Install NSX Edge on ESXi Using the Command-Line OVF Tool

If you prefer to automate NSX Edge installation, you can use the VMware OVF Tool, which is a command-line utility.

Prerequisites

Verify that the system requirements are met. See System Requirements.
Verify that the required ports are open. See Ports and Protocols.
Verify that a datastore is configured and accessible on the ESXi host.
Verify that you have the IP address and gateway, DNS server IP addresses, domain search list, and the NTP Server IP or FQDN list for the NSX Manager or Cloud Service Manager to use.
If you do not already have one, create the target VM port group network. Place the NSX-T Data Center appliances on a management VM network.
If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.
Plan your NSX Manager IPv4 IP addressing scheme.

See NSX Edge network requirements in NSX Edge Installation Requirements.

Verify that you have adequate privileges to deploy an OVF template on the ESXi host.
Verify that hostnames do not include underscores. Otherwise, the hostname is set to localhost.

OVF Tool version 4.3 or later.

Know parameters that you can use to deploy a NSX Edge VM and join it to the management plane.

Field Name	OVF Parameter	Field Type
System root password	nsx_passwd_0	Required to install. NSX Edge
CLI admin password	nsx_cli_passwd_0	Required to install NSX Edge.
CLI audit password	nsx_cli_audit_passwd_0	Optional
CLI admin username	nsx_cli_username	Optional
CLI audit username	nsx_cli_audit_username	Optional
NSX Manager IP	mpIp	Required to join NSX Edge VM to NSX Manager.
NSX Manager token	mpToken	Required to join NSX Edge VM to NSX Manager. To retrieve token, on the NSX Manager, run `POST https://<nsx-manager>/api/v1/aaa/registration-token`.
NSX Manager thumbprint	mpThumbprint	Required to join NSX Edge VM to NSX Manager. To retrieve thumbprint, on the NSX Manager node, run `get certificate api thumbprint`.
Node Id	mpNodeId	Only for internal use.
Hostname	nsx_hostname	Optional
Default IPv4 gateway	nsx_gateway_0	Optional
Management network IP address	nsx_ip_0	Optional
Management network netmask	nsx_netmask_0	Optional
DNS servers	nsx_dns1_0	Optional
Domain Search suffixes	nsx_domain_0	Optional
NTP Servers	nsx_ntp_0	Optional
Is SSH service enabled	nsx_isSSHEnabled	Optional
Is SSH enabled for root login	nsx_allowSSHRootLogin	Optional
Is autonomous Edge	is_autonomous_edge	Optional. Valid values: True, False (default)

Procedure

For a standalone host, run the ovftool command with the appropriate parameters.

C:\Users\Administrator\Downloads>ovftool 
--name=nsx-edge-1 
--deploymentOption=medium
--X:injectOvfEnv 
--X:logFile=ovftool.log 
--allowExtraConfig 
--datastore=ds1 
--net:"Network 0=Mgmt" 
--net:"Network 1=nsx-tunnel" 
--net:"Network 2=vlan-uplink"  
--net:"Network 3=vlan-uplink"  
--acceptAllEulas 
--noSSLVerify 
--diskMode=thin 
--powerOn 
--prop:nsx_ip_0=192.168.110.37 
--prop:nsx_netmask_0=255.255.255.0 
--prop:nsx_gateway_0=192.168.110.1 
--prop:nsx_dns1_0=192.168.110.10 
--prop:nsx_domain_0=corp.local 
--prop:nsx_ntp_0=192.168.110.10 
--prop:nsx_isSSHEnabled=True 
--prop:nsx_allowSSHRootLogin=True 
--prop:nsx_passwd_0=<password> 
--prop:nsx_cli_passwd_0=<password> 
--prop:nsx_hostname=nsx-edge
--prop:mpIp=<NSXManager-IP>
--prop:mpToken=<NSXManager-Token>
--prop:mpThumbprint=<NSXManager-Thumbprint> 
--prop:is_autonomous_edge=False 
<path/url to nsx component ova> 
vi://root:<password>@192.168.110.51

Opening OVA source: nsx-<component>.ova
The manifest validates
Source is signed and the certificate validates
Opening VI target: vi://[email protected]
Deploying to VI: vi://[email protected]
Transfer Completed
Powering on VM: nsx-edge-1
Task Completed
Completed successfully

For a host managed by vCenter Server, run the ovftool command with the appropriate parameters.

