The universal segment ID pool specifies a range for use when building logical network segments. Cross-vCenter NSX deployments use a unique universal segment ID pool to ensure that the universal logical switches VXLAN network identifiers (VNIs) are consistent across all secondary NSX Managers.
About this task
The universal segment ID pool is defined once on the primary NSX Manager and then synchronized to the secondary NSX Managers. Note that the segment ID range must be unique across any NSX Manager that you plan use in a cross-vCenter NSX deployment. This example uses a high range to provide future scalability.
When determining the size of each segment ID pool, keep in mind that the segment ID range controls the number of logical switches that can be created. Choose a small subset of the 16 million potential VNIs. You should not configure more than 10,000 VNIs in a single vCenter because vCenter limits the number of dvPortgroups to 10,000.
If VXLAN is in place in another NSX deployment, consider which VNIs are already in use and avoid overlapping VNIs. Non-overlapping VNIs is automatically enforced within a single NSX Manager and vCenter environment. Local VNI ranges can't be overlapping. However, it's important for you make sure that VNIs do not overlap in your separate NSX deployments. Non-overlapping VNIs is useful for tracking purposes and helps to ensure that your deployments are ready for a cross-vCenter environment.
If any of your transport zones will use multicast or hybrid replication mode, you must add a multicast address or a range of multicast addresses.
You must ensure that the multicast address or address range specified does not conflict with other multicast addresses assigned on any NSX Manager in the cross-vCenter NSX environment.
Having a range of multicast addresses spreads traffic across your network, prevents the overloading of a single multicast address, and better contains BUM replication.
Do not use 18.104.22.168/24 or 22.214.171.124/24 as the multicast address range, because these networks are used for local subnet control, meaning that the physical switches flood all traffic that uses these addresses. For more information about unusable multicast addresses, see https://tools.ietf.org/html/draft-ietf-mboned-ipv4-mcast-unusable-01.
When VXLAN multicast and hybrid replication modes are configured and working correctly, a copy of multicast traffic is delivered only to hosts that have sent IGMP join messages. Otherwise, the physical network floods all multicast traffic to all hosts within the same broadcast domain. To avoid such flooding, you must do the following:
Make sure that the underlying physical switch is configured with an MTU larger than or equal to 1600.
Make sure that the underlying physical switch is correctly configured with IGMP snooping and an IGMP querier in network segments that carry VTEP traffic.
Make sure that the transport zone is configured with the recommended multicast address range. The recommended multicast address range starts at 126.96.36.199/24 and excludes 188.8.131.52/24.
The vSphere Web Client interface allows you to configure a single segment ID range and a single multicast address or multicast address range. If you want to configure multiple segment ID ranges or multiple multicast address values, you can do this using the NSX API. See the NSX API Guide for details.
- Using the vSphere Web Client, log in to the vCenter Server system registered with the NSX Manager that will become the primary NSX Manager.
If the vCenter Server systems in your cross-vCenter NSX environment are in Enhanced Linked Mode, you can access any associated NSX Manager from any linked vCenter Server system by selecting it from the NSX Manager drop-down menu.
- Navigate to Home > Networking & Security > Installation and select the Logical Network Preparation tab.
- Verify the correct NSX Manager is selected in the NSX Manager drop-down menu.
- Click Segment ID > Edit.
- Enter a range for universal segment IDs, such as 900000-909999.
Verify that the range does not overlap with any other range assigned on any NSX Managers in the cross-vCenter NSX environment.
- (Optional) If any of your transport zones will use multicast or hybrid replication mode, check Enable Universal multicast addressing and enter a universal multicast address or a range of universal multicast addresses.
Verify that the multicast address specified does not conflict with any other multicast addresses assigned on any NSX Manager in the cross-vCenter NSX environment.
Later, after you configure universal logical switches, each universal logical switch receives a universal segment ID from the pool.