Hi,
Is it possible to have a TCP connection between NSX controller and Hardware-Gateway(VxLAN Tunnel End Point - VTEP)??
If yes, how to provision the HW Gateway service in NSX?? Asking this because, in the NSX, when adding new hardware gateway service, configuring certificate is shown as mandatory field
Thanks,
Arun.
What hardware vendor and which NSX version are you using?
The NSX controller to Hardware Gateway (HSC) communication uses OVSDB (Open vSwitch Database Management) Protocol RFC 7047 RFC 7047 - The Open vSwitch Database Management Protocol
As far as I know, SSL is required for OVSDB client-server communication.
For NSX 6.2.4, SHA type is required, older versions uses MD5 as per VMware NSX for vSphere 6.2.4 Release Notes
Issue 1637939: MD5 certificates are not supported while deploying hardware gateways
While deploying hardware gateway switches as VTEPs for logical L2 VLAN to VXLAN bridging, the physical switches support at minimum SHA1 SSL certificates for OVSDB connection between the NSX controller and OVSDB switch.
Workaround: None.
If you are on NSX 6.3.x, make sure the hardware gateway is TLS 1.2 compliant, check this KB: Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511) | VMware KB
There is a document on Hardware VTEP integration with NSX here: Hardware Layer 2 Gateways Integration with NSX
If you are looking on how to configure, there is an offline demo in VMware Hands on Labs here: HOL-1703 - Hardware VTEP Integration with Arista
it is udp only i think
Basically I'm looking for whether SSL connection is mandatory between the NSX controller and HW gateway?? can we have a plain tcp/udo instead of SSL??
Thanks,
Arun.
What hardware vendor and which NSX version are you using?
The NSX controller to Hardware Gateway (HSC) communication uses OVSDB (Open vSwitch Database Management) Protocol RFC 7047 RFC 7047 - The Open vSwitch Database Management Protocol
As far as I know, SSL is required for OVSDB client-server communication.
For NSX 6.2.4, SHA type is required, older versions uses MD5 as per VMware NSX for vSphere 6.2.4 Release Notes
Issue 1637939: MD5 certificates are not supported while deploying hardware gateways
While deploying hardware gateway switches as VTEPs for logical L2 VLAN to VXLAN bridging, the physical switches support at minimum SHA1 SSL certificates for OVSDB connection between the NSX controller and OVSDB switch.
Workaround: None.
If you are on NSX 6.3.x, make sure the hardware gateway is TLS 1.2 compliant, check this KB: Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511) | VMware KB
There is a document on Hardware VTEP integration with NSX here: Hardware Layer 2 Gateways Integration with NSX
If you are looking on how to configure, there is an offline demo in VMware Hands on Labs here: HOL-1703 - Hardware VTEP Integration with Arista
I also have a slide on VMware NSX and Arista Hardware Gateway Integration here: VMware NSX and Arista L2 Hardware VTEP Gateway Integration
Thanks Bayu!!
BTW, this is for a new HW GW device(not certified by VMware yet), for which I'm checking on a prototype.
Thanks,
Arun.
Hello Anun kumar,
For Uncertified switches how to do the HW VTEP Integration with NSX Controller.
I am also doing a poc with a new swicth. Though of asking you.
Thanks,
Saroj
Hi Bayu,
I am doing a POC on HW VTEP Integration to NSX controller.
I am using a new switch not listed at(authorised). But i meet all the pre-requisites. Pls let me know if ANY switch can be configured as HW VTEP Gateway to NS controller even not certified by VMware
Thanks,
Saroj Kumar