I was on HOL-1803-03-NET and configured L2 Bridge with a dedicated DLR (between web-tier LS and L2Brige VDS). However when I try to connect the same web-tier LS to another DLR, I got error below.
Is this by design OR just limitation on that particular HOL? If it is by design, how do I accomplish multiple DLR internal LIFs connecting to the same network, using VDS instead of LS? A good example would be ECMP...
I am trying to understand why? Please advise!
Hi
It is by design that connecting multiple DLRs to a common VXLAN segment/logical switch.
Below scenario is taken from the the VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 where connecting multiple DLRs to a common logical switch peering to an NSX ESG is not supported.
Could you explain more about this > Is this by design OR just limitation on that particular HOL? If it is by design, how do I accomplish multiple DLR internal LIFs connecting to the same network, using VDS instead of LS? A good example would be ECMP...
You may want to review some points from this doc: Add a Logical (Distributed) Router
- A logical router cannot be connected to VLAN-backed port groups if that logical router is connected to logical switches spanning more than one vSphere distributed switch (VDS). This is to ensure correct alignment of logical router instances with logical switch dvPortgroups across hosts.
- Logical router interfaces should not be created on two different distributed port groups (dvPortgroups) with the same VLAN ID if the two networks are in the same vSphere distributed switch.
- Logical router interfaces should not be created on two different dvPortgroups with the same VLAN ID if two networks are in different vSphere distributed switches, but the two vSphere distributed switches share the same hosts. In other words, logical router interfaces can be created on two different networks with the same VLAN ID if the two dvPortgroups are in two different vSphere distributed switches, as long as the vSphere distributed switches do not share a host.
- If VXLAN is configured, logical router interfaces must be connected to distributed port groups on the vSphere Distributed Switch where VXLAN is configured. Do not connect logical router interfaces to port groups on other vSphere Distributed Switches.
To understand more about DLR topologies, you can review VMworld 2017 US session on NET1416BU - NSX Logical Routing - YouTube
Slide deck: https://static.rainfocus.com/vmware/vmworldus17/sess/1489171765260001Okf1/finalpresentationPDF/NET14...
Hi could you explain more what are you referring to "use DLR instead of ESG for ECMP"?
In NSX topology with ECMP, both DLR and ESGs will be ECMP enabled as shown in below diagram.
DLR ECMP enabled peered to 8 ESG and ESG ECMP enabled peered with DLR and Physical Router
Or are you saying you want to connect DLR directly to the physical router?
I would avoid using VLAN LIF (connecting DLR to VLAN-backed portgroup) whenever possible
From your reference diagram, how to connect DLR instances to VXLAN 5020 if one LS can not be used by multiple DLRs?
My scenario is more or less below in the attached picture.
In the diagram, there is only one DLR connected to a logical switch on VXLAN 5020 so that would not be an issue.
You have DLR in the middle as the north-south point between the tenants to provider ESG.
If this is pure north-south, you should not use DLR for that, DLR should be for east-west for VMs.
In multiple tenant environment, you should have something similar to below instead
If you want to keep your topology it would be something like below (sorry I don't have a diagram, hope this is understandable):
1 Internet
|
2 Provider ESG HA Pair
|
3 ESG ECMP
|
4 Tenant ESGs
|
5 logical switch for VMs or Tenant DLRs
|
6 If you have DLR in #5, then logical switches for VMs will be here connected to DLR