VMware Networking Community
i1wan
Enthusiast
Enthusiast
Jump to solution

advice needed on building an NSX lab (topology)

Hi All,

I am currently in the process of building a nice vSphere lab to test out NSX.

When I look around (on the web) I see different setups and there are two scenarios that I am doubting about and I need your advice which one is best to use and why:

Lab setup 1:

  • 1 x Compute Cluster with three ESX hosts (Compute Cluster A)
  • 1 x Compute Cluster with three ESX hosts (Compute Cluster B)
  • 1 x Management & Edge Cluster with two ESX hosts (M&E Cluster)
  • 1 x Distributed Switch running across all Clusters and hosts

Lab setup 2:

  • 1 x Compute Cluster with three ESX hosts (Compute Cluster A)
  • 1 x Compute Cluster with three ESX hosts (Compute Cluster B)
  • 1 x Management & Edge Cluster with two ESX hosts (M&E Cluster)
  • 1 x Distributed Switch running across the Compute Clusters A + B
  • 1 x Distributed Switch running across the Management & Edge Cluster (M&E Cluster)


The difference between the two is that in #1 I am only using 1 Distributed Switch and in #2 I am using two.


But I am having difficulties in determining WHY I would go for #1 or #2 because both setups seems valid to me.


Can one of you please explain be what the best way to go is and why this is?

Any advice is appreciated.

1 Solution

Accepted Solutions
Richard__R
Enthusiast
Enthusiast
Jump to solution

One influencing factor is that you can only create one dvPortgroup for VXLAN transport per VDS. So often you might want to treat this differently across clusters - e.g.(in production) LACP for compute clusters then active/standby failover for the Edge cluster. There's some good coverage in the NSX-v design guide around this. So as a starting point it gives you some flexibility as to how you treat that portgroup if you have more than one VDS. Another aspect could be if you need to run your VXLAN transport over L3 and therefore want to use a different VLAN tag on the portgroup for different sets of hosts. In a lab there possibly isn't going to be much in it depending on how deep you want your testing to go...

View solution in original post

4 Replies
Richard__R
Enthusiast
Enthusiast
Jump to solution

One influencing factor is that you can only create one dvPortgroup for VXLAN transport per VDS. So often you might want to treat this differently across clusters - e.g.(in production) LACP for compute clusters then active/standby failover for the Edge cluster. There's some good coverage in the NSX-v design guide around this. So as a starting point it gives you some flexibility as to how you treat that portgroup if you have more than one VDS. Another aspect could be if you need to run your VXLAN transport over L3 and therefore want to use a different VLAN tag on the portgroup for different sets of hosts. In a lab there possibly isn't going to be much in it depending on how deep you want your testing to go...

i1wan
Enthusiast
Enthusiast
Jump to solution

So what you are basically saying is:

  • For a lab purpose it does not matter I can go both ways
  • Using two Distributed Switches brings in more flexibility
    • one VXLAN transport group for VXLAN per Distributed Switches
    • there could be a scenario where you want to treat the VXLAN redundancy properties differently (flexibility)

Thanks!

Reply
0 Kudos
Richard__R
Enthusiast
Enthusiast
Jump to solution

Hi - yes that's pretty much it. There are some other considerations in production like if you want to restrict the span of external VLANs to your Edge cluster for instance (pretty typical design) you might want a separate VDS to the compute one and only create the VLAN-backed dvPortgroups on the Edge cluster VDS. Other reasons seem to largely be around logical/administrative separation like if you want to permission the VDSs differently for different users.

Take a look at page 77 in this:

VMware® NSX for vSphere Network Virtualization Design Guide ver 2.1

Just to be clear - you can add multiple VDS into the same NSX Transport Zone and span a Logical Switch across all the attached hosts. The thing is that you can only create one dvPortgroup per VDS for VXLAN/VTEPs. L3 separation of VTEPs doesn't necessarily mandate a separate VDS for each segment as (covered in the guide above) perhaps you'd use global VLAN IDs in a production design. I'd say most of the reasons for splitting it would be outside of setting up a basic lab but at the same time it wouldn't hurt you if you wanted a simulated production design.

i1wan
Enthusiast
Enthusiast
Jump to solution

Thanks!

this part (page 77 as you pointed out) was indeed exactly what I was looking for 🙂

screenshot_445.png

Reply
0 Kudos