This topic describes how to configure NSX Data Center v3 Transport Zones and N-VDS switches on NSX Edge Nodes for use with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on vSphere.
Before completing this section, make sure you have completed the following sections:
TKGI requires two Transport Zones for TKGI: an Overlay Transport Zone for the ESXi Transport Nodes and a VLAN Transport Zone for Edge Nodes.
TKGI requires that the host switch name associated with the Transport Zones match exactly the Edge Switch Name value that you specify when you configure an NSX Edge Node for use with TKGI.
You can configure your Transport Zones in three ways. The three configuration options require different levels of customization to complete:
Configuration | Transport Zone | Host Switch Name |
---|---|---|
Option 1: Use the Default Transport Zones | No customization | No customization |
Option 2: Create Custom Transport Zones | Yes customization | No customization |
Option 3: Use the NSX API | Yes customization | Yes customization |
Note: In NSX 3.1 and later, the Transport Zone Host Switch Name has been deprecated and removed from the NSX configuration UI. For more information, see TKGI NSX Edge Switch and Transport Zone Host Switch Name Requirements.
TKGI requires the NSX Edge Switch Name and the Transport Zone host switch name to be identical. You can configure identical Edge Switch and Transport Zone host switch names using the following methods:
By default NSX v3.x creates two transport zones for you: nsx-overlay-transportzone
and nsx-vlan-transportzone
. Both default Transport Zones use a single N-VDS host switch that is named nsxHostSwitch
. The advantage of using the default Transport Zones is twofold. First, it simplifies the Edge Node configuration process. Second, you need only a single N-VDS for the Edge Nodes.
To use this option:
nsxHostSwitch
as the Edge Switch Name.Select both default transport zones, nsx-overlay-transportzone
and nsx-vlan-transportzone
.
For example:
Field | Description |
---|---|
Edge Switch Name | nsxHostSwitch (must match exactly) |
Transport Zone | nsx-overlay-transportzone and nsx-vlan-transportzone (select both default transport zones) |
Uplink Profile | nsx-edge-single-nic-uplink-profile |
IP Assignment | Use IP Pool |
IP Pool | TEP-IP-POOL |
Uplinks | uplink-1 / EDGE-VTEP-PG |
Note: If you use the default Transport Zones, but do not use the exact name nsxHostSwitch
when configuring NSX on the Edge Node, you will receive the pks-nsx-t-osb-proxy
BOSH error when you try to deploy TKGI.
If you want to create a custom Transport Zone, you can do so using the NSX user interface. In this case, because the host switch name is deprecated from the NSX user interface, you have to make an NSX API call to get the host switch name so that you can configure the Edge Nodes with the correct switch.
When you create a custom Transport Zone using the NSX web interface, NSX will generate the associated switch name for you.
To create custom Transport Zones using the Host Switch names:
Create a custom Overlay Transport Zone:
tz-overlay
.Overlay
.tz-overlay
in the list.Create a custom VLAN Transport Zone:
tz-vlan
.VLAN
.tz-vlan
in the list.To retrieve the host switch name:
Make a call to the NSX API:
curl -k -u USER:PASSWORD -X GET "https://${NSX_MANAGER}/api/v1/transport-zones"
Retrieve the host switch name from the host_switch_name
property in the return.
For example, nsxHostSwitch
is the host switch name in the following return:
$ curl -k -u user:password -X GET "https://10.20.30.40/api/v1/transport-zones"
{
"results" : [ {
"transport_type" : "OVERLAY",
"host_switch_name" : "nsxHostSwitch",
"host_switch_id" : "5bfdbfc4-c2ab-4ca7-a021-bb1fc1b45ceb",
"transport_zone_profile_ids" : [ {
"resource_type" : "BfdHealthMonitoringProfile",
"profile_id" : "52035bb3-ab02-4a08-9884-18631312e50a"
} ],
"host_switch_mode" : "STANDARD",
"nested_nsx" : false,
"is_default" : true,
"resource_type" : "TransportZone",
"id" : "1b3a2f36-bfd1-443e-a0f6-4de01abc963e",
"display_name" : "nsx-overlay-transportzone",
"_create_user" : "system",
"_create_time" : 1594850884969,
"_last_modified_user" : "system",
"_last_modified_time" : 1594850884969,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0,
"_schema" : "/v1/schema/TransportZone"
}, {
"transport_type" : "VLAN",
"host_switch_name" : "nsxHostSwitch",
"host_switch_id" : "5bfdbfc4-c2ab-4ca7-a021-bb1fc1b45ceb",
"transport_zone_profile_ids" : [ {
