Solved: Deploye ESG in ECMP & A-S Mode simulataneously

luv_nsx · ‎06-13-2016

Hello - Can I deploy a pair of ESGs running in ECMP mode and another pair of ESGs running in Active-Standby mode simultaneously? And if yes, does it mean that I need to have a separate Control VM (DLR) for that design? Also, then how would the routing work as far as advertising the VM subnets to the the physical world?

Thanks!

larsonm · ‎06-13-2016

In the real world, the ESGs for stateful services would reside inside the overlay, either hanging off of the Transit LS for in-line, or a LS off of the DLR if one-armed. No additional DLR nor control VM is required. Based on what you described, the one-armed approach would likely work fine, living on a LS off of the DLR. In this case, all N/S traffic would traverse the DLR, the transit LS, and though the pair of ECMP-enabled ESGs. The ECMP-enabled ESGs would be the only path for N/S traffic.

This example shows a design with provider ECMP-enabled ESGs as the N/S gateway, with ESGs running ECMP for one tenant, and an ESG running stateful services for another tenant. Every load balancer shown in the picture below is an ESG...typically deployed in an A/P configuration.

Below, you'll see an ECMP-enabled ESGs servicing tenant edges, and even a DLR.

Credit: A Deep Dive into VMware Horizon 6 with NSX - VMware End-User Computing Blog - VMware Blogs

The goal of these is to show that maybe that the other ESGs don't need to be N/S gateways.

If you have a tremendous volume of traffic with a physical destination, like backup data going across the network, then there may be a case for a hardware-based VTEP. You can read more about that on Dmitri's blog entry here: Serving bandwidth-hungry VMs with DC fabrics and NSX for vSphere | Telecom Occasionally

I presented a lot of information here. Feel free to follow up with any additional questions.

View solution in original post

larsonm · ‎06-13-2016

Yes, you can deploy a pair of ESGs running ECMP mode, and a pair of ESGs running in active/stand-by. Generally speaking, if you have ECMP for your N/S traffic, and deploy an ESG for in-line load balancing elsewhere in the environment, you have just accomplished the task you are requesting. Also, in a multi-tenancy scenario, you would typically have multiple ESGs for N/S at the edge of the overlay, and then tenant edges at lower levels in the overlay running in A/P mode. I've also heard of ECMP for the tenant edges.

That being said, I suspect you are asking about two possible paths for N/S traffic. ECMP required the use of dynamic routing protocols, so that would require a DLR control VM. You would need to ensure some level of separation in how the various routes would be redistributed into the network, possibly using only static routes for some portions of the network. It is possible, but the design depends on the requirements for which you are trying to solve. Can I ask your use case?

luv_nsx · ‎06-13-2016

Thanks for your prompt response. OK, so now that we can have a pair of ESGs in ECMP mode for N-S traffic, and another pair of ESGs for N-S traffic requiring services, do I need to deploy separate DLRs for the 2 pair of ESGs? I don't have a specific use case, but going back to the example you gave, what if traffic to VMs from the physical network needs to go through the LB deployed on the ESGs? But at the same time, those VMs need to communicate out to the physical network for (whatever services....). So in my mind, I am thinking:

VM -> Physical World (takes the path of ESGs running in ECMP mode)

Physical World -> VMs (takes the path of ESGs running the LB)

Given the situation, how would I control routing to/from the physical world in this scenario??