Administrator Guide
• In a Nuage controller-based VXLAN deployment, station moves of non-virtualized entities may not work as expected due to a possible
issue in the Nuage contoller.
NOTE: When more than 15000 learned MAC addresses are synchronized from the Nuage controller to one of the VTEPs,
the SSL connection between the controller and the VTEP flaps continuously.
Configuring and Controlling VXLAN from the NSX
Controller GUI
You can configure and control VXLAN from the NSX controller GUI, by adding a hardware device to NSX and authenticating the device.
1. Generate a certificate in your system and add it to the NSX before adding a hardware device for authentication.
To generate a certificate, use the following command:
• crypto cert generate self-signed cert-file flash://vtep-cert.pem key-file flash://vtep-
privkey.pem
To view the certificate, use the following command:
• show file flash://vtep-cert.pem
The output appears similar to the following example:
-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMxFTATBgNVBAMMDHd3dy5kZWxsLmN
vbTENMAsGA1UECgwERGVsbDEYMBYGA1UECwwPRGVsbCBOZXR3b3JraW5nMREwDwYDVQQHDAhTQU4gSm9zZTETMBEGA1
UECAwKQ2FsaWZvcm5pYTEiMCAGCSqGSIb3DQEJARYTc29tZW9uZUBleGFtcGxlLmNvbTAeFw0xNTExMjAwMzA0NTNaF
w0yNTExMTcwMzA0NTNaMIGZMQswCQYDVQQGEwJVUzEVMBMGA1UEAwwMd3d3LmRlbGwuY29tMQ0wCwYDVQQKDAREZWxs
MRgwFgYDVQQLDA9EZWxsIE5ldHdvcmtpbmcxETAPBgNVBAcMCFNBTiBKb3NlMRMwEQYDVQQIDApDYWxpZm9ybmlhMSI
wIAYJKoZIhvcNAQkBFhNzb21lb25lQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqG
aGq3Cv4/RpuoiuePrnayORRhzEW/H2Ypv8OKEcew1gySmFz24LQttzSHo4AO
+qF3LkILvFW2RaHZ1mxbmm95d3PnZ8fXg2wgPz++T6coHGYH0o0+LkHVBb3IIXd/CSp
+TBRzAwWMPS7tnaRv1UqiJtm6/RjcJghbf6zcQWUcg2CTtKe5ej/
rS2tIU9EBGCzL3xs6DRB3lvScgmuckc5L18qWqNHRWMdKFgKwHKUOOvHakPFs9RNJNy5Sxwfe/kgkVmqA/
KWiRIecLIgmgYjKu2E0uC3URpuydoN7UwPSeigXWeR3JyhzfFVEr5LtyXVpo9zS2JGyygKtzZBpke1wIDAQABoy8wLT
AMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTaOaPuXmtLDTJVv++VYBiQr9gHCTANBgkqhkiG9w0BAQUFAAOCAQEAn5E/
w3BLQrX3e3Jv3EUFftGV0NABXOQxb/ODH4doA/68nQcvW7GZgpwoxe77YQH+C/uBNFwSBFxsu9ZkXhKu2q8wrCd
+cnuaNu7Kq2V0DGSdR7eIkDTHkflttHbMmRfStHLetk3bA0HgXTW5c+vFn79EX/nJqxIvkl5ADT7k5JZR
+j6i9eskgUlvBuV5OOZKzh29Gy4sjXvdYL5GirZFon8iZNY5FON
+WlpcLJ9GjMvVfwvJx7exVs9cqXvm6UZ4Bf262STKbm+Q4qz30tyjDdF1xDBcBjL83UcEvSW65V/
sSFKBohqu40EWXIBJ0QbKvFWv91rbjkgtsrHVTdohrA==
-----END CERTIFICATE-----
Copy and paste the generated certificate to the NSX.
NOTE:
Once controller connectivity is established from VLT peers, if you want to generate a new certificate and use
it for controller connection, generate the certificate from the node (node that is directly connected to controller). If
you do not generate a new certificate from the node, system shows inconsistent behavior.
2. Create a VXLAN Gateway.
To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for
broadcast/unknown unicast/multicast traffic replication. The following is the snapshot of the user interface for the creation of service
node:
Select Home > Networking and Security > Service Definition > Hardware Devices. Under Hardware Devices, click the Add
button.
The Add hardware Device window opens. Enter a name and copy the generated certificate of the VTEP to the Certificate box and
click OK.
1002
Virtual Extensible LAN (VXLAN)