NSX-T – Deploy Segment (Logical Switch)

A single logical switch is mapped to a unique Geneve segment that is distributed across the ESXi hosts in a transport zone. The logical switch supports line-rate switching in the ESXi host without the constraints of VLAN sprawl or spanning tree issues.

A segment is a representation of layer-2 connectivity across transport nodes (ESXi Hosts), with layer-3 IP reachability between the segments.

Virtual machines attached to the same segment can communicate with each other, even across separate physical hosts by way of Geneve tunnels.

Each segment is assigned a VNI (virtual network identifier) which is similar to a VLAN ID.

Segments work in the following ways:

• The type of segment created on a host is dependent on the transport zone to which it is attached.
• A transport zone defined the span of a segment.  These types of transport zones are overlay and VLAN.
• A segment is created either in an overlay or VLAN based transport zone.
• Each overlay segment is created as an opaque network in vSphere.
• Segment config changes are allowed only from NSX Manager UI
• Workloads, such as virtual machine traffic, are connected to the segment ports.

Step 1. Create a new Segment

Networking>Segments>Add Segment

Step 2. Provide a name and select the T1 router we created in a previous blog to connect to.

• We can get as granular as we want here.
• Give it a name, it helps if you name it after the application or workloads that will be running on it.
• Under uplink & Type you can add a router if you already created one.
• Select a Transport Zone you want this to be a part of, if it is a VLAN backed TZ then you have to supply the VLAN but Overlay traffic doesn’t require

Should look like the above.

Step 3. Add the subnets you want to belong to this LS

Select Set Subnets>Add subnet

Enter the Gateway IP

When you’re done it should look similar to the above. 

As you can see my new segment is up and running with a status of UP with a single subnet attached.

If you go into your vCenter you will now see this new Segment that you can attach a VM. You should now be able to perform ping tests to make sure everything that is supposed to be able to communicate can.

Summary:
Setting up a new logical segment takes a little more work than other components.  However, the segment is a critical piece to NSX-T.  Following setting up your segment you will want to perform ping tests between VMs on this segment and other segments you have attached to the T1 router.  I hope this article was useful.