C:\Users\Administrator\Downloads>ovftool 
--name=nsx-edge-1 
--deploymentOption=medium
--X:injectOvfEnv 
--X:logFile=ovftool.log 
--allowExtraConfig 
--datastore=ds1 
--net:"Network 0=Mgmt" 
--net:"Network 1=nsx-tunnel" 
--net:"Network 2=vlan-uplink"  
--net:"Network 3=vlan-uplink"  
--acceptAllEulas 
--noSSLVerify 
--diskMode=thin 
--powerOn 
--prop:nsx_ip_0=192.168.110.37 
--prop:nsx_netmask_0=255.255.255.0 
--prop:nsx_gateway_0=192.168.110.1 
--prop:nsx_dns1_0=192.168.110.10 
--prop:nsx_domain_0=corp.local 
--prop:nsx_ntp_0=192.168.110.10 
--prop:nsx_isSSHEnabled=True 
--prop:nsx_allowSSHRootLogin=True 
--prop:nsx_passwd_0=<password> 
--prop:nsx_cli_passwd_0=<password> 
--prop:nsx_hostname=nsx-edge
--prop:mpIp=<NSXManager-IP>
--prop:mpToken=<NSXManager-Token>
--prop:mpThumbprint=<NSXManager-Thumbprint> 
--prop:is_autonomous_edge=False 
<path/url to nsx component ova> 
vi://[email protected]:<password>@192.168.110.24/?ip=192.168.210.53

Opening OVA source: nsx-<component>.ova
The manifest validates
Source is signed and the certificate validates
Opening VI target: vi://[email protected]@192.168.110.24:443/
Deploying to VI: vi://[email protected]@192.168.110.24:443/
Transfer Completed
Powering on VM: nsx-edge-1
Task Completed
Completed successfully

For an optimal performance, reserve memory for the appliance.

Set the reservation to ensure that NSX Manager has sufficient memory to run efficiently. See NSX Manager VM and Host Transport Node System Requirements.
Open the console of the NSX Edge node to track the boot process.
After the NSX Edge node starts, log in to the CLI with admin credentials.
Run the get interface eth0 (without VLAN) or get interface eth0.<vlan_ID> (with a VLAN) command to verify that the IP address was applied as expected.
```
nsx-edge-1> get interface eth0.100 

Interface: eth0.100
  Address: 192.168.110.37/24
  MAC address: 00:50:56:86:62:4d
  MTU: 1500
  Default gateway: 192.168.110.1
  Broadcast address: 192.168.110.255
  ...
```
Note: When bringing up NSX Edge nodes on non-NSX managed host, verify that the MTU setting is set to 1600 (instead of 1500) on the physical host switch for the data NIC.
Verify that the NSX Edge node has the required connectivity.
If you enabled SSH, make sure that you can SSH to your NSX Edge node and verify the following:
- You can ping your NSX Edge node management interface.
- From the NSX Edge node, you can ping the node's default gateway.
- From the NSX Edge node, you can ping the hypervisor hosts that are either in the same network or a network reachable through routing.
- From the NSX Edge node, you can ping the DNS server and NTP Server IP or FQDN list.
Troubleshoot connectivity problems.

Note: If connectivity is not established, make sure the VM network adapter is in the proper network or VLAN.

By default, the NSX Edge node datapath claims all virtual machine NICs except the management NIC (the one that has an IP address and a default route). If you incorrectly assigned a NIC as the management interface, follow these steps to use DHCP to assign management IP address to the correct NIC.
1. Log in to the NSX Edge CLI and type the stop service dataplane command.
2. Type the set interface interface dhcp plane mgmt command.
3. Place interface into the DHCP network and wait for an IP address to be assigned to that interface.
4. Type the start service dataplane command.
  The datapath fp-ethX ports used for the VLAN uplink and the tunnel overlay are shown in the get interfaces and get physical-port commands on the NSX Edge node.

What to do next

If you did not join the NSX Edge with the management plane, see Join NSX Edge with the Management Plane.