VMware Networking Community
vSohill
Expert
Expert
‎01-02-2019 06:10 AM
Jump to solution

DLR and North south traffic

Hi,

why DLR is not meant to be used for N-S traffic ?

0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎01-02-2019 09:46 AM
Jump to solution

I would still recommend NSX Edge ,considering the limitation of DLR and supported topologies. Also when we scale , especially for multitenant tenant and cross VC setup , Edge is a perfect candidate for sending transit routes to upstream devices.

Copy paste from VMware Doc :

  • A given logical router instance cannot be connected to logical switches that exist in different transport zones. This is to ensure that all logical switches and logical router instances are aligned.
  • A logical router cannot be connected to VLAN-backed port groups if that logical router is connected to logical switches spanning more than one vSphere distributed switch (VDS). This is to ensure correct alignment of logical router instances with logical switch dvPortgroups across hosts.
  • Logical router interfaces must not be created on two different distributed port groups (dvPortgroups) with the same VLAN ID if the two networks are in the same vSphere distributed switch.
  • Logical router interfaces should not be created on two different dvPortgroups with the same VLAN ID if two networks are in different vSphere distributed switches, but the two vSphere distributed switches share identical hosts. In other words, logical router interfaces can be created on two different networks with the same VLAN ID if the two dvPortgroups are in two different vSphere distributed switches, as long as the vSphere distributed switches do not share a host.
  • If VXLAN is configured, logical router interfaces must be connected to distributed port groups on the vSphere Distributed Switch where VXLAN is configured. Do not connect logical router interfaces to port groups on other vSphere Distributed Switches.

Start reading from page :69 -- Scalable topology and multi tenant network - I repeat its big plus with ESG in between.

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virtu...

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
4 Replies
Sreec
VMware Employee
VMware Employee
‎01-02-2019 07:56 AM
Jump to solution

First and foremost ,  both ESG and DLR perform routing , considering the feature rich services available in ESG (Routing/LB/NAT etc), it is primarily considered as a N-S facing device. DLR data plane is distributed in ESXI kernel modules , while only the control plane exists in a VM  and it makes perfect sense to place the DLR as next hop devices for Virtual machines , that way VM-VM routed traffic can be optimized. When we say optimizing, we are reducing the latency. Below picture depicts a routing data flow.

pastedImage_1.png

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
vSohill
Expert
Expert
‎01-02-2019 08:56 AM
Jump to solution

Thank you Sreec,

I am not going to use LB or NAT just routing, Do I need to use the Edge in this case for north south traffic ?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎01-02-2019 09:46 AM
Jump to solution

I would still recommend NSX Edge ,considering the limitation of DLR and supported topologies. Also when we scale , especially for multitenant tenant and cross VC setup , Edge is a perfect candidate for sending transit routes to upstream devices.

Copy paste from VMware Doc :

  • A given logical router instance cannot be connected to logical switches that exist in different transport zones. This is to ensure that all logical switches and logical router instances are aligned.
  • A logical router cannot be connected to VLAN-backed port groups if that logical router is connected to logical switches spanning more than one vSphere distributed switch (VDS). This is to ensure correct alignment of logical router instances with logical switch dvPortgroups across hosts.
  • Logical router interfaces must not be created on two different distributed port groups (dvPortgroups) with the same VLAN ID if the two networks are in the same vSphere distributed switch.
  • Logical router interfaces should not be created on two different dvPortgroups with the same VLAN ID if two networks are in different vSphere distributed switches, but the two vSphere distributed switches share identical hosts. In other words, logical router interfaces can be created on two different networks with the same VLAN ID if the two dvPortgroups are in two different vSphere distributed switches, as long as the vSphere distributed switches do not share a host.
  • If VXLAN is configured, logical router interfaces must be connected to distributed port groups on the vSphere Distributed Switch where VXLAN is configured. Do not connect logical router interfaces to port groups on other vSphere Distributed Switches.

Start reading from page :69 -- Scalable topology and multi tenant network - I repeat its big plus with ESG in between.

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virtu...

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
vSohill
Expert
Expert
‎01-03-2019 02:13 AM
Jump to solution

Thank you, I will go through VMware doc and maybe come back to you for clarifications

0 Kudos