NSX prepares the DVS selected by the user for VXLAN.

This requires NSX to create a DVPortgroup on the DVS for VTEP vmknics to use.

The teaming, load balancing method, MTU, and VLAN ID is chosen during VXLAN configuration. The teaming and load balancing methods must match the configuration of the DVS selected for the VXLAN.

The MTU must be set to be at least 1600 and not less than what is already configured on the DVS.

The number of VTEPs created depends on the teaming policy selected and the DVS configuration.

Common Issues During VXLAN Preparation

During the configuration of VXLAN, the typical kinds of issues that can be encountered are as follows:

  • Teaming method chosen for VXLAN does not match what can be supported by the DVS. See the VMware NSX for vSphere Network Virtualization Design Guide at https://communities.vmware.com/docs/DOC-27683.

  • Incorrect VLAN ID chosen for the VTEPs.

  • DHCP selected to assign VTEP IP addresses, but no DHCP server is available.

  • A vmknic is missing “force-Sync” the configuration.

  • A vmknic has a bad IP address.

Important Port Numbers

The VXLAN UDP port is used for UDP encapsulation. By default, the VXLAN UDP port number is 8472. In NSX 6.2 and later installations that use a hardware VTEP, you must use VXLAN UDP port number 4789 instead. It can be modified via the REST API.

PUT /2.0/vdn/config/vxlan/udp/port/4789

Port 80 must be open from NSX Manager to the hosts. This is used to download the VIB/agent.

Port 443/TCP from, to, and among the ESXi hosts, the vCenter Server, and NSX Data Security.

Additionally, the following ports must be open on NSX Manager:

  • 443/TCP: Required for downloading the OVA file on the ESXi host for deployment, for using REST APIs, and for the NSX Manager user interface.

  • 80/TCP: Required for initiating a connection to the vSphere SDK and for messaging between NSX Manager and NSX host modules.

  • 1234/TCP: Requred for communication between ESXi Host and NSX Controller Clusters.

  • 5671: Required for Rabbit MQ (a messaging bus technology).

  • 22/TCP: Required for console access (SSH) to the CLI. By default, this port is closed.

If the hosts in your clusters were upgraded from vCenter Server version 5.0 to 5.5, you must open ports 80 and 443 on those hosts for Guest Introspection installation to be successful.