ArunkumarRG
Contributor
Contributor

TCP connection between NSX controller and Hardware Gateway - Possible??

Jump to solution

Hi,

Is it possible to have a TCP connection between NSX controller and Hardware-Gateway(VxLAN Tunnel End Point - VTEP)??

If yes, how to provision the HW Gateway service in NSX?? Asking this because, in the NSX, when adding new hardware gateway service, configuring certificate is shown as mandatory field

Thanks,

Arun.

1 Solution

Accepted Solutions
bayupw
Leadership
Leadership

What hardware vendor and which NSX version are you using?

The NSX controller to Hardware Gateway (HSC) communication uses OVSDB (Open vSwitch Database Management) Protocol RFC 7047 RFC 7047 - The Open vSwitch Database Management Protocol

As far as I know, SSL is required for OVSDB client-server communication.

For NSX 6.2.4, SHA type is required, older versions uses MD5 as per VMware NSX for vSphere 6.2.4 Release Notes

Issue 1637939: MD5 certificates are not supported while deploying hardware gateways

While deploying hardware gateway switches as VTEPs for logical L2 VLAN to VXLAN bridging, the physical switches support at minimum SHA1 SSL certificates for OVSDB connection between the NSX controller and OVSDB switch.

Workaround: None.

If you are on NSX 6.3.x, make sure the hardware gateway is TLS 1.2 compliant, check this KB: Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511) | VMware KB

There is a document on Hardware VTEP integration with NSX here: Hardware Layer 2 Gateways Integration with NSX

If you are looking on how to configure, there is an offline demo in VMware Hands on Labs here: HOL-1703 - Hardware VTEP Integration with Arista 

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

View solution in original post

7 Replies
Kamuthiking
Enthusiast
Enthusiast

it is udp only i think

0 Kudos
ArunkumarRG
Contributor
Contributor

Basically I'm looking for whether SSL connection is mandatory between the NSX controller and HW gateway?? can we have a plain tcp/udo instead of SSL??

Thanks,

Arun.

0 Kudos
bayupw
Leadership
Leadership

What hardware vendor and which NSX version are you using?

The NSX controller to Hardware Gateway (HSC) communication uses OVSDB (Open vSwitch Database Management) Protocol RFC 7047 RFC 7047 - The Open vSwitch Database Management Protocol

As far as I know, SSL is required for OVSDB client-server communication.

For NSX 6.2.4, SHA type is required, older versions uses MD5 as per VMware NSX for vSphere 6.2.4 Release Notes

Issue 1637939: MD5 certificates are not supported while deploying hardware gateways

While deploying hardware gateway switches as VTEPs for logical L2 VLAN to VXLAN bridging, the physical switches support at minimum SHA1 SSL certificates for OVSDB connection between the NSX controller and OVSDB switch.

Workaround: None.

If you are on NSX 6.3.x, make sure the hardware gateway is TLS 1.2 compliant, check this KB: Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511) | VMware KB

There is a document on Hardware VTEP integration with NSX here: Hardware Layer 2 Gateways Integration with NSX

If you are looking on how to configure, there is an offline demo in VMware Hands on Labs here: HOL-1703 - Hardware VTEP Integration with Arista 

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
bayupw
Leadership
Leadership

I also have a slide on VMware NSX and Arista Hardware Gateway Integration here: VMware NSX and Arista L2 Hardware VTEP Gateway Integration

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
ArunkumarRG
Contributor
Contributor

Thanks Bayu!!

BTW, this is for a new HW GW device(not certified by VMware yet), for which I'm checking on a prototype.

Thanks,

Arun.

0 Kudos
Saroj2018
Contributor
Contributor

Hello Anun kumar,

                             For Uncertified switches how to do the HW VTEP Integration with NSX Controller.

I am also doing a poc with a new swicth. Though of asking you.

Thanks,

Saroj

0 Kudos
Saroj2018
Contributor
Contributor

Hi Bayu,

             I am doing a POC on HW VTEP Integration to NSX controller.

I am using a new switch not listed at(authorised). But i meet all the pre-requisites. Pls let me know if ANY switch can be configured as  HW VTEP Gateway to NS controller even not certified by VMware

Thanks,

Saroj Kumar

0 Kudos