VMware Networking Community
ArunkumarRG
Contributor
Contributor
Jump to solution

TCP connection between NSX controller and Hardware Gateway - Possible??

Hi,

Is it possible to have a TCP connection between NSX controller and Hardware-Gateway(VxLAN Tunnel End Point - VTEP)??

If yes, how to provision the HW Gateway service in NSX?? Asking this because, in the NSX, when adding new hardware gateway service, configuring certificate is shown as mandatory field

Thanks,

Arun.

1 Solution

Accepted Solutions
bayupw
Leadership
Leadership
Jump to solution

What hardware vendor and which NSX version are you using?

The NSX controller to Hardware Gateway (HSC) communication uses OVSDB (Open vSwitch Database Management) Protocol RFC 7047 RFC 7047 - The Open vSwitch Database Management Protocol

As far as I know, SSL is required for OVSDB client-server communication.

For NSX 6.2.4, SHA type is required, older versions uses MD5 as per VMware NSX for vSphere 6.2.4 Release Notes

Issue 1637939: MD5 certificates are not supported while deploying hardware gateways

While deploying hardware gateway switches as VTEPs for logical L2 VLAN to VXLAN bridging, the physical switches support at minimum SHA1 SSL certificates for OVSDB connection between the NSX controller and OVSDB switch.

Workaround: None.

If you are on NSX 6.3.x, make sure the hardware gateway is TLS 1.2 compliant, check this KB: Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511) | VMware KB

There is a document on Hardware VTEP integration with NSX here: Hardware Layer 2 Gateways Integration with NSX

If you are looking on how to configure, there is an offline demo in VMware Hands on Labs here: HOL-1703 - Hardware VTEP Integration with Arista 

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

View solution in original post

7 Replies
Kamuthiking
Enthusiast
Enthusiast
Jump to solution

it is udp only i think

Reply
0 Kudos
ArunkumarRG
Contributor
Contributor
Jump to solution

Basically I'm looking for whether SSL connection is mandatory between the NSX controller and HW gateway?? can we have a plain tcp/udo instead of SSL??

Thanks,

Arun.

Reply
0 Kudos
bayupw
Leadership
Leadership
Jump to solution

What hardware vendor and which NSX version are you using?

The NSX controller to Hardware Gateway (HSC) communication uses OVSDB (Open vSwitch Database Management) Protocol RFC 7047 RFC 7047 - The Open vSwitch Database Management Protocol

As far as I know, SSL is required for OVSDB client-server communication.

For NSX 6.2.4, SHA type is required, older versions uses MD5 as per VMware NSX for vSphere 6.2.4 Release Notes

Issue 1637939: MD5 certificates are not supported while deploying hardware gateways

While deploying hardware gateway switches as VTEPs for logical L2 VLAN to VXLAN bridging, the physical switches support at minimum SHA1 SSL certificates for OVSDB connection between the NSX controller and OVSDB switch.

Workaround: None.

If you are on NSX 6.3.x, make sure the hardware gateway is TLS 1.2 compliant, check this KB: Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511) | VMware KB

There is a document on Hardware VTEP integration with NSX here: Hardware Layer 2 Gateways Integration with NSX

If you are looking on how to configure, there is an offline demo in VMware Hands on Labs here: HOL-1703 - Hardware VTEP Integration with Arista 

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
bayupw
Leadership
Leadership
Jump to solution

I also have a slide on VMware NSX and Arista Hardware Gateway Integration here: VMware NSX and Arista L2 Hardware VTEP Gateway Integration

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
Reply
0 Kudos
ArunkumarRG
Contributor
Contributor
Jump to solution

Thanks Bayu!!

BTW, this is for a new HW GW device(not certified by VMware yet), for which I'm checking on a prototype.

Thanks,

Arun.

Reply
0 Kudos
Saroj2018
Contributor
Contributor
Jump to solution

Hello Anun kumar,

                             For Uncertified switches how to do the HW VTEP Integration with NSX Controller.

I am also doing a poc with a new swicth. Though of asking you.

Thanks,

Saroj

Reply
0 Kudos
Saroj2018
Contributor
Contributor
Jump to solution

Hi Bayu,

             I am doing a POC on HW VTEP Integration to NSX controller.

I am using a new switch not listed at(authorised). But i meet all the pre-requisites. Pls let me know if ANY switch can be configured as  HW VTEP Gateway to NS controller even not certified by VMware

Thanks,

Saroj Kumar

Reply
0 Kudos