NSX Logical Switches
In NSX there are two types of switches Global logical switch and Universal logical switches. ESXi host that uses these switches to create VTEP for VXLAN encapsulation and decaptulation. Both Switches supports single Ethernet broadcast domain that means it has one to one relation between logical switch and its assigned VNI , due to these relationship we assume logical switch and VNI as same.
Global logical switch belong to global transport zone and Universal logical switch belong to universal transport zone.
NSX manager is responsible for managing management plane of these logical switches whereas each ESXi owns its own data plane. NSX Controller or Universal NSX controller handles mostly control plane of logical switches.
Each ESXi host contains the local copies of MAC table per logical switch and contains the following information:
- MAC address of locally connected VM
- MAC address of remotely connected host which has active flows.
If there is no activity of any remote VM for more than 5 mins, MAC address of that VM is flushed out. Logical switch learn the VM MAC from vmx file of the VM, but this default behavior can be changed.
Creating Logical Switches:
NSX manager is used to create the logical switches and is added in transport zone owned by NSX manager. Logical switches can also be created by vSphere Web client.
When Global logical switches are created, it must be assigned to global transport zone and when Universal logical switches are created, it should be assigned to Universal transport zone.
These logical switch can be represented at ESXi host by a dvPortgroup in vDS which is assigned to each NSX cluster during preparation of logical network. Each vCenter can support 10000 dvPortgroup so maximum number of logical switches (global and universal) can also be 10000 which can be deployed in NSX domain.
Logical Switch Tables:
Following prerequisite must be met when a logical switch is created and before first VM is migrated to logical switches.
- Assignment of NSX controller who will take care of this Logical switch must be done by NSX controller L2 master.
- All NSX Controller are informed that which NSX controller is taking care of the newly created logical switches.
- All ESXi host in logical switch transport zone are informed that which NSX controller is taking care of the newly created logical switches.
As soon as the NSX controller has been assigned for particular VNI or logical switch, it has principal copy of three table:
- The VTEP table
- The Mac table
- The ARP table
NSX controller who is responsible for logical switch also keeps connection table of each ESXi host which has at least one powered ON VM. The connection table has following entries:
- Management VMkernal port of ESXi host
- TCP port of the connection
- Logically Connection ID
A VTEP table contains list of all VTEP IP that have atleast one Powered ON VM. A VTEP IP is the IP of VXLAN VMkernal port which was assigned during host configuration. ESXI host populates the VTEP table when following action is done for any VM
- Powers up in the ESXi
- vMotion to the ESXi
When these above action happens for any VM, ESXi host running VM, sends the request to responsible NSX Controller to add this VTEP to the VTEP table.
Any VTEP will be removed from VTEP table of NSX Controller when following action is done for last VM on that ESXi host.
- VM Powers Off
- VMotion from ESXi host.
NSX Controller sends the copy of VTEP table to all ESXi host, whenever any VTEP table is updated (VTEP is added or removed).
Any VTEP table has following five fields, out of which first four entries are provided to NSX controller by ESXi host.
- VNI ID
- VTEP ID
- VTEP Subnet
- VTEP MAC address
How VTEP table is populated:
This Section assumes that Replication mode for logical switches is configured to unicast or Hybrid.
Below diagram states that there are two ESXi host, with VNI 5555 configured and two VM are connected to this same VNI or logical switch.
Now let’s see how VTEP table is populated.
VM on ESXi A is powered ON, as soon as it is powered on, ESXI –A will send the following information to NSX from its management VMkernal port over TCP 1234 and once NSX controller will receive this information , NSX Controller will add it in its VTEP table. Following information is send by ESXi host to NSX Controller:
- VTEP IP
- VTEP Subnet
- VTEP MAC address
Once these information is added to VTEP table, NSX Controller will send this table to ESXi host, that is ESXi-A.
Now let’s suppose that VM on ESXi-B is also powered on and same process happens as discussed above, and NSX Controller will now send both VTEP IP information in VTEP table to both ESXi Host for VNI 5555.