Assigning Segment ID Pool and Multicast Addresses

In this video, we're going to go over how to assign segment ID pools in multicast IP
addresses when configuring NSX. So from the Home screen of the vSphere Web Client,
we're going to click on Networking & Security. From Networking & Security, go ahead and
click on Installation and Logical Network Preparation. Now the part of this screen that we
want to pay attention to is going to be the Segment ID part, so go ahead and click on Segment
ID. And you're going to see here that I already have this environment set up, so we have our
Segment ID...ID pool, which is 5000-10000. Now in case you've forgotten what the Segment
IDs are, they are analogous to the VLANs that are assigned to physical networks in an
environment. Now what does that mean? Well, when you are working with your Networking
& Security folks or your backbone folks, and you're referring to a network, you would say it's
your...let's say it's your DMZ network. The way you would refer to it in a common vernacular
that everyone could understand would be the VLAN ID that's been associated with it on the
physical network. In this case, it maybe VLAN-124, or VLAN-256, or VLAN-3822, it
doesn't really matter. But what a Segment ID is what VXLAN uses to identify each virtual
network that it is generating. So in physical networks, you could only have just over 4000
networks that you could...that you could keep track of within a single broadcast domain.

In VXLAN, using the virtualized networking, we can have just over 16 million virtual
networks that we can generate. So you're going to see here if I go ahead and click on the Edit
button, that the Segment ID pool is going to ask for a range of 5000 to just over 16 million.
Now you'll notice that number 5000, now that sticks out because that's going to be well
outside of the range of what a physical VLAN could have assigned to it. Now the purpose for
that is obviously not to mix the two up, it wouldn't make any sense to have the Segment ID
pool start at, say, 2500 or 3000 because at that point, you wouldn't know if you're dealing
with a physical VLAN, or a virtual VLAN, or VXLAN. So to go ahead and update what I
have here, I can just go ahead and highlight the 5000 to 10000, delete that, and I can simply
make it "10000-15000" if I wanted, it really does not matter, as long as you are within the
range of somewhere between 5000-16777216, you are just fine.

Now under the Enable multicast addressing, you'll see here that the radio button is
unchecked, so let's go ahead and hit that. And once again, it's giving us a recommended
range, so it's 239.0.0.0 IP address, all the way to 239.255.255.255 IP address. Once again, as
long as you are somewhere in that range, you are perfectly fine to go ahead and get any range
you want. Now you're going to have to have this multicast addressing if you are working with
51 hypervisors or you are set up for a hybrid or dedicated multicast replication scheme. Now
what does that replication scheme mean? Well, let me show you real quick. If you go ahead
and click on Transport Zones, and we hit the plus sign, you'll see here that we have three
different replications modes; we have Multicast, Unicast and Hybrid. What this is, is
basically determining how data is going to be passed around the...the environment, who is
ultimately going to be in charge of...figuring out the path to get from one destination to
another on a virtual host.

So Multicast is what was in place prior to NSX, that's where you had Multicast and ARP
storms that gets sent out whenever you have to figure out how to get from point A to B.
Unicast is what was introduced with the VXLAN and NSX controllers. And then Hybrid is
what you would use if you were actually offloading this traffic to a physical top-of-rack
switch, or an aggregation, or core layer. So that's what those replication modes are. So once
again, if you were using 5.1 or earlier hypervisors, if we click back over here on our Segment
ID and click on Edit, if you are using 5.1 or earlier hypervisors, you would have to define this
address. If you were using a Hybrid mode, you would have to also assign this address here.
For this exercise though, the only address that we need to assign are going to be for the
Segment ID pool and this is could be for our Unicast replication and these numbers are going
to represent our virtual VXLAN backed networks that we are generating in our environment.
Create Segment ID and Transport Zones
You must specify a segment ID pool for each NSX Manager to isolate your network traffic.

Segment ID:
Segment ID range carves up the large range of VXLANs available for assignment to logical segments. If
you have multiple NSX domains or regions you can assign a subset of the larger pool. Segment ID pools
are subsequently used by logical segments for the VXLAN Network Identifier (VNI). Create Segment ID
by Login to Web CLient ->Networking & Security -> Installation -> Logical Network Preparation ->
Segment ID ->Click on Edit

The segment ID range determines the maximum number of logical switches that can be created in your
infrastructure. Segment ID is like VLANs for VXLAN but with VXLAN, you can have 16,777,216 of
them and VLAN is only limited from 1 to 4094. Segment IDs will form the basis for how you segment
traffic within the virtualized network.It is possible to use values between 1 and 16 billion, VMware has
decided to start the count at 5000 to avoid any confusion between a VLAN ID (ranges from 1 to 4094) and
a VXLAN Segment ID. So your VXLAN ID starts from 5000. Here I use the segment range of 5000-
10000. Click on OK.

Transport Zones:
A transport zone is created to define the width of the VXLAN/VTEP replication scope and control plane.
This can span one or more vSphere clusters. A NSX environment can contain one or more transport zones
based on the requirements. In simple terms, Global transport Zone is the boundary for group of clusters.
Whatever logical switches you create and assign to the Global transport will become available as
Distributed Port Group on your DvSwitch on every single cluster in the transport Zone. So, these DVPort
groups can be used to provide connectivity Virtual Machines which are attached to it. It’s a way to define
which clusters of hosts will be able to see and participate in the virtual network that is being defined and
configured.

To create Transport Zone -> Login to Web Client ->Networking & Security -> Installation -> Logical
Network Preparation -> Transport Zones ->Click on +
Provide the Below information to create the New Transport Zone:

Name – Provide the name for your transport Zone. I named as “VXLAN-Global-Transport”

Description – Enter Description as per your wish

Replication Mode – This option enables you to choose one replication method that VXLAN will use to
distribute information across the control plane. Here are the detailed explanation about each replication
mode from VMware:

1. Multicast: Multicast IP addresses on physical network is used for the control plane. This
mode is recommended only when you are upgrading from older VXLAN
deployments. Multicast mode requires IGMP for a layer 2 topology and multicast routing for
L3 topology
2. Unicast : The VXLAN control plane is handled by an NSX controller. All unicast traffic
leverages headend replication. No multicast IP addresses or special network configuration is
required.
3. Hybrid : Hybrid mode is local replication that is offloaded to the physical network and
remote replication through unicast. This is also called as optimized unicast mode. This
requires IGMP snooping on the first-hop switch, but does not require PIM. First hop switch
handles traffic replication for the subnet.

Clusters – Select the Clusters which you want to be part of this transport zone.
Click on OK to create the Transport Zones. You will be able to see the created Trasnport Zone “VXLAN-
Global-Transport” under the Transport Zones. We didn’t created any logical switches, so it displays value
“0” under Logical switches tab.