VMware Networking Community
alain858
Contributor
Contributor

NSX Controller port 6632 on loopback

Hello everyone

I have a couple of ESX servers with NSX running and I'm trying to define an external switch/router device as a vxlan tep (for integration validation purpose).

For this to work, doc says that the device has to contact the NSX Controller on port 6632 (ovsmgmt) using SSL protocol, but when it tries to do so the connection attempt is rejected by the Controller.

Now if I check the Controller network connections ("show network connections") I see that the port 6632 is in LISTEN state but on the loopback interface only (127.0.0.1:6632 LISTEN).

So how can I change the configuration to get the ovsmgmt listening on all interfaces (0.0.0.0:6632 LISTEN) ?

Tags (2)
Reply
0 Kudos
10 Replies
admin
Immortal
Immortal

Hello,

I'm assuming you're talking about NSX for vSphere. If this is correct, then there's no Controller integration available with ToR switches.

NSX-v can interwork with other VXLAN endpoints using Multicast control plane (which doesn't depend on Controllers). You'll need to first create Logical Switches in NSX, note their VNI and Multicast address, and then configure these into your ToR(s).

Reply
0 Kudos
alain858
Contributor
Contributor

I understood there were some integration with Juniper devices (MX router, QFX5100 switch).

Juniper provides some documentation explaining how to define an ovsdb managed VXLAN and there are some steps dedicated to a connection with a NSX controller thru management network using port 6632 with ssl protocol (extract from this doc : "On the management interface em0 or em1 of the QFX5100 switch, a connection with an NSX controller is explicitly configured, by using the Junos OS CLI."). This is what I am trying to set up.

I managed to change the listening intf of my NSX controller using the cmd  : # set control-cluster role switch_manager listen-ip <eth0 ip>

It looks better from connection stand point but the Controller reports a "unknown credential" received from the device (and I did not check for some side effect of this change...)

Reply
0 Kudos
ddesmidt
VMware Employee
VMware Employee

As mentioned DmitriK, there is no built-in integration between ToR and NSX-v (only NSX-MH).

Can you clarify if you are testing with NSX-v (NSX for vSphere) or NSX-MH (NSX Multi-Hypervisor)?

Dimitri

Reply
0 Kudos
alain858
Contributor
Contributor

mmmmm you probably pointed out my problem. I'm using NSX-v when I should use NSX-MH, right ?

Reply
0 Kudos
ddesmidt
VMware Employee
VMware Employee

"I'm using NSX-v when I should use NSX-MH, right ?"

I guess you want to configure L2 connectivity between a "Logical (VXLAN)" and "Physical (VLAN)".


For that if you ask me, you do NOT need to use the ToR for that.

In both NSX flavors (NSX-v and NSX-MH), there is a built-in capability to offer L2 logical/physical.

And at actually very high scale since done in kernel and not VM.

NSX-v offers up to 14Gbps per VXLAN/VLAN (if you have a NIC + NIC driver with VXLAN offload like "Intel 82599 EB").


The feature is called L2 bridging and is available under DLR.

Do you need more than 14 Gbps for a specific VXLAN/VLAN?


Dimitri




Reply
0 Kudos
alain858
Contributor
Contributor

Actually, the objective of this test bed was to be able to setup such a configuration (L2 connectivity thru external hardware device)  Smiley Happy

Reply
0 Kudos
ddesmidt
VMware Employee
VMware Employee

You want to show it via an external device.

What is the need?

Is it because you have a need of more that 14Gbps for a specific VXLAN/VLAN?

If your need is 14Gbps or less throughput for a specific VXLAN/VLAN, then the configuration will be MUCH simpler if done in software on the NSX native capabilities.

Dimitri

Reply
0 Kudos
alain858
Contributor
Contributor

I would like to setup a test environment as described in this white paper www.vmware.com/files/pdf/products/nsx/Juniper-NSX-SolutionBrief.pdf

Reply
0 Kudos
ddesmidt
VMware Employee
VMware Employee

I understand you are using the NSX-v (for vSphere).

This document refers to the NSX-MH (Multi-Hypervisor) integration with some Juniper and do not apply to NSX-v.

That said you still didn't explain why you wanted to get the L2 VXLAN/VLAN done on the Juniper instead of the NSX native?

Is it because you have more than 14Gbps per VXLAN/VLAN throughput?

Or is it just because you want to get it on Juniper but no real technical reason.


Note: If that's the latter, then:

     . you'll have to have specific Juniper hardware / release (check with Juniper what model/release)

     . you'll have to use NSX-MH and not NSX-v (which means you won't have advanced NSX-v logical network and security services such as Load Balancer, or Stateful Firewall, VPN/IPSEC)

     . you'll also lose NSX-MH distributed routing function, security port-isolation capabilities, and troubleshooting traceflow capabilities

Dimitri

Reply
0 Kudos
alain858
Contributor
Contributor

Yes my point is just to understand how Juniper devices and NSX interact regardless of any specific function/performance consideration. I have the correct Juniper device but I totally missed the point about NSX-v vs NSX-MH.

Thanks a lot for your help.

Reply
0 Kudos