If you prefer to automate NSX Edge installation, you can use the VMware OVF Tool, which is a command-line utility.

Prerequisites

  • Verify that the system requirements are met. See System Requirements.
  • Verify that the required ports are open. See Ports and Protocols.
  • Verify that a datastore is configured and accessible on the ESXi host.
  • Verify that you have the IP address and gateway, DNS server IP addresses, domain search list, and the NTP Server IP or FQDN list for the NSX Manager or Cloud Service Manager to use.
  • If you do not already have one, create the target VM port group network. Place the NSX-T Data Center appliances on a management VM network.

    If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.

  • Plan your NSX Manager IPv4 IP addressing scheme.
  • Verify that you have adequate privileges to deploy an OVF template on the ESXi host.
  • Verify that hostnames do not include underscores. Otherwise, the hostname is set to localhost.
  • OVF Tool version 4.3 or later.
  • Know parameters that you can use to deploy a NSX Edge VM and join it to the management plane.
    Field Name OVF Parameter Field Type
    System root password nsx_passwd_0 Required to install. NSX Edge
    CLI admin password nsx_cli_passwd_0 Required to install NSX Edge.
    CLI audit password nsx_cli_audit_passwd_0 Optional
    CLI admin username nsx_cli_username Optional
    CLI audit username nsx_cli_audit_username Optional
    NSX Manager IP mpIp Required to join NSX Edge VM to NSX Manager.
    NSX Manager token mpToken Required to join NSX Edge VM to NSX Manager.

    To retrieve token, on the NSX Manager, run POST https://<nsx-manager>/api/v1/aaa/registration-token.

    NSX Manager thumbprint mpThumbprint Required to join NSX Edge VM to NSX Manager.

    To retrieve thumbprint, on the NSX Manager node, run get certificate api thumbprint.

    Node Id mpNodeId Only for internal use.
    Hostname nsx_hostname Optional
    Default IPv4 gateway nsx_gateway_0 Optional
    Management network IP address nsx_ip_0 Optional
    Management network netmask nsx_netmask_0 Optional
    DNS servers nsx_dns1_0 Optional
    Domain Search suffixes nsx_domain_0 Optional
    NTP Servers nsx_ntp_0 Optional
    Is SSH service enabled nsx_isSSHEnabled Optional
    Is SSH enabled for root login nsx_allowSSHRootLogin Optional
    Is autonomous Edge is_autonomous_edge Optional. Valid values: True, False (default)

Procedure

  • For a standalone host, run the ovftool command with the appropriate parameters.
    C:\Users\Administrator\Downloads>ovftool 
    --name=nsx-edge-1 
    --deploymentOption=medium
    --X:injectOvfEnv 
    --X:logFile=ovftool.log 
    --allowExtraConfig 
    --datastore=ds1 
    --net:"Network 0=Mgmt" 
    --net:"Network 1=nsx-tunnel" 
    --net:"Network 2=vlan-uplink"  
    --net:"Network 3=vlan-uplink"  
    --acceptAllEulas 
    --noSSLVerify 
    --diskMode=thin 
    --powerOn 
    --prop:nsx_ip_0=192.168.110.37 
    --prop:nsx_netmask_0=255.255.255.0 
    --prop:nsx_gateway_0=192.168.110.1 
    --prop:nsx_dns1_0=192.168.110.10 
    --prop:nsx_domain_0=corp.local 
    --prop:nsx_ntp_0=192.168.110.10 
    --prop:nsx_isSSHEnabled=True 
    --prop:nsx_allowSSHRootLogin=True 
    --prop:nsx_passwd_0=<password> 
    --prop:nsx_cli_passwd_0=<password> 
    --prop:nsx_hostname=nsx-edge
    --prop:mpIp=<NSXManager-IP>
    --prop:mpToken=<NSXManager-Token>
    --prop:mpThumbprint=<NSXManager-Thumbprint> 
    --prop:is_autonomous_edge=False 
    <path/url to nsx component ova> 
    vi://root:<password>@192.168.110.51
    
    Opening OVA source: nsx-<component>.ova
    The manifest validates
    Source is signed and the certificate validates
    Opening VI target: vi://[email protected]
    Deploying to VI: vi://[email protected]
    Transfer Completed
    Powering on VM: nsx-edge-1
    Task Completed
    Completed successfully
    