"resource_type" : "BfdHealthMonitoringProfile",
"profile_id" : "52035bb3-ab02-4a08-9884-18631312e50a"
} ],
"host_switch_mode" : "STANDARD",
"nested_nsx" : false,
"is_default" : true,
"resource_type" : "TransportZone",
"id" : "a95c914d-748d-497c-94ab-10d4647daeba",
"display_name" : "nsx-vlan-transportzone",
"_create_user" : "system",
"_create_time" : 1594850885002,
"_last_modified_user" : "system",
"_last_modified_time" : 1594850885002,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0,
"_schema" : "/v1/schema/TransportZone"
} ],
"result_count" : 2,
"sort_by" : "display_name",
"sort_ascending" : true
Configure NSX for the Edge Nodes:
Field | Description |
---|---|
Edge Switch Name | Enter the exact switch name for the custom Overlay Transport Zone retrieved from the API call |
Transport Zone | tz-overlay , for example (use the exact name you specified for the custom Overlay Transport Zone |
Uplink Profile | nsx-edge-single-nic-uplink-profile |
IP Assignment | Use IP Pool |
IP Pool | TEP-IP-POOL |
Uplinks | uplink-1 / EDGE-VTEP-PG |
Select Add Switch at the top of the dialog. Configure the VLAN Transport Zone switch as follows:
Switch 2 for VLAN TZ
Field | Description |
---|---|
Edge Switch Name | Enter the exact switch name for the custom VLAN Transport Zone retrieved from the API call |
Transport Zone | tz-vlan , for example (use the exact name you specified for the custom VLAN Transport Zone) |
Uplink Profile | nsx-edge-single-nic-uplink-profile |
Uplinks | uplink-1 / EDGE-UPLINK-PG |
If you want to customize the NSX host switch name, you must do so using the NSX API. The required parameters are host_switch_name
and transport_type
(OVERLAY or VLAN). The optional parameters are description
and display_name
.
To create custom Transport Zones and NSX Switches:
Create a custom Overlay Transport Zone and associated custom NSX switch:
curl -k -u USER:PASSWORD -X POST -H 'Content-type: application/json' \
--data-binary '{ "display_name":"tz-overlay", "host_switch_name":"switch-overlay", "description":"Overlay Transport Zone", "transport_type":"OVERLAY" }' \
https://${NSX_MANAGER}/api/v1/transport-zones
Where:
USER
is the account name to use to authenticate.PASSWORD
is the password to use to authenticate.Retrieve the property values from the returned responses.
For example:
{
"_revision": 0,
"id": "c6626083-1a86-4370-85c0-791cf9f947e9",
"display_name": "tz-overlay",
"description": "Overlay Transport Zone",
"resource_type": "TransportZone",
"transport_type": "OVERLAY",
"host_switch_name": "switch-overlay",
"_last_modified_user": "admin",
"_last_modified_time": 1414179082458,
"_create_time": 1414179082458,
"_create_user": "admin",
"_schema": "/v1/schema/TransportZone"
}
Create a custom VLAN Transport Zone and associated custom NSX switch:
curl -k -u USER:PASSWORD -X POST -H 'Content-type: application/json' \
--data-binary '{ "display_name":"tz-vlan", "host_switch_name":"switch-vlan", "description":"VLAN Transport Zone", "transport_type":"VLAN" }' \
https://${NSX_MANAGER}/api/v1/transport-zones
Where:
USER
is the account name to use to authenticate.PASSWORD
is the password to use to authenticate.Retrieve the property values from the returned responses.
For example:
{
"_revision": 0,
"id": "c6626083-1a86-4370-85c0-791cf9f947e9",
"display_name": "tz-vlan",
"description": "VLAN Transport Zone",
"resource_type": "TransportZone",
"transport_type": "VLAN",
"host_switch_name": "switch-vlan",
"_last_modified_user": "admin",
"_last_modified_time": 1414179082458,
"_create_time": 1414179082458,
"_create_user": "admin",
"_schema": "/v1/schema/TransportZone"
}
In NSX 3.1 and later, the Transport Zone Host Switch Name has been deprecated and removed from the NSX configuration UI.
For TKGI, the NSX Edge Switch Name and the Transport Zone host switch name must be identical. When configuring NSX, configure the Edge Switch Name to be the same as the Transport Zone host switch name.
Note: The NSX 3.x Edge Node configuration displays the following message beside the Edge Switch Name field: “The switch name value need not be identical to host switch name associated with the Transport Zone.” This message does not apply to TKGI.
If there is a mismatch between the the host switch name associated with the Transport Zone and the Edge Switch Name, TKGI installation fails with the following error:
Failed to get NSX provisioning properties: No transport zone with overlay type found in transport node as switch name is not same across the TZ and ESXI TN