NSX Cloud creates a network topology for your public cloud and you must not edit or delete the auto-generated NSX-T Data Center logical entities.
Use this list as a quick reference for what is auto-generated and how you should use NSX-T Data Center features as they apply to the public cloud.
NSX Manager Configurations
- An Edge Node named Public Cloud Gateway (PCG) is created.
- The PCG is added to Edge Cluster. In a High Availability deployment, there are two PCGs.
- The PCG (or PCGs) is registered as a Transport Node with two Transport Zones created.
- Two default logical switches are created.
- One Tier-0 logical router is created.
- An IP Discovery Profile is created. This is used for overlay logical switches.
- A DHCP Profile is created. This is used for DHCP servers.
Note: Although the DHCP profile is created, it is not supported in the current release because it is used for overlay networking.
- A default NSGroup with the name PublicCloudSecurityGroup is created that has the following members:
- The default VLAN logical switch
- Logical ports, one each for the PCG uplink ports, if you have HA enabled.
- IP address
- Three default distributed firewall rules are created:
Note: These DFW rules block all traffic and need to be adjusted according to your specific requirements.
- From the NSX Cloud dashboard, click NSX Manager.
- Go to Fabric > Nodes > Edges. You should see PCG-<your-VPC-or-VNet-name> as an Edge Node.
Note: Verify that Deployment Status, Manager Connection and Controller Connection are connected (status shows Up with a green dot).
- Browse to Fabric > Nodes > Edge Clusters to verify that the PCG-Cluster-<your-VPC-or-VNet-name> is added.
- Browse to PCG is registered as a Transport Node and is connected to two Transport Zones that were auto-created while deploying PCG:
to verify that
- Traffic type VLAN -- this connects to the PCG uplink
- Traffic type Overlay -- this is for overlay logical networking
Note: Overlay is not supported in the current release.
- Verify whether the logical switches and the tier-0 logical router have been created and the logical router added to the Edge Cluster.
- Go to DefaultSwitch-Overlay-<your-VPC-or-VNet-name> and DefaultSwitch-VLAN-<your-VPC-or-VNet-name> switches auto-created. . You should see
- Go to PCG-Tier0-LR-<your-VPC-or-VNet-name> router auto-created. . You should see the
Logical Switching FAQs
|Does NSX Cloud create any default switches when a PCG is deployed?||
Yes. NSX Cloud creates two default switches for each VPC or VNet on which you deploy the PCG. The switches are named as follows:
|Can I create a VLAN logical switch in addition to the default logical switches created by NSX Cloud?||No. Do not create a VLAN logical switch.|
|Can I edit or delete the default logical switches created by NSX Cloud?||The UI allows you to edit or delete the default logical entities, however, do not edit or delete anything auto-created by NSX Cloud.|
|Should I create ports?||No. You don't need to create any ports. NSX Cloud creates ports when you tag VMs in AWS or Microsoft Azure. Do not edit or delete any ports auto-created by NSX Cloud.|
|Should I create switching profiles?||No. You don't need to create any switching profiles. Use the PublicCloud-Global-SpoofGuardProfile. Do not edit or delete the default switching profile.|
|Where can I find detailed information on logical switches?||See Logical Switches and Configuring VM Attachment.|
Logical Routers FAQs
|Does NSX Cloud auto-create a logical router when a PCG is deployed?||Yes. A Tier-0 logical router is auto-created by NSX Cloud when PCG is deployed on a VPC or VNet.|
|Where can I find more information on logical routers?||See Tier-0 Logical Router.|
|Are any specific configurations required for IPFIX to work in the public cloud?||Yes:
|Where can I find more information on IPFIX?||See Configure IPFIX.|
Port Mirroring FAQs
|Are any specific configurations required for Port Mirroring in the public cloud?||Port Mirroring is supported only in AWS in the current release.
|Where can I find more information on Port Mirroring?||See Monitor Port Mirroring Sessions .|
|Are the tags that I apply to my workload VMs in the public cloud available in NSX-T Data Center?||Yes. See Group VMs using NSX-T Data Center and Public Cloud Tags for details.|
|How do I set up micro-segmentation for my workload VMs that are managed by NSX-T Data Center?||See Set up Micro-segmentation for Workload VMs.|