I'm Blogging.

Daily ramblings

Configuring NSX-T Segment and IP Pools using Terraform

March 3, 2020by Raymond de Jong in Blog tagged , ,

In this demo and blog post I will share how I’m using Terraform to create the segments and IP pools in NSX-T  to get started with deploying Edge Nodes and configuring Transport Nodes.

I’m testing a lot of NSX-T features and capabilities in the lab. With coming new releases this amount of testing will increase significantly which requires a lot of redeployment of NSX Components. VMware is working with Terraform on a NSX-T Provider which support Policy UI. This project is currently on Github and is not officially released by Terraform or VMware yet but ready to be used and tested.

I’m using Ansible for deploying the NSX-T Manager, configuring a Compute Manager (vCenter Server), Transport Zones and adding a NSX license in the NSX-Manager UI.

Once this all is done I want to create the following objects with Terraform to get started:

  • TEP IP Pool for Geneve TEPs for Transport Nodes in VLAN 12
  • TEP IP Pool for Geneve TEPs for Transport Nodes in VLAN 100
  • TEP IP Pool for Geneve TEPs for Transport Nodes in VLAN 200
  • VLAN Segment for vSphere VMkernel interfaces (VLAN 11)
  • VLAN Segments for Geneve Transport Networks (VLAN 12, 100 and 200)
  • VLAN Segment (VLAN 307) for connecting Edge Node Management interface (eth0)
  • VLAN Trunk Segments to connect Edge Node DPDK interfaces (fp-eth0 and fp-eth1) for Collapsed Compute + Edge node topology testing.

This is the “`variables.tf“` file:

# NSX Manager
variable "nsx_manager" {
  default = "10.10.10.10"
}


# Username & Password for NSX-T Manager
variable "username" {
  default = "admin"
}

variable "password" {
    default = "yourpassword"
}

 

This is the “`main.tf“` file:

# Prerequisites: 
# 1. Add NSX-T License

# Data Sources we need for reference later
data "nsxt_policy_transport_zone" "overlay_tz" {
    display_name = "Overlay-TZ"
}

data "nsxt_policy_transport_zone" "vlan_tz" {
    display_name = "VLAN-TZ"
}

# NSX-T Manager Credentials
provider "nsxt" {
    host                     = var.nsx_manager
    username                 = var.username
    password                 = var.password
    allow_unverified_ssl     = true
    max_retries              = 10
    retry_min_delay          = 500
    retry_max_delay          = 5000
    retry_on_status_codes    = [429]
}

# Create TEP IP Pools
resource "nsxt_policy_ip_pool" "tep_ip_pool_vlan12" {
    display_name = "TEP-IP-Pool-VLAN12"
}

resource "nsxt_policy_ip_pool_static_subnet" "tep_ip_pool_vlan12" {
    display_name = "TEP-IP-Pool-VLAN12"
    pool_path = nsxt_policy_ip_pool.tep_ip_pool_vlan12.path
    cidr                = "172.16.12.0/24"
    gateway             = "172.16.12.1"

    allocation_range {
        start = "172.16.12.11"
        end   = "172.16.12.100"
  }
}

resource "nsxt_policy_ip_pool" "tep_ip_pool_vlan100" {
    display_name = "TEP-IP-Pool-VLAN100"
}

resource "nsxt_policy_ip_pool_static_subnet" "tep_ip_pool_vlan100" {
    display_name = "TEP-IP-Pool-VLAN100"
    pool_path = nsxt_policy_ip_pool.tep_ip_pool_vlan100.path
    cidr                = "192.168.100.0/24"
    gateway             = "192.168.100.1"

    allocation_range {
        start = "192.168.100.11"
        end   = "192.168.100.100"
  }
}

resource "nsxt_policy_ip_pool" "tep_ip_pool_vlan200" {
    display_name = "TEP-IP-Pool-VLAN200"
}

resource "nsxt_policy_ip_pool_static_subnet" "tep_ip_pool_vlan200" {
    display_name = "TEP-IP-Pool-VLAN200"
    pool_path = nsxt_policy_ip_pool.tep_ip_pool_vlan200.path
    cidr                = "192.168.200.0/24"
    gateway             = "192.168.200.1"

    allocation_range {
        start = "192.168.200.11"
        end   = "192.168.200.100"
  }
}

# Create NSX-T VLAN Segments
resource "nsxt_policy_vlan_segment" "vlan11" {
    display_name = "VLAN11"
    description = "VLAN Segment created by Terraform"
    transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path
    vlan_ids = ["11"]
}

resource "nsxt_policy_vlan_segment" "vlan100" {
    display_name = "VLAN100"
    description = "VLAN Segment created by Terraform"
    transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path
    vlan_ids = ["100"]
}

resource "nsxt_policy_vlan_segment" "vlan200" {
    display_name = "VLAN200"
    description = "VLAN Segment created by Terraform"
    transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path
    vlan_ids = ["200"]
}

resource "nsxt_policy_vlan_segment" "trunk_a" {
    display_name = "Trunk-A"
    description = "VLAN Segment created by Terraform"
    transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path
    vlan_ids = ["100", "101", "102", "200"]
}

resource "nsxt_policy_vlan_segment" "trunk_b" {
    display_name = "Trunk-B"
    description = "VLAN Segment created by Terraform"
    transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path
    vlan_ids = ["100", "101", "102", "200"]
}

resource "nsxt_policy_vlan_segment" "vlan307" {
    display_name = "VLAN307"
    description = "VLAN Segment created by Terraform"
    transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path
    vlan_ids = ["307"]
}

 

https://github.com/terraform-providers/terraform-provider-nsxt

Leave a Reply

Your email address will not be published. Required fields are marked *