    
  • For a host managed by vCenter Server, run the ovftool command with the appropriate parameters.
    C:\Users\Administrator\Downloads>ovftool 
    --name=nsx-edge-1 
    --deploymentOption=medium
    --X:injectOvfEnv 
    --X:logFile=ovftool.log 
    --allowExtraConfig 
    --datastore=ds1 
    --net:"Network 0=Mgmt" 
    --net:"Network 1=nsx-tunnel" 
    --net:"Network 2=vlan-uplink"  
    --net:"Network 3=vlan-uplink"  
    --acceptAllEulas 
    --noSSLVerify 
    --diskMode=thin 
    --powerOn 
    --prop:nsx_ip_0=192.168.110.37 
    --prop:nsx_netmask_0=255.255.255.0 
    --prop:nsx_gateway_0=192.168.110.1 
    --prop:nsx_dns1_0=192.168.110.10 
    --prop:nsx_domain_0=corp.local 
    --prop:nsx_ntp_0=192.168.110.10 
    --prop:nsx_isSSHEnabled=True 
    --prop:nsx_allowSSHRootLogin=True 
    --prop:nsx_passwd_0=<password> 
    --prop:nsx_cli_passwd_0=<password> 
    --prop:nsx_hostname=nsx-edge
    --prop:mpIp=<NSXManager-IP>
    --prop:mpToken=<NSXManager-Token>
    --prop:mpThumbprint=<NSXManager-Thumbprint> 
    --prop:is_autonomous_edge=False 
    <path/url to nsx component ova> 
    vi://[email protected]:<password>@192.168.110.24/?ip=192.168.210.53
    
    
    Opening OVA source: nsx-<component>.ova
    The manifest validates
    Source is signed and the certificate validates
    Opening VI target: vi://[email protected]@192.168.110.24:443/
    Deploying to VI: vi://[email protected]@192.168.110.24:443/
    Transfer Completed
    Powering on VM: nsx-edge-1
    Task Completed
    Completed successfully
    
    
  • For an optimal performance, reserve memory for the appliance.

    Set the reservation to ensure that NSX Manager has sufficient memory to run efficiently. See NSX Manager VM and Host Transport Node System Requirements.

  • Open the console of the NSX Edge node to track the boot process.
  • After the NSX Edge node starts, log in to the CLI with admin credentials.
  • Run the get interface eth0 (without VLAN) or get interface eth0.<vlan_ID> (with a VLAN) command to verify that the IP address was applied as expected.
    nsx-edge-1> get interface eth0.100 
    
    Interface: eth0.100
      Address: 192.168.110.37/24
      MAC address: 00:50:56:86:62:4d
      MTU: 1500
      Default gateway: 192.168.110.1
      Broadcast address: 192.168.110.255
      ...
    
    Note: When bringing up NSX Edge nodes on non-NSX managed host, verify that the MTU setting is set to 1600 (instead of 1500) on the physical host switch for the data NIC.
  • Verify that the NSX Edge node has the required connectivity.

    If you enabled SSH, make sure that you can SSH to your NSX Edge node and verify the following:

    • You can ping your NSX Edge node management interface.
    • From the NSX Edge node, you can ping the node's default gateway.
    • From the NSX Edge node, you can ping the hypervisor hosts that are either in the same network or a network reachable through routing.
    • From the NSX Edge node, you can ping the DNS server and NTP Server IP or FQDN list.
  • Troubleshoot connectivity problems.
    Note: If connectivity is not established, make sure the VM network adapter is in the proper network or VLAN.

    By default, the NSX Edge node datapath claims all virtual machine NICs except the management NIC (the one that has an IP address and a default route). If you incorrectly assigned a NIC as the management interface, follow these steps to use DHCP to assign management IP address to the correct NIC.

    1. Log in to the NSX Edge CLI and type the stop service dataplane command.
    2. Type the set interface interface dhcp plane mgmt command.
    3. Place interface into the DHCP network and wait for an IP address to be assigned to that interface.
    4. Type the start service dataplane command.
      The datapath fp-ethX ports used for the VLAN uplink and the tunnel overlay are shown in the get interfaces and get physical-port commands on the NSX Edge node.

What to do next

If you did not join the NSX Edge with the management plane, see Join NSX Edge with the Management Plane.