VMware Cloud Community
manjurul-islam
Contributor
Contributor
‎08-23-2021 05:51 AM
Jump to solution

Virtual to Physical Networking design help and suggestion needed

Hi Communities Team, 

Greetings. I am writing here with an expectation to get some help or suggestion. I am trying to design and deploy VMware VCF 4.2 for my company. The issue I am having is with planning and configuring the physical network. We will be going for the 2-tier Spine and Leaf architecture. All our components are from HPE, which are VMware HCL validated. As I know, within the VCF, we have NSX-T, and all kind of networking will be handled by NSX-T, so I have the below queries, feel free to answer who knows

1. Do we need to configure SDN on physical switches (HPE Flexfabric here for Spine and Leaf Architecture), like overlay network configuration, VTEP configuration, etc? We have asked HP network expert to only configure the basic Spine and Leaf architecture for us, to avoid any network loop and have complete network level redundancy, and all kind of SDN will be handled by VMware NSX, but HP is asking us to buy their SDN tools/application. 

2. Do we need to configure physical port level VLAN tagging, or it should be trunk? As NSX will pass lots of VLAN tagged traffic using the server's physical ports. Note that, each server comes with 4x10G SFP+ port, 2 of them connected to Leaf A, and two on Leaf B of physical switch network. I thought, the port level configuration should be trunk mode, but my network team is saying we need to configure VLAN tagging on each port. Imagine, on VCF management domain and workload domain there are about a total of approximately 20 VLANs. 

3. BGP configuration issue - Do we need to configure BGP on Leaf switches network for NSX-T Tier-0 Gateway to Spine L3 routing? All physical routing will be done by Spine switches. 

4. Whatever subnet blocks, network segments NSX-T has, do we need to configure all those subnet/routes on L3 Spine and on perimeter router/firewall too? 

 

Hope to have some quick answers. 

Regards

Manjurul

Labels (2)
Labels
1 Solution

Accepted Solutions
vThomasF
VMware Employee
VMware Employee
‎09-10-2021 02:23 AM
Jump to solution

Hi,

I don't have all your answers, but some should be ok.

1. No, no SDN is needed.

2. The idea is you create an overlay network, this has a vlan ID. The rest of the encapsulation is done within this vlan. There is an Excel sheet included when you download CloudBuilder. This document states how many vlans you need. It also depends on your choices. So no trunk ports needed on switch level. Make sure you have a high MTU size, 9000 or 9100 is recommended, 1600 is the bare minimum.

3. you decide where you want to connect to. The WAN facing routers can BGP directly with your T0. Be aware you will have minimum 2 sets of T0, 1 set for the mgt domain and 1 for the workload domain, even if you choose to deploy a consolidated design. BGP for the mgt domain needs to have so internet access for patches etc. You can also BGP to a spine and from there route it to the rest of the network. This usually is decided by network admins.

4. only the blocks you need to route. This is similar to normal network, subnets you don't need in a specific part of your environment, you don't need to announce.

hope this gives you some info. There are also many blogs available on NSX-T designs, in VCF it works exactly the same only VCF will help you put all the settings.

As already stated, please check the excel sheet, if you configure your network so support these networks, you will be ok. The CloudBuilder will validate your input before deployment.

So if you decide NSX will be the network manager, I would try to have as little hops as possible between your border router and NSX T0

View solution in original post

1 Reply
vThomasF
VMware Employee
VMware Employee
‎09-10-2021 02:23 AM
Jump to solution

Hi,

I don't have all your answers, but some should be ok.

1. No, no SDN is needed.

2. The idea is you create an overlay network, this has a vlan ID. The rest of the encapsulation is done within this vlan. There is an Excel sheet included when you download CloudBuilder. This document states how many vlans you need. It also depends on your choices. So no trunk ports needed on switch level. Make sure you have a high MTU size, 9000 or 9100 is recommended, 1600 is the bare minimum.

3. you decide where you want to connect to. The WAN facing routers can BGP directly with your T0. Be aware you will have minimum 2 sets of T0, 1 set for the mgt domain and 1 for the workload domain, even if you choose to deploy a consolidated design. BGP for the mgt domain needs to have so internet access for patches etc. You can also BGP to a spine and from there route it to the rest of the network. This usually is decided by network admins.

4. only the blocks you need to route. This is similar to normal network, subnets you don't need in a specific part of your environment, you don't need to announce.

hope this gives you some info. There are also many blogs available on NSX-T designs, in VCF it works exactly the same only VCF will help you put all the settings.

As already stated, please check the excel sheet, if you configure your network so support these networks, you will be ok. The CloudBuilder will validate your input before deployment.

So if you decide NSX will be the network manager, I would try to have as little hops as possible between your border router and NSX T0