The S5248F-ON switches must be configured to allow north/south NSX VXLAN traffic to be routed to the core network. Dell EMC recommends deploying the switching fabric in a traditional leaf/spine architecture, with the S5248F-ON (leaf) switches connecting to upstream Z9264-F-ON (spine) switches, which then connect to the core data center fabric. Optionally, you can connect the S5248F-ON switches directly to core data center fabric.
VMware NSX Edge Services Gateways (ESGs) are specialized virtual machines that provide networking services such as gateway routing to VXLAN overlay networks. The ESGs connect to the leaf/spine switches to enable processing of VXLAN north/south traffic. Two VLANs (uplink01, and uplink02) connect the ESGs, and Border Gateway Protocol (BGP) is used to exchange routing information. These VLANs are only configured on leaf switches that are connected to hosts where the ESGs are configured to run. One VLAN is configured on each leaf switch, and redundancy is provided by having an ESG peer for each IP address.
Note: In larger configurations, create VMware host affinity rules to ensure that the ESG VMs are always confined to physical hosts that are connected to configured leaf switches.
For detailed ESG configuration details, which are outside the scope of this document, see Deploy NSX Edges in Cloud Foundation Version 3.7.1.
Configure the S4148T-ON switches for north/south traffic
The following steps detail how to configure the S5248F-ON switches with the hostnames SW1 and SW2:
- Create VLAN 2711 and assign an IP address:
SW1(config)# interface vlan230
SW1(config-if-vl-2711)# description esg-uplink01
SW1(config-if-vl-2711)# no shutdown
SW1(config-if-vl-2711)# mtu 9216
SW1(config-if-vl-2711)# ip address 172.90.230.1/24
SW1(config-if-vl-2711)# exit
- Configure the management node ports as VLAN members for the two uplink VLANs:
SW1(config)# interface range ethernet1/1/17-1/1/18
SW1(conf-range-eth1/1/17-1/1/18)# switchport trunk allowed vlan 230-240
SW1(conf-range-eth1/1/17-1/1/18)# exit
- Configure eBGP for peering with the ESGs:
SW1(config)# router bgp 65101
SW1(config-router-bgp-65101)# neighbor 172.90.230.2
SW1(config-router-neighbor)# advertisement-interval 5
SW1(config-router-neighbor)# bfd
SW1(config-router-neighbor)# fall-over
SW1(config-router-neighbor)# password <bgp-password>
SW1(config-router-neighbor)# remote-as 65003
SW1(config-router-neighbor)# no shutdown
SW1(config-router-neighbor)# exit
SW1(config-router-bgp-65101)# neighbor 172.90.230.3
SW1(config-router-neighbor)# advertisement-interval 5
SW1(config-router-neighbor)# bfd
SW1(config-router-neighbor)# fall-over
SW1(config-router-neighbor)# password <bgp-password>
SW1(config-router-neighbor)# remote-as 65003
SW1(config-router-neighbor)# no shutdown
SW1(config-router-neighbor)# end
- Update the existing route map:
SW1(config)# ip prefix-list spine-leaf seq 60 permit
172.90.230.0/24
SW1(config)# ip prefix-list spine-leaf seq 70 permit
172.27.240.0/24
Note: Add other networks to the IP prefix list based on the tenant workload networks that are used in the environment.
Verify peering and BGP
The NSX Edge devices must establish a connection to each of the leaf switches before BGP updates can be exchanged. Confirm the successful peering of the NSX Edge devices and confirm that BGP routing has been established: From switch SW1, run the show ip bgp summary command to show a summary of the neighbor adjacencies.
