicast addresses spreads traffic across your network, prevents the overloading of a single multicast address, and better contains BUM replication.

You must ensure that the multicast address or address range specified does not conflict with other multicast addresses assigned on any NSX Manager in the cross-vCenter NSX environment.

Do not use 239.0.0.0/24 or 239.128.0.0/24 as the multicast address range, because these networks are used for local subnet control, meaning that the physical switches flood all traffic that uses these addresses. For more information about unusable multicast addresses, see https://tools.ietf.org/html/draft-ietf-mboned-ipv4-mcast-unusable-01.

When VXLAN multicast and hybrid replication modes are configured and working correctly, a copy of multicast traffic is delivered only to hosts that have sent IGMP join messages. Otherwise, the physical network floods all multicast traffic to all hosts within the same broadcast domain. To avoid such flooding, you must do the following:
  • Make sure that the underlying physical switch is configured with an MTU larger than or equal to 1600.
  • Make sure that the underlying physical switch is correctly configured with IGMP snooping and an IGMP querier in network segments that carry VTEP traffic.
  • Make sure that the transport zone is configured with the recommended multicast address range. The recommended multicast address range starts at 239.0.1.0/24 and excludes 239.128.0.0/24.

You can configure a single segment ID range and a single multicast address or multicast address range from the vSphere Web Client . If you want to configure multiple segment ID ranges or multiple multicast address values, you can do this using the API. See the NSX API Guide for details.

Procedure

  1. Using the vSphere Web Client, log in to the vCenter Server system registered with the NSX Manager that will become the primary NSX Manager.
    If the vCenter Server systems in your cross-vCenter NSX environment are in Enhanced Linked Mode, you can access any associated NSX Manager from any linked vCenter Server system by selecting it from the NSX Manager drop-down menu.
  2. Navigate to logical network settings.
    • In NSX 6.4.1 and later, navigate to Networking & Security > Installation and Upgrade > Logical Network Settings.
    • In NSX 6.4.0, navigate to Networking & Security > Installation and Upgrade > Logical Network Preparation.
  3. Verify the correct NSX Manager is selected in the NSX Manager drop-down menu.
  4. Navigate to segment ID pool settings.
    • In NSX 6.4.1 and later, click VXLAN Settings, then click Edit next to Segment IDs.
    • In NSX 6.4.0, click Segment ID > Edit.
  5. Enter a range for segment IDs, such as 5000-5999.
  6. (Optional) If any of your transport zones use multicast or hybrid replication mode, you must add a multicast address or a range of multicast addresses.
    1. Select or turn on the Enable Multicast addressing feature.
    2. Enter a multicast address or a multicast address range.

Results

When you configure logical switches, each logical switch receives a segment ID from the pool.