You can add an NSX Edge VM to the NSX-T Data Center fabric and proceed to configure it as a NSX Edge transport node VM.

An NSX Edge Node is a transport node that runs the local control plane daemons and forwarding engines implementing the NSX-T data plane. It runs an instance of the NSX-T virtual switch called the NSX Virtual Distributed Switch, or N-VDS. The Edge Nodes are service appliances dedicated to running centralized network services that cannot be distributed to the hypervisors. They can be instantiated as a bare metal appliance or in virtual machine form factor. They are grouped in one or several clusters, representing a pool of capacity.
An NSX Edge can belong to one overlay transport zone and multiple VLAN transport zones. An NSX Edge belongs to at least one VLAN transport zone to provide the uplink access.
Note: If you plan to create transport nodes from a template VM, make sure that there are no certificates on the host in /etc/vmware/nsx/. The netcpa agent does not create a certificate if a certificate already exists.



  1. From a browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select System > Fabric > Nodes > Edge Transport Nodes > Add Edge VM.
  3. Type a name for the NSX Edge.
  4. Type the Host name or FQDN from vCenter Server.
  5. For an optimal performance, reserve memory for the NSX Edge appliance.

    Set the reservation to ensure that NSX Edge has sufficient memory to run efficiently. See NSX Edge VM System Requirements.

  6. Specify the CLI and the root passwords for the NSX Edge.
    Your passwords must comply with the password strength restrictions.
    • At least 12 characters
    • At least one lower-case letter
    • At least one upper-case letter
    • At least one digit
    • At least one special character
    • At least five different characters
    • Default password complexity rules are enforced by the following Linux PAM module arguments:
      • retry=3: The maximum number of times a new password can be entered, for this argument at the most 3 times, before returning with an error.
      • minlen=12: The minimum acceptable size for the new password. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit).
      • difok=0: The minimum number of bytes that must be different in the new password. Indicates similarity between the old and new password. With a value 0 assigned to difok, there is no requirement for any byte of the old and new password to be different. An exact match is allowed.
      • lcredit=1: The maximum credit for having lower case letters in the new password. If you have less than or 1 lower case letter, each letter will count +1 towards meeting the current minlen value.
      • ucredit=1: The maximum credit for having upper case letters in the new password. If you have less than or 1 upper case letter each letter will count +1 towards meeting the current minlen value.
      • dcredit=1: The maximum credit for having digits in the new password. If you have less than or 1 digit, each digit will count +1 towards meeting the current minlen value.
      • ocredit=1: The maximum credit for having other characters in the new password. If you have less than or 1 other characters, each character will count +1 towards meeting the current minlen value.
      • enforce_for_root: The password is set for the root user.
      Note: For more details on Linux PAM module to check the password against dictionary words, refer to the man page.
  7. Enter the NSX Edge details.
    Option Description
    Compute Manager Select the compute manager from the drop-down menu.

    The compute manager is the vCenter Server registered in the Management Plane.

    Cluster Designate the cluster the NSX Edge is going to join from the drop-down menu.
    Resource Pool or Host Assign either a resource pool or a specific host for the NSX Edge from the drop-down menu.
    Datastore Select a datastore for the NSX Edge files from the drop-down menu.
  8. Enter the NSX Edge interface details.
    Option Description
    IP Assignment

    It is the IP address assigned to NSX Edge node which is required to communicate with NSX Manager and NSX Controller.

    Select DHCP or Static IP.
    If you select Static, enter the values for:
    • Management IP: Enter IP address of NSX Edge in the CIDR notation.
    • Default gateway: Enter the gateway IP address of NSX Edge.
    Management Interface Select the management network interface from the drop-down menu. This interfaces must either be reachable from NSX Manager or must be in the same management interface as NSX Manager and NSX Controller.

    The NSX Edge management interface establishes communication with the NSX Manager management interface.

  9. Select the transport zones that this transport node belongs to.
    An NSX Edge transport node belongs to at least two transport zones, an overlay for NSX-T Data Center connectivity and a VLAN for uplink connectivity.
    Note: NSX Edge Nodes support multiple overlay tunnels (multi-TEP) when the following prerequistes are met:
    • TEP configuration must be done on one N-VDS only.
    • All TEPs must use same transport VLAN for overlay traffic.
    • All TEP IPs must be in same subnet and use same default gateway.
  10. Enter the N-VDS information.
    Option Description
    Edge Switch Name Select a VLAN or Overlay switch from the drop-down menu.
    Uplink Profile Select the uplink profile from the drop-down menu.

    The available uplinks depend on the configuration in the selected uplink profile.

    IP Assignment

    IP address is assigned to the NSX Edge switch that is configured. It is used to route packets on an overlay or VLAN network.

    Select Use IP Pool or Use Static IP List for the overlay N-VDS.
    • If you select Use Static IP List, specify:
      • Static IP List: Enter a list of comma-separated IP addresses to be used by the NSX Edge switch.
      • Gateway: Enter the default gateway IP address, which is used to route packets between NSX Edge transport nodes in an overlay network.
      • Subnet mask: Enter the subnet mask for the configured gateway.
    • If you selected Use IP Pool for IP assignment, specify the IP pool name.

    DPDK Fastpath Interfaces / Virtual NICs Select the data path interface name for the uplink interface.
    Note: If the uplink profile applied to the Edge node is using a Named Teaming policy, ensure the following condition is met:
    • All uplinks in the Default Teaming policy must be mapped to the physical network interfaces on the Edge VM for traffic to flow through a logical switch that uses the Named Teaming policies.
    • LLDP profile is not supported on an NSX Edge VM appliance.
    • Uplink interfaces are displayed as DPDK Fastpath Interfaces if the NSX Edge is installed using NSX Manager or on a Bare Metal server.
    • Uplink interfaces are displayed as Virtual NICs if the NSX Edge is installed manually using vCenter Server.
  11. View the connection status on the Transport Nodes page.
    After adding the NSX Edge as a transport node, the connection status changes to Up in 10-12 minutes.
  12. (Optional) View the transport node with the GET https://<nsx-manager>/api/v1/transport-nodes/<transport-node-id> API call.
  13. (Optional) For status information, use the GET https://<nsx-mgr>/api/v1/transport-nodes/<transport-node-id>/status API call.
  14. After an NSX Edge node is migrated to a new host using vCenter Server, you might find NSX Manager UI reporting stale configuration details (Compute, Datastore, Network, SSH, NTP, DNS, Search Domains) of the NSX Edge. To get the latest configuration details of NSX Edge on the new host, run the API command.
    POST api/v1/transport-nodes/<transport-node-id>?action=refresh_node_configuration&resource_type=EdgeNode

What to do next

Add the NSX Edge node to an NSX Edge cluster. See Create an NSX Edge Cluster.