This is my first post so I hope its in the correct section.
Please have a look at a very poor design below .
When host 1 sits in Data centre 1 it exits via the 2 top DC edges to CR1 and CR2 at the top and the return traffic comes back in that way.
It works and everyone is happy.
If host 2 migrates , for whatever reason to Data centre 2 , it exists via the bottom 2 edges BUT the return traffic them comes back up the top 2 edges in DC1 ! I would prefer the return traffic to come in DC2 ... its currently assymetrical ... goes out one way and comes in another...
How do I fix this ?
Tagging the ip of the host with a tag or community and giving a higher preference on the CRs on the right would work if I could find where to tag ... What I have found is the host route/ip is active in Data Centre 1 and 2 at the same time and i cant distinguish where it is actually active on....
Anyone even get down to this level of detail before ?
Thanks
It is unclear what kind of NSX design you are using ( Multisite or Federation). That being said, you can certainly manipulate the routes in NSX
https://docs.vmware.com/en/VMware-Validated-Design/6.2/sddc-architecture-and-design-for-the-manageme... (SDDC-MGMT-VI-SDN-072)
Thanks for the reply . Let me try to explain in a slightly simpler way.
Host (position A) ----- DC 1 Edge ---------- Internet/MPLS/Core Router 1
|
|
Host (position B) -----DC 2 Edge ----------- Internet/MPLS/Core Router 2
If the Host is in Position A I want the traffic to go to DC1 and out of Core router 1 and the return traffic to come back in Core Router 1
If the Host is in Position B I want the traffic to go to DC2 and out of Core router 2 and the return traffic to come back in Core Router 2
Thats it . Host can migrate between both positions and the routing will send it out the nearest edge to the nearest Core Router.
I would need some conditional routing "if host is in position A send it here and the return here" and the same for position B.
Another option would be to tag or set a community on the host ip address when it is active in position A or B but the problem is that the host is always in both places at any given time. I checked and the ip address and mac are always present in DC Edge 1 and DC edge 2 so i can never tell where the host actually is !
Some questions:
Is the Segment stretched between sites?
yes , all the esxi hosts within the cluster are participating in the same NSX transport zone so the vm's can freely move between the two data centres and still be connected to the same network.
in this scenario we are not using a T1 , just a T0
The T0 is stretched?
the T0 is active active and has interfaces on each of the edge nodes showing the diagram, so 2 within each data center that has BGP neighborships into our core network ,
the T0 being its own AS number and the core being its own AS number
Hi,
If my understanding is correct, you are looking for local ingress & egress. In this design, since you are using active/active, there is no way to achieve that.
If I'm understanding correctly - you're satisfied with design (T0 A/A on both DC1 and DC2 sites), your outgoing traffic is working as expected in both scenarios when workload is on site DC1 or DC2 - only thing is returning traffic which is not working as expected.
If I'm correct with previous understanding then - return traffic is controlled on CR routers where you're using AS2222 and it's not related to NSX setup at all. You should check that setup and how outside clients are reaching AS2222 when coming in DC1 or DC2.
Your asymmetry is explained in NSX multisite reference design guide, with accent on firewall issues which can be present in these situations https://communities.vmware.com/t5/VMware-NSX-Documents/NSX-T-Multi-Location-Design-Guide-Federation-...
HTH,
Dragan
Thanks for the link, I found my answer over there.