I was on HOL-1803-03-NET and configured L2 Bridge with a dedicated DLR (between web-tier LS and L2Brige VDS). However when I try to connect the same web-tier LS to another DLR, I got error below.
Is this by design OR just limitation on that particular HOL? If it is by design, how do I accomplish multiple DLR internal LIFs connecting to the same network, using VDS instead of LS? A good example would be ECMP...
I am trying to understand why? Please advise!
Hi
It is by design that connecting multiple DLRs to a common VXLAN segment/logical switch.
Below scenario is taken from the the VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 where connecting multiple DLRs to a common logical switch peering to an NSX ESG is not supported.
Could you explain more about this > Is this by design OR just limitation on that particular HOL? If it is by design, how do I accomplish multiple DLR internal LIFs connecting to the same network, using VDS instead of LS? A good example would be ECMP...
You may want to review some points from this doc: Add a Logical (Distributed) Router
To understand more about DLR topologies, you can review VMworld 2017 US session on NET1416BU - NSX Logical Routing - YouTube
Slide deck: https://static.rainfocus.com/vmware/vmworldus17/sess/1489171765260001Okf1/finalpresentationPDF/NET14...
Thanks for the extra information. The reason I asked about ECMP in my post was because the scenario that I want to use DLR instead of ESG for ECMP. How can I connect lif on multiple DLRs to the same LS then? Have to use VDS portgroup in the case?
Hi could you explain more what are you referring to "use DLR instead of ESG for ECMP"?
In NSX topology with ECMP, both DLR and ESGs will be ECMP enabled as shown in below diagram.
DLR ECMP enabled peered to 8 ESG and ESG ECMP enabled peered with DLR and Physical Router
Or are you saying you want to connect DLR directly to the physical router?
I would avoid using VLAN LIF (connecting DLR to VLAN-backed portgroup) whenever possible
From your reference diagram, how to connect DLR instances to VXLAN 5020 if one LS can not be used by multiple DLRs?
My scenario is more or less below in the attached picture.
In the diagram, there is only one DLR connected to a logical switch on VXLAN 5020 so that would not be an issue.
You have DLR in the middle as the north-south point between the tenants to provider ESG.
If this is pure north-south, you should not use DLR for that, DLR should be for east-west for VMs.
In multiple tenant environment, you should have something similar to below instead
If you want to keep your topology it would be something like below (sorry I don't have a diagram, hope this is understandable):
1 Internet
|
2 Provider ESG HA Pair
|
3 ESG ECMP
|
4 Tenant ESGs
|
5 logical switch for VMs or Tenant DLRs
|
6 If you have DLR in #5, then logical switches for VMs will be here connected to DLR
Thanks for the info. I am aware DLR is for east-west traffic but not aware that it cannot be used for North-south...