If you followed my NSX-T 2.4 lab build guide series you’ll know I ran through a complete build of NSX-T on a single site including a Tier-0 and Tier-1 setup.
Since I have now changed my lab to 3.0 I thought I’d make a post detailing the differences between building at version 3.0 vs 2.4 rather than doing another complete build series which will take weeks to write. This will allow you to still use the old build guide as the main reference.
So with that in mind I’ll reference each of the 2.4 lab posts where there are differences and highlight the changes in the 3.0 build.
Install, OVA Deployment of NSX-T Manager.
There are only two changes with the 3.0 OVA deployment and both of those are only relevant if you are deploying the Global Manager otherwise they can be ignored. They are the option to select ‘NSX Global Manager’ as the deployment type and the option to set the ‘NSX Site Name for Global Manager’
Add Compute Manager
When adding a Compute Manager there is one new addition, which is the ‘Enable Trust’ toggle. This is supported only if the Compute Manager is a vCenter 7.0 or later and it enables NSX to trust the Compute Manager for Authentication.
IP Pools have a couple of new options, when configuring the Subnet you now also have the option to configure the DNS Servers and DNS Suffix.
There are a couple of changes when creating a Transport Zone, the N-VDS section is now called Switch Name this is because it can be either an N-VDS or a VDS. The Host membership criteria setting has also been removed this is where you can set it to Standard or Enhanced data path, instead its now part of the Transport Node Profile.
NSX-T 3.0 also now has two system created Transport Zones which are used when deploying via the Wizard. Of course you can also use these for manual deployments or you can still create your own.
Transport Node Profile
There are a few differences when it comes to the Transport Node Profile and one Very big one!
The configuration is now done on a single pane as opposed to 2.4 where there are two tabs the first being the Transport Zone, this is now part of the Switch Configuration in 3.0.
The biggest change is that 3.0 now has the option to use a VDS or an N-VDS
When using a VDS the Teaming Policy Switch Mapping reflects this.
When using an N-VDS you can also migrate your VMKernels or select PNIC only if no vmks exist on the physical NIC’s.
The Segments have had a bit of an update, we now have the ability to Enable or disable the segment. The Subnets option is now on the main screen rather than a clickable link.
However in terms of changes for my lab build there are none really.
For the Edge Node deployment we now have the option to configure an Extra Large Edge.
We can also set the ‘CPU Reservation Priority’
All other settings are the same until we get to the ‘Configure NSX’ tab.
In previous releases you selected all the Transport Zones then picked the Switch for each one. With 3.0 the Transport Zone is configure in each Switch configuration and the switch to pick is no longer an option it must now be typed in.
In my 3.0 lab build i didn’t set a switch name in the Transport Zone configuration as the hosts use a VDS, for my Edge Node I do need an N-VDS for the overlay so I enter a name.
Tier 1 Gateway
The initial config on my Tier-1 gateway post was to just give it a name and so nothing has changed here.
The second part of the original post was configuring the Segment to connect to the Tier-1 and that is slightly different. The gateway is now set on the main page rather than the ‘Set Subnets’ link.
Tier 0 Gateway
The first thing you’ll notice is that you now have two options when clicking ADD GATEWAY you can add a Tier-0 or a VRF. I’ll get into VRF’s in a later post.
When configuring the interfaces we have a few new options available from this screen, PIM Disabled/Enable, ND Profile and URPF Mode None/Strict.
Protocol Independent Multicast (PIM) is a collection of multicast routing protocols for IP networks .
ND Profile, used to configure Stateless Address Autoconfiguration (SLAAC)
(URPF) Unicast Reverse Path Forwarding we already knew about but its nice that it’s here now rather than in the advanced section which is now only available via the Manager user interface rather than Policy.
On BGP there are a couple of settings we can do from this screen now.
Graceful restart Disable/Helper Only/Graceful Restart And Helper.
Graceful Restart Timer
Graceful Restart Stale Timer
On Set BGP Neighbors we have ‘Source Addresses and Graceful Restart and the Route filter ‘Set’ replaced the in and out from 2.4, I didn’t use these during my build but I will cover them in future posts.
Route Re-distribution can now be enabled or disabled from the main screen.
Now when you click Set you get a new interface window where you can configure different configurations and set them to a Route Map.
For Route re-distribution settings there are some new configurations again Ii didn’t use them but I’ll cover what they are later.
EVPN TEP IP, Loopback Interface Subnet.
IPSec Local Endpoint and Service Interface Subnet.
On the Tier-1 Route Advertisement we now have ‘All IPSec Local Endpoints’ and ‘Set Route Advertisement Rules’
and that brings us up to date on the changes for my lab build from 2.4 to 3.0 🙂